spid-es 0.0.41 → 0.0.46
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/spid/ruby-saml/metadata.rb +16 -9
- data/lib/spid/ruby-saml/response.rb +23 -6
- data/spid-es.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ff0046e4d703051a6f29f47cc7d46190f2801fe99c5f72b00fadb30ae6747ed5
|
4
|
+
data.tar.gz: 2a648d0f993c42fb084c136713aec8fd10e19f567320ac7ff2775ecde965f320
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5e3fdfc9a76277b2e3bf125531019821d5db0d6a627c6e382a724fd0d380c34f35f942eccead8391e37aa51a51e08315379885e906e06ea1c82f197b9130798f
|
7
|
+
data.tar.gz: 761028854b3bea2c4b4ac164f0d39844b41bbd151184a1699ac9b23198efce2eafc7f450e26c1ab5d1cc5f0b90ea3036d36c427ebd92948491e338dc2ee91697
|
@@ -21,6 +21,8 @@ module Spid
|
|
21
21
|
|
22
22
|
attr_accessor :uuid
|
23
23
|
|
24
|
+
@@cache = {}
|
25
|
+
|
24
26
|
def initialize(settings=nil)
|
25
27
|
if settings
|
26
28
|
@settings = settings
|
@@ -392,7 +394,6 @@ module Spid
|
|
392
394
|
end
|
393
395
|
|
394
396
|
meta_doc = get_idp_metadata
|
395
|
-
|
396
397
|
return nil unless meta_doc
|
397
398
|
# first try GET (REDIRECT)
|
398
399
|
sso_element = REXML::XPath.first(meta_doc, "/EntityDescriptor/IDPSSODescriptor/#{service}[@Binding='#{HTTP_GET}']")
|
@@ -449,20 +450,26 @@ module Spid
|
|
449
450
|
# returns a REXML document of the metadata
|
450
451
|
def get_idp_metadata
|
451
452
|
return false if @settings.idp_metadata.nil?
|
452
|
-
|
453
453
|
# Look up the metdata in cache first
|
454
454
|
id = Digest::MD5.hexdigest(@settings.idp_metadata)
|
455
|
-
|
456
|
-
|
457
|
-
|
458
|
-
#
|
459
|
-
|
460
|
-
|
455
|
+
unless @@cache[id].blank?
|
456
|
+
Logging.debug "IdP metadata cache used for #{@settings.idp_metadata}"
|
457
|
+
doc_noko = @@cache[id]
|
458
|
+
else #save in cache
|
459
|
+
response = fetch(@settings.idp_metadata)
|
460
|
+
#meta_text = response.body
|
461
|
+
#testo_response = meta_text.sub!(' xmlns:xml="http://www.w3.org/XML/1998/namespace"', '') da errori
|
462
|
+
#uso nokogiri per cercare il certificato, uso la funzione che rimuove tutti i namespace
|
463
|
+
doc_noko = Nokogiri::XML(response.body.gsub(/\n/, "").gsub(/\t/, "")) #modifica per poste
|
464
|
+
doc_noko.remove_namespaces!
|
465
|
+
#save
|
466
|
+
@@cache[id] = doc_noko
|
467
|
+
end
|
461
468
|
extract_certificate(doc_noko)
|
462
469
|
doc_rexml = REXML::Document.new(doc_noko.to_xml)
|
463
|
-
|
464
470
|
return doc_rexml
|
465
471
|
|
472
|
+
|
466
473
|
# USE OF CACHE WITH CERTIFICATE
|
467
474
|
# lookup = @cache.read(id)
|
468
475
|
# if lookup != nil
|
@@ -235,6 +235,12 @@ module Spid
|
|
235
235
|
return node_cond_not_on_or_after.attributes["NotOnOrAfter"] unless node_cond_not_on_or_after.blank?
|
236
236
|
end
|
237
237
|
|
238
|
+
#ricavo l'issue instant della request
|
239
|
+
def assertion_authninstant
|
240
|
+
node_authn_statement = xpath_first_from_signed_assertion('/a:AuthnStatement')
|
241
|
+
return node_authn_statement.attributes["AuthnInstant"] unless node_authn_statement.blank?
|
242
|
+
end
|
243
|
+
|
238
244
|
private
|
239
245
|
|
240
246
|
def validation_error(message)
|
@@ -248,7 +254,9 @@ module Spid
|
|
248
254
|
if settings
|
249
255
|
idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
|
250
256
|
end
|
251
|
-
|
257
|
+
#verifico se sono stati scaricati i metadati dell'idp
|
258
|
+
return false if validate_metadata_idp(idp_metadata) == false
|
259
|
+
|
252
260
|
#carico nei setting l'idp_entity_id
|
253
261
|
entity_descriptor_element = REXML::XPath.first(idp_metadata,"/EntityDescriptor")
|
254
262
|
if !entity_descriptor_element.nil?
|
@@ -334,6 +342,14 @@ module Spid
|
|
334
342
|
end
|
335
343
|
|
336
344
|
|
345
|
+
#validate presenza dei metadata per idp
|
346
|
+
def validate_metadata_idp(metadata_idp)
|
347
|
+
if metadata_idp.blank?
|
348
|
+
validation_error("Metadata idp non raggiungibile per #{settings.idp_entity_id}")
|
349
|
+
else
|
350
|
+
return true
|
351
|
+
end
|
352
|
+
end
|
337
353
|
|
338
354
|
# Validates the SAML version (2.0)
|
339
355
|
# If fails, the error is added to the errors array.
|
@@ -498,11 +514,12 @@ module Spid
|
|
498
514
|
|
499
515
|
return true if settings.assertion_consumer_service_url.nil? || settings.assertion_consumer_service_url.empty?
|
500
516
|
|
501
|
-
|
502
|
-
|
503
|
-
|
504
|
-
|
505
|
-
|
517
|
+
#DA-RIPRISTINARE!
|
518
|
+
# unless Spid::Saml::Utils.uri_match?(destination, settings.assertion_consumer_service_url)
|
519
|
+
# # error_msg = "The response was received at #{destination} instead of #{settings.assertion_consumer_service_url}"
|
520
|
+
# # return append_error(error_msg)
|
521
|
+
# return soft ? false : validation_error("The response was received at #{destination} instead of #{settings.assertion_consumer_service_url}")
|
522
|
+
# end
|
506
523
|
|
507
524
|
true
|
508
525
|
end
|
data/spid-es.gemspec
CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = 'spid-es'
|
5
|
-
s.version = '0.0.
|
5
|
+
s.version = '0.0.46'
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spid-es
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.46
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Fabiano Pavan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: canonix
|