custom-adal 1.0.1

data/lib/adal/client_assertion.rb

@@ -0,0 +1,63 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative './request_parameters'
+require_relative './token_request'
+require_relative './util'
+
+module ADAL
+  # A client credential that consists of the client id and a JWT bearer
+  # assertion. The type is 'urn:ietf:params:oauth:token-type:jwt'.
+  class ClientAssertion
+    include TokenRequest::GrantType
+    include RequestParameters
+    include Util
+
+    attr_reader :assertion
+    attr_reader :assertion_type
+    attr_reader :client_id
+
+    ##
+    # Creates a new ClientAssertion.
+    #
+    # @param [String] client_id
+    #   The client id of the calling application.
+    # @param [String] assertion
+    #   The JWT used as a credential.
+    def initialize(client_id, assertion, assertion_type = JWT_BEARER)
+      fail_if_arguments_nil(client_id, assertion, assertion_type)
+      @assertion = assertion
+      @assertion_type = assertion_type
+      @client_id = client_id
+    end
+
+    ##
+    # The relavent parameters from this credential for OAuth.
+    #
+    # @return Hash
+    def request_params
+      { CLIENT_ID => @client_id,
+        CLIENT_ASSERTION_TYPE => @assertion_type,
+        CLIENT_ASSERTION => @assertion }
+    end
+  end
+end

data/lib/adal/client_assertion_certificate.rb

@@ -0,0 +1,89 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'openssl'
+
+module ADAL
+  # An assertion made by a client with an X509 certificate. This requires both
+  # the public and private keys. Technically it only requires the thumbprint
+  # of the public key, however OpenSSL's object model does not include
+  # thumbprints.
+  class ClientAssertionCertificate
+    include RequestParameters
+
+    MIN_KEY_SIZE_BITS = 2014
+
+    attr_reader :certificate
+    attr_reader :client_id
+
+    ##
+    # Creates a new ClientAssertionCertificate.
+    #
+    # @param Authority authority
+    #   The authority object that will recognize this certificate.
+    # @param [String] client_id
+    #   The client id of the calling application.
+    # @param [OpenSSL::PKCS12] pkcs12_file
+    #   The PKCS12 file containing the certificate and private key.
+    def initialize(authority, client_id, pkcs12_file)
+      unless pkcs12_file.is_a? OpenSSL::PKCS12
+        fail ArgumentError, 'Only PKCS12 file format is supported.'
+      end
+      @authority = authority
+      @certificate = pkcs12_file.certificate
+      @client_id = client_id.to_s
+      @private_key = pkcs12_file.key
+      validate_certificate_and_key(@certificate, @private_key)
+    end
+
+    # The relevant parameters from this credential for OAuth.
+    def request_params
+      jwt_assertion = SelfSignedJwtFactory
+                      .new(@client_id, @authority.token_endpoint)
+                      .create_and_sign_jwt(@certificate, @private_key)
+      ClientAssertion.new(client_id, jwt_assertion).request_params
+    end
+
+    private
+
+    # @param [OpenSSL::X509::Certificate] certificate
+    # @return [Fixnum] The number of bits in the public key.
+    def public_key_size_bits(certificate)
+      certificate.public_key.n.num_bytes * 8
+    end
+
+    ##
+    # In general, Ruby code is very loose about types. However, since we are
+    # dealing with sensitive information here, we will be a little bit stricter
+    # on type safety.
+    def validate_certificate_and_key(certificate, private_key)
+      if !certificate.is_a? OpenSSL::X509::Certificate
+        fail ArgumentError, 'certificate must be an OpenSSL::X509::Certificate.'
+      elsif !private_key.is_a? OpenSSL::PKey::RSA
+        fail ArgumentError, 'private_key must be an OpenSSL::PKey::RSA.'
+      elsif public_key_size_bits(certificate) < MIN_KEY_SIZE_BITS
+        fail ArgumentError, 'certificate must contain a public key of at ' \
+          "least #{MIN_KEY_SIZE_BITS} bits."
+      end
+    end
+  end
+end

data/lib/adal/client_credential.rb

@@ -0,0 +1,46 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative './request_parameters'
+require_relative './util'
+
+module ADAL
+  # A wrapper object for a client id and secret.
+  class ClientCredential
+    include RequestParameters
+    include Util
+
+    attr_reader :client_id
+    attr_reader :client_secret
+
+    def initialize(client_id, client_secret = nil)
+      fail_if_arguments_nil(client_id)
+      @client_id = client_id
+      @client_secret = client_secret
+    end
+
+    # The relavent parameters from this credential for OAuth.
+    def request_params
+      { CLIENT_ID => @client_id, CLIENT_SECRET => @client_secret }
+    end
+  end
+end

