Commit 7c07f6e
Changed files (5)
lib/saml/kit/authentication_request.rb
@@ -37,10 +37,12 @@ module Saml
end
def certificate
+ return nil unless signed?
to_h[name]['Signature']['KeyInfo']['X509Data']['X509Certificate']
end
def fingerprint
+ return nil unless signed?
Fingerprint.new(certificate)
end
@@ -56,6 +58,10 @@ module Saml
@content
end
+ def to_s
+ to_xml
+ end
+
def serialize
Saml::Kit::Content.encode_raw_saml(to_xml)
end
lib/saml/kit/metadata.rb
@@ -40,17 +40,17 @@ module Saml
{
text: cert,
fingerprint: Fingerprint.new(cert).algorithm(hash_algorithm),
- use: item.attribute('use').value,
+ use: item.attribute('use').value.to_sym,
}
end
end
def encryption_certificates
- certificates.find_all { |x| x[:use] == "encryption" }
+ certificates.find_all { |x| x[:use] == :encryption }
end
def signing_certificates
- certificates.find_all { |x| x[:use] == "signing" }
+ certificates.find_all { |x| x[:use] == :signing }
end
def single_logout_services
@@ -71,10 +71,18 @@ module Saml
end
end
+ def to_h
+ @xml_hash ||= Hash.from_xml(to_xml)
+ end
+
def to_xml
@xml
end
+ def to_s
+ to_xml
+ end
+
def self.from(content)
hash = Hash.from_xml(content)
entity_descriptor = hash["EntityDescriptor"]
lib/saml/kit/response.rb
@@ -27,23 +27,23 @@ module Saml
end
def id
- @xml_hash.dig(name, 'ID')
+ to_h.dig(name, 'ID')
end
def in_response_to
- @xml_hash.dig(name, 'InResponseTo')
+ to_h.dig(name, 'InResponseTo')
end
def name_id
- @xml_hash.dig(name, 'Assertion', 'Subject', 'NameID')
+ to_h.dig(name, 'Assertion', 'Subject', 'NameID')
end
def issuer
- @xml_hash.dig(name, 'Issuer')
+ to_h.dig(name, 'Issuer')
end
def status_code
- @xml_hash.dig(name, 'Status', 'StatusCode', 'Value')
+ to_h.dig(name, 'Status', 'StatusCode', 'Value')
end
def [](key)
@@ -51,29 +51,34 @@ module Saml
end
def attributes
- @attributes ||= Hash[@xml_hash.dig(name, 'Assertion', 'AttributeStatement', 'Attribute').map do |item|
+ @attributes ||= Hash[to_h.dig(name, 'Assertion', 'AttributeStatement', 'Attribute').map do |item|
[item['Name'].to_sym, item['AttributeValue']]
end].with_indifferent_access
end
def acs_url
- @xml_hash.dig(name, 'Destination')
+ to_h.dig(name, 'Destination')
end
def version
- @xml_hash.dig(name, 'Version')
+ to_h.dig(name, 'Version')
end
def to_xml
content
end
+ def to_h
+ @xml_hash
+ end
+
def serialize
Saml::Kit::Content.encode_raw_saml(to_xml)
end
def certificate
- @xml_hash.dig(name, 'Signature', 'KeyInfo', 'X509Data', 'X509Certificate')
+ return unless signed?
+ to_h.dig(name, 'Signature', 'KeyInfo', 'X509Data', 'X509Certificate')
end
def fingerprint
@@ -82,11 +87,11 @@ module Saml
end
def started_at
- parse_date(@xml_hash.dig(name, 'Assertion', 'Conditions', 'NotBefore'))
+ parse_date(to_h.dig(name, 'Assertion', 'Conditions', 'NotBefore'))
end
def expired_at
- parse_date(@xml_hash.dig(name, 'Assertion', 'Conditions', 'NotOnOrAfter'))
+ parse_date(to_h.dig(name, 'Assertion', 'Conditions', 'NotOnOrAfter'))
end
def expired?
@@ -98,7 +103,7 @@ module Saml
end
def signed?
- @xml_hash[name]['Signature'].present?
+ to_h[name]['Signature'].present?
end
def trusted?
@@ -107,16 +112,16 @@ module Saml
provider.matches?(fingerprint, use: :signing)
end
+ def provider
+ registry.metadata_for(issuer)
+ end
+
class << self
def deserialize(saml_response)
new(Saml::Kit::Content.decode_raw_saml(saml_response))
end
end
- def provider
- registry.metadata_for(issuer)
- end
-
private
def registry
@@ -178,14 +183,14 @@ module Saml
end
def audiences
- Array(@xml_hash[name]['Assertion']['Conditions']['AudienceRestriction']['Audience'])
+ Array(to_h[name]['Assertion']['Conditions']['AudienceRestriction']['Audience'])
rescue
[]
end
def login_response?
return false if to_xml.blank?
- @xml_hash[name].present?
+ to_h[name].present?
end
def parse_date(value)
spec/saml/identity_provider_metadata_spec.rb
@@ -73,7 +73,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
it do
expect(subject.certificates).to match_array([
{
- use: "signing",
+ use: :signing,
text: certificate,
fingerprint: "9F:74:13:3B:BC:5A:7B:8B:2D:4F:8B:EF:1E:88:EB:D1:AE:BC:19:BF:CA:19:C6:2F:0F:4B:31:1D:68:98:B0:1B",
}
@@ -117,12 +117,12 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
{
text: signing_certificate,
fingerprint: "E6:03:E1:2D:F2:70:9C:D6:CC:8B:3E:4C:5A:37:F5:53:D7:B2:78:B1:2E:95:5B:31:5C:56:E8:7F:16:A1:1B:D2",
- use: 'signing',
+ use: :signing,
},
{
text: encryption_certificate,
fingerprint: "E1:0A:68:23:E4:17:32:A3:3A:F8:B7:30:A3:1D:D8:75:F4:C5:76:48:A4:C0:C8:D3:5E:F1:AE:AB:5B:B2:37:22",
- use: 'encryption',
+ use: :encryption,
},
])
end
@@ -166,8 +166,8 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
end
it do
expect(subject.certificates).to match_array([
- { use: "signing", text: signing_certificate, fingerprint: "BE:12:70:84:AD:99:6A:58:28:2A:BC:DA:AB:E8:51:D3:FF:AB:58:30:E0:77:DB:23:57:15:01:B3:86:60:97:80" },
- { use: "encryption", text: encryption_certificate, fingerprint: "5C:51:0C:8A:6A:02:24:3C:9E:96:96:18:2E:37:65:8F:CC:EA:51:0E:2C:C5:3F:1D:72:47:11:D0:7B:95:26:1F" },
+ { use: :signing, text: signing_certificate, fingerprint: "BE:12:70:84:AD:99:6A:58:28:2A:BC:DA:AB:E8:51:D3:FF:AB:58:30:E0:77:DB:23:57:15:01:B3:86:60:97:80" },
+ { use: :encryption, text: encryption_certificate, fingerprint: "5C:51:0C:8A:6A:02:24:3C:9E:96:96:18:2E:37:65:8F:CC:EA:51:0E:2C:C5:3F:1D:72:47:11:D0:7B:95:26:1F" },
])
end
it { expect(subject.attributes).to be_present }
spec/saml/service_provider_metadata_spec.rb
@@ -71,7 +71,7 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
expect(subject.certificates).to match_array([
{
fingerprint: expected_sha256.upcase.scan(/../).join(":"),
- use: "signing",
+ use: :signing,
text: Saml::Kit.configuration.stripped_signing_certificate
}
])