extract assertion builder and template.

@@ -0,0 +1,29 @@
+xml.Assertion(assertion_options) do
+  xml.Issuer issuer
+  signature_for(reference_id: reference_id, xml: xml) unless encrypt
+  xml.Subject do
+    xml.NameID name_id, Format: name_id_format
+    xml.SubjectConfirmation Method: Saml::Kit::Namespaces::BEARER do
+      xml.SubjectConfirmationData "", subject_confirmation_data_options
+    end
+  end
+  xml.Conditions conditions_options do
+    xml.AudienceRestriction do
+      xml.Audience request.issuer
+    end
+  end
+  xml.AuthnStatement authn_statement_options do
+    xml.AuthnContext do
+      xml.AuthnContextClassRef Saml::Kit::Namespaces::PASSWORD
+    end
+  end
+  if assertion_attributes.any?
+    xml.AttributeStatement do
+      assertion_attributes.each do |key, value|
+        xml.Attribute Name: key, NameFormat: Saml::Kit::Namespaces::URI, FriendlyName: key do
+          xml.AttributeValue value.to_s
+        end
+      end
+    end
+  end
+end

@@ -5,35 +5,6 @@ xml.Response response_options do
     xml.StatusCode Value: status_code
   end
   encryption_for(xml: xml) do |xml|
-    xml.Assertion(assertion_options) do
-      xml.Issuer issuer
-      signature_for(reference_id: reference_id, xml: xml) unless encrypt
-      xml.Subject do
-        xml.NameID user.name_id_for(request.name_id_format), Format: request.name_id_format
-        xml.SubjectConfirmation Method: Saml::Kit::Namespaces::BEARER do
-          xml.SubjectConfirmationData "", subject_confirmation_data_options
-        end
-      end
-      xml.Conditions conditions_options do
-        xml.AudienceRestriction do
-          xml.Audience request.issuer
-        end
-      end
-      xml.AuthnStatement authn_statement_options do
-        xml.AuthnContext do
-          xml.AuthnContextClassRef Saml::Kit::Namespaces::PASSWORD
-        end
-      end
-      assertion_attributes = user.assertion_attributes_for(request)
-      if assertion_attributes.any?
-        xml.AttributeStatement do
-          assertion_attributes.each do |key, value|
-            xml.Attribute Name: key, NameFormat: Saml::Kit::Namespaces::URI, FriendlyName: key do
-              xml.AttributeValue value.to_s
-            end
-          end
-        end
-      end
-    end
+    Saml::Kit::Template.new(assertion).to_xml(xml: xml)
   end
 end

@@ -0,0 +1,81 @@
+module Saml
+  module Kit
+    module Builders
+      class Assertion
+        include Templatable
+        attr_reader :configuration
+
+        def initialize(response_builder)
+          @response_builder = response_builder
+          @configuration = response_builder.configuration
+        end
+
+        def encrypt
+          @response_builder.encrypt
+        end
+
+        def sign
+          @response_builder.sign
+        end
+
+        def request
+          @response_builder.request
+        end
+
+        def issuer
+          @response_builder.issuer
+        end
+
+        def name_id_format
+          request.name_id_format
+        end
+
+        def name_id
+          @response_builder.user.name_id_for(name_id_format)
+        end
+
+        def assertion_attributes
+          @response_builder.user.assertion_attributes_for(request)
+        end
+
+        def reference_id
+          @response_builder.reference_id
+        end
+
+        private
+
+        def assertion_options
+          {
+            ID: reference_id,
+            IssueInstant: @response_builder.now.iso8601,
+            Version: "2.0",
+            xmlns: Namespaces::ASSERTION,
+          }
+        end
+
+        def subject_confirmation_data_options
+          {
+            InResponseTo: request.id,
+            NotOnOrAfter: 3.hours.since(@response_builder.now).utc.iso8601,
+            Recipient: request.assertion_consumer_service_url,
+          }
+        end
+
+        def conditions_options
+          {
+            NotBefore: @response_builder.now.utc.iso8601,
+            NotOnOrAfter: configuration.session_timeout.from_now.utc.iso8601,
+          }
+        end
+
+        def authn_statement_options
+          {
+            AuthnInstant: @response_builder.now.iso8601,
+            SessionIndex: reference_id,
+            SessionNotOnOrAfter: 3.hours.since(@response_builder.now).utc.iso8601,
+          }
+        end
+      end
+    end
+  end
+end

@@ -37,6 +37,10 @@ module Saml
 
         private
 
+        def assertion
+          @assertion ||= Saml::Kit::Builders::Assertion.new(self)
+        end
+
         def encryption_certificate
           request.provider.encryption_certificates.first
         end
@@ -60,38 +64,6 @@ module Saml
             xmlns: Namespaces::PROTOCOL,
           }
         end
-
-        def assertion_options
-          {
-            ID: reference_id,
-            IssueInstant: now.iso8601,
-            Version: "2.0",
-            xmlns: Namespaces::ASSERTION,
-          }
-        end
-
-        def subject_confirmation_data_options
-          {
-            InResponseTo: request.id,
-            NotOnOrAfter: 3.hours.since(now).utc.iso8601,
-            Recipient: request.assertion_consumer_service_url,
-          }
-        end
-
-        def conditions_options
-          {
-            NotBefore: now.utc.iso8601,
-            NotOnOrAfter: configuration.session_timeout.from_now.utc.iso8601,
-          }
-        end
-
-        def authn_statement_options
-          {
-            AuthnInstant: now.iso8601,
-            SessionIndex: assertion_options[:ID],
-            SessionNotOnOrAfter: 3.hours.since(now).utc.iso8601,
-          }
-        end
       end
     end
   end

@@ -1,3 +1,4 @@
+require 'saml/kit/builders/assertion'
 require 'saml/kit/builders/authentication_request'
 require 'saml/kit/builders/identity_provider_metadata'
 require 'saml/kit/builders/logout_request'

Commit 2c2ff13

Commit `2c2ff13`