data/lib/adal/core_ext/hash.rb

@@ -0,0 +1,34 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+module ADAL
+  # Adds helper methods to Hash. These are standard in Rails and are
+  # commonplace in the Ruby community.
+  module CoreExt
+    # Same as #merge, but values in other_hash are prioritized over self.
+    refine Hash do
+      def reverse_merge(other_hash)
+        other_hash.merge(self)
+      end
+    end
+  end
+end

data/lib/adal/core_ext.rb

@@ -0,0 +1,26 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+# All of the refinements used in ADAL. They are all in the namespace
+# ADAL::CoreExt and will only be applied to files that start with ADAL::CoreExt
+# before opening any module or class.
+require_relative './core_ext/hash'

data/lib/adal/jwt_parameters.rb

@@ -0,0 +1,39 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+module ADAL
+  # Literals used in JWT header and payload.
+  module JwtParameters
+    ALGORITHM = 'alg'
+    AUDIENCE = 'aud'
+    EXPIRES_ON = 'exp'
+    ISSUER = 'iss'
+    JWT_ID = 'jti'
+    NOT_BEFORE = 'nbf'
+    RS256 = 'RS256'
+    SELF_SIGNED_JWT_LIFETIME = 10
+    SUBJECT = 'sub'
+    THUMBPRINT = 'x5t'
+    TYPE = 'typ'
+    TYPE_JWT = 'JWT'
+  end
+end

data/lib/adal/logger.rb

@@ -0,0 +1,90 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'logger'
+
+module ADAL
+  # Extended version of Ruby's base logger class to support VERBOSE logging.
+  # This is consistent with ADAL logging across platforms.
+  #
+  # The format of a log message is described in the Ruby docs at
+  # http://ruby-doc.org/stdlib-2.2.2/libdoc/logger/rdoc/Logger.html as
+  # SeverityID, [DateTime #pid] SeverityLabel -- ProgName: message.
+  # SeverityID is the first letter of the severity. In the case of ADAL::Logger
+  # that means one of {V, I, W, E, F}. The DateTime object uses the to_s method
+  # of DateTime from stdlib which is ISO-8601. The ProgName will be the
+  # correlation id if one is sent or absent otherwise.
+  class Logger < Logger
+    SEVS = %w(VERBOSE INFO WARN ERROR FATAL)
+    VERBOSE = SEVS.index('VERBOSE')
+
+    ##
+    # Constructs a new Logger.
+    #
+    # @param String|IO logdev
+    #   A filename (String) or IO object (STDOUT, STDERR).
+    # @param String correlation_id
+    #   The UUID of the request context.
+    def initialize(logdev, correlation_id)
+      super(logdev)
+      @correlation_id = correlation_id
+    end
+
+    def format_severity(severity)
+      SEVS[severity] || 'ANY'
+    end
+
+    ##
+    # For some reason, the default logger implementations of #error, #fatal,
+    # etc. pass message = nil and progname = <the message> to #add, which
+    # interprets that as using the progname as the message. Instead, we will
+    # use the message as the message and the progname as the correlation_id.
+    #
+    # This is purely an internal change, the calling mechanism is exactly the
+    # same and it only affects ADAL::Logger, not Logger.
+
+    # These methods are skipped by the SimpleCov, because it is not our
+    # responsibility to test the standard library's logging framework.
+
+    #:nocov:
+    def error(message = nil, &block)
+      add(ERROR, message, @correlation_id, &block)
+    end
+
+    def fatal(message = nil, &block)
+      add(FATAL, message, @correlation_id, &block)
+    end
+
+    def info(message = nil, &block)
+      add(INFO, message, @correlation_id, &block)
+    end
+
+    def verbose(message = nil, &block)
+      add(VERBOSE, message, @correlation_id, &block)
+    end
+
+    def warn(message = nil, &block)
+      add(WARN, message, @correlation_id, &block)
+    end
+    #:nocov:
+  end
+end

