spid 0.17.2 → 0.17.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -1
- data/lib/spid/saml2.rb +1 -0
- data/lib/spid/saml2/service_provider.rb +1 -1
- data/lib/spid/saml2/settings.rb +4 -0
- data/lib/spid/saml2/sp_metadata.rb +30 -2
- data/lib/spid/saml2/xml_signature.rb +118 -0
- data/lib/spid/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 373a471d3c7b5987767769a28f606c719a9470f82347e3f337e49a6391bb0a38
|
|
4
|
+
data.tar.gz: 596d1cde1ad8283d5b2fb1ab50d3d969be1072b096497aea9d14dec5ce22c052
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8a23bd7418801a537ba5714da4dbf67808b978819780bf9592ca32db148b9ebd14734c65a76730fe4c7ca93f902312acd3c00d908254322ea7a0e9a8670671f6
|
|
7
|
+
data.tar.gz: 99eee38fe1d01a30e26e9efa2a59a8537955e7c2ca623f74c92368bb20eb83bd12b4c80fb926b00f847ba818af72ca7f0b9ca13cbb6d9d615d6a3015e5c3d89e
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased]
|
|
4
4
|
|
|
5
|
+
## [0.17.3] - 2018-09-12
|
|
6
|
+
### Fixed
|
|
7
|
+
- Metadata embed now signature
|
|
8
|
+
- Now it's possible to use attributes in attribute services in string format
|
|
9
|
+
|
|
5
10
|
## [0.17.2] - 2018-09-11
|
|
6
11
|
### Fixed
|
|
7
12
|
- `Spid::Rack::Login` now use authn_context value
|
|
@@ -142,7 +147,8 @@
|
|
|
142
147
|
- Coveralls Integration
|
|
143
148
|
- Rubygems version badge in README
|
|
144
149
|
|
|
145
|
-
[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.17.
|
|
150
|
+
[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.17.3...HEAD
|
|
151
|
+
[0.17.3]: https://github.com/italia/spid-ruby/compare/v0.17.2...v0.17.3
|
|
146
152
|
[0.17.2]: https://github.com/italia/spid-ruby/compare/v0.17.1...v0.17.2
|
|
147
153
|
[0.17.1]: https://github.com/italia/spid-ruby/compare/v0.17.0...v0.17.1
|
|
148
154
|
[0.17.0]: https://github.com/italia/spid-ruby/compare/v0.16.1...v0.17.0
|
data/lib/spid/saml2.rb
CHANGED
|
@@ -10,6 +10,7 @@ require "spid/saml2/logout_request"
|
|
|
10
10
|
require "spid/saml2/idp_logout_request"
|
|
11
11
|
require "spid/saml2/logout_response"
|
|
12
12
|
require "spid/saml2/idp_logout_response"
|
|
13
|
+
require "spid/saml2/xml_signature"
|
|
13
14
|
require "spid/saml2/sp_metadata"
|
|
14
15
|
require "spid/saml2/utils"
|
|
15
16
|
require "spid/saml2/idp_metadata_parser"
|
|
@@ -79,7 +79,7 @@ module Spid
|
|
|
79
79
|
def validate_attribute_service(attribute_service)
|
|
80
80
|
return false unless attribute_service.key?(:name)
|
|
81
81
|
return false unless attribute_service.key?(:fields)
|
|
82
|
-
not_valid_fields = attribute_service[:fields] - ATTRIBUTES
|
|
82
|
+
not_valid_fields = attribute_service[:fields].map(&:to_sym) - ATTRIBUTES
|
|
83
83
|
not_valid_fields.empty?
|
|
84
84
|
end
|
|
85
85
|
|
data/lib/spid/saml2/settings.rb
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "xmldsig"
|
|
4
|
+
|
|
3
5
|
module Spid
|
|
4
6
|
module Saml2
|
|
5
7
|
# rubocop:disable Metrics/ClassLength
|
|
@@ -12,17 +14,27 @@ module Spid
|
|
|
12
14
|
@settings = settings
|
|
13
15
|
end
|
|
14
16
|
|
|
15
|
-
def
|
|
17
|
+
def unsigned_document
|
|
16
18
|
document.add_element(entity_descriptor)
|
|
17
19
|
document.to_s
|
|
18
20
|
end
|
|
19
21
|
|
|
22
|
+
def signed_document
|
|
23
|
+
doc = Xmldsig::SignedDocument.new(unsigned_document)
|
|
24
|
+
doc.sign(settings.private_key)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def to_saml
|
|
28
|
+
signed_document
|
|
29
|
+
end
|
|
30
|
+
|
|
20
31
|
def entity_descriptor
|
|
21
32
|
@entity_descriptor ||=
|
|
22
33
|
begin
|
|
23
34
|
element = REXML::Element.new("md:EntityDescriptor")
|
|
24
35
|
element.add_attributes(entity_descriptor_attributes)
|
|
25
36
|
element.add_element sp_sso_descriptor
|
|
37
|
+
element.add_element signature
|
|
26
38
|
element
|
|
27
39
|
end
|
|
28
40
|
end
|
|
@@ -32,7 +44,7 @@ module Spid
|
|
|
32
44
|
"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#",
|
|
33
45
|
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
34
46
|
"entityID" => settings.sp_entity_id,
|
|
35
|
-
"ID" =>
|
|
47
|
+
"ID" => entity_descriptor_id
|
|
36
48
|
}
|
|
37
49
|
end
|
|
38
50
|
|
|
@@ -59,6 +71,13 @@ module Spid
|
|
|
59
71
|
# rubocop:enable Metrics/AbcSize
|
|
60
72
|
# rubocop:enable Metrics/MethodLength
|
|
61
73
|
|
|
74
|
+
def signature
|
|
75
|
+
@signature ||= ::Spid::Saml2::XmlSignature.new(
|
|
76
|
+
settings: settings,
|
|
77
|
+
sign_reference: entity_descriptor_id
|
|
78
|
+
).signature
|
|
79
|
+
end
|
|
80
|
+
|
|
62
81
|
def attribute_consuming_service(index, name, fields)
|
|
63
82
|
