spid-es 0.0.46 → 0.0.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/spid/ruby-saml/authrequest.rb +11 -3
- data/lib/spid/ruby-saml/metadata.rb +14 -14
- data/lib/spid/ruby-saml/response.rb +16 -6
- data/lib/spid/ruby-saml/settings.rb +1 -1
- data/lib/spid/xml_security_new.rb +6 -2
- data/spid-es.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1da690cbc5b4e743cd4d5f536f1b4ed7e39c9d712fc95d6f162374c4a9271996
|
|
4
|
+
data.tar.gz: c842a2b8db198ab83242cce59afab8c98b80ed27c477baa9595add473bef937f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2abf35831376b348a6ea317987d90423a7d503f75becdf3325df12a4306c7ea7b9154310215f95e7a57c91e3a58f035953b7b390dcc977bc7eec11536b8a121
|
|
7
|
+
data.tar.gz: 62c15cf73a3f0838586e96eae0ac44c06eb9a86a27685b72e0cd25aafbd1c7fa439f07a719d64b735c787013b2c7b739f1c2a6b34cba946b505b2fe45d0cc100
|
|
@@ -29,9 +29,8 @@ module Spid::Saml
|
|
|
29
29
|
# Create AuthnRequest root element using REXML
|
|
30
30
|
request_doc = Spid::XMLSecurityNew::Document.new
|
|
31
31
|
request_doc.context[:attribute_quote] = :quote
|
|
32
|
-
root = request_doc.add_element "saml2p:AuthnRequest", { "xmlns:saml2p"
|
|
33
|
-
"xmlns:saml2"
|
|
34
|
-
}
|
|
32
|
+
root = request_doc.add_element "saml2p:AuthnRequest", { "xmlns:saml2p" => "urn:oasis:names:tc:SAML:2.0:protocol",
|
|
33
|
+
"xmlns:saml2" => "urn:oasis:names:tc:SAML:2.0:assertion" }
|
|
35
34
|
root.attributes['ID'] = uuid
|
|
36
35
|
root.attributes['IssueInstant'] = time
|
|
37
36
|
root.attributes['Version'] = "2.0"
|
|
@@ -60,6 +59,15 @@ module Spid::Saml
|
|
|
60
59
|
issuer.text = @settings.issuer #questo valore deve essere uguale al #entityID dei metadata che usa @settings.issuer
|
|
61
60
|
end
|
|
62
61
|
|
|
62
|
+
#aggiunta tag purpose (DOPO ISSUER!) per persona giuridica o uso professionale
|
|
63
|
+
if @settings.tipo_accesso != nil
|
|
64
|
+
extension_context = root.add_element "saml2p:Extensions", {
|
|
65
|
+
"xmlns:spid" => "https://spid.gov.it/saml-extensions"
|
|
66
|
+
}
|
|
67
|
+
spid_purpose_element = extension_context.add_element "spid:Purpose"
|
|
68
|
+
spid_purpose_element.text = @settings.tipo_accesso
|
|
69
|
+
end
|
|
70
|
+
|
|
63
71
|
# #opzionale
|
|
64
72
|
# unless @settings.sp_name_qualifier.blank?
|
|
65
73
|
# subject = root.add_element "saml:Subject"
|
|
@@ -155,13 +155,11 @@ module Spid
|
|
|
155
155
|
end
|
|
156
156
|
|
|
157
157
|
if settings.assertion_consumer_service_url
|
|
158
|
-
|
|
159
158
|
#ciclo e creo i vari tag AssertionConsumerService
|
|
160
159
|
settings.hash_assertion_consumer.each_pair{ |index, hash_service|
|
|
161
|
-
|
|
162
160
|
sp_sso.add_element "md:AssertionConsumerService", {
|
|
163
161
|
"Binding" => settings.assertion_consumer_service_binding,
|
|
164
|
-
"Location" =>
|
|
162
|
+
"Location" => hash_service['url_consumer'],
|
|
165
163
|
"isDefault" => hash_service['default'],
|
|
166
164
|
"index" => index
|
|
167
165
|
}
|
|
@@ -511,18 +509,20 @@ module Spid
|
|
|
511
509
|
#ricerco il certificato con nokogiri
|
|
512
510
|
# pull out the x509 tag
|
|
513
511
|
x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
#
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
512
|
+
if !x509.nil?
