Comparing changes

@@ -52,7 +52,6 @@ module Saml
         def subject_confirmation_data_options
           options = {}
           options[:InResponseTo] = request.id if request.present?
-          options[:NotOnOrAfter] = (not_on_or_after - 1.second).iso8601
           options[:Recipient] = destination if destination.present?
           options
         end

@@ -55,8 +55,10 @@ module Saml
       # @param url [String] the url to download the metadata from.
       # @param verify_ssl [Boolean] enable/disable SSL peer verification.
       def register_url(url, verify_ssl: true)
-        content = HttpApi.new(url, verify_ssl: verify_ssl).get
-        register(Saml::Kit::Metadata.from(content))
+        headers = { 'User-Agent' => "saml/kit #{Saml::Kit::VERSION}" }
+        verify_mode = verify_ssl ? nil : OpenSSL::SSL::VERIFY_NONE
+        client = Net::Hippie::Client.new(headers: headers, verify_mode: verify_mode)
+        register(Saml::Kit::Metadata.from(client.get(url).body))
       end
 
       # Returns the metadata document associated with an issuer or entityID.
@@ -74,7 +76,7 @@ module Saml
         end
       end
 
-      private
+      protected
 
       def ensure_valid_metadata(metadata)
         error = ArgumentError.new('Cannot register invalid metadata')
@@ -83,37 +85,6 @@ module Saml
           !metadata.respond_to?(:entity_id) ||
           metadata.invalid?
       end
-
-      # This class is responsible for
-      # making HTTP requests to fetch metadata
-      # from remote locations.
-      class HttpApi # :nodoc:
-        def initialize(url, verify_ssl: true)
-          @uri = URI.parse(url)
-          @verify_ssl = verify_ssl
-        end
-
-        def get
-          execute(Net::HTTP::Get.new(uri.request_uri)).body
-        end
-
-        def execute(request)
-          http.request(request)
-        end
-
-        private
-
-        attr_reader :uri, :verify_ssl
-
-        def http
-          http = Net::HTTP.new(uri.host, uri.port)
-          http.read_timeout = 30
-          http.use_ssl = uri.is_a?(URI::HTTPS)
-          http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless verify_ssl
-          http.set_debug_output(Saml::Kit.logger)
-          http
-        end
-      end
     end
   end
 end

@@ -2,6 +2,6 @@
 
 module Saml
   module Kit
-    VERSION = '1.0.20'.freeze
+    VERSION = '1.0.21'.freeze
   end
 end

@@ -11,7 +11,7 @@ require 'active_support/deprecation'
 require 'active_support/duration'
 require 'forwardable'
 require 'logger'
-require 'net/http'
+require 'net/hippie'
 require 'nokogiri'
 require 'securerandom'
 require 'uri'

@@ -76,7 +76,7 @@ RSpec.describe Saml::Kit::Builders::Response do
 
       expect(hash['Response']['Assertion']['Subject']['NameID']).to eql(user.name_id)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['Method']).to eql('urn:oasis:names:tc:SAML:2.0:cm:bearer')
-      expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['NotOnOrAfter']).to eql((3.hours.from_now.utc - 1.second).iso8601)
+      expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['NotOnOrAfter']).to be_nil
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['Recipient']).to eql(assertion_consumer_service_url)
       expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['InResponseTo']).to eql(request.id)
 

@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'activemodel', '>= 4.2.0'
+  spec.add_dependency 'net-hippie', '~> 0.1.8'
   spec.add_dependency 'xml-kit', '>= 0.1.13', '<= 1.0.0'
   spec.add_development_dependency 'bundler', '~> 1.15'
   spec.add_development_dependency 'bundler-audit', '~> 0.6'