element = REXML::Element.new("md:AttributeConsumingService")
|
|
64
83
|
element.add_attributes("index" => index)
|
|
@@ -132,6 +151,15 @@ module Spid
|
|
|
132
151
|
kd
|
|
133
152
|
end
|
|
134
153
|
end
|
|
154
|
+
|
|
155
|
+
private
|
|
156
|
+
|
|
157
|
+
def entity_descriptor_id
|
|
158
|
+
@entity_descriptor_id ||=
|
|
159
|
+
begin
|
|
160
|
+
"_#{Digest::MD5.hexdigest(settings.sp_entity_id)}"
|
|
161
|
+
end
|
|
162
|
+
end
|
|
135
163
|
end
|
|
136
164
|
# rubocop:enable Metrics/ClassLength
|
|
137
165
|
end
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
module Saml2
|
|
5
|
+
class XmlSignature # :nodoc:
|
|
6
|
+
attr_reader :settings
|
|
7
|
+
attr_reader :sign_reference
|
|
8
|
+
|
|
9
|
+
def initialize(settings:, sign_reference:)
|
|
10
|
+
@settings = settings
|
|
11
|
+
@sign_reference = sign_reference
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def signature
|
|
15
|
+
@signature ||=
|
|
16
|
+
begin
|
|
17
|
+
element = REXML::Element.new("ds:Signature")
|
|
18
|
+
element.add_element(signed_info)
|
|
19
|
+
element.add_element(signature_value)
|
|
20
|
+
element
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def signed_info
|
|
25
|
+
@signed_info ||=
|
|
26
|
+
begin
|
|
27
|
+
element = REXML::Element.new("ds:SignedInfo")
|
|
28
|
+
element.add_element(canonicalization_method)
|
|
29
|
+
element.add_element(signature_method)
|
|
30
|
+
element.add_element(reference)
|
|
31
|
+
element
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def canonicalization_method
|
|
36
|
+
@canonicalization_method ||=
|
|
37
|
+
begin
|
|
38
|
+
element = REXML::Element.new("ds:CanonicalizationMethod")
|
|
39
|
+
element.add_attributes(
|
|
40
|
+
"Algorithm" => "http://www.w3.org/2001/10/xml-exc-c14n#"
|
|
41
|
+
)
|
|
42
|
+
element
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def signature_method
|
|
47
|
+
@signature_method ||=
|
|
48
|
+
begin
|
|
49
|
+
element = REXML::Element.new("ds:SignatureMethod")
|
|
50
|
+
element.add_attributes("Algorithm" => settings.signature_method)
|
|
51
|
+
element
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def reference
|
|
56
|
+
@reference ||=
|
|
57
|
+
begin
|
|
58
|
+
element = REXML::Element.new("ds:Reference")
|
|
59
|
+
element.add_attributes("URI" => "##{sign_reference}")
|
|
60
|
+
element.add_element(transforms)
|
|
61
|
+
element.add_element(digest_method)
|
|
62
|
+
element.add_element(digest_value)
|
|
63
|
+
element
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def transforms
|
|
68
|
+
@transforms ||=
|
|
69
|
+
begin
|
|
70
|
+
element = REXML::Element.new("ds:Transforms")
|
|
71
|
+
element.add_element(transform_enveloped)
|
|
72
|
+
element.add_element(transform_xml)
|
|
73
|
+
element
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def transform_enveloped
|
|
78
|
+
@transform_enveloped ||=
|
|
79
|
+
begin
|
|
80
|
+
element = REXML::Element.new("ds:Transform")
|
|
81
|
+
element.add_attributes(
|
|
82
|
+
"Algorithm" =>
|
|
83
|
+
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"
|
|
84
|
+
)
|
|
85
|
+
element
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def transform_xml
|
|
90
|
+
@transform_xml ||=
|
|
91
|
+
begin
|
|
92
|
+
element = REXML::Element.new("ds:Transform")
|
|
93
|
+
element.add_attributes(
|
|
94
|
+
"Algorithm" => "http://www.w3.org/2001/10/xml-exc-c14n#"
|
|
95
|
+
)
|
|
96
|
+
element
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def digest_method
|
|
101
|
+
@digest_method ||=
|
|
102
|
+
begin
|
|
103
|
+
element = REXML::Element.new("ds:DigestMethod")
|
|
104
|
+
element.add_attributes("Algorithm" => settings.digest_method)
|
|
105
|
+
element
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
def digest_value
|
|
110
|
+
@digest_value ||= REXML::Element.new("ds:DigestValue")
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
def signature_value
|
|
114
|
+
@signature_value ||= REXML::Element.new("ds:SignatureValue")
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
end
|
data/lib/spid/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.17.
|
|
4
|
+
version: 0.17.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Librera
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -349,6 +349,7 @@ files:
|
|
|
349
349
|
- lib/spid/saml2/sp_metadata.rb
|
|
350
350
|
- lib/spid/saml2/utils.rb
|
|
351
351
|
- lib/spid/saml2/utils/query_params_signer.rb
|
|
352
|
+
- lib/spid/saml2/xml_signature.rb
|
|
352
353
|
- lib/spid/slo.rb
|
|
353
354
|
- lib/spid/slo/idp_request.rb
|
|
354
355
|
- lib/spid/slo/request.rb
|