Commit 85e7b8a
Changed files (19)
lib
spec
lib/saml/kit/builders/authentication_request.rb
@@ -10,7 +10,7 @@ module Saml
def initialize(configuration: Saml::Kit.configuration)
@configuration = configuration
- @id = Id.generate
+ @id = ::Xml::Kit::Id.generate
@issuer = configuration.issuer
@name_id_format = Namespaces::PERSISTENT
@now = Time.now.utc
lib/saml/kit/builders/identity_provider_metadata.rb
@@ -16,7 +16,7 @@ module Saml
@attributes = []
@configuration = configuration
@entity_id = configuration.issuer
- @id = Id.generate
+ @id = ::Xml::Kit::Id.generate
@logout_urls = []
@name_id_formats = [Namespaces::PERSISTENT]
@single_sign_on_urls = []
lib/saml/kit/builders/logout_response.rb
@@ -10,7 +10,7 @@ module Saml
def initialize(request, configuration: Saml::Kit.configuration)
@configuration = configuration
- @id = Id.generate
+ @id = ::Xml::Kit::Id.generate
@issuer = configuration.issuer
@now = Time.now.utc
@request = request
lib/saml/kit/builders/metadata.rb
@@ -13,7 +13,7 @@ module Saml
attr_reader :configuration
def initialize(configuration: Saml::Kit.configuration)
- @id = Id.generate
+ @id = ::Xml::Kit::Id.generate
@entity_id = configuration.issuer
@configuration = configuration
end
lib/saml/kit/builders/response.rb
@@ -13,8 +13,8 @@ module Saml
def initialize(user, request, configuration: Saml::Kit.configuration)
@user = user
@request = request
- @id = Id.generate
- @reference_id = Id.generate
+ @id = ::Xml::Kit::Id.generate
+ @reference_id = ::Xml::Kit::Id.generate
@now = Time.now.utc
@version = "2.0"
@status_code = Namespaces::SUCCESS
lib/saml/kit.rb
@@ -41,7 +41,6 @@ require "saml/kit/logout_request"
require "saml/kit/metadata"
require "saml/kit/composite_metadata"
require "saml/kit/response"
-require "saml/kit/id"
require "saml/kit/identity_provider_metadata"
require "saml/kit/invalid_document"
require "saml/kit/self_signed_certificate"
spec/saml/builders/logout_request_spec.rb
@@ -10,7 +10,7 @@ RSpec.describe Saml::Kit::Builders::LogoutRequest do
it 'produces the expected xml' do
travel_to 1.second.from_now
- subject.id = Saml::Kit::Id.generate
+ subject.id = Xml::Kit::Id.generate
subject.destination = FFaker::Internet.http_url
subject.issuer = FFaker::Internet.http_url
subject.name_id_format = Saml::Kit::Namespaces::TRANSIENT
spec/saml/builders/response_spec.rb
@@ -10,7 +10,7 @@ RSpec.describe Saml::Kit::Builders::Response do
let(:email) { FFaker::Internet.email }
let(:assertion_consumer_service_url) { FFaker::Internet.uri("https") }
let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: { email: email, created_at: Time.now.utc.iso8601 }) }
- let(:request) { double(:request, id: Saml::Kit::Id.generate, assertion_consumer_service_url: assertion_consumer_service_url, issuer: issuer, name_id_format: Saml::Kit::Namespaces::EMAIL_ADDRESS, provider: provider, trusted?: true, signed?: true) }
+ let(:request) { double(:request, id: Xml::Kit::Id.generate, assertion_consumer_service_url: assertion_consumer_service_url, issuer: issuer, name_id_format: Saml::Kit::Namespaces::EMAIL_ADDRESS, provider: provider, trusted?: true, signed?: true) }
let(:provider) { double(:provider, want_assertions_signed: false, encryption_certificates: [configuration.certificates(use: :encryption).last] ) }
let(:issuer) { FFaker::Internet.uri("https") }
