spid-es 0.0.42 → 0.0.47

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/spid/ruby-saml/metadata.rb +16 -9
  3. data/lib/spid/ruby-saml/response.rb +20 -10
  4. data/spid-es.gemspec +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 98963a0fb7909e5e96d105a61d7b3a0c10378b39617dbaadb0c5dfdf6ac8e044
4
- data.tar.gz: 293a46c2471be93d09a6265d28b053f2fce3271d0380ab3981d435f9268023f2
3
+ metadata.gz: ed5837ad5504c2b427af66f7724ce59bab4932d0f7c3d055e80fbe96cb96126c
4
+ data.tar.gz: 26202f27978363a917bd6deda6a2c6a6485791e5b9e89f2b34246d71bba1cf64
5
5
  SHA512:
6
- metadata.gz: 55da9133c1d43fa72384e17d612c86c81ee0cb88f536991a272285c11d2f4cca582ce346d7288055a73ab97ceaac37104e6aedababba781a60a2d4902d76d6d3
7
- data.tar.gz: 08569eb6ffca8f6fa3e34e31a0c2972fdd049e721ffc7774081c8d98b3283a0034f43ca9baa9da15fcbb38305eadbe68a6a1196f19003aedc4ab0de24c0835e5
6
+ metadata.gz: 4a1fc512a4372c0ae73a69ea60534da0403811b70f2de372e060f8fd2bcd0bc801f88165fcc68127fd726862bdcc359827475ba62b714b9d7ca2347265b57a63
7
+ data.tar.gz: 7e52ca39ea8f39b10744f090cfb9173dec91254c2775b70781b632dd8480be91153d3c539d3ab21391111d69605de30e21fb5be22d498b4a393e6e48342bfb7d
data/lib/spid/ruby-saml/metadata.rb CHANGED
@@ -21,6 +21,8 @@ module Spid
21
21
 
22
22
  attr_accessor :uuid
23
23
 
24
+ @@cache = {}
25
+
24
26
  def initialize(settings=nil)
25
27
  if settings
26
28
  @settings = settings
@@ -392,7 +394,6 @@ module Spid
392
394
  end
393
395
 
394
396
  meta_doc = get_idp_metadata
395
-
396
397
  return nil unless meta_doc
397
398
  # first try GET (REDIRECT)
398
399
  sso_element = REXML::XPath.first(meta_doc, "/EntityDescriptor/IDPSSODescriptor/#{service}[@Binding='#{HTTP_GET}']")
@@ -449,20 +450,26 @@ module Spid
449
450
  # returns a REXML document of the metadata
450
451
  def get_idp_metadata
451
452
  return false if @settings.idp_metadata.nil?
452
-
453
453
  # Look up the metdata in cache first
454
454
  id = Digest::MD5.hexdigest(@settings.idp_metadata)
455
- response = fetch(@settings.idp_metadata)
456
- #meta_text = response.body
457
- #testo_response = meta_text.sub!(' xmlns:xml="http://www.w3.org/XML/1998/namespace"', '') da errori
458
- #uso nokogiri per cercare il certificato, uso la funzione che rimuove tutti i namespace
459
- doc_noko = Nokogiri::XML(response.body.gsub(/\n/, "").gsub(/\t/, "")) #modifica per poste
460
- doc_noko.remove_namespaces!
455
+ unless @@cache[id].blank?
456
+ Logging.debug "IdP metadata cache used for #{@settings.idp_metadata}"
457
+ doc_noko = @@cache[id]
458
+ else #save in cache
459
+ response = fetch(@settings.idp_metadata)
460
+ #meta_text = response.body
461
+ #testo_response = meta_text.sub!(' xmlns:xml="http://www.w3.org/XML/1998/namespace"', '') da errori
462
+ #uso nokogiri per cercare il certificato, uso la funzione che rimuove tutti i namespace
463
+ doc_noko = Nokogiri::XML(response.body.gsub(/\n/, "").gsub(/\t/, "")) #modifica per poste
464
+ doc_noko.remove_namespaces!
465
+ #save
466
+ @@cache[id] = doc_noko
467
+ end
461
468
  extract_certificate(doc_noko)
462
469
  doc_rexml = REXML::Document.new(doc_noko.to_xml)
463
-
464
470
  return doc_rexml
465
471
 