data/lib/adal/logging.rb

@@ -0,0 +1,98 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative './logger'
+
+require 'securerandom'
+
+module ADAL
+  # Mix-in module for the ADAL logger. To obtain a logger in class methods the
+  # calling class will need to extend this module. To obtain a logger in
+  # instance methods the calling will need to include this Module.
+  module Logging
+    DEFAULT_LOG_LEVEL = Logger::ERROR
+    DEFAULT_LOG_OUTPUT = STDOUT
+
+    @correlation_id = SecureRandom.uuid
+    @log_level = DEFAULT_LOG_LEVEL
+    @log_output = DEFAULT_LOG_OUTPUT
+
+    # According to the style guide, class instance variables are preferable to
+    # class variables.
+    class << self
+      attr_accessor :correlation_id
+      attr_accessor :log_level
+      attr_accessor :log_output
+    end
+
+    ##
+    # Sets the ADAL log level.
+    #
+    # Example usage:
+    #
+    #     ADAL::Logging.log_level = ADAL::Logger::VERBOSE
+    #
+    def self.log_level=(level)
+      unless Logger::SEVS.map.with_index { |_, i| i }.include? level
+        fail ArgumentError, "Invalid log level: #{level}."
+      end
+      @log_level = level
+    end
+
+    ##
+    # Sets the ADAL log output. All future logs generated by ADAL will be sent
+    # to this location. It is not retroactive.
+    #
+    # @param IO|String output
+    #   This can either be STDERR, STDOUT or a String containing a file path.
+    def self.log_output=(output)
+      output = output.to_s unless output.is_a? IO
+      @log_output = output
+    end
+
+    ##
+    # Creates one ADAL logger per calling class/module with a specified output.
+    # This is to be used within ADAL. Clients will have no use for it.
+    #
+    # Examples usage:
+    #
+    #   require_relative './logging'
+    #
+    #   module ADAL
+    #     module SomeModule
+    #       include Logging
+    #
+    #       def something_bad
+    #         logger.error('An error message')
+    #       end
+    #     end
+    #  end
+    #
+    # @param output
+    #   STDERR, STDOUT or the file name as a string.
+    def logger
+      @logger ||= ADAL::Logger.new(Logging.log_output, Logging.correlation_id)
+      @logger.level = Logging.log_level || DEFAULT_LOG_LEVEL
+      @logger
+    end
+  end
+end

data/lib/adal/memory_cache.rb

@@ -0,0 +1,95 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative './logging'
+
+module ADAL
+  # A simple cache implementation that is not persisted across application runs.
+  class MemoryCache
+    include Logging
+
+    def initialize
+      @entries = []
+    end
+
+    attr_accessor :entries
+
+    ##
+    # Adds an array of objects to the cache.
+    #
+    # @param Array
+    #   The entries to add.
+    # @return Array
+    #   The entries after the addition.
+    def add(entries)
+      entries = Array(entries)  # If entries is an array, this is a no-op.
+      old_size = @entries.size
+      @entries |= entries
+      logger.verbose("Added #{entries.size - old_size} new entries to cache.")
+    end
+
+    ##
+    # By default, matches all entries.
+    #
+    # @param Block
+    #   A matcher on the token list.
+    # @return Array
+    #   The matching tokens.
+    def find(&query)
+      query ||= proc { true }
+      @entries.select(&query)
+    end
+
+    ##
+    # Removes an array of objects from the cache.
+    #
+    # @param Array
+    #   The entries to remove.
+    # @return Array
+    #   The remaining entries.
+    def remove(entries)
+      @entries -= Array(entries)
+    end
+
+    ##
+    # Converts the cache entries into one JSON string.
+    #
+    # @param JSON::Ext::Generator::State
+    # @return String
+    def to_json(_ = nil)
+      JSON.unparse(entries)
+    end
+
+    ##
+    # Reconstructs the cache from JSON that was previously serialized.
+    #
+    # @param JSON json
+    # @return MemoryCache
+    def self.from_json(json)
+      cache = MemoryCache.new
+      cache.entries = JSON.parse(json).map do |e|
+        CachedTokenResponse.from_json(e)
+      end
+      cache
+    end
+  end
+end

data/lib/adal/mex_request.rb

@@ -0,0 +1,52 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2015 Micorosft Corporation
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require_relative './mex_response'
+require_relative './util'
+
+require 'net/http'
+require 'uri'
+
+module ADAL
+  # A request to a Metadata Exchange endpoint of an ADFS server. Used to obtain
+  # the WSTrust endpoint for username and password authentication of federated
+  # users.
+  class MexRequest
+    include Util
+
+    ##
+    # Constructs a MexRequest object for a specific URL endpoint.
+    #
+    # @param String|URI endpoint
+    #   The Metadata Exchange endpoint.
+    def initialize(endpoint)
+      @endpoint = URI.parse(endpoint.to_s)
+    end
+
+    # @return MexResponse
+    def execute
+      request = Net::HTTP::Get.new(@endpoint.path)
+      request.add_field('Content-Type', 'application/soap+xml')
+      MexResponse.parse(http(@endpoint).request(request).body)
+    end
+  end
+end