spid-es 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/lib/spid/ruby-saml/metadata.rb +43 -18
- data/lib/spid/ruby-saml/settings.rb +8 -1
- data/lib/xml_security_new.rb +6 -4
- data/spid-es.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
N2NhNjg3NDRlNGYxYTcyYzk4MzRmZGUyOGRmNTE2ZjE4NDc2MDYyMg==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
OTBjMTI4YzdmNTkyMzQ3NDYwMzlhZDk2NTczNWExMWVkYWYzMmZhZg==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
ZTg4OTVhZjliMTA3YTBlY2ZhODI1YWIwZjQ2NTdjNjk5NzczZTdhODM3ZWJm
|
10
|
+
Nzc2OGJiZGJlZmJhZmUzNDUxZWU2ZWYxZDE1NjdiMjUwYmVhMjdkZGEwNWRj
|
11
|
+
MDlmZWM2OTk2Y2UzODg5ODBjMDMzYjAyOGQyYjIxMGE1NjI5MzY=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
NjkzMGNhNjdhMjg0NjZhZjk5ZGY5MjEzZmIwZTdkYzNjMjZhNjU0MjMzN2I4
|
14
|
+
ZTBmNzQwYWJiNDczMmUwNDdiN2M2Nzk3NDJiY2I2YzIwYjk0MDI1NDlhYTE2
|
15
|
+
ZDdkOTM2YWE1ZmE5NTk0ODJhMTM0Y2VhN2JkODUzMTQ5Mzc3YzY=
|
@@ -48,21 +48,48 @@ module Spid
|
|
48
48
|
"AuthnRequestsSigned" => "1"
|
49
49
|
|
50
50
|
}
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
51
|
+
|
52
|
+
|
53
|
+
# if settings.sp_cert != nil
|
54
|
+
# keyDescriptor = sp_sso.add_element "md:KeyDescriptor", {
|
55
|
+
# "use" => "signing"
|
56
|
+
# }
|
57
|
+
# keyInfo = keyDescriptor.add_element "ds:KeyInfo", {
|
58
|
+
# "xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"
|
59
|
+
# }
|
60
|
+
# x509Data = keyInfo.add_element "ds:X509Data"
|
61
|
+
# x509Certificate = x509Data.add_element "ds:X509Certificate"
|
62
|
+
# file = ""
|
63
|
+
# File.foreach(settings.sp_cert){ |line|
|
64
|
+
# file += line unless (line.include?("RSA PUBLIC KEY") || line.include?("CERTIFICATE"))
|
65
|
+
# }
|
66
|
+
# x509Certificate.text = file
|
67
|
+
# end
|
68
|
+
|
69
|
+
# Add KeyDescriptor if messages will be signed / encrypted
|
70
|
+
cert = settings.get_sp_cert
|
71
|
+
if cert
|
72
|
+
|
73
|
+
if cert.is_a?(String)
|
74
|
+
cert = OpenSSL::X509::Certificate.new(cert)
|
75
|
+
end
|
76
|
+
|
77
|
+
cert_text = Base64.encode64(cert.to_der).to_s.gsub(/\n/, "").gsub(/\t/, "")
|
78
|
+
kd = sp_sso.add_element "md:KeyDescriptor", { "use" => "signing" }
|
79
|
+
ki = kd.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
|
80
|
+
xd = ki.add_element "ds:X509Data"
|
81
|
+
xc = xd.add_element "ds:X509Certificate"
|
82
|
+
xc.text = cert_text
|
83
|
+
|
84
|
+
# kd2 = sp_sso.add_element "md:KeyDescriptor", { "use" => "encryption" }
|
85
|
+
# ki2 = kd2.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
|
86
|
+
# xd2 = ki2.add_element "ds:X509Data"
|
87
|
+
# xc2 = xd2.add_element "ds:X509Certificate"
|
88
|
+
# xc2.text = cert_text
|
65
89
|
end
|
90
|
+
|
91
|
+
|
92
|
+
|
66
93
|
if settings.single_logout_service_url != nil
|
67
94
|
sp_sso.add_element "md:SingleLogoutService", {
|
68
95
|
"Binding" => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
|
@@ -152,11 +179,9 @@ module Spid
|
|
152
179
|
private_key = settings.get_sp_key
|
153
180
|
meta_doc.sign_document(private_key, cert)
|
154
181
|
end
|
155
|
-
|
156
182
|
ret = ""
|
157
|
-
#
|
158
|
-
meta_doc.
