spid-es 0.0.46 → 0.0.50
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/spid/ruby-saml/authrequest.rb +11 -3
- data/lib/spid/ruby-saml/metadata.rb +14 -14
- data/lib/spid/ruby-saml/response.rb +16 -6
- data/lib/spid/ruby-saml/settings.rb +1 -1
- data/lib/spid/xml_security_new.rb +6 -2
- data/spid-es.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1da690cbc5b4e743cd4d5f536f1b4ed7e39c9d712fc95d6f162374c4a9271996
|
|
4
|
+
data.tar.gz: c842a2b8db198ab83242cce59afab8c98b80ed27c477baa9595add473bef937f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2abf35831376b348a6ea317987d90423a7d503f75becdf3325df12a4306c7ea7b9154310215f95e7a57c91e3a58f035953b7b390dcc977bc7eec11536b8a121
|
|
7
|
+
data.tar.gz: 62c15cf73a3f0838586e96eae0ac44c06eb9a86a27685b72e0cd25aafbd1c7fa439f07a719d64b735c787013b2c7b739f1c2a6b34cba946b505b2fe45d0cc100
|
|
@@ -29,9 +29,8 @@ module Spid::Saml
|
|
|
29
29
|
# Create AuthnRequest root element using REXML
|
|
30
30
|
request_doc = Spid::XMLSecurityNew::Document.new
|
|
31
31
|
request_doc.context[:attribute_quote] = :quote
|
|
32
|
-
root = request_doc.add_element "saml2p:AuthnRequest", { "xmlns:saml2p"
|
|
33
|
-
"xmlns:saml2"
|
|
34
|
-
}
|
|
32
|
+
root = request_doc.add_element "saml2p:AuthnRequest", { "xmlns:saml2p" => "urn:oasis:names:tc:SAML:2.0:protocol",
|
|
33
|
+
"xmlns:saml2" => "urn:oasis:names:tc:SAML:2.0:assertion" }
|
|
35
34
|
root.attributes['ID'] = uuid
|
|
36
35
|
root.attributes['IssueInstant'] = time
|
|
37
36
|
root.attributes['Version'] = "2.0"
|
|
@@ -60,6 +59,15 @@ module Spid::Saml
|
|
|
60
59
|
issuer.text = @settings.issuer #questo valore deve essere uguale al #entityID dei metadata che usa @settings.issuer
|
|
61
60
|
end
|
|
62
61
|
|
|
62
|
+
#aggiunta tag purpose (DOPO ISSUER!) per persona giuridica o uso professionale
|
|
63
|
+
if @settings.tipo_accesso != nil
|
|
64
|
+
extension_context = root.add_element "saml2p:Extensions", {
|
|
65
|
+
"xmlns:spid" => "https://spid.gov.it/saml-extensions"
|
|
66
|
+
}
|
|
67
|
+
spid_purpose_element = extension_context.add_element "spid:Purpose"
|
|
68
|
+
spid_purpose_element.text = @settings.tipo_accesso
|
|
69
|
+
end
|
|
70
|
+
|
|
63
71
|
# #opzionale
|
|
64
72
|
# unless @settings.sp_name_qualifier.blank?
|
|
65
73
|
# subject = root.add_element "saml:Subject"
|
|
@@ -155,13 +155,11 @@ module Spid
|
|
|
155
155
|
end
|
|
156
156
|
|
|
157
157
|
if settings.assertion_consumer_service_url
|
|
158
|
-
|
|
159
158
|
#ciclo e creo i vari tag AssertionConsumerService
|
|
160
159
|
settings.hash_assertion_consumer.each_pair{ |index, hash_service|
|
|
161
|
-
|
|
162
160
|
sp_sso.add_element "md:AssertionConsumerService", {
|
|
163
161
|
"Binding" => settings.assertion_consumer_service_binding,
|
|
164
|
-
"Location" =>
|
|
162
|
+
"Location" => hash_service['url_consumer'],
|
|
165
163
|
"isDefault" => hash_service['default'],
|
|
166
164
|
"index" => index
|
|
167
165
|
}
|
|
@@ -511,18 +509,20 @@ module Spid
|
|
|
511
509
|
#ricerco il certificato con nokogiri
|
|
512
510
|
# pull out the x509 tag
|
|
513
511
|
x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
#
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
512
|
+
if !x509.nil?
