RubyGems - spid - Versions diffs - 0.2.2 → 0.3.0 - Mend

spid 0.2.2 → 0.3.0

Files changed (15) hide show

checksums.yaml +4 -4
data/.travis.yml +1 -0
data/CHANGELOG.md +8 -1
data/Gemfile +4 -0
data/README.md +15 -3
data/lib/spid.rb +24 -0
data/lib/spid/authn_request.rb +9 -55
data/lib/spid/generate_authn_request.rb +64 -0
data/lib/spid/identity_providers.rb +44 -0
data/lib/spid/idp_metadata.rb +38 -0
data/lib/spid/metadata.rb +73 -0
data/lib/spid/version.rb +1 -1
data/spid.gemspec +5 -0
metadata +88 -3
data/lib/spid/onelogin_extension.rb +0 -23

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f4e8d4ff447582b107751730b91bb3a2d20cc234516a3d0d3d54e3e8082478e8
-  data.tar.gz: e03ddeedd4ee9bb7dec109f53cfcb04035c29f7d58eb63ee5365f0bd89829bfc
+  metadata.gz: 202babbba4b9dae4431cf63d52deea481da1399657cda044e5782893f098b832
+  data.tar.gz: e03e68a394474fb59b7c20a4c7e336a21eff7aab876508cab468dcabd8e24449
 SHA512:
-  metadata.gz: a151e6770817d6f2ff0e6d18f3178bb6d1a5cb8335df7574bfc49169e8f16271bde3454bb8ba5b1abb1f466f07ba5b5b7d241bcc22328c7850af68e79aa6943d
-  data.tar.gz: 308b1f110d1e5ef74b6aaffbb1b64ac5260bae7c952c6006c8731c9f368d21452d4c706109cbdde5f211aececd79d6cbf1e4ff487e7cfd2195431148fbbb8a9f
+  metadata.gz: 9e5c12ec6d34ea8722bed6101ef27a7a2e754f80f4cd3d932bc7739a6355858603382755765fb57795273107f21cd449edd076f326e7744c59c2c29aa8d9e6bc
+  data.tar.gz: f611115901ccdff48084602cdcba4654452544dc13899da3954906679593f88ef1dd740649c549a6046b64e734c8ff1aa558ee3713e834563302339bfb768827

data/.travis.yml CHANGED Viewed

@@ -1,4 +1,5 @@
 language: ruby
+cache: bundler
 rvm:
  - 2.3
  - 2.4

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,12 @@
 ## [Unreleased]
+## [0.3.0] - 2018-07-06
+### Added
+- Fetch all identity provider from https://registry.spid.gov.it
+- Parse and store metadata from single Identity Provider
 ## [0.2.2] - 2018-07-02
 ### Fixed
 - Spid::L1 constant duplicated
@@ -26,7 +32,8 @@
 - Coveralls Integration
 - Rubygems version badge in README
-[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.2.2...HEAD
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.3.0...HEAD
+[0.3.0]: https://github.com/italia/spid-ruby/compare/v0.2.2...v0.3.0
 [0.2.2]: https://github.com/italia/spid-ruby/compare/v0.2.1...v0.2.2
 [0.2.1]: https://github.com/italia/spid-ruby/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/italia/spid-ruby/compare/v0.1.1...v0.2.0

data/Gemfile CHANGED Viewed

@@ -6,3 +6,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 # Specify your gem's dependencies in spid.gemspec
 gemspec
+gem "ruby-saml",
+    github: "onelogin/ruby-saml",
+    ref: "b0301c9da6c5c1674c29a8544c9e32d153bdbcca"

