Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft: Some changes #15

Draft
wants to merge 37 commits into
base: master
Choose a base branch
from
Draft

Draft: Some changes #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
11b44b1
renewed expired Example SP certificate
davide-perego-runtime Jul 29, 2021
f3ec6da
Added Organization struct to SP metadata
davide-perego-runtime Sep 27, 2021
68b3818
Update module
nicolasvac Oct 28, 2021
6c7c001
Add dynamic contact person in SP structure
nicolasvac Oct 28, 2021
212e14e
Only add extensions if populated
nicolasvac Oct 28, 2021
90221d0
Use if not instead of if !=
nicolasvac Oct 28, 2021
1948a53
Use eq instead of ==
nicolasvac Oct 28, 2021
6d28fa6
Bugfix
nicolasvac Oct 28, 2021
85ee99a
Bugfix
nicolasvac Oct 28, 2021
4a9118e
Bugfix
nicolasvac Oct 28, 2021
61d5c93
Bugfix
nicolasvac Oct 28, 2021
d74e967
Add xmlns:spid
nicolasvac Oct 29, 2021
d1dbad6
Add xmlns:fpa
nicolasvac Oct 29, 2021
c84a117
Add IsPrivateFullAggregator, IsPublicFullAggregator
nicolasvac Oct 29, 2021
f75cffe
Add randomly generated request ids
nicolasvac Oct 29, 2021
69e73e7
Add Signature tag
nicolas-ristocloud Nov 3, 2021
2538d7e
Bugfix _key instead of Key()
nicolas-ristocloud Nov 3, 2021
2b6cd01
Add cert subject
nicolas-ristocloud Nov 3, 2021
1c08609
Bugfix missing _ in requestID and added # on URI=
nicolas-ristocloud Nov 3, 2021
4a55a44
Add isPublic, isPrivate to ContactPerson
nicolas-ristocloud Nov 3, 2021
7e55ca3
Bugfix IsPublic
nicolas-ristocloud Nov 3, 2021
bd70c53
Try adding contact persons dinamically
nicolasvac Nov 3, 2021
73ef362
Bugfix contact persons
nicolasvac Nov 3, 2021
293a3fd
Add PKCS8 Key Support
nicolasvac Nov 4, 2021
11d6a36
Remove redundant cast
nicolasvac Nov 4, 2021
6b203a3
Add verification of IDP XML Signature
nicolasvac Nov 4, 2021
ba8b09e
Add complete error to idp signature verification
nicolasvac Nov 4, 2021
8f64100
Fix Reading XML from bytes
nicolasvac Nov 4, 2021
59ec60d
Remove IDP metadata XML verification
nicolasvac Nov 4, 2021
1335fdb
Save XML document to IDP.XML
nicolasvac Nov 10, 2021
c40e389
Optional sign mechanism
nicolasvac Nov 10, 2021
00d6add
Optional sign mechanism in xml template
nicolasvac Nov 10, 2021
0dd1c29
Sign authnrequest_out.go
nicolasvac Nov 10, 2021
f2c055b
Remove button.go
nicolasvac Nov 10, 2021
4717194
test
nicolasvac Nov 10, 2021
e07b5cb
Bugfix spazi saml:Issuer
nicolas-ristocloud Nov 12, 2021
697beab
Fix SpidL format
nicolas-ristocloud Nov 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,8 @@
example/example

.vscode
/.idea/.gitignore
/.idea/dbnavigator.xml
/.idea/modules.xml
/.idea/spid-go.iml
/.idea/vcs.xml
5 changes: 5 additions & 0 deletions example/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ func main() {
Attributes: []string{"fiscalNumber", "name", "familyName", "dateOfBirth"},
},
},
Organization: spidsaml.SPOrganization{
OrganizationName: "Example Srl",
OrganizationDisplayName: "Example S.r.l.",
OrganizationURL: "https://www.example-sp.it",
},
}

// Load Identity Providers from their XML metadata
Expand Down
31 changes: 16 additions & 15 deletions example/sp.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICljCCAX4CCQDP2/0y0d0/dzANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJJ
VDAeFw0xODA2MjgwOTM2MDRaFw0xOTA2MjgwOTM2MDRaMA0xCzAJBgNVBAYTAklU
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4i2HsG/+Qm3qe0gqwEO
h4wlBYK181WCn3RTuyFNQh6mdn6pLdv/dYXY22zER2ufY227FFto3vqtSdT306lp
IoVuXKBAVoWwcrzO0dadM4dyHX7KRmWSDT51GBqkP6Hj1UoUywbXp5q9GXP5uVL8
U93caT11VZaalHhEjKxtSYJHDP7ZP/2k9p54JgVIonMF0DJVhx0smPZ3QdHX+my/
JNevsnuXTZIyyu0KjcXlflKSldngVDjv9D6cGE4wGOa5Vz5M+z4tjKnJtfj/xacI
Wcj/4Ukuu6CDyQ8+YNCaE9YjitRmdi5ZqTDOoGKonmlbhCcfqPeRvGwfWXJcVR+q
UwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBVO9pGMnJ3X5D6ny/32TM4fvFesdRB
tSTnivkdssvn4o8u6570XZIpz2AFQ9eltREbobAqYuWrXIr+1x5aACsReFSjusSM
Nb9dUCwZbpcId53WQdGikXVkLwgRw9LfYSr73EfeUIIc9R5HCbR5p2piDzw9cNpR
9wGhhL64g1zhy7O7bdWCXZ4cg9in9N2fCMTjdNpUvG4ZiToRdUqvuMDF4gsQJOwV
wmN6BxQFloyODpdf1XoTk9dEqPqFO5B8h+DY/26JV8QYUPKzGUJkr24GxjFj5dly
d8++oQDBEz0WVC0uRl5nGj+MDAO0DmHNeaS05gWQpp/KpykPzKyQw7cg
-----END CERTIFICATE-----
MIICoTCCAYkCFF5EIcofizvlSV+cMzaM458OR9HgMA0GCSqGSIb3DQEBCwUAMA0x
CzAJBgNVBAYTAklUMB4XDTIxMDQxNTEzNTM0OFoXDTMxMDQxMzEzNTM0OFowDTEL
MAkGA1UEBhMCSVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjiLYe
wb/5Cbep7SCrAQ6HjCUFgrXzVYKfdFO7IU1CHqZ2fqkt2/91hdjbbMRHa59jbbsU
W2je+q1J1PfTqWkihW5coEBWhbByvM7R1p0zh3IdfspGZZINPnUYGqQ/oePVShTL
Btenmr0Zc/m5UvxT3dxpPXVVlpqUeESMrG1JgkcM/tk//aT2nngmBUiicwXQMlWH
HSyY9ndB0df6bL8k16+ye5dNkjLK7QqNxeV+UpKV2eBUOO/0PpwYTjAY5rlXPkz7
Pi2Mqcm1+P/FpwhZyP/hSS67oIPJDz5g0JoT1iOK1GZ2LlmpMM6gYqieaVuEJx+o
95G8bB9ZclxVH6pTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAH2fN9TBKtzcfmaT
GQ/hAmTur2BAU9vbMRJizgpQR9hSO7ty1FSVfS/rzTGOKr/oRfVI3SaTjo+ZYUjc
rVMw3gn/3JfJGTnZmZ6f1yqu0Cm7a7wbvyqWQxbCZzXEqHG13xYq64aYP/aKV8eS
zs1VTw7ShhfhrSYNlQWlr5OUMTgy6WN7ENAr8aCLCKyj+CR4et3hGyo66WPmKGuJ
eD97BYxP/No0S47Z6hUO+W8AgF1Qp52oAMQQ6N6EBVtViT34XMhpK1/7RnmTYusc
gj13zX2qZGt+HpOEOLqA2N/5PtLfEenxPO6vs6ZEPwngelpOQST8St2DmpSBwRjN
PObavq0=
-----END CERTIFICATE-----
19 changes: 9 additions & 10 deletions spidsaml/authnrequest_out.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ func (sp *SP) NewAuthnRequest(idp *IDP) *AuthnRequest {
req := new(AuthnRequest)
req.SP = sp
req.IDP = idp
req.ID = generateMessageID()
req.ID = GenerateRandomID()
req.AcsIndex = -1
req.AttrIndex = -1
req.Level = 1
Expand All @@ -32,6 +32,7 @@ func (sp *SP) NewAuthnRequest(idp *IDP) *AuthnRequest {
}

// XML generates the XML representation of this AuthnRequest
// Applicato il bugfix di saml:Issuer
func (authnreq *AuthnRequest) XML(binding SAMLBinding) []byte {
var signatureTemplate string
if binding == HTTPPost {
Expand Down Expand Up @@ -71,26 +72,24 @@ func (authnreq *AuthnRequest) XML(binding SAMLBinding) []byte {

ForceAuthn="{{ if gt .Level 1 }}true{{ else }}false{{ end }}">

<saml:Issuer
NameQualifier="{{ .SP.EntityID }}"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
{{ .SP.EntityID }}
</saml:Issuer>
<saml:Issuer NameQualifier="{{ .SP.EntityID }}" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">{{ .SP.EntityID }}</saml:Issuer>

{{ .SignatureTemplate }}

<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
<samlp:RequestedAuthnContext Comparison="{{ .Comparison }}">
<saml:AuthnContextClassRef>
https://www.spid.gov.it/SpidL{{ .Level }}
</saml:AuthnContextClassRef>
<saml:AuthnContextClassRef>https://www.spid.gov.it/SpidL{{ .Level }}</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
`

t := template.Must(template.New("req").Parse(tmpl))
var metadata bytes.Buffer
t.Execute(&metadata, data)

if t.Execute(&metadata, data) != nil {
return nil
}

return metadata.Bytes()
}

Expand Down
28 changes: 0 additions & 28 deletions spidsaml/button.go
View file
Open in desktop

This file was deleted.

14 changes: 11 additions & 3 deletions spidsaml/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,15 @@
module github.com/italia/spid-go/spidsaml
module github.com/nicolasvac/spid-go/spidsaml

go 1.17

require (
github.com/beevik/etree v1.0.1
github.com/crewjam/errset v0.0.0-20160219153700-f78d65de925c // indirect
github.com/beevik/etree v1.1.0
github.com/crewjam/go-xmlsec v0.0.0-20170116132012-1aa2f9374afa
github.com/ma314smith/signedxml v0.0.0-20210628192057-abc5b481ae1c
)

require (
github.com/crewjam/errset v0.0.0-20160219153700-f78d65de925c // indirect
github.com/smartystreets/goconvey v1.7.2 // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
)
24 changes: 24 additions & 0 deletions spidsaml/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,30 @@
github.com/beevik/etree v1.0.1 h1:lWzdj5v/Pj1X360EV7bUudox5SRipy4qZLjY0rhb0ck=
github.com/beevik/etree v1.0.1/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
github.com/crewjam/errset v0.0.0-20160219153700-f78d65de925c h1:dCJ9oZ0VgnzJHR5BjkSrwkXA1USu483qlxBd0u29P8s=
github.com/crewjam/errset v0.0.0-20160219153700-f78d65de925c/go.mod h1:XhiWL7J86xoqJ8+x2OA+AM2l9skQP2DZ0UOXQYVg7uI=
github.com/crewjam/go-xmlsec v0.0.0-20170116132012-1aa2f9374afa h1:P3H7u0mfn9zEniDEKN50Yos1m60AM2PNOcyrInUjRFM=
github.com/crewjam/go-xmlsec v0.0.0-20170116132012-1aa2f9374afa/go.mod h1:M9eHnKpImgRwzOFdlFQnbgJRqFwW/eX1cKAVobv03uE=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/ma314smith/signedxml v0.0.0-20210628192057-abc5b481ae1c h1:UPJygtyk491bJJ/DnRJFuzcq9Dl9NSeFrJ7VdiRzMxc=
github.com/ma314smith/signedxml v0.0.0-20210628192057-abc5b481ae1c/go.mod h1:KEgVcb43+f5KFUH/x6Vd3NROG0AIL2CuKMrIqYsmx6E=
github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
5 changes: 2 additions & 3 deletions spidsaml/idp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,6 @@ func NewIDPFromXML(xml []byte) *IDP {
panic(err)
}

