spid-es 0.0.22 → 0.0.27
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/spid/ruby-saml/metadata.rb +58 -37
- data/lib/spid/ruby-saml/response.rb +23 -16
- data/lib/spid/ruby-saml/settings.rb +1 -1
- data/spid-es.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ac5fe88ff8fc1b1e1ce805390dac2966a3ce7c3f81b115b27e09919302861946
|
4
|
+
data.tar.gz: 27348c4b761fdd9d27782aca48f526626393a4b5c9355de6bcb286d2d03a27d3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c3078fe9caacc3f5e00269c27cff19af793e9a150eff0b9d9760bb9d80eabac6de0e86d7e47c48e653bdb1495ef344f71b618395857134b4ddcb6d26a618d390
|
7
|
+
data.tar.gz: 954ca35eb3d5bed16a2e044b708b7bccec3162cf55ff7dbb5af8e5dacdcd5e1fb377e8cc01c909f84ea6f99081956ef1a7ebb49a78412836856aabebb3860d7b
|
@@ -31,14 +31,26 @@ module Spid
|
|
31
31
|
def generate(settings)
|
32
32
|
#meta_doc = REXML::Document.new
|
33
33
|
meta_doc = Spid::XMLSecurityNew::Document.new
|
34
|
-
|
34
|
+
if settings.aggregato
|
35
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
36
|
+
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
37
|
+
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace",
|
38
|
+
"xmlns:spid" => "https://spid.gov.it/saml-extensions",
|
39
|
+
}
|
40
|
+
else
|
41
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
35
42
|
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
36
43
|
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace"
|
37
|
-
|
44
|
+
}
|
45
|
+
end
|
46
|
+
|
38
47
|
if settings.issuer != nil
|
39
48
|
root.attributes["entityID"] = settings.issuer
|
40
49
|
end
|
41
|
-
|
50
|
+
#Tolto per non far cambiare sempre il metadata
|
51
|
+
#uuid = "_" + UUID.new.generate
|
52
|
+
#genero l'id come hash dell'entityID
|
53
|
+
uuid = "_" + settings.issuer.hash.abs.to_s
|
42
54
|
self.uuid = uuid
|
43
55
|
root.attributes["ID"] = uuid
|
44
56
|
|
@@ -201,39 +213,6 @@ module Spid
|
|
201
213
|
}
|
202
214
|
|
203
215
|
|
204
|
-
|
205
|
-
|
206
|
-
#Per EIDAS
|
207
|
-
# #AttributeConsumingService
|
208
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
209
|
-
# "index" => "99",
|
210
|
-
# }
|
211
|
-
# service_name
|
212
|
-
# = attr_cons_service.add_element "md:ServiceName", {
|
213
|
-
# "xml:lang" => "it"
|
214
|
-
# }
|
215
|
-
# service_name.text = "eIDAS Natural Person Minimum Attribute Set"
|
216
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
217
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
218
|
-
# "Name" => attribute
|
219
|
-
# }
|
220
|
-
# }
|
221
|
-
|
222
|
-
# #AttributeConsumingService
|
223
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
224
|
-
# "index" => "100",
|
225
|
-
# }
|
226
|
-
# service_name = attr_cons_service.add_element "md:ServiceName", {
|
227
|
-
# "xml:lang" => "it"
|
228
|
-
# }
|
229
|
-
# service_name.text = "eIDAS Natural Person Full Attribute Set"
|
230
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
231
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
232
|
-
# "Name" => attribute
|
233
|
-
# }
|
234
|
-
# }
|
235
|
-
|
236
|
-
|
237
216
|
end
|
238
217
|
#organization
|
239
218
|
organization = root.add_element "md:Organization"
|
@@ -244,12 +223,54 @@ module Spid
|
|
244
223
|
org_display_name = organization.add_element "md:OrganizationDisplayName", {
|
245
224
|
"xml:lang" => "it"
|
246
225
|
}
|
247
|
-
|
226
|
+
|
227
|
+
org_display_name.text = settings.organization['org_display_name']+(settings.aggregato ? " tramite #{settings.hash_aggregatore['soggetto_aggregatore']}" : '')
|
248
228
|
org_url = organization.add_element "md:OrganizationURL", {
|
249
229
|
"xml:lang" => "it"
|
250
230
|
}
|
251
231
|
org_url.text = settings.organization['org_url']
|
252
232
|
|
233
|
+
#ContactPerson per sp aggregato
|
234
|
+
if settings.aggregato
|
235
|
+
contact_person_aggregatore = root.add_element "md:ContactPerson", {
|
236
|
+
"contactType" => "other",
|
237
|
+
"spid:entityType" => "spid:aggregator"
|
238
|
+
}
|
239
|
+
company = contact_person_aggregatore.add_element "md:Company"
|
240
|
+
company.text = settings.hash_aggregatore['soggetto_aggregatore']
|
241
|
+
|
242
|
+
extensions_aggregatore = contact_person_aggregatore.add_element "md:Extensions"
|
243
|
+
vat_number_aggregatore = extensions_aggregatore.add_element "spid:VATNumber"
|
244
|
+
vat_number_aggregatore.text = settings.hash_aggregatore['piva_aggregatore']
|
245
|
+
|
246
|
+
ipa_code_aggregatore = extensions_aggregatore.add_element "spid:IPACode"
|
247
|
+
ipa_code_aggregatore.text = settings.hash_aggregatore['cipa_aggregatore']
|
248
|
+
|
249
|
+
fiscal_code_aggregatore = extensions_aggregatore.add_element "spid:FiscalCode"
|
250
|
+
fiscal_code_aggregatore.text = settings.hash_aggregatore['cf_aggregatore']
|
251
|
+
|
252
|
+
contact_person_aggregato = root.add_element "md:ContactPerson", {
|
253
|
+
"contactType" => "other",
|
254
|
+
"spid:entityType" => "spid:aggregated"
|
255
|
+
}
|
256
|
+
company = contact_person_aggregato.add_element "md:Company"
|
257
|
+
company.text = settings.organization['org_name']
|
258
|
+
|
259
|
+
extensions_aggregato = contact_person_aggregato.add_element "md:Extensions"
|
260
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['vat_number'].blank?
|
261
|
+
vat_number_aggregato = extensions_aggregato.add_element "spid:VATNumber"
|
262
|
+
vat_number_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['vat_number']
|
263
|
+
end
|
264
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['ipa_code'].blank?
|
265
|
+
ipa_code_aggregato = extensions_aggregato.add_element "spid:IPACode"
|
266
|
+
ipa_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['ipa_code']
|
267
|
+
end
|
268
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['fiscal_code'].blank?
|
269
|
+
fiscal_code_aggregato = extensions_aggregato.add_element "spid:FiscalCode"
|
270
|
+
fiscal_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['fiscal_code']
|
271
|
+
end
|
272
|
+
end
|
273
|
+
|
253
274
|
#meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
|
254
275
|
meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
|
255
276
|
|
@@ -268,6 +268,8 @@ module Spid
|
|
268
268
|
return false if validate_destination(soft) == false
|
269
269
|
#validazione status
|
270
270
|
return false if validate_status(soft) == false
|
271
|
+
#validazione inresponseto
|
272
|
+
return false if validate_presence_inresponseto(soft) == false
|
271
273
|
#validazione issuer
|
272
274
|
return false if validate_issuer(soft) == false
|
273
275
|
#validazioni varie su asserzioni
|
@@ -312,6 +314,11 @@ module Spid
|
|
312
314
|
end
|
313
315
|
end
|
314
316
|
|
317
|
+
def validate_presence_inresponseto(soft=true)
|
318
|
+
response_to_id_value = response_to_id
|
319
|
+
return (soft ? false : validation_error("InResponseTo non specificato o mancante")) if response_to_id_value.blank?
|
320
|
+
end
|
321
|
+
|
315
322
|
|
316
323
|
|
317
324
|
#validate status e status code
|
@@ -344,16 +351,16 @@ module Spid
|
|
344
351
|
end
|
345
352
|
|
346
353
|
def version_assertion(document)
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
354
|
+
assertion_nodes = xpath_from_signed_assertion()
|
355
|
+
@version_assertion = "2.0"
|
356
|
+
#ciclo sui nodi delle asserzioni, se uno ha una versione diversa da 2.0 ritorno nil
|
357
|
+
unless assertion_nodes.blank?
|
358
|
+
assertion_nodes.each{ |ass_node|
|
359
|
+
return nil if ass_node.attributes['Version'] != "2.0"
|
360
|
+
}
|
361
|
+
end
|
362
|
+
@version_assertion
|
363
|
+
end
|
357
364
|
|
358
365
|
def validate_version(soft = true)
|
359
366
|
unless version(self.document) == "2.0"
|
@@ -364,12 +371,12 @@ module Spid
|
|
364
371
|
end
|
365
372
|
|
366
373
|
def validate_version_assertion(soft = true)
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
|
374
|
+
unless version_assertion(self.document) == "2.0"
|
375
|
+
#return append_error("Unsupported SAML version")
|
376
|
+
return soft ? false : validation_error("Unsupported SAML Assertion version")
|
377
|
+
end
|
378
|
+
true
|
379
|
+
end
|
373
380
|
|
374
381
|
def validate_signed_elements(soft = true)
|
375
382
|
signature_nodes = REXML::XPath.match(decrypted_document.nil? ? document : decrypted_document,"//ds:Signature",{"ds"=>DSIG})
|
@@ -10,7 +10,7 @@ module Spid
|
|
10
10
|
attr_accessor :name_identifier_value, :name_identifier_format
|
11
11
|
attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
|
12
12
|
attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
|
13
|
-
attr_accessor :skip_validation
|
13
|
+
attr_accessor :skip_validation, :aggregato, :hash_aggregatore
|
14
14
|
|
15
15
|
def initialize(config = {})
|
16
16
|
config.each do |k,v|
|
data/spid-es.gemspec
CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = 'spid-es'
|
5
|
-
s.version = '0.0.
|
5
|
+
s.version = '0.0.27'
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spid-es
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.27
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Fabiano Pavan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-07-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: canonix
|