data/README.md CHANGED Viewed

@@ -2,15 +2,27 @@
 Ruby library for SPID authentication
 | Project                | Spid Ruby |
 | ---------------------- | ------------ |
 | Gem name               | spid |
 | License                | [MIT](https://github.com/italia/spid-ruby/blob/master/LICENSE) |
 | Version                | [![Gem Version](https://badge.fury.io/rb/spid.svg)](http://badge.fury.io/rb/spid) |
 | Continuous integration | [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg?branch=master)](https://travis-ci.org/italia/spid-ruby) |
-| Test coverage          | [![Coverage Status](https://coveralls.io/repos/italia/spid-ruby/badge.svg)](https://coveralls.io/r/italia/spid-ruby) |
+| Test coverate          | [![Coverage Status](https://coveralls.io/repos/github/italia/spid-ruby/badge.svg?branch=master)](https://coveralls.io/github/italia/spid-ruby?branch=master) |
 | Credits                | [Contributors](https://github.com/italia/spid-ruby/graphs/contributors) |
+## Installation
+Add into your Gemfile
+```
+gem "ruby-saml",
+  github: "onelogin/ruby-saml",
+  ref: "b0301c9da6c5c1674c29a8544c9e32d153bdbcca"
+gem "spid"
+```
 ## Features
 |<img src="https://github.com/italia/spid-graphics/blob/master/spid-logos/spid-logo-c-lb.png?raw=true" width="100" /><br />_Compliance with [SPID regulations](http://www.agid.gov.it/sites/default/files/circolari/spid-regole_tecniche_v1.pdf) (for Service Providers)_||
@@ -26,8 +38,8 @@ Ruby library for SPID authentication
 |`AssertionConsumerServiceURL` customization||
 |`AssertionConsumerServiceIndex` customization||
 |`AttributeConsumingServiceIndex` customization||
-|`AuthnContextClassRef` (SPID level) customization||
-|`RequestedAuthnContext/@Comparison` customization||
+|`AuthnContextClassRef` (SPID level) customization|✓|
+|`RequestedAuthnContext/@Comparison` customization|✓|
 |`RelayState` customization (1.2.2)||
 |**Response/Assertion parsing**||
 |verification of `Response/Signature` value (if any)||

data/lib/spid.rb CHANGED Viewed

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
 require "spid/authn_request"
+require "spid/generate_authn_request"
+require "spid/identity_providers"
+require "spid/metadata"
+require "spid/idp_metadata"
 require "spid/version"
 module Spid # :nodoc:
@@ -19,6 +23,26 @@ module Spid # :nodoc:
     MAXIMUM_COMPARISON
   ].freeze
+  SHA256 = XMLSecurity::Document::SHA256
+  SHA384 = XMLSecurity::Document::SHA384
+  SHA512 = XMLSecurity::Document::SHA512
+  DIGEST_METHODS = [
+    SHA256,
+    SHA384,
+    SHA512
+  ].freeze
+  RSA_SHA256 = XMLSecurity::Document::RSA_SHA256
+  RSA_SHA384 = XMLSecurity::Document::RSA_SHA384
+  RSA_SHA512 = XMLSecurity::Document::RSA_SHA512
+  SIGNATURE_METHODS = [
+    RSA_SHA256,
+    RSA_SHA384,
+    RSA_SHA512
+  ].freeze
   L1 = "https://www.spid.gov.it/SpidL1"
   L2 = "https://www.spid.gov.it/SpidL2"
   L3 = "https://www.spid.gov.it/SpidL3"

data/lib/spid/authn_request.rb CHANGED Viewed

@@ -1,67 +1,21 @@
 # frozen_string_literal: true
 require "onelogin/ruby-saml/authrequest"
-require "spid/onelogin_extension"
-require "onelogin/ruby-saml/settings"
 module Spid
-  class AuthnRequest # :nodoc:
-    using OneLoginExtension
-    attr_reader :authn_request_attributes
-    # rubocop:disable Metrics/MethodLength
-    def initialize(
-          idp_sso_target_url:,
-          assertion_consumer_service_url:,
-          issuer:,
-          authn_context: Spid::L1,
-          authn_context_comparison: Spid::EXACT_COMPARISON
-        )
-      unless AUTHN_CONTEXTS.include?(authn_context)
-        raise Spid::UnknownAuthnContextError,
-              "Provided authn_context is not valid:" \
-              " use one of #{AUTHN_CONTEXTS.join(', ')}"
-      end
-      unless COMPARISON_METHODS.include?(authn_context_comparison)
-        raise Spid::UnknownAuthnComparisonMethodError,
-              "Provided authn_context_comparison_method is not valid:" \
-              " use one of #{COMPARISON_METHODS.join(', ')}"
-      end
-      @authn_request_attributes = {
-        idp_sso_target_url: idp_sso_target_url,
-        assertion_consumer_service_url: assertion_consumer_service_url,
-        protocol_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-        issuer: issuer,
-        name_identifier_format: name_identifier_format,
-        authn_context: authn_context,
-        authn_context_comparison: authn_context_comparison
-      }
-      return if authn_context <= Spid::L1
-      @authn_request_attributes[:force_authn] = true
-    end
-    # rubocop:enable Metrics/MethodLength
-    def to_xml
-      authn_request.create_xml_document(saml_settings)
+  class AuthnRequest < ::OneLogin::RubySaml::Authrequest # :nodoc:
+    def create_xml_document(settings)
+      original_document = super(settings)
+      issuer_element = original_document.elements["//saml:Issuer"]
+      issuer_element.attributes["Format"] = format_entity
+      issuer_element.attributes["NameQualifier"] = settings.issuer
+      original_document
     end
     private
-    def name_identifier_format
-      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
-    end
-    def authn_request
-      ::OneLogin::RubySaml::Authrequest.new
-    end
-    def saml_settings
-      ::OneLogin::RubySaml::Settings.new authn_request_attributes
+    def format_entity
+      "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
     end
   end
 end

