Commit 14a443e

@@ -40,34 +40,10 @@ module Saml
         to_h[name]['NameIDPolicy']['Format']
       end
 
-      def certificate
-        return nil unless signed?
-        to_h[name]['Signature']['KeyInfo']['X509Data']['X509Certificate']
-      end
-
-      def fingerprint
-        return nil unless signed?
-        Fingerprint.new(certificate)
-      end
-
-      def signed?
-        to_h[name]['Signature'].present?
-      end
-
       def response_for(user)
         Response::Builder.new(user, self).build
       end
 
-      def trusted?
-        return false if provider.nil?
-        return false unless signed?
-        provider.matches?(fingerprint, use: :signing)
-      end
-
-      def provider
-        registry.metadata_for(issuer)
-      end
-
       private
 
       def registered_acs_url
@@ -76,10 +52,6 @@ module Saml
         return acs_urls.first[:location] if acs_urls.any?
       end
 
-      def registry
-        Saml::Kit.configuration.registry
-      end
-
       def must_be_registered
         return unless login_request?
         if provider.nil?

@@ -4,6 +4,7 @@ module Saml
       PROTOCOL_XSD = File.expand_path("./xsd/saml-schema-protocol-2.0.xsd", File.dirname(__FILE__)).freeze
       include XsdValidatable
       include ActiveModel::Validations
+      include Trustable
 
       attr_reader :content, :name
 

@@ -46,40 +46,12 @@ module Saml
         return urls.first[:location] if urls.any?
       end
 
-      def trusted?
-        return false if provider.nil?
-        return false unless signed?
-        provider.matches?(fingerprint, use: :signing)
-      end
-
-      def provider
-        registry.metadata_for(issuer)
-      end
-
-      def certificate
-        return nil unless signed?
-        to_h[name]['Signature']['KeyInfo']['X509Data']['X509Certificate']
-      end
-
-      def fingerprint
-        return nil unless signed?
-        Fingerprint.new(certificate)
-      end
-
-      def signed?
-        to_h[name]['Signature'].present?
-      end
-
       def response_for(user)
         LogoutResponse::Builder.new(user, self).build
       end
 
       private
 
-      def registry
-        Saml::Kit.configuration.registry
-      end
-
       def must_have_valid_signature
         return if to_xml.blank?
 

@@ -43,10 +43,6 @@ module Saml
 
       private
 
-      def registry
-        Saml::Kit.configuration.registry
-      end
-
       class Builder
         attr_accessor :id, :issuer, :version, :status_code, :sign, :now, :destination
         attr_reader :request

@@ -62,16 +62,6 @@ module Saml
         to_h.fetch(name, {}).fetch('Version', {})
       end
 
-      def certificate
-        return unless signed?
-        to_h.fetch(name, {}).fetch('Signature', {}).fetch('KeyInfo', {}).fetch('X509Data', {}).fetch('X509Certificate', nil)
-      end
-
-      def fingerprint
-        return if certificate.blank?
-        Fingerprint.new(certificate)
-      end
-
       def started_at
         parse_date(to_h.fetch(name, {}).fetch('Assertion', {}).fetch('Conditions', {}).fetch('NotBefore', nil))
       end
@@ -88,26 +78,8 @@ module Saml
         Time.current > started_at && !expired?
       end
 
-      def signed?
-        to_h[name]['Signature'].present?
-      end
-
-      def trusted?
-        return false if provider.nil?
-        return false unless signed?
-        provider.matches?(fingerprint, use: :signing)
-      end
-
-      def provider
-        registry.metadata_for(issuer)
-      end
-
       private
 
-      def registry
-        Saml::Kit.configuration.registry
-      end
-
       def must_have_valid_signature
         return if to_xml.blank?
 

@@ -0,0 +1,33 @@
+module Saml
+  module Kit
+    module Trustable
+      def certificate
+        return unless signed?
+        to_h.fetch(name, {}).fetch('Signature', {}).fetch('KeyInfo', {}).fetch('X509Data', {}).fetch('X509Certificate', nil)
+      end
+
+      def fingerprint
+        return if certificate.blank?
+        Fingerprint.new(certificate)
+      end
+
+      def signed?
+        to_h[name]['Signature'].present?
+      end
+
+      def trusted?
+        return false if provider.nil?
+        return false unless signed?
+        provider.matches?(fingerprint, use: :signing)
+      end
+
+      def provider
+        registry.metadata_for(issuer)
+      end
+
+      def registry
+        Saml::Kit.configuration.registry
+      end
+    end
+  end
+end

@@ -14,6 +14,7 @@ require "xmldsig"
 
 require "saml/kit/serializable"
 require "saml/kit/xsd_validatable"
+require "saml/kit/trustable"
 require "saml/kit/document"
 
 require "saml/kit/authentication_request"