spid-es 0.0.47 → 0.0.48

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ed5837ad5504c2b427af66f7724ce59bab4932d0f7c3d055e80fbe96cb96126c
4
- data.tar.gz: 26202f27978363a917bd6deda6a2c6a6485791e5b9e89f2b34246d71bba1cf64
3
+ metadata.gz: '09b61bd5987c2c5b490a284f00b3a5044dcbaa9f8792bfbf5af12186c9f8db62'
4
+ data.tar.gz: 9a34254d76547ee688915dc81bf700416779e522268aeb1cadcfc007cb4e71c9
5
5
  SHA512:
6
- metadata.gz: 4a1fc512a4372c0ae73a69ea60534da0403811b70f2de372e060f8fd2bcd0bc801f88165fcc68127fd726862bdcc359827475ba62b714b9d7ca2347265b57a63
7
- data.tar.gz: 7e52ca39ea8f39b10744f090cfb9173dec91254c2775b70781b632dd8480be91153d3c539d3ab21391111d69605de30e21fb5be22d498b4a393e6e48342bfb7d
6
+ metadata.gz: d919dc970ad06c0771214915ffe505397f98907dba9de7969895431ed9825b04200c89851944fbf1065dfddce28e203d98e4606c0d887e142cab4bab583f1cf1
7
+ data.tar.gz: 99128f6efd205034c8018abd63ad45d268306b9e6117dc771d73357a90053be48fbe6a59187cc320342473de74981173fd879042114b932dde6245a4ffeca257
@@ -511,18 +511,20 @@ module Spid
511
511
  #ricerco il certificato con nokogiri
512
512
  # pull out the x509 tag
513
513
  x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
514
-
515
- #x509 = REXML::XPath.first(meta_doc, "/md:EntityDescriptor/md:IDPSSODescriptor"+"/md:KeyDescriptor"+"/ds:KeyInfo/ds:X509Data/ds:X509Certificate")
516
- # If the IdP didn't specify the use attribute
517
- if x509.nil?
518
- x509 = meta_doc.xpath("//EntityDescriptor//IDPSSODescriptor//KeyDescriptor//KeyInfo//X509Data//X509Certificate")
519
- # x509 = REXML::XPath.first(meta_doc,
520
- # "/EntityDescriptor/IDPSSODescriptor" +
521
- # "/KeyDescriptor" +
522
- # "/ds:KeyInfo/ds:X509Data/ds:X509Certificate"
523
- # )
514
+ if !x509.nil?
515
+ if x509.length > 1
516
+ @settings.idp_cert = []
517
+ x509.children.each{|child_cert|
518
+ @settings.idp_cert << child_cert.to_s.gsub(/\n/, "").gsub(/\t/, "")
519
+ }
520
+ else #un array con un campo
521
+ @settings.idp_cert = [x509.children[0].to_s.gsub(/\n/, "").gsub(/\t/, "")]
522
+ end
523
+ else #se nil uso il certificato in keyinfo, non dovrebbe mai accadere
524
+ x509 = meta_doc.xpath("//EntityDescriptor//Signature//KeyInfo//X509Data//X509Certificate")
524
525
  end
525
- @settings.idp_cert = x509.children.to_s.gsub(/\n/, "").gsub(/\t/, "")
526
+ #se ci sono n certificati ritorno array
527
+ @settings.idp_cert
526
528
  end
527
529
 
528
530
  # construct the parameter list on the URL and return
@@ -291,7 +291,7 @@ module Spid
291
291
  return true if settings.skip_validation == true
292
292
 
293
293
  # document.validte populates the idp_cert
294
- #return false if document.validate_document(get_fingerprint, soft) == false #DA TOGLIERE, FIX PER DOPPIO CERTIFICATO POSTE
294
+ return false if document.validate_document(get_fingerprint, soft) == false
295
295
 
296
296
  # validate response code
297
297
  return false if success? == false
@@ -616,15 +616,25 @@ module Spid
616
616
 
617
617
  def get_fingerprint
618
618
  idp_metadata = Spid::Saml::Metadata.new(settings).get_idp_metadata
619
-
620
619
  if settings.idp_cert
621
- cert_text = Base64.decode64(settings.idp_cert)
622
- cert = OpenSSL::X509::Certificate.new(cert_text)
623
- Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
620
+ #controllo se ho n certificati
621
+ if settings.idp_cert.length > 1
622
+ array_fingerprint = []
623
+ settings.idp_cert.each{|cert_metadata_ipd|
624
+ cert_text = Base64.decode64(cert_metadata_ipd)
625
+ cert = OpenSSL::X509::Certificate.new(cert_text)
626
+ array_fingerprint << Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")
627
+ }
628
+ return array_fingerprint
629
+ else
630
+ cert_text = Base64.decode64(settings.idp_cert[0])
631
+ cert = OpenSSL::X509::Certificate.new(cert_text)
632
+ return [Digest::SHA2.hexdigest(cert.to_der).upcase.scan(/../).join(":")]
633
+ end
634
+
624
635
  else
625
- settings.idp_cert_fingerprint
636
+ return [settings.idp_cert_fingerprint]
626
637
  end
627
-
628
638
  end
629
639
 
630
640
  def validate_conditions(soft = true)
@@ -200,7 +200,7 @@ module Spid
200
200
  def signed_element_id
201
201
  @signed_element_id ||= extract_signed_element_id
202
202
  end
203
-
203
+ #idp_cert_fingerprint e' un array di fingerprint
204
204
  def validate_document(idp_cert_fingerprint, soft = true, options = {})
205
205
  # get cert from response
206
206
  cert_element = REXML::XPath.first(
@@ -226,7 +226,11 @@ module Spid
226
226
  fingerprint = fingerprint_alg.hexdigest(cert.to_der)
227
227
 
228
228
  # check cert matches registered idp cert
229
- if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
229
+ trovato = false
230
+ idp_cert_fingerprint.each{|fingerprint_from_idp|
231
+ trovato = true if fingerprint_from_idp.gsub(/[^a-zA-Z0-9]/,"").downcase == fingerprint
232
+ }
233
+ if !trovato
230
234
  @errors << "Fingerprint mismatch"
231
235
  return append_error("Fingerprint mismatch", soft)
232
236
  end
data/spid-es.gemspec CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'spid-es'
5
- s.version = '0.0.47'
5
+ s.version = '0.0.48'
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Fabiano Pavan"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid-es
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.47
4
+ version: 0.0.48
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fabiano Pavan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-25 00:00:00.000000000 Z
11
+ date: 2021-02-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: canonix