data/lib/spid/generate_authn_request.rb ADDED Viewed

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+require "spid/authn_request"
+require "onelogin/ruby-saml/settings"
+module Spid
+  class GenerateAuthnRequest # :nodoc:
+    attr_reader :authn_request_attributes
+    # rubocop:disable Metrics/MethodLength
+    def initialize(
+          idp_sso_target_url:,
+          assertion_consumer_service_url:,
+          issuer:,
+          authn_context: Spid::L1,
+          authn_context_comparison: Spid::EXACT_COMPARISON
+        )
+      unless AUTHN_CONTEXTS.include?(authn_context)
+        raise Spid::UnknownAuthnContextError,
+              "Provided authn_context is not valid:" \
+              " use one of #{AUTHN_CONTEXTS.join(', ')}"
+      end
+      unless COMPARISON_METHODS.include?(authn_context_comparison)
+        raise Spid::UnknownAuthnComparisonMethodError,
+              "Provided authn_context_comparison_method is not valid:" \
+              " use one of #{COMPARISON_METHODS.join(', ')}"
+      end
+      @authn_request_attributes = {
+        idp_sso_target_url: idp_sso_target_url,
+        assertion_consumer_service_url: assertion_consumer_service_url,
+        protocol_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+        issuer: issuer,
+        name_identifier_format: name_identifier_format,
+        authn_context: authn_context,
+        authn_context_comparison: authn_context_comparison
+      }
+      return if authn_context <= Spid::L1
+      @authn_request_attributes[:force_authn] = true
+    end
+    # rubocop:enable Metrics/MethodLength
+    def to_saml
+      authn_request.create(saml_settings)
+    end
+    private
+    def name_identifier_format
+      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+    end
+    def authn_request
+      AuthnRequest.new
+    end
+    def saml_settings
+      ::OneLogin::RubySaml::Settings.new authn_request_attributes
+    end
+  end
+end

data/lib/spid/identity_providers.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+require "faraday"
+require "faraday_middleware"
+module Spid
+  class IdentityProviders # :nodoc:
+    def self.fetch_all
+      new.fetch_all
+    end
+    def fetch_all
+      spid_idp_entities.map do |idp|
+        {
+          name: idp["entity_name"].gsub(/ ID$/, "").downcase,
+          metadata_url: idp["metadata_url"],
+          entity_id: idp["entity_id"]
+        }
+      end
+    end
+    private
+    def spid_idp_entities
+      return [] if response.body["spidFederationRegistry"].blank?
+      response.body["spidFederationRegistry"]["entities"]
+    end
+    def response
+      connection.get do |req|
+        req.url "/api/identity-providers"
+        req.headers["Accept"] = "application/json"
+      end
+    end
+    def connection
+      Faraday.new("https://registry.spid.gov.it") do |conn|
+        conn.response :json, content_type: /\bjson$/
+        conn.adapter Faraday.default_adapter
+      end
+    end
+  end
+end

data/lib/spid/idp_metadata.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+require "singleton"
+require "onelogin/ruby-saml/idp_metadata_parser"
+module Spid
+  class IdpMetadata # :nodoc:
+    include Singleton
+    def initialize
+      @identity_providers = Spid::IdentityProviders.fetch_all
+      @metadata = {}
+    end
+    def [](idp_name)
+      return @metadata[idp_name] if @metadata[idp_name].present?
+      idp_hash = identity_provider_hash(idp_name)
+      @metadata[idp_name] = parser.parse_remote_to_hash(
+        idp_hash[:metadata_url],
+        idp_hash[:metadata_url].start_with?("https://")
+      )
+      @metadata[idp_name]
+    end
+    def identity_provider_hash(idp_name)
+      @identity_providers.find do |idp|
+        idp[:name] == idp_name.to_s
+      end
+    end
+    private
+    def parser
+      @parser ||= ::OneLogin::RubySaml::IdpMetadataParser.new
+    end
+  end
+end