spec/saml/authentication_request_spec.rb
@@ -1,6 +1,6 @@
RSpec.describe Saml::Kit::AuthenticationRequest do
subject { described_class.new(raw_xml, configuration: configuration) }
- let(:id) { Saml::Kit::Id.generate }
+ let(:id) { Xml::Kit::Id.generate }
let(:assertion_consumer_service_url) { "https://#{FFaker::Internet.domain_name}/acs" }
let(:issuer) { FFaker::Movie.title }
let(:destination) { FFaker::Internet.http_url }
@@ -79,7 +79,7 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
end
it 'validates the schema of the request' do
- id = Saml::Kit::Id.generate
+ id = Xml::Kit::Id.generate
configuration = Saml::Kit::Configuration.new
configuration.generate_key_pair_for(use: :signing)
signed_xml = Saml::Kit::Signatures.sign(configuration: configuration) do |xml, signature|
@@ -96,7 +96,7 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
it 'validates a request without a signature' do
now = Time.now.utc
raw_xml = <<-XML
-<samlp:AuthnRequest AssertionConsumerServiceURL='#{assertion_consumer_service_url}' ID='#{Saml::Kit::Id.generate}' IssueInstant='#{now.iso8601}' Version='2.0' xmlns:saml='#{Saml::Kit::Namespaces::ASSERTION}' xmlns:samlp='#{Saml::Kit::Namespaces::PROTOCOL}'>
+<samlp:AuthnRequest AssertionConsumerServiceURL='#{assertion_consumer_service_url}' ID='#{Xml::Kit::Id.generate}' IssueInstant='#{now.iso8601}' Version='2.0' xmlns:saml='#{Saml::Kit::Namespaces::ASSERTION}' xmlns:samlp='#{Saml::Kit::Namespaces::PROTOCOL}'>
<saml:Issuer>#{issuer}</saml:Issuer>
<samlp:NameIDPolicy AllowCreate='true' Format='#{Saml::Kit::Namespaces::EMAIL_ADDRESS}'/>
</samlp:AuthnRequest>
@@ -110,7 +110,7 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
it 'is valid when there is no signature, and the issuer is registered' do
now = Time.now.utc
raw_xml = <<-XML
-<samlp:AuthnRequest AssertionConsumerServiceURL='#{assertion_consumer_service_url}' ID='#{Saml::Kit::Id.generate}' IssueInstant='#{now.iso8601}' Version='2.0' xmlns:saml='#{Saml::Kit::Namespaces::ASSERTION}' xmlns:samlp='#{Saml::Kit::Namespaces::PROTOCOL}'>
+<samlp:AuthnRequest AssertionConsumerServiceURL='#{assertion_consumer_service_url}' ID='#{Xml::Kit::Id.generate}' IssueInstant='#{now.iso8601}' Version='2.0' xmlns:saml='#{Saml::Kit::Namespaces::ASSERTION}' xmlns:samlp='#{Saml::Kit::Namespaces::PROTOCOL}'>
<saml:Issuer>#{issuer}</saml:Issuer>
<samlp:NameIDPolicy AllowCreate='true' Format='#{Saml::Kit::Namespaces::PERSISTENT}'/>
</samlp:AuthnRequest>
@@ -124,7 +124,7 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
it 'is invalid when there is no signature, and the issuer is not registered' do
now = Time.now.utc
raw_xml = <<-XML
-<samlp:AuthnRequest AssertionConsumerServiceURL='#{assertion_consumer_service_url}' ID='#{Saml::Kit::Id.generate}' IssueInstant='#{now.iso8601}' Version='2.0' xmlns:saml='#{Saml::Kit::Namespaces::ASSERTION}' xmlns:samlp='#{Saml::Kit::Namespaces::PROTOCOL}'>
+<samlp:AuthnRequest AssertionConsumerServiceURL='#{assertion_consumer_service_url}' ID='#{Xml::Kit::Id.generate}' IssueInstant='#{now.iso8601}' Version='2.0' xmlns:saml='#{Saml::Kit::Namespaces::ASSERTION}' xmlns:samlp='#{Saml::Kit::Namespaces::PROTOCOL}'>
<saml:Issuer>#{issuer}</saml:Issuer>
<samlp:NameIDPolicy AllowCreate='true' Format='#{Saml::Kit::Namespaces::PERSISTENT}'/>
