spid-es 0.0.6 → 0.0.7

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ZjAzNzZkNWNkYzgyYzkxMmQ3YWU2OTE0NDg3NWRjM2RjMjkyOTY0NA==
+    N2NhNjg3NDRlNGYxYTcyYzk4MzRmZGUyOGRmNTE2ZjE4NDc2MDYyMg==
   data.tar.gz: !binary |-
-    MmMyMjIzOWU2ZmRiMWExMGI4YmFiN2JjODBmYjJiNGRjZTM3MWIwYQ==
+    OTBjMTI4YzdmNTkyMzQ3NDYwMzlhZDk2NTczNWExMWVkYWYzMmZhZg==
 SHA512:
   metadata.gz: !binary |-
-    MWEzNGJmNmJhZDZkZDM5ZjY4NTA0Mjk2Y2NjNjBmZTAxMTE4NjZmMjg3NDdm
-    Y2FkMzI4M2QzNWRjM2ZjOGZjM2UzYWE1OGM0OTRjZWM4N2Q3NGMwZGU2NWVh
-    YzhlYjMwOWQ0YzNjY2RhZjViYzU0OGI3MGY0YmEwYTM4NDZkMGU=
+    ZTg4OTVhZjliMTA3YTBlY2ZhODI1YWIwZjQ2NTdjNjk5NzczZTdhODM3ZWJm
+    Nzc2OGJiZGJlZmJhZmUzNDUxZWU2ZWYxZDE1NjdiMjUwYmVhMjdkZGEwNWRj
+    MDlmZWM2OTk2Y2UzODg5ODBjMDMzYjAyOGQyYjIxMGE1NjI5MzY=
   data.tar.gz: !binary |-
-    YTU4YzJhZmFhM2E2YzMzOTk2ZWJiYTlkZjg3N2FkZTdlOWIzZjc3MjJkZDVk
-    MmMzYWEyZTY1MmE1Zjc5YjNhZjY1ZmE3ZThlZTJjYzU1ZjUwZWVlNGE2ZDJl
-    ZjllNWU2YzVmZTEwZDlkMGUzYmU3MDMxZTk5MmYxMzE3YmVjZTE=
+    NjkzMGNhNjdhMjg0NjZhZjk5ZGY5MjEzZmIwZTdkYzNjMjZhNjU0MjMzN2I4
+    ZTBmNzQwYWJiNDczMmUwNDdiN2M2Nzk3NDJiY2I2YzIwYjk0MDI1NDlhYTE2
+    ZDdkOTM2YWE1ZmE5NTk0ODJhMTM0Y2VhN2JkODUzMTQ5Mzc3YzY=

data/lib/spid/ruby-saml/metadata.rb

@@ -48,21 +48,48 @@ module Spid
             "AuthnRequestsSigned"         => "1"
 
         }
-        if settings.sp_cert != nil
-          keyDescriptor = sp_sso.add_element "md:KeyDescriptor", {
-            "use" => "signing"
-          }
-          keyInfo = keyDescriptor.add_element "ds:KeyInfo", {
-            "xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"
-          }
-          x509Data = keyInfo.add_element "ds:X509Data"
-          x509Certificate = x509Data.add_element "ds:X509Certificate"
-          file = ""
-          File.foreach(settings.sp_cert){ |line|
-                                       file  += line unless (line.include?("RSA PUBLIC KEY") || line.include?("CERTIFICATE")) 
-                                     }
-          x509Certificate.text = file                            
+
+
+        # if settings.sp_cert != nil
+        #   keyDescriptor = sp_sso.add_element "md:KeyDescriptor", {
+        #     "use" => "signing"
+        #   }
+        #   keyInfo = keyDescriptor.add_element "ds:KeyInfo", {
+        #     "xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"
+        #   }
+        #   x509Data = keyInfo.add_element "ds:X509Data"
+        #   x509Certificate = x509Data.add_element "ds:X509Certificate"
+        #   file = ""
+        #   File.foreach(settings.sp_cert){ |line|
+        #                                file  += line unless (line.include?("RSA PUBLIC KEY") || line.include?("CERTIFICATE")) 
+        #                              }
+        #   x509Certificate.text = file                            
+        # end
+
+        # Add KeyDescriptor if messages will be signed / encrypted
+        cert = settings.get_sp_cert
+        if cert
+          
+          if cert.is_a?(String)
+            cert = OpenSSL::X509::Certificate.new(cert)
+          end
+          
+          cert_text = Base64.encode64(cert.to_der).to_s.gsub(/\n/, "").gsub(/\t/, "")
+          kd = sp_sso.add_element "md:KeyDescriptor", { "use" => "signing" }
+          ki = kd.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
+          xd = ki.add_element "ds:X509Data"
+          xc = xd.add_element "ds:X509Certificate"
+          xc.text = cert_text
+
+          # kd2 = sp_sso.add_element "md:KeyDescriptor", { "use" => "encryption" }
+          # ki2 = kd2.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
+          # xd2 = ki2.add_element "ds:X509Data"
+          # xc2 = xd2.add_element "ds:X509Certificate"
+          # xc2.text = cert_text
         end
+
+
+
         if settings.single_logout_service_url != nil
           sp_sso.add_element "md:SingleLogoutService", {
               "Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
@@ -152,11 +179,9 @@ module Spid
           private_key = settings.get_sp_key
           meta_doc.sign_document(private_key, cert)
         end
-
         ret = ""
-        # pretty print the XML so IdP administrators can easily see what the SP supports
-        meta_doc.write(ret, 1)
-
+        # stampo come stringa semplice i metadata per non avere problemi con validazione firma
+        ret = meta_doc.to_s
         #Logging.debug "Generated metadata:\n#{ret}"
 