472
+
466
473
  # USE OF CACHE WITH CERTIFICATE
467
474
  # lookup = @cache.read(id)
468
475
  # if lookup != nil
data/lib/spid/ruby-saml/response.rb CHANGED
@@ -235,6 +235,12 @@ module Spid
235
235
  return node_cond_not_on_or_after.attributes["NotOnOrAfter"] unless node_cond_not_on_or_after.blank?
236
236
  end
237
237
 
238
+ #ricavo l'issue instant della request
239
+ def assertion_authninstant
240
+ node_authn_statement = xpath_first_from_signed_assertion('/a:AuthnStatement')
241
+ return node_authn_statement.attributes["AuthnInstant"] unless node_authn_statement.blank?
242
+ end
243
+
238
244
  private
239
245
 
240
246
  def validation_error(message)
@@ -249,7 +255,7 @@ module Spid
249
255
  idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
250
256
  end
251
257
  #verifico se sono stati scaricati i metadati dell'idp
252
- return false if validate_metadata_idp(soft) == false
258
+ return false if validate_metadata_idp(idp_metadata) == false
253
259
 
254
260
  #carico nei setting l'idp_entity_id
255
261
  entity_descriptor_element = REXML::XPath.first(idp_metadata,"/EntityDescriptor")
@@ -285,7 +291,7 @@ module Spid
285
291
  return true if settings.skip_validation == true
286
292
 
287
293
  # document.validte populates the idp_cert
288
- return false if document.validate_document(get_fingerprint, soft) == false
294
+ #return false if document.validate_document(get_fingerprint, soft) == false #DA TOGLIERE, FIX PER DOPPIO CERTIFICATO POSTE
289
295
 
290
296
  # validate response code
291
297
  return false if success? == false
@@ -337,9 +343,12 @@ module Spid
337
343
 
338
344
 
339
345
  #validate presenza dei metadata per idp
340
- def validate_metadata_idp(soft=true)
341
- return (soft ? false : validation_error("Metadata idp non raggiungibile per #{settings.idp_entity_id}")) if document.blank?
342
- true
346
+ def validate_metadata_idp(metadata_idp)
347
+ if metadata_idp.blank?
348
+ validation_error("Metadata idp non raggiungibile per #{settings.idp_entity_id}")
349
+ else
350
+ return true
351
+ end
343
352
  end
344
353
 
345
354
  # Validates the SAML version (2.0)
@@ -505,11 +514,12 @@ module Spid
505
514
 
506
515
  return true if settings.assertion_consumer_service_url.nil? || settings.assertion_consumer_service_url.empty?
507
516
 
508
- unless Spid::Saml::Utils.uri_match?(destination, settings.assertion_consumer_service_url)
509
- # error_msg = "The response was received at #{destination} instead of #{settings.assertion_consumer_service_url}"
510
- # return append_error(error_msg)
511
- return soft ? false : validation_error("The response was received at #{destination} instead of #{settings.assertion_consumer_service_url}")
512
- end
517
+ #DA-RIPRISTINARE!
518
+ # unless Spid::Saml::Utils.uri_match?(destination, settings.assertion_consumer_service_url)
519
+ # # error_msg = "The response was received at #{destination} instead of #{settings.assertion_consumer_service_url}"
520
+ # # return append_error(error_msg)
521
+ # return soft ? false : validation_error("The response was received at #{destination} instead of #{settings.assertion_consumer_service_url}")
522
+ # end
513
523
 
514
524
  true
515
525
  end
data/spid-es.gemspec CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'spid-es'
5
- s.version = '0.0.42'
5
+ s.version = '0.0.47'
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Fabiano Pavan"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid-es
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.42
4
+ version: 0.0.47
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fabiano Pavan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-28 00:00:00.000000000 Z
11
+ date: 2021-02-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: canonix