spid-es 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/lib/spid/ruby-saml/metadata.rb +43 -18
- data/lib/spid/ruby-saml/settings.rb +8 -1
- data/lib/xml_security_new.rb +6 -4
- data/spid-es.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
N2NhNjg3NDRlNGYxYTcyYzk4MzRmZGUyOGRmNTE2ZjE4NDc2MDYyMg==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
OTBjMTI4YzdmNTkyMzQ3NDYwMzlhZDk2NTczNWExMWVkYWYzMmZhZg==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
ZTg4OTVhZjliMTA3YTBlY2ZhODI1YWIwZjQ2NTdjNjk5NzczZTdhODM3ZWJm
|
|
10
|
+
Nzc2OGJiZGJlZmJhZmUzNDUxZWU2ZWYxZDE1NjdiMjUwYmVhMjdkZGEwNWRj
|
|
11
|
+
MDlmZWM2OTk2Y2UzODg5ODBjMDMzYjAyOGQyYjIxMGE1NjI5MzY=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
NjkzMGNhNjdhMjg0NjZhZjk5ZGY5MjEzZmIwZTdkYzNjMjZhNjU0MjMzN2I4
|
|
14
|
+
ZTBmNzQwYWJiNDczMmUwNDdiN2M2Nzk3NDJiY2I2YzIwYjk0MDI1NDlhYTE2
|
|
15
|
+
ZDdkOTM2YWE1ZmE5NTk0ODJhMTM0Y2VhN2JkODUzMTQ5Mzc3YzY=
|
|
@@ -48,21 +48,48 @@ module Spid
|
|
|
48
48
|
"AuthnRequestsSigned" => "1"
|
|
49
49
|
|
|
50
50
|
}
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+
# if settings.sp_cert != nil
|
|
54
|
+
# keyDescriptor = sp_sso.add_element "md:KeyDescriptor", {
|
|
55
|
+
# "use" => "signing"
|
|
56
|
+
# }
|
|
57
|
+
# keyInfo = keyDescriptor.add_element "ds:KeyInfo", {
|
|
58
|
+
# "xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"
|
|
59
|
+
# }
|
|
60
|
+
# x509Data = keyInfo.add_element "ds:X509Data"
|
|
61
|
+
# x509Certificate = x509Data.add_element "ds:X509Certificate"
|
|
62
|
+
# file = ""
|
|
63
|
+
# File.foreach(settings.sp_cert){ |line|
|
|
64
|
+
# file += line unless (line.include?("RSA PUBLIC KEY") || line.include?("CERTIFICATE"))
|
|
65
|
+
# }
|
|
66
|
+
# x509Certificate.text = file
|
|
67
|
+
# end
|
|
68
|
+
|
|
69
|
+
# Add KeyDescriptor if messages will be signed / encrypted
|
|
70
|
+
cert = settings.get_sp_cert
|
|
71
|
+
if cert
|
|
72
|
+
|
|
73
|
+
if cert.is_a?(String)
|
|
74
|
+
cert = OpenSSL::X509::Certificate.new(cert)
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
cert_text = Base64.encode64(cert.to_der).to_s.gsub(/\n/, "").gsub(/\t/, "")
|
|
78
|
+
kd = sp_sso.add_element "md:KeyDescriptor", { "use" => "signing" }
|
|
79
|
+
ki = kd.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
|
|
80
|
+
xd = ki.add_element "ds:X509Data"
|
|
81
|
+
xc = xd.add_element "ds:X509Certificate"
|
|
82
|
+
xc.text = cert_text
|
|
83
|
+
|
|
84
|
+
# kd2 = sp_sso.add_element "md:KeyDescriptor", { "use" => "encryption" }
|
|
85
|
+
# ki2 = kd2.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
|
|
86
|
+
# xd2 = ki2.add_element "ds:X509Data"
|
|
87
|
+
# xc2 = xd2.add_element "ds:X509Certificate"
|
|
88
|
+
# xc2.text = cert_text
|
|
65
89
|
end
|
|
90
|
+
|
|
91
|
+
|
|
92
|
+
|
|
66
93
|
if settings.single_logout_service_url != nil
|
|
67
94
|
sp_sso.add_element "md:SingleLogoutService", {
|
|
68
95
|
"Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
|
|
@@ -152,11 +179,9 @@ module Spid
|
|
|
152
179
|
private_key = settings.get_sp_key
|
|
153
180
|
meta_doc.sign_document(private_key, cert)
|
|
154
181
|
end
|
|
155
|
-
|
|
156
182
|
ret = ""
|
|
157
|
-
#
|
|
158
|
-
meta_doc.