         return ret

data/lib/spid/ruby-saml/settings.rb

@@ -45,12 +45,19 @@ module Spid
         OpenSSL::X509::Certificate.new(File.read(idp_cert))
       end
 
+      # def get_sp_cert
+      #   return nil if certificate.nil? || certificate.empty?
+
+      #   formatted_cert = OneLogin::RubySaml::Utils.format_cert(certificate)
+      #   OpenSSL::X509::Certificate.new(formatted_cert)
+      # end
+
       # @return [OpenSSL::X509::Certificate|nil] Build the SP certificate from the settings (previously format it)
       #
       def get_sp_cert
         return nil if sp_cert.nil? || sp_cert.empty?
         #decoded_content = Base64.decode64(File.read(sp_cert))
-        #formatted_cert = Spid::Saml::Utils.format_cert(decoded_content)
+        formatted_cert = Spid::Saml::Utils.format_cert(sp_cert)
         OpenSSL::X509::Certificate.new(File.read(sp_cert))
       end
 

data/lib/xml_security_new.rb

@@ -57,6 +57,7 @@ module XMLSecurityNew
         else
           Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
       end
+      Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
     end
 
     def algorithm(element)
@@ -135,6 +136,7 @@ module XMLSecurityNew
       digest_method_element = reference_element.add_element("ds:DigestMethod", {"Algorithm" => digest_method})
       inclusive_namespaces = INC_PREFIX_LIST.split(" ")
       canon_doc = noko.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
+      #canon_doc = noko.canonicalize(canon_algorithm(C14N))
       reference_element.add_element("ds:DigestValue").text = compute_digest(canon_doc, algorithm(digest_method_element))
 
       # add SignatureValue
@@ -143,10 +145,10 @@ module XMLSecurityNew
       end
 
       noko_signed_info_element = noko_sig_element.at_xpath('//ds:Signature/ds:SignedInfo', 'ds' => DSIG)
-      canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N))
+      canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
 
       signature = compute_signature(private_key, algorithm(signature_method).new, canon_string)
-      signature_element.add_element("ds:SignatureValue").text = signature
+      signature_element.add_element("ds:SignatureValue").text = signature.to_s.gsub(/\n/, "").gsub(/\t/, "")
 
       # add KeyInfo
       key_info_element       = signature_element.add_element("ds:KeyInfo")
@@ -155,7 +157,7 @@ module XMLSecurityNew
       if certificate.is_a?(String)
         certificate = OpenSSL::X509::Certificate.new(certificate)
       end
-      x509_cert_element.text = Base64.encode64(certificate.to_der).gsub(/\n/, "")
+      x509_cert_element.text = Base64.encode64(certificate.to_der).to_s.gsub(/\n/, "").gsub(/\t/, "")
 
       # add the signature
       # issuer_element = self.elements["//saml:Issuer"]
@@ -177,7 +179,7 @@ module XMLSecurityNew
     protected
 
     def compute_signature(private_key, signature_algorithm, document)
-      Base64.encode64(private_key.sign(signature_algorithm, document)).gsub(/\n/, "")
+      Base64.encode64(private_key.sign(signature_algorithm, document)).to_s.gsub(/\n/, "").gsub(/\t/, "")
     end
 
     def compute_digest(document, digest_algorithm)

data/spid-es.gemspec

@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 
 Gem::Specification.new do |s|
   s.name = 'spid-es'
-  s.version = '0.0.6'
+  s.version = '0.0.7'
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Fabiano Pavan"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid-es
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors:
 - Fabiano Pavan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-13 00:00:00.000000000 Z
+date: 2016-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix