viisp-auth-custom 0.1.0

data/lib/viisp/auth/requests/ticket.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module VIISP
+  module Auth
+    module Requests
+      class Ticket
+        include Soap
+        include Signature
+
+        NODE_ID = 'uniqueNodeId'
+
+        def initialize(providers: nil, attributes: nil, user_information: nil, postback_url: nil,
+                       custom_data: '')
+          @providers = providers || configuration.providers
+          @attributes = attributes || configuration.attributes
+          @user_information = user_information || configuration.user_information
+          @postback_url = postback_url || configuration.postback_url
+          @custom_data = custom_data
+        end
+
+        def build
+          builder = Nokogiri::XML::Builder.new do |builder|
+            soap_envelope(builder) do
+              build_request(builder)
+            end
+          end
+
+          builder.doc
+        end
+
+        private
+
+        def build_request(builder)
+          builder[:authentication].authenticationRequest(id: NODE_ID) do
+            builder.pid(configuration.pid)
+
+            @providers.each do |provider|
+              builder.authenticationProvider(provider)
+            end
+
+            @attributes.each do |attribute|
+              builder.authenticationAttribute(attribute)
+            end
+
+            @user_information.each do |val|
+              builder.userInformation(val)
+            end
+
+            builder.postbackUrl(@postback_url)
+            builder.customData(@custom_data)
+
+            build_signature(builder, NODE_ID)
+          end
+        end
+
+        def configuration
+          Auth.configuration
+        end
+      end
+    end
+  end
+end

data/lib/viisp/auth/signing.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'xmldsig'
+
+module VIISP
+  module Auth
+    module Signing
+      SCHEMAS_PATH = File.expand_path('../../../../schemas', __FILE__).freeze
+
+      module_function
+
+      def sign(doc, private_key = Auth.configuration.private_key)
+        signed_document = Xmldsig::SignedDocument.new(doc, id_attr: 'id')
+        signed_document.sign(private_key)
+      end
+
+      def validate!(doc, certificate = Auth.configuration.service_cert)
+        Dir.chdir(SCHEMAS_PATH) do
+          schema = IO.read('authentication.xsd')
+          signed_document = Xmldsig::SignedDocument.new(doc, id_attr: 'id')
+          # signed_document.validate(certificate, schema) ||
+          #   raise(SignatureError, 'Unable to verify signature')
+        end
+      end
+    end
+  end
+end

data/lib/viisp/auth/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module VIISP
+  module Auth
+    VERSION = '0.1.0'
+  end
+end

data/lib/viisp/auth.rb

@@ -0,0 +1,52 @@
+require 'nokogiri'
+require 'viisp/auth/version'
+require 'viisp/auth/configuration'
+require 'viisp/auth/errors'
+require 'viisp/auth/client'
+require 'viisp/auth/signing'
+require 'viisp/auth/identity'
+require 'viisp/auth/requests/soap'
+require 'viisp/auth/requests/signature'
+require 'viisp/auth/requests/ticket'
+require 'viisp/auth/requests/identity'
+
+module VIISP
+  module Auth
+    module_function
+
+    def configure
+      yield(configuration)
+    end
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def client
+      @client ||= Client.new
+    end
+
+    def portal_endpoint
+      configuration.portal_endpoint
+    end
+
+    def ticket(options = {})
+      request = Requests::Ticket.new(**options).build
+
+      doc = client.post(request)
+      doc.remove_namespaces!
+      doc.at('ticket')&.text
+    end
+
+    def identity(options = {})
+      request = Requests::Identity.new(**options).build
+
+      doc = client.post(request)
+      doc.remove_namespaces!
+
+      Identity.new(doc).to_hash
+    end
+  end
+
+
+end

data/schemas/authentication.xsd

@@ -0,0 +1,205 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.epaslaugos.lt/services/authentication"
+           elementFormDefault="qualified" xmlns="http://www.epaslaugos.lt/services/authentication">
+
+  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd" />
+  <xs:import namespace="http://www.w3.org/2001/10/xml-exc-c14n#" schemaLocation="exc-c14n.xsd" />
+  <xs:import namespace="http://viisp.ivpk.lt/systemHealth" schemaLocation="systemHealth.xsd" />
+
+  <xs:element name="authenticationRequest">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="pid" type="xs:string" />
+        <xs:element name="serviceTarget" type="serviceTarget" minOccurs="0" />
+        <xs:element name="authenticationProvider" type="authenticationProvider" minOccurs="0" maxOccurs="unbounded" />
+        <xs:element name="authenticationAttribute" type="authenticationAttribute" minOccurs="0" maxOccurs="unbounded" />
+        <xs:element name="userInformation" type="userInformation" minOccurs="0" maxOccurs="unbounded" />
+        <xs:element name="proxyAuthenticationAttribute" type="authenticationAttribute" minOccurs="0" maxOccurs="unbounded" />
+        <xs:element name="proxyUserInformation" type="userInformation" minOccurs="0" maxOccurs="unbounded" />
+        <xs:element name="postbackUrl" type="xs:anyURI" minOccurs="0" />
+        <xs:element name="customData" type="xs:string" minOccurs="0" />
+        <xs:element ref="dsig:Signature" />
+      </xs:sequence>
+      <xs:attribute name="id" type="xs:ID" use="optional" />
+    </xs:complexType>
+  </xs:element>
+
+  <xs:element name="authenticationResponse">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="ticket" type="ticket" />
+        <xs:element ref="dsig:Signature" />
+      </xs:sequence>
+      <xs:attribute name="id" type="xs:ID" use="optional" />
+    </xs:complexType>
+  </xs:element>
+
+  <xs:element name="authenticationDataRequest">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="pid" type="xs:string" />
+        <xs:element name="ticket" type="ticket" />
+        <xs:element name="includeSourceData" type="xs:boolean" minOccurs="0" />
+        <xs:element ref="dsig:Signature" />
+      </xs:sequence>
+      <xs:attribute name="id" type="xs:ID" use="optional" />
+    </xs:complexType>
+  </xs:element>
+
+  <xs:element name="authenticationDataResponse">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="authenticationProvider" type="authenticationProvider" />
+        <xs:element name="authenticationAttribute" type="authenticationAttributePair" minOccurs="0" maxOccurs="unbounded" />
+        <xs:element name="userInformation" type="userInformationPair" minOccurs="0" maxOccurs="unbounded" />
+        <xs:element name="proxyAuthenticationAttribute" type="authenticationAttributePair" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="proxyUserInformation" type="userInformationPair" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="customData" type="xs:string" minOccurs="0" />
+        <xs:element name="sourceData" type="authenticationSourceData" minOccurs="0" />
+        <xs:element ref="dsig:Signature" />
+      </xs:sequence>
+      <xs:attribute name="id" type="xs:ID" use="optional" />
+    </xs:complexType>
+  </xs:element>
+
+  <xs:element name="invalidSignatureException" />
+  <xs:element name="invalidXmlException" />
+
+  <xs:complexType name="authenticationAttributePair">
+    <xs:sequence>
+      <xs:element name="attribute" type="authenticationAttribute" />
+      <xs:element name="value" type="xs:string" />
+    </xs:sequence>
+  </xs:complexType>
+
+  <xs:complexType name="userInformationPair">
+    <xs:sequence>
+      <xs:element name="information" type="userInformation" />
+      <xs:element name="value">
+        <xs:complexType>
+          <xs:choice>
+            <xs:element name="stringValue" type="xs:string" />
+            <xs:element name="dateValue" type="xs:date" />
+          </xs:choice>
+        </xs:complexType>
+      </xs:element>
+    </xs:sequence>
+  </xs:complexType>
+
+  <xs:simpleType name="ticket">
+    <xs:restriction base="xs:string">
+      <xs:maxLength value="512" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="serviceTarget">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="citizen" />
+      <xs:enumeration value="business" />
+      <xs:enumeration value="provider" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="authenticationProvider">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="auth.login.pass" />
+      <xs:enumeration value="auth.lt.identity.card" />
+      <xs:enumeration value="auth.lt.government.employee.card" />
+      <xs:enumeration value="auth.lt.bank" />
+      <xs:enumeration value="auth.stork">
+        <xs:annotation>
+          <xs:documentation>Reikšmė nebegaliojanti, palikta dėl išorinių sistemų palaikymo</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="auth.eidas" />
+      <xs:enumeration value="auth.tsl.identity.card" >
+        <xs:annotation>
+          <xs:documentation>Reikšmė nebegaliojanti, palikta dėl išorinių sistemų palaikymo</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="auth.signatureProvider" />
+      <xs:enumeration value="auth.iltu.identity.card" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="authenticationAttribute">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="lt-personal-code" />
+      <xs:enumeration value="lt-company-code" />
+      <xs:enumeration value="lt-government-employee-code" />
+      <xs:enumeration value="stork-eid">
+        <xs:annotation>
+          <xs:documentation>Reikšmė nebegaliojanti, palikta dėl išorinių sistemų palaikymo</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="tsl-serial-number">
+        <xs:annotation>
+          <xs:documentation>Reikšmė nebegaliojanti, palikta dėl išorinių sistemų palaikymo</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="eidas-eid" />
+      <xs:enumeration value="login" />
+      <xs:enumeration value="iltu-personal-code" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="userInformation">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="id" />
+      <xs:enumeration value="firstName" />
+      <xs:enumeration value="lastName" />
+      <xs:enumeration value="address" />
+      <xs:enumeration value="email" />
+      <xs:enumeration value="phoneNumber" />
+      <xs:enumeration value="birthday" />
+      <xs:enumeration value="companyName" />
+      <xs:enumeration value="nationality" />
+      <xs:enumeration value="proxyType" />
+      <xs:enumeration value="proxySource" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="proxyType">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="generic" />
+      <xs:enumeration value="service" />
+      <xs:enumeration value="external" />
+      <xs:enumeration value="legal" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:simpleType name="proxySource">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="JAR"/>
+      <xs:enumeration value="GR"/>
+      <xs:enumeration value="NIRVAR"/>
+      <xs:enumeration value="AUTHORIZATION_REGISTER"/>
+      <xs:enumeration value="VIISP"/>
+      <xs:enumeration value="BANKLINK"/>
+      <xs:enumeration value="eIDAS"/>
+      <xs:enumeration value="USERNAME_PASSWORD"/>
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:complexType name="authenticationSourceData">
+    <xs:sequence>
+      <xs:element name="type" type="authenticationSourceType" />
+      <xs:element name="parameter" type="authenticationSourceParameter" maxOccurs="unbounded" />
+    </xs:sequence>
+  </xs:complexType>
+
+  <xs:simpleType name="authenticationSourceType">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="SAML" />
+      <xs:enumeration value="BANKLINK" />
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:complexType name="authenticationSourceParameter">
+    <xs:simpleContent>
+      <xs:extension base="xs:string">
+        <xs:attribute name="name" type="xs:string" />
+      </xs:extension>
+    </xs:simpleContent>
+  </xs:complexType>
+</xs:schema>

