spid-es 0.0.46 → 0.0.50

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ff0046e4d703051a6f29f47cc7d46190f2801fe99c5f72b00fadb30ae6747ed5
4
- data.tar.gz: 2a648d0f993c42fb084c136713aec8fd10e19f567320ac7ff2775ecde965f320
3
+ metadata.gz: 1da690cbc5b4e743cd4d5f536f1b4ed7e39c9d712fc95d6f162374c4a9271996
4
+ data.tar.gz: c842a2b8db198ab83242cce59afab8c98b80ed27c477baa9595add473bef937f
5
5
  SHA512:
6
- metadata.gz: 5e3fdfc9a76277b2e3bf125531019821d5db0d6a627c6e382a724fd0d380c34f35f942eccead8391e37aa51a51e08315379885e906e06ea1c82f197b9130798f
7
- data.tar.gz: 761028854b3bea2c4b4ac164f0d39844b41bbd151184a1699ac9b23198efce2eafc7f450e26c1ab5d1cc5f0b90ea3036d36c427ebd92948491e338dc2ee91697
6
+ metadata.gz: b2abf35831376b348a6ea317987d90423a7d503f75becdf3325df12a4306c7ea7b9154310215f95e7a57c91e3a58f035953b7b390dcc977bc7eec11536b8a121
7
+ data.tar.gz: 62c15cf73a3f0838586e96eae0ac44c06eb9a86a27685b72e0cd25aafbd1c7fa439f07a719d64b735c787013b2c7b739f1c2a6b34cba946b505b2fe45d0cc100
@@ -29,9 +29,8 @@ module Spid::Saml
29
29
  # Create AuthnRequest root element using REXML
30
30
  request_doc = Spid::XMLSecurityNew::Document.new
31
31
  request_doc.context[:attribute_quote] = :quote
32
- root = request_doc.add_element "saml2p:AuthnRequest", { "xmlns:saml2p" => "urn:oasis:names:tc:SAML:2.0:protocol",
33
- "xmlns:saml2" => "urn:oasis:names:tc:SAML:2.0:assertion"
34
- }
32
+ root = request_doc.add_element "saml2p:AuthnRequest", { "xmlns:saml2p" => "urn:oasis:names:tc:SAML:2.0:protocol",
33
+ "xmlns:saml2" => "urn:oasis:names:tc:SAML:2.0:assertion" }
35
34
  root.attributes['ID'] = uuid
36
35
  root.attributes['IssueInstant'] = time
37
36
  root.attributes['Version'] = "2.0"
@@ -60,6 +59,15 @@ module Spid::Saml
60
59
  issuer.text = @settings.issuer #questo valore deve essere uguale al #entityID dei metadata che usa @settings.issuer
61
60
  end
62
61
 
62
+ #aggiunta tag purpose (DOPO ISSUER!) per persona giuridica o uso professionale
63
+ if @settings.tipo_accesso != nil
64
+ extension_context = root.add_element "saml2p:Extensions", {
65
+ "xmlns:spid" => "https://spid.gov.it/saml-extensions"
66
+ }
67
+ spid_purpose_element = extension_context.add_element "spid:Purpose"
68
+ spid_purpose_element.text = @settings.tipo_accesso
69
+ end
70
+
63
71
  # #opzionale
64
72
  # unless @settings.sp_name_qualifier.blank?
65
73
  # subject = root.add_element "saml:Subject"
@@ -155,13 +155,11 @@ module Spid
155
155
  end
156
156
 
