spid-es 0.0.50 → 0.0.51

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/spid/ruby-saml/metadata.rb +1 -1
  3. data/lib/spid/ruby-saml/response.rb +4 -2
  4. data/lib/spid/ruby-saml/settings.rb +1 -1
  5. data/lib/spid/xml_security_new.rb +1 -0
  6. data/spid-es.gemspec +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1da690cbc5b4e743cd4d5f536f1b4ed7e39c9d712fc95d6f162374c4a9271996
4
- data.tar.gz: c842a2b8db198ab83242cce59afab8c98b80ed27c477baa9595add473bef937f
3
+ metadata.gz: a6f3772185b3430b84c5c85ea18dbd1a701795ff5a96c910a064ab6870926fde
4
+ data.tar.gz: 1a483c53ae1b70a24e32ce4eb9191b6cc05de1decc5bbd668befa30fff992566
5
5
  SHA512:
6
- metadata.gz: b2abf35831376b348a6ea317987d90423a7d503f75becdf3325df12a4306c7ea7b9154310215f95e7a57c91e3a58f035953b7b390dcc977bc7eec11536b8a121
7
- data.tar.gz: 62c15cf73a3f0838586e96eae0ac44c06eb9a86a27685b72e0cd25aafbd1c7fa439f07a719d64b735c787013b2c7b739f1c2a6b34cba946b505b2fe45d0cc100
6
+ metadata.gz: d4907d3a3ea8c5fd00962f1b53810f3a2034a53e65c8a93c782d1dffaf7866f19746cbb3ef7ad31f2014153406d51164f19fc1adf047a3150def07b245c96453
7
+ data.tar.gz: d461f228b2abcbe619bf7947d55c7c4b9d59bd345ed53b53904caf9679ac6eb356f66b59713a2e92effb17fabf8a106b28ea7e2610ec74a19c4fe27335bcbc41
data/lib/spid/ruby-saml/metadata.rb CHANGED
@@ -458,7 +458,7 @@ module Spid
458
458
  #meta_text = response.body
459
459
  #testo_response = meta_text.sub!(' xmlns:xml="http://www.w3.org/XML/1998/namespace"', '') da errori
460
460
  #uso nokogiri per cercare il certificato, uso la funzione che rimuove tutti i namespace
461
- doc_noko = Nokogiri::XML(response.body.gsub(/\n/, "").gsub(/\t/, "")) #modifica per poste
461
+ doc_noko = Nokogiri::XML(response.body.gsub(/\n/, "").gsub(/\t/, "").gsub('>','>')) #modifica per poste e per myid
462
462
  doc_noko.remove_namespaces!
463
463
  #save
464
464
  @@cache[id] = doc_noko
data/lib/spid/ruby-saml/response.rb CHANGED
@@ -160,6 +160,7 @@ module Spid
160
160
  return (soft ? false : validation_error("Issuer of the Assertion not found or multiple."))
161
161
  end
162
162
 
163
+
163
164
  issuer_response_nodes.each{ |iss|
164
165
  #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
165
166
  return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if !iss.attributes['Format'].nil? && iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
@@ -593,8 +594,9 @@ module Spid
593
594
 
594
595
  node_auth_stat_context_class_ref = xpath_first_from_signed_assertion('/a:AuthnStatement/a:AuthnContext/a:AuthnContextClassRef')
595
596
  #Spider.logger.error "\n\n node_auth_stat_context_class_ref #{node_auth_stat_context_class_ref.text}"
596
- return soft ? false : validation_error("Errore su Asserzione: AuthnContextClassRef di AuthnContext su AuthnStatement vuoto o non L2") if node_auth_stat_context_class_ref.blank? || ( (node_auth_stat_context_class_ref.text != 'https://www.spid.gov.it/SpidL2') && (node_auth_stat_context_class_ref.text != 'https://www.spid.gov.it/SpidL3'))
597
-
597
+ unless settings.no_valid_agid
598
+ return soft ? false : validation_error("Errore su Asserzione: AuthnContextClassRef di AuthnContext su AuthnStatement vuoto o non L2") if node_auth_stat_context_class_ref.blank? || ( (node_auth_stat_context_class_ref.text != 'https://www.spid.gov.it/SpidL2') && (node_auth_stat_context_class_ref.text != 'https://www.spid.gov.it/SpidL3'))
599
+ end
598
600
  node_attr_stmt_attribute_value = xpath_first_from_signed_assertion("/a:AttributeStatement/a:Attribute/a:AttributeValue")
599
601
  #Elemento AttributeStatement presente, ma sottoelemento Attribute non specificato, caso 99
600
602
  return soft ? false : validation_error("Errore su Asserzione: AttributeValue di Attribute su AttributeStatement vuoto") if node_attr_stmt_attribute_value.blank?
data/lib/spid/ruby-saml/settings.rb CHANGED
@@ -10,7 +10,7 @@ module Spid
10
10
  attr_accessor :name_identifier_value, :name_identifier_format
11
11
  attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
12
12
  attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
13
- attr_accessor :skip_validation, :aggregato, :hash_aggregatore, :tipo_accesso
13
+ attr_accessor :skip_validation, :aggregato, :hash_aggregatore, :tipo_accesso, :no_valid_agid
14
14
 
15
15
  def initialize(config = {})
16
16
  config.each do |k,v|
data/lib/spid/xml_security_new.rb CHANGED
@@ -70,6 +70,7 @@ module Spid
70
70
  algorithm = algorithm && algorithm =~ /(rsa-)?sha(.*?)$/i && $2.to_i
71
71
 
72
72
  case algorithm
73
+ when 256 then OpenSSL::Digest::SHA1
73
74
  when 256 then OpenSSL::Digest::SHA256
74
75
  when 384 then OpenSSL::Digest::SHA384
75
76
  when 512 then OpenSSL::Digest::SHA512
data/spid-es.gemspec CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'spid-es'
5
- s.version = '0.0.50'
5
+ s.version = '0.0.51'
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Fabiano Pavan"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid-es
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.50
4
+ version: 0.0.51
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fabiano Pavan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-10 00:00:00.000000000 Z
11
+ date: 2024-11-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: canonix