data/schemas/exc-c14n.xsd

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+        PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
+        [
+                <!ATTLIST schema
+                        xmlns:ec CDATA #FIXED 'http://www.w3.org/2001/10/xml-exc-c14n#'>
+                <!ENTITY ec 'http://www.w3.org/2001/10/xml-exc-c14n#'>
+                <!ENTITY % p ''>
+                <!ENTITY % s ''>
+                ]>
+
+
+<!-- Schema for Exclusive Canonicalization
+    http://www.w3.org/2001/10/xml-exc-c14n#
+    $Revision: 1.1 $ on $Date: 2002/07/11 17:26:47 $ by $Author: reagle $
+
+    Copyright 2002 The Internet Society and W3C (Massachusetts Institute
+    of Technology, Institut National de Recherche en Informatique et en
+    Automatique, Keio University). All Rights Reserved.
+    http://www.w3.org/Consortium/Legal/
+
+    This document is governed by the W3C Software License [1] as described
+    in the FAQ [2].
+
+    [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+    [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+        xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
+        targetNamespace="http://www.w3.org/2001/10/xml-exc-c14n#"
+        version="0.1" elementFormDefault="qualified">
+  <element name="InclusiveNamespaces"
+           type="ec:InclusiveNamespaces"/>
+
+  <complexType name="InclusiveNamespaces">
+    <attribute name="PrefixList" type="NMTOKENS"/>
+  </complexType>
+</schema>