RubyGems - spid-es - Versions diffs - 0.0.40 → 0.0.45 - Mend

spid-es 0.0.40 → 0.0.45

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/spid/ruby-saml/authrequest.rb +1 -1
data/lib/spid/ruby-saml/metadata.rb +16 -9
data/lib/spid/ruby-saml/response.rb +17 -1
data/spid-es.gemspec +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aec9beb93fb42dba8f0203fad88e2dabf65e276c6395e19cf92e2e165c9c2f4f
-  data.tar.gz: 0e0836070cda5dcc33c089e48519d58866fa43e3574fbecd38249191f36bb85c
+  metadata.gz: 7f385156ce2d9aec7b466ce0a726ad7cacf04d2cf57a5cb9701388e592a6590b
+  data.tar.gz: de3b335a2b11095447a997409a04f1514e95355e98ea7605ff5a5c9218982e36
 SHA512:
-  metadata.gz: 236ce0c3aa6da8d8468d02ab195c708d2f6cda0f80112bfeca63fba4ec48238d329bfe98b027c988c6a2c6691b789d9f5f61dcb9d3b3a96c282bfe4f86dab576
-  data.tar.gz: 858ce0f3f1eed80bf3d66e2e42e326cd01c0cbfe515b86f78f80a3f042bf2f3a5b7eb47467bad89e8302aca5c5cd07583c799c99f88f8d19a6f99bb5013cb66e
+  metadata.gz: 60ed056da9f0df5176ab0ed91f58f6a7471f92b991f5b85068228b03020dfbda3ae88409936f47d66f5dc8b096d8bc77a499d485e46d09692f159d14b4585a03
+  data.tar.gz: 68713da76beff56ad90f0f6cb94f1ad79c29769918a873d027bc3a63c6fdc30356753c0f6bee0163cc56690775067c8eaa4ca0c0f949260ce9e0fba748ef7aa2

data/lib/spid/ruby-saml/authrequest.rb CHANGED

@@ -84,7 +84,7 @@ module Spid::Saml
       # the IdP will choose default rules for authentication.  (Shibboleth IdP)
       if @settings.authn_context != nil
         requested_context = root.add_element "saml2p:RequestedAuthnContext", {
-          "Comparison" => "exact"
+          "Comparison" => "minimum"
         }
         context_class = []
         @settings.authn_context.each_with_index{ |context, index|

data/lib/spid/ruby-saml/metadata.rb CHANGED

@@ -21,6 +21,8 @@ module Spid
       attr_accessor :uuid
+      @@cache = {}
       def initialize(settings=nil)
         if settings
           @settings = settings
@@ -392,7 +394,6 @@ module Spid
         end
         meta_doc = get_idp_metadata
         return nil unless meta_doc
         # first try GET (REDIRECT)
         sso_element = REXML::XPath.first(meta_doc, "/EntityDescriptor/IDPSSODescriptor/#{service}[@Binding='#{HTTP_GET}']")
@@ -449,20 +450,26 @@ module Spid
       # returns a REXML document of the metadata
       def get_idp_metadata
         return false if @settings.idp_metadata.nil?
         # Look up the metdata in cache first
         id = Digest::MD5.hexdigest(@settings.idp_metadata)
-        response = fetch(@settings.idp_metadata)
-        #meta_text = response.body
-        #testo_response = meta_text.sub!(' xmlns:xml="http://www.w3.org/XML/1998/namespace"', '') da errori
-        #uso nokogiri per cercare il certificato, uso la funzione che rimuove tutti i namespace
-        doc_noko = Nokogiri::XML(response.body.gsub(/\n/, "").gsub(/\t/, "")) #modifica per poste
-        doc_noko.remove_namespaces!
+        unless @@cache[id].blank?
+          Logging.debug "IdP metadata cache used for #{@settings.idp_metadata}"
+          doc_noko = @@cache[id]
+        else #save in cache
+          response = fetch(@settings.idp_metadata)
+          #meta_text = response.body
+          #testo_response = meta_text.sub!(' xmlns:xml="http://www.w3.org/XML/1998/namespace"', '') da errori
+          #uso nokogiri per cercare il certificato, uso la funzione che rimuove tutti i namespace
+          doc_noko = Nokogiri::XML(response.body.gsub(/\n/, "").gsub(/\t/, "")) #modifica per poste
+          doc_noko.remove_namespaces!
+          #save
+          @@cache[id] = doc_noko
+        end
         extract_certificate(doc_noko)
         doc_rexml = REXML::Document.new(doc_noko.to_xml)
         return doc_rexml
         # USE OF CACHE WITH CERTIFICATE
         # lookup = @cache.read(id)
         # if lookup != nil

data/lib/spid/ruby-saml/response.rb CHANGED

@@ -235,6 +235,12 @@ module Spid
           return  node_cond_not_on_or_after.attributes["NotOnOrAfter"] unless node_cond_not_on_or_after.blank?
         end
+        #ricavo l'issue instant della request
+        def assertion_authninstant
+          node_authn_statement = xpath_first_from_signed_assertion('/a:AuthnStatement')
+          return  node_authn_statement.attributes["AuthnInstant"] unless node_authn_statement.blank?
+        end
         private
         def validation_error(message)
@@ -248,7 +254,9 @@ module Spid
             if settings
               idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
             end
+            #verifico se sono stati scaricati i metadati dell'idp
+            return false if validate_metadata_idp(idp_metadata) == false
             #carico nei setting l'idp_entity_id
             entity_descriptor_element = REXML::XPath.first(idp_metadata,"/EntityDescriptor")
             if !entity_descriptor_element.nil?
@@ -334,6 +342,14 @@ module Spid
         end
+        #validate presenza dei metadata per idp
+        def validate_metadata_idp(metadata_idp)
+          if metadata_idp.blank?
+            validation_error("Metadata idp non raggiungibile per #{settings.idp_entity_id}")
+          else
+            return true
+          end
+        end
         # Validates the SAML version (2.0)
         # If fails, the error is added to the errors array.

data/spid-es.gemspec CHANGED

@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 Gem::Specification.new do |s|
   s.name = 'spid-es'
-  s.version = '0.0.40'
+  s.version = '0.0.45'
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Fabiano Pavan"]

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid-es
 version: !ruby/object:Gem::Version
-  version: 0.0.40
+  version: 0.0.45
 platform: ruby
 authors:
 - Fabiano Pavan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-21 00:00:00.000000000 Z
+date: 2021-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix