Commit 7bdbbe5
2017-11-26 18:34:25
1 parent
315d8a9
Changed files (7)
saml-kit
lib
saml-kit/lib/saml/kit/crypto/oaep_cipher.rb
@@ -0,0 +1,19 @@
+module Saml
+ module Kit
+ module Crypto
+ class OaepCipher
+ def initialize(algorithm, key)
+ @key = key
+ end
+
+ def self.matches?(algorithm)
+ 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' == algorithm
+ end
+
+ def decrypt(cipher_text)
+ @key.private_decrypt(cipher_text, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+ end
+ end
+ end
+ end
+end
saml-kit/lib/saml/kit/crypto/rsa_cipher.rb
@@ -0,0 +1,19 @@
+module Saml
+ module Kit
+ module Crypto
+ class RsaCipher
+ def initialize(algorithm, key)
+ @key = key
+ end
+
+ def self.matches?(algorithm)
+ 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' == algorithm
+ end
+
+ def decrypt(cipher_text)
+ @key.private_decrypt(cipher_text)
+ end
+ end
+ end
+ end
+end
saml-kit/lib/saml/kit/crypto/simple_cipher.rb
@@ -0,0 +1,46 @@
+module Saml
+ module Kit
+ module Crypto
+ class SimpleCipher
+ ALGORITHMS = {
+ 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' => true,
+ 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' => true,
+ 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' => true,
+ 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' => true,
+ }
+
+ def initialize(algorithm, key)
+ @key = key
+ @cipher = case algorithm
+ when 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
+ OpenSSL::Cipher.new('DES-EDE3-CBC')
+ when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
+ OpenSSL::Cipher.new('AES-128-CBC')
+ when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
+ OpenSSL::Cipher.new('AES-192-CBC')
+ when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
+ OpenSSL::Cipher.new('AES-256-CBC')
+ end
+ end
+
+ def self.matches?(algorithm)
+ ALGORITHMS[algorithm]
+ end
+
+ def decrypt(cipher_text)
+ @cipher.decrypt
+ iv = cipher_text[0..@cipher.iv_len-1]
+ data = cipher_text[@cipher.iv_len..-1]
+ #@cipher.padding = 0
+ @cipher.key = @key
+ @cipher.iv = iv
+
+ Saml::Kit.logger.debug ['-key', @key].inspect
+ Saml::Kit.logger.debug ['-iv', iv].inspect
+
+ @cipher.update(data) + @cipher.final
+ end
+ end
+ end
+ end
+end
saml-kit/lib/saml/kit/crypto/unknown_cipher.rb
@@ -0,0 +1,18 @@
+module Saml
+ module Kit
+ module Crypto
+ class UnknownCipher
+ def initialize(algorithm, key)
+ end
+
+ def self.matches?(algorithm)
+ true
+ end
+
+ def decrypt(cipher_text)
+ cipher_text
+ end
+ end
+ end
+ end
+end
saml-kit/lib/saml/kit/crypto.rb
@@ -0,0 +1,15 @@
+require 'saml/kit/crypto/oaep_cipher'
+require 'saml/kit/crypto/rsa_cipher'
+require 'saml/kit/crypto/simple_cipher'
+require 'saml/kit/crypto/unknown_cipher'
+
+module Saml
+ module Kit
+ module Crypto
+ def self.decryptor_for(algorithm, key)
+ decryptors = [ SimpleCipher, RsaCipher, OaepCipher, UnknownCipher ]
+ decryptors.find { |x| x.matches?(algorithm) }.new(algorithm, key)
+ end
+ end
+ end
+end
saml-kit/lib/saml/kit/cryptography.rb
@@ -23,94 +23,7 @@ module Saml
end
def to_plaintext(cipher_text, symmetric_key, algorithm)
- return decryptor_for(algorithm, symmetric_key).decrypt(cipher_text)
- end
-
- def decryptor_for(algorithm, key)
- decryptors = [ SimpleCipher, RsaCipher, OaepCipher, UnknownCipher ]
- decryptors.find { |x| x.matches?(algorithm) }.new(algorithm, key)
- end
-
- class SimpleCipher
- ALGORITHMS = {
- 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' => true,
- 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' => true,
- 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' => true,
- 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' => true,
- }
-
- def initialize(algorithm, key)
- @key = key
- @cipher = case algorithm
- when 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
- OpenSSL::Cipher.new('DES-EDE3-CBC')
- when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
- OpenSSL::Cipher.new('AES-128-CBC')
- when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
- OpenSSL::Cipher.new('AES-192-CBC')
- when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
- OpenSSL::Cipher.new('AES-256-CBC')
- end
- end
-
- def self.matches?(algorithm)
- ALGORITHMS[algorithm]
- end
-
- def decrypt(cipher_text)
- @cipher.decrypt
- iv = cipher_text[0..@cipher.iv_len-1]
- data = cipher_text[@cipher.iv_len..-1]
- #@cipher.padding = 0
- @cipher.key = @key
- @cipher.iv = iv
-
- Saml::Kit.logger.debug ['-key', @key].inspect
- Saml::Kit.logger.debug ['-iv', iv].inspect
-
- @cipher.update(data) + @cipher.final
- end
- end
-
- class RsaCipher
- def initialize(algorithm, key)
- @key = key
- end
-
- def self.matches?(algorithm)
- 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' == algorithm
- end
-
- def decrypt(cipher_text)
- @key.private_decrypt(cipher_text)
- end
- end
-
- class OaepCipher
- def initialize(algorithm, key)
- @key = key
- end
-
- def self.matches?(algorithm)
- 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' == algorithm
- end
-
- def decrypt(cipher_text)
- @key.private_decrypt(cipher_text, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
- end
- end
-
- class UnknownCipher
- def initialize(algorithm, key)
- end
-
- def self.matches?(algorithm)
- true
- end
-
- def decrypt(cipher_text)
- cipher_text
- end
+ return Crypto.decryptor_for(algorithm, symmetric_key).decrypt(cipher_text)
end
end
end
saml-kit/lib/saml/kit.rb
@@ -24,6 +24,7 @@ require "saml/kit/document"
require "saml/kit/authentication_request"
require "saml/kit/bindings"
require "saml/kit/configuration"
+require "saml/kit/crypto"
require "saml/kit/cryptography"
require "saml/kit/default_registry"
require "saml/kit/fingerprint"