</samlp:AuthnRequest>
spec/saml/composite_metadata_spec.rb
@@ -13,7 +13,7 @@ RSpec.describe Saml::Kit::CompositeMetadata do
let(:idp_encryption_certificate) { Saml::Kit::KeyPair.generate(use: :encryption).certificate }
let(:xml) do
<<-XML
-<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Saml::Kit::Id.generate}" entityID="#{entity_id}">
+<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Xml::Kit::Id.generate}" entityID="#{entity_id}">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="#{Saml::Kit::Namespaces::PROTOCOL}">
<KeyDescriptor use="signing">
<KeyInfo xmlns="#{Saml::Kit::Namespaces::XMLDSIG}">
spec/saml/default_registry_spec.rb
@@ -44,7 +44,7 @@ RSpec.describe Saml::Kit::DefaultRegistry do
it 'registers metadata that serves as both an IDP and SP' do
xml = <<-XML
-<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Saml::Kit::Id.generate}" entityID="#{entity_id}">
+<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Xml::Kit::Id.generate}" entityID="#{entity_id}">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="#{Saml::Kit::Namespaces::PROTOCOL}">
<SingleLogoutService Binding="#{Saml::Kit::Bindings::HTTP_POST}" Location="#{FFaker::Internet.uri("https")}"/>
<NameIDFormat>#{Saml::Kit::Namespaces::PERSISTENT}</NameIDFormat>
spec/saml/document_spec.rb
@@ -2,7 +2,7 @@ RSpec.describe Saml::Kit::Document do
describe ".to_saml_document" do
subject { described_class }
let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: { id: SecureRandom.uuid }) }
- let(:request) { instance_double(Saml::Kit::AuthenticationRequest, id: Saml::Kit::Id.generate, issuer: FFaker::Internet.http_url, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, provider: nil, signed?: true, trusted?: true) }
+ let(:request) { instance_double(Saml::Kit::AuthenticationRequest, id: Xml::Kit::Id.generate, issuer: FFaker::Internet.http_url, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, provider: nil, signed?: true, trusted?: true) }
it 'returns a Response' do
xml = Saml::Kit::Response.build_xml(user, request)
spec/saml/logout_request_spec.rb
@@ -112,7 +112,7 @@ RSpec.describe Saml::Kit::LogoutRequest do
end
it 'validates the schema of the request' do
- id = Saml::Kit::Id.generate
+ id = Xml::Kit::Id.generate
configuration = Saml::Kit::Configuration.new
configuration.generate_key_pair_for(use: :signing)
signed_xml = Saml::Kit::Signatures.sign(configuration: configuration) do |xml, signature|
spec/saml/metadata_spec.rb
@@ -14,7 +14,7 @@ RSpec.describe Saml::Kit::Metadata do
it 'returns a composite' do
xml = <<-XML
-<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Saml::Kit::Id.generate}" entityID="#{FFaker::Internet.uri("https")}">
+<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Xml::Kit::Id.generate}" entityID="#{FFaker::Internet.uri("https")}">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="#{Saml::Kit::Namespaces::PROTOCOL}">
<SingleLogoutService Binding="#{Saml::Kit::Bindings::HTTP_POST}" Location="#{FFaker::Internet.uri("https")}"/>
<NameIDFormat>#{Saml::Kit::Namespaces::PERSISTENT}</NameIDFormat>
spec/saml/response_spec.rb
@@ -1,6 +1,6 @@
RSpec.describe Saml::Kit::Response do
describe "#valid?" do