data/lib/spid/metadata.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+require "onelogin/ruby-saml/metadata"
+require "onelogin/ruby-saml/settings"
+module Spid
+  class Metadata # :nodoc:
+    attr_reader :metadata_attributes,
+                :attribute_service_name
+    # rubocop:disable Metrics/MethodLength
+    # rubocop:disable Metrics/ParameterLists
+    def initialize(
+          issuer:,
+          private_key_filepath:,
+          certificate_filepath:,
+          assertion_consumer_service_url:,
+          single_logout_service_url:,
+          attribute_service_name:,
+          digest_method: Spid::SHA256,
+          signature_method: Spid::RSA_SHA256
+        )
+      @attribute_service_name = attribute_service_name
+      @metadata_attributes = {
+        issuer: issuer,
+        private_key: File.read(private_key_filepath),
+        certificate: File.read(certificate_filepath),
+        assertion_consumer_service_url: assertion_consumer_service_url,
+        single_logout_service_url: single_logout_service_url,
+        security: {
+          authn_requests_signed:     true,
+          logout_requests_signed:    false,
+          logout_responses_signed:   false,
+          want_assertions_signed:    false,
+          want_assertions_encrypted: false,
+          want_name_id:              false,
+          metadata_signed:           true,
+          embed_sign:                false,
+          digest_method:             digest_method,
+          signature_method:          signature_method
+        }
+      }
+    end
+    # rubocop:enable Metrics/ParameterLists
+    # rubocop:enable Metrics/MethodLength
+    def to_xml
+      metadata.generate(saml_settings)
+    end
+    private
+    def metadata
+      ::OneLogin::RubySaml::Metadata.new
+    end
+    def saml_settings
+      @saml_settings = ::OneLogin::RubySaml::Settings.new metadata_attributes
+      outer_self = self
+      @saml_settings.attribute_consuming_service.configure do
+        service_index 0
+        service_name outer_self.attribute_service_name
+        add_attribute name: "Name",
+                      name_format: "Name Format",
+                      friendly_name: "Friendly Name"
+      end
+      @saml_settings
+    end
+  end
+end

data/lib/spid/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spid
-  VERSION = "0.2.2"
+  VERSION = "0.3.0"
 end

data/spid.gemspec CHANGED Viewed

@@ -26,13 +26,18 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency "ruby-saml", "~> 1.8", ">= 1.8.0"
+  spec.add_development_dependency "activesupport", ">= 3.0.0"
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "bundler-audit", "~> 0"
   spec.add_development_dependency "coveralls", "~> 0"
+  spec.add_development_dependency "faraday", "~> 0"
+  spec.add_development_dependency "faraday_middleware", "~> 0"
   spec.add_development_dependency "nokogiri", "~> 1.8", ">= 1.8.3"
   spec.add_development_dependency "pry", "~> 0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rubocop", "0.57.2"
   spec.add_development_dependency "rubocop-rspec", "1.27.0"
+  spec.add_development_dependency "vcr", "~> 4.0", ">= 4.0.0"
+  spec.add_development_dependency "webmock", "~> 3.4", ">= 3.4.2"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - David Librera
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-07-02 00:00:00.000000000 Z
+date: 2018-07-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-saml
@@ -30,6 +30,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -72,6 +86,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -162,6 +204,46 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 1.27.0
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.2
 description:
 email:
 - davidlibrera@gmail.com
@@ -181,7 +263,10 @@ files:
 - Rakefile
 - lib/spid.rb
 - lib/spid/authn_request.rb
-- lib/spid/onelogin_extension.rb
+- lib/spid/generate_authn_request.rb
+- lib/spid/identity_providers.rb
+- lib/spid/idp_metadata.rb
+- lib/spid/metadata.rb
 - lib/spid/version.rb
 - spid.gemspec
 homepage: https://github.com/italia/spid-ruby

data/lib/spid/onelogin_extension.rb DELETED Viewed

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-require "onelogin/ruby-saml/authrequest"
-module Spid
-  module OneLoginExtension # :nodoc:
-    refine ::OneLogin::RubySaml::Authrequest do
-      def create_xml_document(settings)
-        original_document = super(settings)
-        issuer_element = original_document.elements["//saml:Issuer"]
-        issuer_element.attributes["Format"] = format_entity
-        issuer_element.attributes["NameQualifier"] = settings.issuer
-        original_document
-      end
-      private
-      def format_entity
-        "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
-      end
-    end
-  end
-end