Commit 4b065fa

mo <mo@mokhan.ca>
2017-12-11 23:52:02
slim down the configuration interface.
main
1 parent 4b9d634
Changed files (7)
lib
saml
kit
builders
xml_signature.rb
configuration.rb
spec
saml
builders
identity_provider_metadata_spec.rb
response_spec.rb
service_provider_metadata_spec.rb
certificate_spec.rb
service_provider_metadata_spec.rb
lib/saml/kit/builders/xml_signature.rb
@@ -25,7 +25,7 @@ module Saml
           @configuration = configuration
           @reference_id = reference_id
           @sign = sign
-          @x509_certificate = configuration.stripped_signing_certificate
+          @x509_certificate = configuration.signing_certificate.stripped
         end
 
         def signature_method
lib/saml/kit/configuration.rb
@@ -1,9 +1,6 @@
 module Saml
   module Kit
     class Configuration
-      BEGIN_CERT=/-----BEGIN CERTIFICATE-----/
-      END_CERT=/-----END CERTIFICATE-----/
-
       attr_accessor :issuer
       attr_accessor :signature_method, :digest_method
       attr_accessor :signing_certificate_pem, :signing_private_key_pem, :signing_private_key_password
@@ -23,14 +20,6 @@ module Saml
         @logger = Logger.new(STDOUT)
       end
 
-      def stripped_signing_certificate
-        normalize(signing_certificate_pem)
-      end
-
-      def stripped_encryption_certificate
-        normalize(encryption_certificate_pem)
-      end
-
       def signing_certificate
         Saml::Kit::Certificate.new(signing_certificate_pem, use: :signing)
       end
@@ -40,11 +29,11 @@ module Saml
       end
 
       def signing_x509
-        Certificate.to_x509(signing_certificate_pem)
+        signing_certificate.x509
       end
 
       def encryption_x509
-        Certificate.to_x509(encryption_certificate_pem)
+        encryption_certificate.x509
       end
 
       def signing_private_key
@@ -54,12 +43,6 @@ module Saml
       def encryption_private_key
         OpenSSL::PKey::RSA.new(encryption_private_key_pem, encryption_private_key_password)
       end
-
-      private
-
-      def normalize(certificate)
-        certificate.to_s.gsub(BEGIN_CERT, '').gsub(END_CERT, '').gsub(/\n/, '')
-      end
     end
   end
 end
spec/saml/builders/identity_provider_metadata_spec.rb
@@ -39,8 +39,8 @@ RSpec.describe Saml::Kit::Builders::IdentityProviderMetadata do
     expect(result['EntityDescriptor']['IDPSSODescriptor']['Attribute']['Name']).to eql("id")
     certificates = result['EntityDescriptor']['IDPSSODescriptor']['KeyDescriptor'].map { |x| x['KeyInfo']['X509Data']['X509Certificate'] }
     expect(certificates).to match_array([
-      Saml::Kit.configuration.stripped_signing_certificate,
-      Saml::Kit.configuration.stripped_encryption_certificate,
+      Saml::Kit.configuration.signing_certificate.stripped,
+      Saml::Kit.configuration.encryption_certificate.stripped,
     ])
     expect(result['EntityDescriptor']['Organization']['OrganizationName']).to eql(org_name)
     expect(result['EntityDescriptor']['Organization']['OrganizationDisplayName']).to eql(org_name)
spec/saml/builders/response_spec.rb
@@ -7,7 +7,7 @@ RSpec.describe Saml::Kit::Builders::Response do
   let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: { email: email, created_at: Time.now.utc.iso8601 }) }
   let(:request) { double(:request, id: Saml::Kit::Id.generate, assertion_consumer_service_url: assertion_consumer_service_url, issuer: issuer, name_id_format: Saml::Kit::Namespaces::EMAIL_ADDRESS, provider: provider, trusted?: true, signed?: true) }
   let(:provider) { double(want_assertions_signed: false, encryption_certificates: [Saml::Kit::Certificate.new(encryption_pem, use: :encryption)]) }
-  let(:encryption_pem) { Saml::Kit.configuration.stripped_encryption_certificate }
+  let(:encryption_pem) { Saml::Kit.configuration.encryption_certificate.stripped }
   let(:issuer) { FFaker::Internet.uri("https") }
 
   before :each do
spec/saml/builders/service_provider_metadata_spec.rb
@@ -38,8 +38,8 @@ RSpec.describe Saml::Kit::Builders::ServiceProviderMetadata do
     expect(result['EntityDescriptor']['Signature']).to be_present
     expect(result['EntityDescriptor']['SPSSODescriptor']['KeyDescriptor'].map { |x| x['use'] }).to match_array(['signing', 'encryption'])
     expect(result['EntityDescriptor']['SPSSODescriptor']['KeyDescriptor'].map { |x| x['KeyInfo']['X509Data']['X509Certificate'] }).to match_array([
-      Saml::Kit.configuration.stripped_signing_certificate,
-      Saml::Kit.configuration.stripped_encryption_certificate,
+      Saml::Kit.configuration.signing_certificate.stripped,
+      Saml::Kit.configuration.encryption_certificate.stripped,
     ])
     expect(result['EntityDescriptor']['Organization']['OrganizationName']).to eql(org_name)
     expect(result['EntityDescriptor']['Organization']['OrganizationDisplayName']).to eql(org_name)
spec/saml/certificate_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 RSpec.describe Saml::Kit::Certificate do
-  subject { described_class.new(Saml::Kit.configuration.stripped_signing_certificate, use: :signing) }
+  subject { Saml::Kit.configuration.signing_certificate }
 
   describe "#fingerprint" do
     it 'returns a fingerprint' do
spec/saml/service_provider_metadata_spec.rb
@@ -20,8 +20,8 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
 
     it 'returns each of the certificates' do
       expect(subject.certificates).to match_array([
-        Saml::Kit::Certificate.new(Saml::Kit.configuration.stripped_signing_certificate, use: :signing),
-        Saml::Kit::Certificate.new(Saml::Kit.configuration.stripped_encryption_certificate, use: :encryption),
+        Saml::Kit::Certificate.new(Saml::Kit.configuration.signing_certificate.stripped, use: :signing),
+        Saml::Kit::Certificate.new(Saml::Kit.configuration.encryption_certificate.stripped, use: :encryption),
       ])
     end