- let(:request) { instance_double(Saml::Kit::AuthenticationRequest, id: Saml::Kit::Id.generate, issuer: FFaker::Internet.http_url, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, provider: nil, signed?: true, trusted?: true) }
+ let(:request) { instance_double(Saml::Kit::AuthenticationRequest, id: Xml::Kit::Id.generate, issuer: FFaker::Internet.http_url, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, provider: nil, signed?: true, trusted?: true) }
let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: { id: SecureRandom.uuid }) }
let(:registry) { instance_double(Saml::Kit::DefaultRegistry) }
let(:metadata) { instance_double(Saml::Kit::IdentityProviderMetadata) }
@@ -54,7 +54,7 @@ RSpec.describe Saml::Kit::Response do
it 'validates the schema of the response' do
allow(registry).to receive(:metadata_for).and_return(metadata)
allow(metadata).to receive(:matches?).and_return(true)
- id = Saml::Kit::Id.generate
+ id = Xml::Kit::Id.generate
configuration = Saml::Kit::Configuration.new
configuration.generate_key_pair_for(use: :signing)
signed_xml = Saml::Kit::Signatures.sign(configuration: configuration) do |xml, signature|
@@ -146,7 +146,7 @@ RSpec.describe Saml::Kit::Response do
destination = FFaker::Internet.uri("https")
raw_xml = <<-XML
<?xml version="1.0"?>
-<samlp:Response xmlns:samlp="#{Saml::Kit::Namespaces::PROTOCOL}" ID="#{Saml::Kit::Id.generate}" Version="2.0" IssueInstant="#{now.iso8601}" Destination="#{destination}" Consent="#{Saml::Kit::Namespaces::UNSPECIFIED}" InResponseTo="#{request.id}">
+<samlp:Response xmlns:samlp="#{Saml::Kit::Namespaces::PROTOCOL}" ID="#{Xml::Kit::Id.generate}" Version="2.0" IssueInstant="#{now.iso8601}" Destination="#{destination}" Consent="#{Saml::Kit::Namespaces::UNSPECIFIED}" InResponseTo="#{request.id}">
<Issuer xmlns="#{Saml::Kit::Namespaces::ASSERTION}">#{request.issuer}</Issuer>
<samlp:Status>
<samlp:StatusCode Value="#{Saml::Kit::Namespaces::RESPONDER_ERROR}"/>
@@ -160,7 +160,7 @@ RSpec.describe Saml::Kit::Response do
end
it 'is invalid when there are 2 assertions' do
- id = Saml::Kit::Id.generate
+ id = Xml::Kit::Id.generate
issuer = FFaker::Internet.uri("https")
configuration = Saml::Kit::Configuration.new do |config|
config.generate_key_pair_for(use: :signing)
@@ -174,7 +174,7 @@ RSpec.describe Saml::Kit::Response do
xmlns: Saml::Kit::Namespaces::PROTOCOL,
}
assertion_options = {
- ID: Saml::Kit::Id.generate,
+ ID: Xml::Kit::Id.generate,
IssueInstant: Time.now.iso8601,
Version: "2.0",
xmlns: Saml::Kit::Namespaces::ASSERTION,
@@ -206,7 +206,7 @@ RSpec.describe Saml::Kit::Response do
end
end
end
- new_options = assertion_options.merge(ID: Saml::Kit::Id.generate)
+ new_options = assertion_options.merge(ID: Xml::Kit::Id.generate)
xml.Assertion(new_options) do
xml.Issuer issuer
xml.Subject do
@@ -236,7 +236,7 @@ RSpec.describe Saml::Kit::Response do
describe "#signed?" do
let(:now) { Time.now.utc }
- let(:id) { Saml::Kit::Id.generate }
+ let(:id) { Xml::Kit::Id.generate }
let(:url) { FFaker::Internet.uri("https") }
it 'returns true when the Assertion is signed' do
@@ -317,7 +317,7 @@ RSpec.describe Saml::Kit::Response do
describe "#certificate" do
let(:now) { Time.now.utc }
- let(:id) { Saml::Kit::Id.generate }
+ let(:id) { Xml::Kit::Id.generate }
let(:url) { FFaker::Internet.uri("https") }
let(:certificate) do
Saml::Kit::Certificate.new(
@@ -404,7 +404,7 @@ RSpec.describe Saml::Kit::Response do