|
|
513
|
+
if x509.length > 1
|
|
514
|
+
@settings.idp_cert = []
|
|
515
|
+
x509.children.each{|child_cert|
|
|
516
|
+
@settings.idp_cert << child_cert.to_s.gsub(/\n/, "").gsub(/\t/, "")
|
|
517
|
+
}
|
|
518
|
+
else #un array con un campo
|
|
519
|
+
@settings.idp_cert = [x509.children[0].to_s.gsub(/\n/, "").gsub(/\t/, "")]
|
|
520
|
+
end
|
|
521
|
+
else #se nil uso il certificato in keyinfo, non dovrebbe mai accadere
|
|
522
|
+
x509 = meta_doc.xpath("//EntityDescriptor//Signature//KeyInfo//X509Data//X509Certificate")
|
|
524
523
|
end
|
|
525
|
-
|
|
524
|
+
#se ci sono n certificati ritorno array
|
|
525
|
+
@settings.idp_cert
|
|
526
526
|
end
|
|
527
527
|
|
|
528
528
|
# construct the parameter list on the URL and return
|
|
@@ -616,15 +616,25 @@ module Spid
|
|
|
616
616
|
|
|
617
617
|
def get_fingerprint
|
|
618
618
|
idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
|
|
619
|
-
|
|
620
619
|
if settings.idp_cert
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
620
|
+
#controllo se ho n certificati
|
|
621
|
+
if settings.idp_cert.length > 1
|
|
622
|
+
array_fingerprint = []
|
|
623
|
+
settings.idp_cert.each{|cert_metadata_ipd|
|
|
624
|
+
cert_text = Base64.decode64(cert_metadata_ipd)
|
|
625
|
+
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
626
|
+
array_fingerprint << Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
|
|
627
|
+
}
|
|
628
|
+
return array_fingerprint
|
|
629
|
+
else
|
|
630
|
+
cert_text = Base64.decode64(settings.idp_cert[0])
|
|
631
|
+
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
632
|
+
return [Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")]
|
|
633
|
+
end
|
|
634
|
+
|
|
624
635
|
else
|
|
625
|
-
settings.idp_cert_fingerprint
|
|
636
|
+
return [settings.idp_cert_fingerprint]
|
|
626
637
|
end
|
|
627
|
-
|
|
628
638
|
end
|
|
629
639
|
|
|
630
640
|
def validate_conditions(soft = true)
|
|
@@ -10,7 +10,7 @@ module Spid
|
|
|
10
10
|
attr_accessor :name_identifier_value, :name_identifier_format
|
|
11
11
|
attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
|
|
12
12
|
attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
|
|
13
|
-
attr_accessor :skip_validation, :aggregato, :hash_aggregatore
|
|
13
|
+
attr_accessor :skip_validation, :aggregato, :hash_aggregatore, :tipo_accesso
|
|
14
14
|
|
|
15
15
|
def initialize(config = {})
|
|
16
16
|
config.each do |k,v|
|
|
@@ -200,7 +200,7 @@ module Spid
|
|
|
200
200
|
def signed_element_id
|
|
201
201
|
@signed_element_id ||= extract_signed_element_id
|
|
202
202
|
end
|
|
203
|
-
|
|
203
|
+
#idp_cert_fingerprint e' un array di fingerprint
|
|
204
204
|
def validate_document(idp_cert_fingerprint, soft = true, options = {})
|
|
205
205
|
# get cert from response
|
|
206
206
|
cert_element = REXML::XPath.first(
|
|
@@ -226,7 +226,11 @@ module Spid
|
|
|
226
226
|
fingerprint = fingerprint_alg.hexdigest(cert.to_der)
|
|
227
227
|
|
|
228
228
|
# check cert matches registered idp cert
|
|
229
|
-
|
|
229
|
+
trovato = false
|
|
230
|
+
idp_cert_fingerprint.each{|fingerprint_from_idp|
|
|
231
|
+
trovato = true if fingerprint_from_idp.gsub(/[^a-zA-Z0-9]/,"").downcase == fingerprint
|
|
232
|
+
}
|
|
233
|
+
if !trovato
|
|
230
234
|
@errors << "Fingerprint mismatch"
|
|
231
235
|
return append_error("Fingerprint mismatch", soft)
|
|
232
236
|
end
|
data/spid-es.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'spid-es'
|
|
5
|
-
s.version = '0.0.
|
|
5
|
+
s.version = '0.0.50'
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-es
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.50
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fabiano Pavan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: canonix
|