|
|
159
|
-
|
|
183
|
+
# stampo come stringa semplice i metadata per non avere problemi con validazione firma
|
|
184
|
+
ret = meta_doc.to_s
|
|
160
185
|
#Logging.debug "Generated metadata:\n#{ret}"
|
|
161
186
|
|
|
162
187
|
return ret
|
|
@@ -45,12 +45,19 @@ module Spid
|
|
|
45
45
|
OpenSSL::X509::Certificate.new(File.read(idp_cert))
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
+
# def get_sp_cert
|
|
49
|
+
# return nil if certificate.nil? || certificate.empty?
|
|
50
|
+
|
|
51
|
+
# formatted_cert = OneLogin::RubySaml::Utils.format_cert(certificate)
|
|
52
|
+
# OpenSSL::X509::Certificate.new(formatted_cert)
|
|
53
|
+
# end
|
|
54
|
+
|
|
48
55
|
# @return [OpenSSL::X509::Certificate|nil] Build the SP certificate from the settings (previously format it)
|
|
49
56
|
#
|
|
50
57
|
def get_sp_cert
|
|
51
58
|
return nil if sp_cert.nil? || sp_cert.empty?
|
|
52
59
|
#decoded_content = Base64.decode64(File.read(sp_cert))
|
|
53
|
-
|
|
60
|
+
formatted_cert = Spid::Saml::Utils.format_cert(sp_cert)
|
|
54
61
|
OpenSSL::X509::Certificate.new(File.read(sp_cert))
|
|
55
62
|
end
|
|
56
63
|
|
data/lib/xml_security_new.rb
CHANGED
|
@@ -57,6 +57,7 @@ module XMLSecurityNew
|
|
|
57
57
|
else
|
|
58
58
|
Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
|
|
59
59
|
end
|
|
60
|
+
Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
|
|
60
61
|
end
|
|
61
62
|
|
|
62
63
|
def algorithm(element)
|
|
@@ -135,6 +136,7 @@ module XMLSecurityNew
|
|
|
135
136
|
digest_method_element = reference_element.add_element("ds:DigestMethod", {"Algorithm" => digest_method})
|
|
136
137
|
inclusive_namespaces = INC_PREFIX_LIST.split(" ")
|
|
137
138
|
canon_doc = noko.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
|
|
139
|
+
#canon_doc = noko.canonicalize(canon_algorithm(C14N))
|
|
138
140
|
reference_element.add_element("ds:DigestValue").text = compute_digest(canon_doc, algorithm(digest_method_element))
|
|
139
141
|
|
|
140
142
|
# add SignatureValue
|
|
@@ -143,10 +145,10 @@ module XMLSecurityNew
|
|
|
143
145
|
end
|
|
144
146
|
|
|
145
147
|
noko_signed_info_element = noko_sig_element.at_xpath('//ds:Signature/ds:SignedInfo', 'ds' => DSIG)
|
|
146
|
-
canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N))
|
|
148
|
+
canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
|
|
147
149
|
|
|
148
150
|
signature = compute_signature(private_key, algorithm(signature_method).new, canon_string)
|
|
149
|
-
signature_element.add_element("ds:SignatureValue").text = signature
|
|
151
|
+
signature_element.add_element("ds:SignatureValue").text = signature.to_s.gsub(/\n/, "").gsub(/\t/, "")
|
|
150
152
|
|
|
151
153
|
# add KeyInfo
|
|
152
154
|
key_info_element = signature_element.add_element("ds:KeyInfo")
|
|
@@ -155,7 +157,7 @@ module XMLSecurityNew
|
|
|
155
157
|
if certificate.is_a?(String)
|
|
156
158
|
certificate = OpenSSL::X509::Certificate.new(certificate)
|
|
157
159
|
end
|
|
158
|
-
x509_cert_element.text = Base64.encode64(certificate.to_der).gsub(/\n/, "")
|
|
160
|
+
x509_cert_element.text = Base64.encode64(certificate.to_der).to_s.gsub(/\n/, "").gsub(/\t/, "")
|
|
159
161
|
|
|
160
162
|
# add the signature
|
|
161
163
|
# issuer_element = self.elements["//saml:Issuer"]
|
|
@@ -177,7 +179,7 @@ module XMLSecurityNew
|
|
|
177
179
|
protected
|
|
178
180
|
|
|
179
181
|
def compute_signature(private_key, signature_algorithm, document)
|
|
180
|
-
Base64.encode64(private_key.sign(signature_algorithm, document)).gsub(/\n/, "")
|
|
182
|
+
Base64.encode64(private_key.sign(signature_algorithm, document)).to_s.gsub(/\n/, "").gsub(/\t/, "")
|
|
181
183
|
end
|
|
182
184
|
|
|
183
185
|
def compute_digest(document, digest_algorithm)
|
data/spid-es.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'spid-es'
|
|
5
|
-
s.version = '0.0.
|
|
5
|
+
s.version = '0.0.7'
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-es
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fabiano Pavan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-10-
|
|
11
|
+
date: 2016-10-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: canonix
|