// TODO: if metadata is signed, validate /md:EntityDescriptor/dsig:Signature
// against a known CA

idp := new(IDP)
idp.EntityID = doc.FindElement("/EntityDescriptor").SelectAttr("entityID").Value

Expand Down Expand Up @@ -78,6 +75,8 @@ func NewIDPFromXML(xml []byte) *IDP {
panic("failed to parse certificate: " + err.Error())
}

idp.XML, _ = doc.WriteToString()

return idp
}

Expand Down
2 changes: 1 addition & 1 deletion spidsaml/logoutrequest_in.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func (logoutreq *LogoutRequestIn) validate(r *http.Request) error {
}
}
if !knownDestination {
return fmt.Errorf("Invalid Destination: '%s'", destination)
return fmt.Errorf("invalid Destination: '%s'", destination)
}

return nil
Expand Down
7 changes: 5 additions & 2 deletions spidsaml/logoutrequest_out.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func (sp *SP) NewLogoutRequest(session *Session) (*LogoutRequestOut, error) {
if err != nil {
return nil, err
}
req.ID = generateMessageID()
req.ID = GenerateRandomID()
req.Session = session
return req, nil
}
Expand Down Expand Up @@ -78,7 +78,10 @@ func (logoutreq *LogoutRequestOut) XML(binding SAMLBinding) []byte {

t := template.Must(template.New("req").Parse(tmpl))
var metadata bytes.Buffer
t.Execute(&metadata, data)
if t.Execute(&metadata, data) != nil {
return nil
}

return metadata.Bytes()
}

Expand Down
4 changes: 2 additions & 2 deletions spidsaml/logoutresponse_in.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ func (logoutres *LogoutResponseIn) validate(r *http.Request, inResponseTo string
}

if inResponseTo != logoutres.InResponseTo() {
return fmt.Errorf("Invalid InResponseTo: '%s' (expected: '%s')",
return fmt.Errorf("invalid InResponseTo: '%s' (expected: '%s')",
logoutres.InResponseTo(), inResponseTo)
}

Expand All @@ -58,7 +58,7 @@ func (logoutres *LogoutResponseIn) validate(r *http.Request, inResponseTo string
}
}
if !knownDestination {
return fmt.Errorf("Invalid Destination: '%s'", destination)
return fmt.Errorf("invalid Destination: '%s'", destination)
}

return nil
Expand Down
8 changes: 6 additions & 2 deletions spidsaml/logoutresponse_out.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func (sp *SP) NewLogoutResponse(logoutreq *LogoutRequestIn, status LogoutStatus)
if err != nil {
return nil, err
}
res.ID = generateMessageID()
res.ID = GenerateRandomID()
res.InResponseTo = logoutreq.ID()
return res, nil
}
Expand Down Expand Up @@ -92,7 +92,11 @@ func (logoutres *LogoutResponseOut) XML(binding SAMLBinding) []byte {

t := template.Must(template.New("req").Parse(tmpl))
var metadata bytes.Buffer
t.Execute(&metadata, data)

if t.Execute(&metadata, data) != nil {
return nil
}

return metadata.Bytes()
}

Expand Down
Loading