|
159
|
-
|
183
|
+
# stampo come stringa semplice i metadata per non avere problemi con validazione firma
|
184
|
+
ret = meta_doc.to_s
|
160
185
|
#Logging.debug "Generated metadata:\n#{ret}"
|
161
186
|
|
162
187
|
return ret
|
@@ -45,12 +45,19 @@ module Spid
|
|
45
45
|
OpenSSL::X509::Certificate.new(File.read(idp_cert))
|
46
46
|
end
|
47
47
|
|
48
|
+
# def get_sp_cert
|
49
|
+
# return nil if certificate.nil? || certificate.empty?
|
50
|
+
|
51
|
+
# formatted_cert = OneLogin::RubySaml::Utils.format_cert(certificate)
|
52
|
+
# OpenSSL::X509::Certificate.new(formatted_cert)
|
53
|
+
# end
|
54
|
+
|
48
55
|
# @return [OpenSSL::X509::Certificate|nil] Build the SP certificate from the settings (previously format it)
|
49
56
|
#
|
50
57
|
def get_sp_cert
|
51
58
|
return nil if sp_cert.nil? || sp_cert.empty?
|
52
59
|
#decoded_content = Base64.decode64(File.read(sp_cert))
|
53
|
-
|
60
|
+
formatted_cert = Spid::Saml::Utils.format_cert(sp_cert)
|
54
61
|
OpenSSL::X509::Certificate.new(File.read(sp_cert))
|
55
62
|
end
|
56
63
|
|
data/lib/xml_security_new.rb
CHANGED
@@ -57,6 +57,7 @@ module XMLSecurityNew
|
|
57
57
|
else
|
58
58
|
Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
|
59
59
|
end
|
60
|
+
Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
|
60
61
|
end
|
61
62
|
|
62
63
|
def algorithm(element)
|
@@ -135,6 +136,7 @@ module XMLSecurityNew
|
|
135
136
|
digest_method_element = reference_element.add_element("ds:DigestMethod", {"Algorithm" => digest_method})
|
136
137
|
inclusive_namespaces = INC_PREFIX_LIST.split(" ")
|
137
138
|
canon_doc = noko.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
|
139
|
+
#canon_doc = noko.canonicalize(canon_algorithm(C14N))
|
138
140
|
reference_element.add_element("ds:DigestValue").text = compute_digest(canon_doc, algorithm(digest_method_element))
|
139
141
|
|
140
142
|
# add SignatureValue
|
@@ -143,10 +145,10 @@ module XMLSecurityNew
|
|
143
145
|
end
|
144
146
|
|
145
147
|
noko_signed_info_element = noko_sig_element.at_xpath('//ds:Signature/ds:SignedInfo', 'ds' => DSIG)
|
146
|
-
canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N))
|
148
|
+
canon_string = noko_signed_info_element.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
|
147
149
|
|
148
150
|
signature = compute_signature(private_key, algorithm(signature_method).new, canon_string)
|
149
|
-
signature_element.add_element("ds:SignatureValue").text = signature
|
151
|
+
signature_element.add_element("ds:SignatureValue").text = signature.to_s.gsub(/\n/, "").gsub(/\t/, "")
|
150
152
|
|
151
153
|
# add KeyInfo
|
152
154
|
key_info_element = signature_element.add_element("ds:KeyInfo")
|
@@ -155,7 +157,7 @@ module XMLSecurityNew
|
|
155
157
|
if certificate.is_a?(String)
|
156
158
|
certificate = OpenSSL::X509::Certificate.new(certificate)
|
157
159
|
end
|
158
|
-
x509_cert_element.text = Base64.encode64(certificate.to_der).gsub(/\n/, "")
|
160
|
+
x509_cert_element.text = Base64.encode64(certificate.to_der).to_s.gsub(/\n/, "").gsub(/\t/, "")
|
159
161
|
|
160
162
|
# add the signature
|
161
163
|
# issuer_element = self.elements["//saml:Issuer"]
|
@@ -177,7 +179,7 @@ module XMLSecurityNew
|
|
177
179
|
protected
|
178
180
|
|
179
181
|
def compute_signature(private_key, signature_algorithm, document)
|
180
|
-
Base64.encode64(private_key.sign(signature_algorithm, document)).gsub(/\n/, "")
|
182
|
+
Base64.encode64(private_key.sign(signature_algorithm, document)).to_s.gsub(/\n/, "").gsub(/\t/, "")
|
181
183
|
end
|
182
184
|
|
183
185
|
def compute_digest(document, digest_algorithm)
|
data/spid-es.gemspec
CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = 'spid-es'
|
5
|
-
s.version = '0.0.
|
5
|
+
s.version = '0.0.7'
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spid-es
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Fabiano Pavan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-10-
|
11
|
+
date: 2016-10-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: canonix
|