|
|
513
|
+
if x509.length > 1
|
|
514
|
+
@settings.idp_cert = []
|
|
515
|
+
x509.children.each{|child_cert|
|
|
516
|
+
@settings.idp_cert << child_cert.to_s.gsub(/\n/, "").gsub(/\t/, "")
|
|
517
|
+
}
|
|
518
|
+
else #un array con un campo
|
|
519
|
+
@settings.idp_cert = [x509.children[0].to_s.gsub(/\n/, "").gsub(/\t/, "")]
|
|
520
|
+
end
|
|
521
|
+
else #se nil uso il certificato in keyinfo, non dovrebbe mai accadere
|
|
522
|
+
x509 = meta_doc.xpath("//EntityDescriptor//Signature//KeyInfo//X509Data//X509Certificate")
|
|
524
523
|
end
|
|
525
|
-
|
|
524
|
+
#se ci sono n certificati ritorno array
|
|
525
|
+
@settings.idp_cert
|
|
526
526
|
end
|
|
527
527
|
|
|
528
528
|
# construct the parameter list on the URL and return
|
|
@@ -616,15 +616,25 @@ module Spid
|
|
|
616
616
|
|
|
617
617
|
def get_fingerprint
|
|
618
618
|
idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
|
|
619
|
-
|
|
620
619
|
if settings.idp_cert
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
620
|
+
#controllo se ho n certificati
|
|
621
|
+
if settings.idp_cert.length > 1
|
|
622
|
+
array_fingerprint = []
|
|
623
|
+
settings.idp_cert.each{|cert_metadata_ipd|
|
|
624
|
+
cert_text = Base64.decode64(cert_metadata_ipd)
|
|
625
|
+
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
626
|
+
array_fingerprint << Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
|
|
627
|
+
}
|
|
628
|
+
return array_fingerprint
|
|
629
|
+
else
|
|
630
|
+
cert_text = Base64.decode64(settings.idp_cert[0])
|
|
631
|
+
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
632
|
+
return [Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")]
|
|
633
|
+
end
|
|
634
|
+
|
|
624
635
|
else
|
|
625
|
-
settings.idp_cert_fingerprint
|
|
636
|
+
return [settings.idp_cert_fingerprint]
|
|
626
637
|
end
|
|
627
|
-
|
|
628
638
|
end
|
|
629
639
|
|
|
630
640
|
def validate_conditions(soft = true)
|
|
@@ -10,7 +10,7 @@ module Spid
|
|
|
10
10
|
attr_accessor :name_identifier_value, :name_identifier_format
|
|
11
11
|
attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
|
|
12
12
|
attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
|
|
13
|
-
attr_accessor :skip_validation, :aggregato, :hash_aggregatore
|
|
13
|
+
attr_accessor :skip_validation, :aggregato, :hash_aggregatore, :tipo_accesso
|
|
14
14
|
|
|
15
15
|
def initialize(config = {})
|
|
16
16
|
config.each do |k,v|
|
|
@@ -200,7 +200,7 @@ module Spid
|
|
|
200
200
|
def signed_element_id
|
|
201
201
|
@signed_element_id ||= extract_signed_element_id
|
|
202
202
|
end
|
|
203
|
-
|
|
203
|
+
#idp_cert_fingerprint e' un array di fingerprint
|
|
204
204
|
def validate_document(idp_cert_fingerprint, soft = true, options = {})
|
|
205
205
|
# get cert from response
|
|
206
206
|
cert_element = REXML::XPath.first(
|
|
@@ -226,7 +226,11 @@ module Spid
|
|
|
226
226
|
fingerprint = fingerprint_alg.hexdigest(cert.to_der)
|
|
227
227
|
|
|
228
228
|
# check cert matches registered idp cert
|
|
229
|
-
|
|
229
|
+
trovato = false
|
|
230
|
+
idp_cert_fingerprint.each{|fingerprint_from_idp|
|
|
231
|
+
trovato = true if fingerprint_from_idp.gsub(/[^a-zA-Z0-9]/,"").downcase == fingerprint
|
|
232
|
+
}
|
|
233
|
+
if !trovato
|
|
230
234
|
@errors << "Fingerprint mismatch"
|
|
231
235
|
return append_error("Fingerprint mismatch", soft)
|
|
232
236
|
end
|
data/spid-es.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'spid-es'
|
|
5
|
-
s.version = '0.0.
|
|
5
|
+
s.version = '0.0.50'
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-es
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.50
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fabiano Pavan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: canonix
|