end
describe "encrypted assertion" do
- let(:id) { Saml::Kit::Id.generate }
+ let(:id) { Xml::Kit::Id.generate }
let(:now) { Time.now.utc }
let(:assertion_consumer_service_url) { FFaker::Internet.uri("https") }
let(:password) { FFaker::Movie.title }
@@ -455,7 +455,7 @@ XML
encrypted = cipher.update(assertion) + cipher.final
xml = <<-XML
-<samlp:Response xmlns:samlp="#{Saml::Kit::Namespaces::PROTOCOL}" xmlns:saml="#{Saml::Kit::Namespaces::ASSERTION}" ID="#{id}" Version="2.0" IssueInstant="#{now.iso8601}" Destination="#{assertion_consumer_service_url}" InResponseTo="#{Saml::Kit::Id.generate}">
+<samlp:Response xmlns:samlp="#{Saml::Kit::Namespaces::PROTOCOL}" xmlns:saml="#{Saml::Kit::Namespaces::ASSERTION}" ID="#{id}" Version="2.0" IssueInstant="#{now.iso8601}" Destination="#{assertion_consumer_service_url}" InResponseTo="#{Xml::Kit::Id.generate}">
<saml:Issuer>#{FFaker::Internet.uri("https")}</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="#{Saml::Kit::Namespaces::SUCCESS}"/>
@@ -489,7 +489,7 @@ XML
describe "parsing" do
let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: attributes) }
- let(:request) { double(:request, id: Saml::Kit::Id.generate, signed?: true, trusted?: true, provider: nil, assertion_consumer_service_url: FFaker::Internet.uri("https"), name_id_format: '', issuer: FFaker::Internet.uri("https")) }
+ let(:request) { double(:request, id: Xml::Kit::Id.generate, signed?: true, trusted?: true, provider: nil, assertion_consumer_service_url: FFaker::Internet.uri("https"), name_id_format: '', issuer: FFaker::Internet.uri("https")) }
let(:attributes) { { name: 'mo' } }
it 'returns the name id' do
spec/saml/service_provider_metadata_spec.rb
@@ -104,7 +104,7 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
it 'is invalid when 0 ACS endpoints are specified' do
xml = <<-XML
<?xml version="1.0" encoding="UTF-8"?>
-<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Saml::Kit::Id.generate}" entityID="#{entity_id}">
+<EntityDescriptor xmlns="#{Saml::Kit::Namespaces::METADATA}" ID="#{Xml::Kit::Id.generate}" entityID="#{entity_id}">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="#{Saml::Kit::Namespaces::PROTOCOL}">
<SingleLogoutService Binding="#{Saml::Kit::Bindings::HTTP_POST}" Location="#{FFaker::Internet.uri("https")}"/>
<NameIDFormat>#{Saml::Kit::Namespaces::PERSISTENT}</NameIDFormat>
spec/saml/signatures_spec.rb
@@ -5,7 +5,7 @@ RSpec.describe Saml::Kit::Signatures do
config
end
- let(:reference_id) { Saml::Kit::Id.generate }
+ let(:reference_id) { Xml::Kit::Id.generate }
let(:rsa_key) { OpenSSL::PKey::RSA.new(2048) }
let(:public_key) { rsa_key.public_key }
let(:certificate) do
lib/saml/kit/id.rb → xml-kit/lib/xml/kit/id.rb
@@ -1,10 +1,9 @@
-module Saml
+module Xml
module Kit
# This class is used primary for generating ID.
#https://www.w3.org/2001/XMLSchema.xsd
class Id
-
- # Generate an ID that conforms to the XML Schema.
+ # Generate an ID that conforms to the XML Schema.
# https://www.w3.org/2001/XMLSchema.xsd
def self.generate
"_#{SecureRandom.uuid}"
xml-kit/lib/xml/kit.rb
@@ -2,8 +2,9 @@ require "base64"
require "logger"
require "openssl"
-require "xml/kit/version"
require "xml/kit/crypto"
+require "xml/kit/id"
+require "xml/kit/version"
require "xml/kit/xml_decryption"
module Xml