157
157
  if settings.assertion_consumer_service_url
158
-
159
158
  #ciclo e creo i vari tag AssertionConsumerService
160
159
  settings.hash_assertion_consumer.each_pair{ |index, hash_service|
161
-
162
160
  sp_sso.add_element "md:AssertionConsumerService", {
163
161
  "Binding" => settings.assertion_consumer_service_binding,
164
- "Location" => (hash_service['external'] ? hash_service['url_consumer'] : settings.assertion_consumer_service_url ),
162
+ "Location" => hash_service['url_consumer'],
165
163
  "isDefault" => hash_service['default'],
166
164
  "index" => index
167
165
  }
@@ -511,18 +509,20 @@ module Spid
511
509
  #ricerco il certificato con nokogiri
512
510
  # pull out the x509 tag
513
511
  x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
514
-
515
- #x509 = REXML::XPath.first(meta_doc, "/md:EntityDescriptor/md:IDPSSODescriptor"+"/md:KeyDescriptor"+"/ds:KeyInfo/ds:X509Data/ds:X509Certificate")
516
- # If the IdP didn't specify the use attribute
517
- if x509.nil?
518
- x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
519
- # x509 = REXML::XPath.first(meta_doc,
520
- # "/EntityDescriptor/IDPSSODescriptor" +
521
- # "/KeyDescriptor" +
522
- # "/ds:KeyInfo/ds:X509Data/ds:X509Certificate"
523
- # )
512
+ if !x509.nil?
513
+ if x509.length > 1
514
+ @settings.idp_cert = []
515
+ x509.children.each{|child_cert|
516
+ @settings.idp_cert << child_cert.to_s.gsub(/\n/, "").gsub(/\t/, "")
517
+ }
518
+ else #un array con un campo
519
+ @settings.idp_cert = [x509.children[0].to_s.gsub(/\n/, "").gsub(/\t/, "")]
520
+ end
521
+ else #se nil uso il certificato in keyinfo, non dovrebbe mai accadere
522
+ x509 = meta_doc.xpath("//EntityDescriptor//Signature//KeyInfo//X509Data//X509Certificate")
524
523
  end
525
- @settings.idp_cert = x509.children.to_s.gsub(/\n/, "").gsub(/\t/, "")
524
+ #se ci sono n certificati ritorno array
525
+ @settings.idp_cert
526
526
  end
527
527
 
528
528
  # construct the parameter list on the URL and return
@@ -616,15 +616,25 @@ module Spid
616
616
 
617
617
  def get_fingerprint
618
618
  idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
619
-
620
619
  if settings.idp_cert
621
- cert_text = Base64.decode64(settings.idp_cert)
622
- cert = OpenSSL::X509::Certificate.new(cert_text)
623
- Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
620
+ #controllo se ho n certificati
621
+ if settings.idp_cert.length > 1
622
+ array_fingerprint = []
623
+ settings.idp_cert.each{|cert_metadata_ipd|
624
+ cert_text = Base64.decode64(cert_metadata_ipd)
625
+ cert = OpenSSL::X509::Certificate.new(cert_text)
626
+ array_fingerprint << Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
627
+ }
628
+ return array_fingerprint
629
+ else
630
+ cert_text = Base64.decode64(settings.idp_cert[0])
631
+ cert = OpenSSL::X509::Certificate.new(cert_text)
632
+ return [Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")]
633
+ end
634
+
624
635
  else
625
- settings.idp_cert_fingerprint
636
+ return [settings.idp_cert_fingerprint]
626
637
  end
627
-
628
638
  end
629
639
 
630
640
  def validate_conditions(soft = true)
@@ -10,7 +10,7 @@ module Spid
10
10
  attr_accessor :name_identifier_value, :name_identifier_format
11
11
  attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
12
12
  attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
13
- attr_accessor :skip_validation, :aggregato, :hash_aggregatore
13
+ attr_accessor :skip_validation, :aggregato, :hash_aggregatore, :tipo_accesso
14
14
 
15
15
  def initialize(config = {})
16
16
  config.each do |k,v|
@@ -200,7 +200,7 @@ module Spid
200
200
  def signed_element_id
201
201
  @signed_element_id ||= extract_signed_element_id
202
202
  end
203
-
203
+ #idp_cert_fingerprint e' un array di fingerprint
204
204
  def validate_document(idp_cert_fingerprint, soft = true, options = {})
205
205
  # get cert from response
206
206
  cert_element = REXML::XPath.first(
@@ -226,7 +226,11 @@ module Spid
226
226
  fingerprint = fingerprint_alg.hexdigest(cert.to_der)
227
227
 
228
228
  # check cert matches registered idp cert
229
- if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
229
+ trovato = false
230
+ idp_cert_fingerprint.each{|fingerprint_from_idp|
231
+ trovato = true if fingerprint_from_idp.gsub(/[^a-zA-Z0-9]/,"").downcase == fingerprint
232
+ }
233
+ if !trovato
230
234
  @errors << "Fingerprint mismatch"
231
235
  return append_error("Fingerprint mismatch", soft)
232
236
  end
data/spid-es.gemspec CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'spid-es'
5
- s.version = '0.0.46'
5
+ s.version = '0.0.50'
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Fabiano Pavan"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid-es
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.46
4
+ version: 0.0.50
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fabiano Pavan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-26 00:00:00.000000000 Z
11
+ date: 2021-09-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: canonix