spid-es 0.0.47 → 0.0.48
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/spid/ruby-saml/metadata.rb +13 -11
- data/lib/spid/ruby-saml/response.rb +17 -7
- data/lib/spid/xml_security_new.rb +6 -2
- data/spid-es.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '09b61bd5987c2c5b490a284f00b3a5044dcbaa9f8792bfbf5af12186c9f8db62'
|
|
4
|
+
data.tar.gz: 9a34254d76547ee688915dc81bf700416779e522268aeb1cadcfc007cb4e71c9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d919dc970ad06c0771214915ffe505397f98907dba9de7969895431ed9825b04200c89851944fbf1065dfddce28e203d98e4606c0d887e142cab4bab583f1cf1
|
|
7
|
+
data.tar.gz: 99128f6efd205034c8018abd63ad45d268306b9e6117dc771d73357a90053be48fbe6a59187cc320342473de74981173fd879042114b932dde6245a4ffeca257
|
|
@@ -511,18 +511,20 @@ module Spid
|
|
|
511
511
|
#ricerco il certificato con nokogiri
|
|
512
512
|
# pull out the x509 tag
|
|
513
513
|
x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
#
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
514
|
+
if !x509.nil?
|
|
515
|
+
if x509.length > 1
|
|
516
|
+
@settings.idp_cert = []
|
|
517
|
+
x509.children.each{|child_cert|
|
|
518
|
+
@settings.idp_cert << child_cert.to_s.gsub(/\n/, "").gsub(/\t/, "")
|
|
519
|
+
}
|
|
520
|
+
else #un array con un campo
|
|
521
|
+
@settings.idp_cert = [x509.children[0].to_s.gsub(/\n/, "").gsub(/\t/, "")]
|
|
522
|
+
end
|
|
523
|
+
else #se nil uso il certificato in keyinfo, non dovrebbe mai accadere
|
|
524
|
+
x509 = meta_doc.xpath("//EntityDescriptor//Signature//KeyInfo//X509Data//X509Certificate")
|
|
524
525
|
end
|
|
525
|
-
|
|
526
|
+
#se ci sono n certificati ritorno array
|
|
527
|
+
@settings.idp_cert
|
|
526
528
|
end
|
|
527
529
|
|
|
528
530
|
# construct the parameter list on the URL and return
|
|
@@ -291,7 +291,7 @@ module Spid
|
|
|
291
291
|
return true if settings.skip_validation == true
|
|
292
292
|
|
|
293
293
|
# document.validte populates the idp_cert
|
|
294
|
-
|
|
294
|
+
return false if document.validate_document(get_fingerprint, soft) == false
|
|
295
295
|
|
|
296
296
|
# validate response code
|
|
297
297
|
return false if success? == false
|
|
@@ -616,15 +616,25 @@ module Spid
|
|
|
616
616
|
|
|
617
617
|
def get_fingerprint
|
|
618
618
|
idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
|
|
619
|
-
|
|
620
619
|
if settings.idp_cert
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
620
|
+
#controllo se ho n certificati
|
|
621
|
+
if settings.idp_cert.length > 1
|
|
622
|
+
array_fingerprint = []
|
|
623
|
+
settings.idp_cert.each{|cert_metadata_ipd|
|
|
624
|
+
cert_text = Base64.decode64(cert_metadata_ipd)
|
|
625
|
+
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
626
|
+
array_fingerprint << Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
|
|
627
|
+
}
|
|
628
|
+
return array_fingerprint
|
|
629
|
+
else
|
|
630
|
+
cert_text = Base64.decode64(settings.idp_cert[0])
|
|
631
|
+
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
632
|
+
return [Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")]
|
|
633
|
+
end
|
|
634
|
+
|
|
624
635
|
else
|
|
625
|
-
settings.idp_cert_fingerprint
|
|
636
|
+
return [settings.idp_cert_fingerprint]
|
|
626
637
|
end
|
|
627
|
-
|
|
628
638
|
end
|
|
629
639
|
|
|
630
640
|
def validate_conditions(soft = true)
|
|
@@ -200,7 +200,7 @@ module Spid
|
|
|
200
200
|
def signed_element_id
|
|
201
201
|
@signed_element_id ||= extract_signed_element_id
|
|
202
202
|
end
|
|
203
|
-
|
|
203
|
+
#idp_cert_fingerprint e' un array di fingerprint
|
|
204
204
|
def validate_document(idp_cert_fingerprint, soft = true, options = {})
|
|
205
205
|
# get cert from response
|
|
206
206
|
cert_element = REXML::XPath.first(
|
|
@@ -226,7 +226,11 @@ module Spid
|
|
|
226
226
|
fingerprint = fingerprint_alg.hexdigest(cert.to_der)
|
|
227
227
|
|
|
228
228
|
# check cert matches registered idp cert
|
|
229
|
-
|
|
229
|
+
trovato = false
|
|
230
|
+
idp_cert_fingerprint.each{|fingerprint_from_idp|
|
|
231
|
+
trovato = true if fingerprint_from_idp.gsub(/[^a-zA-Z0-9]/,"").downcase == fingerprint
|
|
232
|
+
}
|
|
233
|
+
if !trovato
|
|
230
234
|
@errors << "Fingerprint mismatch"
|
|
231
235
|
return append_error("Fingerprint mismatch", soft)
|
|
232
236
|
end
|
data/spid-es.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'spid-es'
|
|
5
|
-
s.version = '0.0.
|
|
5
|
+
s.version = '0.0.48'
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-es
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.48
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fabiano Pavan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-02-
|
|
11
|
+
date: 2021-02-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: canonix
|