spid-es 0.0.47 → 0.0.48

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed5837ad5504c2b427af66f7724ce59bab4932d0f7c3d055e80fbe96cb96126c
-  data.tar.gz: 26202f27978363a917bd6deda6a2c6a6485791e5b9e89f2b34246d71bba1cf64
+  metadata.gz: '09b61bd5987c2c5b490a284f00b3a5044dcbaa9f8792bfbf5af12186c9f8db62'
+  data.tar.gz: 9a34254d76547ee688915dc81bf700416779e522268aeb1cadcfc007cb4e71c9
 SHA512:
-  metadata.gz: 4a1fc512a4372c0ae73a69ea60534da0403811b70f2de372e060f8fd2bcd0bc801f88165fcc68127fd726862bdcc359827475ba62b714b9d7ca2347265b57a63
-  data.tar.gz: 7e52ca39ea8f39b10744f090cfb9173dec91254c2775b70781b632dd8480be91153d3c539d3ab21391111d69605de30e21fb5be22d498b4a393e6e48342bfb7d
+  metadata.gz: d919dc970ad06c0771214915ffe505397f98907dba9de7969895431ed9825b04200c89851944fbf1065dfddce28e203d98e4606c0d887e142cab4bab583f1cf1
+  data.tar.gz: 99128f6efd205034c8018abd63ad45d268306b9e6117dc771d73357a90053be48fbe6a59187cc320342473de74981173fd879042114b932dde6245a4ffeca257

data/lib/spid/ruby-saml/metadata.rb

@@ -511,18 +511,20 @@ module Spid
         #ricerco il certificato con nokogiri
         # pull out the x509 tag
         x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
-
-        #x509 = REXML::XPath.first(meta_doc, "/md:EntityDescriptor/md:IDPSSODescriptor"+"/md:KeyDescriptor"+"/ds:KeyInfo/ds:X509Data/ds:X509Certificate")
-        # If the IdP didn't specify the use attribute
-        if x509.nil?
-          x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
-          # x509 = REXML::XPath.first(meta_doc, 
-          #       "/EntityDescriptor/IDPSSODescriptor" +
-          #     "/KeyDescriptor" +
-          #     "/ds:KeyInfo/ds:X509Data/ds:X509Certificate"
-          #   )
+        if !x509.nil? 
+          if x509.length > 1
+            @settings.idp_cert = []
+            x509.children.each{|child_cert|
+              @settings.idp_cert << child_cert.to_s.gsub(/\n/, "").gsub(/\t/, "")
+            }
+          else #un array con un campo
+            @settings.idp_cert = [x509.children[0].to_s.gsub(/\n/, "").gsub(/\t/, "")]
+          end
+        else #se nil uso il certificato in keyinfo, non dovrebbe mai accadere
+          x509 = meta_doc.xpath("//EntityDescriptor//Signature//KeyInfo//X509Data//X509Certificate") 
         end
-        @settings.idp_cert = x509.children.to_s.gsub(/\n/, "").gsub(/\t/, "")
+        #se ci sono n certificati ritorno array
+        @settings.idp_cert
       end
 
       # construct the parameter list on the URL and return

data/lib/spid/ruby-saml/response.rb

@@ -291,7 +291,7 @@ module Spid
             return true if settings.skip_validation == true
             
             # document.validte populates the idp_cert
-            #return false if document.validate_document(get_fingerprint, soft) == false #DA TOGLIERE, FIX PER DOPPIO CERTIFICATO POSTE
+            return false if document.validate_document(get_fingerprint, soft) == false
             
             # validate response code
             return false if success? == false  
@@ -616,15 +616,25 @@ module Spid
 
         def get_fingerprint
             idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
-            
             if settings.idp_cert
-              cert_text = Base64.decode64(settings.idp_cert)
-              cert = OpenSSL::X509::Certificate.new(cert_text)
-              Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
+              #controllo se ho n certificati
+              if settings.idp_cert.length > 1
+                array_fingerprint = []
+                settings.idp_cert.each{|cert_metadata_ipd|
+                  cert_text = Base64.decode64(cert_metadata_ipd)
+                  cert = OpenSSL::X509::Certificate.new(cert_text)
+                  array_fingerprint << Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
+                }
+                return array_fingerprint
+              else
+                cert_text = Base64.decode64(settings.idp_cert[0])
+                cert = OpenSSL::X509::Certificate.new(cert_text)
+                return [Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")]
+              end
+              
             else
-              settings.idp_cert_fingerprint
+              return [settings.idp_cert_fingerprint]
             end
-            
         end
 
         def validate_conditions(soft = true)

data/lib/spid/xml_security_new.rb

@@ -200,7 +200,7 @@ module Spid
       def signed_element_id
         @signed_element_id ||= extract_signed_element_id
       end
-
+      #idp_cert_fingerprint e' un array di fingerprint
       def validate_document(idp_cert_fingerprint, soft = true, options = {})
         # get cert from response
         cert_element = REXML::XPath.first(
@@ -226,7 +226,11 @@ module Spid
           fingerprint = fingerprint_alg.hexdigest(cert.to_der)
 
           # check cert matches registered idp cert
-          if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
+          trovato = false
+          idp_cert_fingerprint.each{|fingerprint_from_idp|
+            trovato = true if fingerprint_from_idp.gsub(/[^a-zA-Z0-9]/,"").downcase == fingerprint
+          }
+          if !trovato
             @errors << "Fingerprint mismatch"
             return append_error("Fingerprint mismatch", soft)
           end

data/spid-es.gemspec

@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 
 Gem::Specification.new do |s|
   s.name = 'spid-es'
-  s.version = '0.0.47'
+  s.version = '0.0.48'
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Fabiano Pavan"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid-es
 version: !ruby/object:Gem::Version
-  version: 0.0.47
+  version: 0.0.48
 platform: ruby
 authors:
 - Fabiano Pavan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-25 00:00:00.000000000 Z
+date: 2021-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix