spid 0.17.2 → 0.17.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -1
- data/lib/spid/saml2.rb +1 -0
- data/lib/spid/saml2/service_provider.rb +1 -1
- data/lib/spid/saml2/settings.rb +4 -0
- data/lib/spid/saml2/sp_metadata.rb +30 -2
- data/lib/spid/saml2/xml_signature.rb +118 -0
- data/lib/spid/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 373a471d3c7b5987767769a28f606c719a9470f82347e3f337e49a6391bb0a38
|
|
4
|
+
data.tar.gz: 596d1cde1ad8283d5b2fb1ab50d3d969be1072b096497aea9d14dec5ce22c052
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8a23bd7418801a537ba5714da4dbf67808b978819780bf9592ca32db148b9ebd14734c65a76730fe4c7ca93f902312acd3c00d908254322ea7a0e9a8670671f6
|
|
7
|
+
data.tar.gz: 99eee38fe1d01a30e26e9efa2a59a8537955e7c2ca623f74c92368bb20eb83bd12b4c80fb926b00f847ba818af72ca7f0b9ca13cbb6d9d615d6a3015e5c3d89e
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased]
|
|
4
4
|
|
|
5
|
+
## [0.17.3] - 2018-09-12
|
|
6
|
+
### Fixed
|
|
7
|
+
- Metadata embed now signature
|
|
8
|
+
- Now it's possible to use attributes in attribute services in string format
|
|
9
|
+
|
|
5
10
|
## [0.17.2] - 2018-09-11
|
|
6
11
|
### Fixed
|
|
7
12
|
- `Spid::Rack::Login` now use authn_context value
|
|
@@ -142,7 +147,8 @@
|
|
|
142
147
|
- Coveralls Integration
|
|
143
148
|
- Rubygems version badge in README
|
|
144
149
|
|
|
145
|
-
[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.17.
|
|
150
|
+
[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.17.3...HEAD
|
|
151
|
+
[0.17.3]: https://github.com/italia/spid-ruby/compare/v0.17.2...v0.17.3
|
|
146
152
|
[0.17.2]: https://github.com/italia/spid-ruby/compare/v0.17.1...v0.17.2
|
|
147
153
|
[0.17.1]: https://github.com/italia/spid-ruby/compare/v0.17.0...v0.17.1
|
|
148
154
|
[0.17.0]: https://github.com/italia/spid-ruby/compare/v0.16.1...v0.17.0
|
data/lib/spid/saml2.rb
CHANGED
|
@@ -10,6 +10,7 @@ require "spid/saml2/logout_request"
|
|
|
10
10
|
require "spid/saml2/idp_logout_request"
|
|
11
11
|
require "spid/saml2/logout_response"
|
|
12
12
|
require "spid/saml2/idp_logout_response"
|
|
13
|
+
require "spid/saml2/xml_signature"
|
|
13
14
|
require "spid/saml2/sp_metadata"
|
|
14
15
|
require "spid/saml2/utils"
|
|
15
16
|
require "spid/saml2/idp_metadata_parser"
|
|
@@ -79,7 +79,7 @@ module Spid
|
|
|
79
79
|
def validate_attribute_service(attribute_service)
|
|
80
80
|
return false unless attribute_service.key?(:name)
|
|
81
81
|
return false unless attribute_service.key?(:fields)
|
|
82
|
-
not_valid_fields = attribute_service[:fields] - ATTRIBUTES
|
|
82
|
+
not_valid_fields = attribute_service[:fields].map(&:to_sym) - ATTRIBUTES
|
|
83
83
|
not_valid_fields.empty?
|
|
84
84
|
end
|
|
85
85
|
|
data/lib/spid/saml2/settings.rb
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "xmldsig"
|
|
4
|
+
|
|
3
5
|
module Spid
|
|
4
6
|
module Saml2
|
|
5
7
|
# rubocop:disable Metrics/ClassLength
|
|
@@ -12,17 +14,27 @@ module Spid
|
|
|
12
14
|
@settings = settings
|
|
13
15
|
end
|
|
14
16
|
|
|
15
|
-
def
|
|
17
|
+
def unsigned_document
|
|
16
18
|
document.add_element(entity_descriptor)
|
|
17
19
|
document.to_s
|
|
18
20
|
end
|
|
19
21
|
|
|
22
|
+
def signed_document
|
|
23
|
+
doc = Xmldsig::SignedDocument.new(unsigned_document)
|
|
24
|
+
doc.sign(settings.private_key)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def to_saml
|
|
28
|
+
signed_document
|
|
29
|
+
end
|
|
30
|
+
|
|
20
31
|
def entity_descriptor
|
|
21
32
|
@entity_descriptor ||=
|
|
22
33
|
begin
|
|
23
34
|
element = REXML::Element.new("md:EntityDescriptor")
|
|
24
35
|
element.add_attributes(entity_descriptor_attributes)
|
|
25
36
|
element.add_element sp_sso_descriptor
|
|
37
|
+
element.add_element signature
|
|
26
38
|
element
|
|
27
39
|
end
|
|
28
40
|
end
|
|
@@ -32,7 +44,7 @@ module Spid
|
|
|
32
44
|
"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#",
|
|
33
45
|
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
34
46
|
"entityID" => settings.sp_entity_id,
|
|
35
|
-
"ID" =>
|
|
47
|
+
"ID" => entity_descriptor_id
|
|
36
48
|
}
|
|
37
49
|
end
|
|
38
50
|
|
|
@@ -59,6 +71,13 @@ module Spid
|
|
|
59
71
|
# rubocop:enable Metrics/AbcSize
|
|
60
72
|
# rubocop:enable Metrics/MethodLength
|
|
61
73
|
|
|
74
|
+
def signature
|
|
75
|
+
@signature ||= ::Spid::Saml2::XmlSignature.new(
|
|
76
|
+
settings: settings,
|
|
77
|
+
sign_reference: entity_descriptor_id
|
|
78
|
+
).signature
|
|
79
|
+
end
|
|
80
|
+
|
|
62
81
|
def attribute_consuming_service(index, name, fields)
|
|
63
82
|
element = REXML::Element.new("md:AttributeConsumingService")
|
|
64
83
|
element.add_attributes("index" => index)
|
|
@@ -132,6 +151,15 @@ module Spid
|
|
|
132
151
|
kd
|
|
133
152
|
end
|
|
134
153
|
end
|
|
154
|
+
|
|
155
|
+
private
|
|
156
|
+
|
|
157
|
+
def entity_descriptor_id
|
|
158
|
+
@entity_descriptor_id ||=
|
|
159
|
+
begin
|
|
160
|
+
"_#{Digest::MD5.hexdigest(settings.sp_entity_id)}"
|
|
161
|
+
end
|
|
162
|
+
end
|
|
135
163
|
end
|
|
136
164
|
# rubocop:enable Metrics/ClassLength
|
|
137
165
|
end
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
module Saml2
|
|
5
|
+
class XmlSignature # :nodoc:
|
|
6
|
+
attr_reader :settings
|
|
7
|
+
attr_reader :sign_reference
|
|
8
|
+
|
|
9
|
+
def initialize(settings:, sign_reference:)
|
|
10
|
+
@settings = settings
|
|
11
|
+
@sign_reference = sign_reference
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def signature
|
|
15
|
+
@signature ||=
|
|
16
|
+
begin
|
|
17
|
+
element = REXML::Element.new("ds:Signature")
|
|
18
|
+
element.add_element(signed_info)
|
|
19
|
+
element.add_element(signature_value)
|
|
20
|
+
element
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def signed_info
|
|
25
|
+
@signed_info ||=
|
|
26
|
+
begin
|
|
27
|
+
element = REXML::Element.new("ds:SignedInfo")
|
|
28
|
+
element.add_element(canonicalization_method)
|
|
29
|
+
element.add_element(signature_method)
|
|
30
|
+
element.add_element(reference)
|
|
31
|
+
element
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def canonicalization_method
|
|
36
|
+
@canonicalization_method ||=
|
|
37
|
+
begin
|
|
38
|
+
element = REXML::Element.new("ds:CanonicalizationMethod")
|
|
39
|
+
element.add_attributes(
|
|
40
|
+
"Algorithm" => "http://www.w3.org/2001/10/xml-exc-c14n#"
|
|
41
|
+
)
|
|
42
|
+
element
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def signature_method
|
|
47
|
+
@signature_method ||=
|
|
48
|
+
begin
|
|
49
|
+
element = REXML::Element.new("ds:SignatureMethod")
|
|
50
|
+
element.add_attributes("Algorithm" => settings.signature_method)
|
|
51
|
+
element
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def reference
|
|
56
|
+
@reference ||=
|
|
57
|
+
begin
|
|
58
|
+
element = REXML::Element.new("ds:Reference")
|
|
59
|
+
element.add_attributes("URI" => "##{sign_reference}")
|
|
60
|
+
element.add_element(transforms)
|
|
61
|
+
element.add_element(digest_method)
|
|
62
|
+
element.add_element(digest_value)
|
|
63
|
+
element
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def transforms
|
|
68
|
+
@transforms ||=
|
|
69
|
+
begin
|
|
70
|
+
element = REXML::Element.new("ds:Transforms")
|
|
71
|
+
element.add_element(transform_enveloped)
|
|
72
|
+
element.add_element(transform_xml)
|
|
73
|
+
element
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def transform_enveloped
|
|
78
|
+
@transform_enveloped ||=
|
|
79
|
+
begin
|
|
80
|
+
element = REXML::Element.new("ds:Transform")
|
|
81
|
+
element.add_attributes(
|
|
82
|
+
"Algorithm" =>
|
|
83
|
+
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"
|
|
84
|
+
)
|
|
85
|
+
element
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def transform_xml
|
|
90
|
+
@transform_xml ||=
|
|
91
|
+
begin
|
|
92
|
+
element = REXML::Element.new("ds:Transform")
|
|
93
|
+
element.add_attributes(
|
|
94
|
+
"Algorithm" => "http://www.w3.org/2001/10/xml-exc-c14n#"
|
|
95
|
+
)
|
|
96
|
+
element
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def digest_method
|
|
101
|
+
@digest_method ||=
|
|
102
|
+
begin
|
|
103
|
+
element = REXML::Element.new("ds:DigestMethod")
|
|
104
|
+
element.add_attributes("Algorithm" => settings.digest_method)
|
|
105
|
+
element
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
def digest_value
|
|
110
|
+
@digest_value ||= REXML::Element.new("ds:DigestValue")
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
def signature_value
|
|
114
|
+
@signature_value ||= REXML::Element.new("ds:SignatureValue")
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
end
|
data/lib/spid/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.17.
|
|
4
|
+
version: 0.17.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Librera
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -349,6 +349,7 @@ files:
|
|
|
349
349
|
- lib/spid/saml2/sp_metadata.rb
|
|
350
350
|
- lib/spid/saml2/utils.rb
|
|
351
351
|
- lib/spid/saml2/utils/query_params_signer.rb
|
|
352
|
+
- lib/spid/saml2/xml_signature.rb
|
|
352
353
|
- lib/spid/slo.rb
|
|
353
354
|
- lib/spid/slo/idp_request.rb
|
|
354
355
|
- lib/spid/slo/request.rb
|