fractalpenguin-googlesso 0.0.1

data/lib/FractalPenguinGoogleSSO.rb

@@ -0,0 +1,6 @@
+require 'xmlcanonicalizer'
+require 'processresponse'
+
+class FractalPenguinGoogleSSO
+  VERSION = '0.0.1'
+end

data/lib/SamlResponseTemplate.xml

@@ -0,0 +1,37 @@
+<samlp:Response ID="<RESPONSE_ID>" IssueInstant="<ISSUE_INSTANT>" Version="2.0"
+    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </samlp:Status>
+    <Assertion ID="<ASSERTION_ID>"
+        IssueInstant="2003-04-17T00:46:02Z" Version="2.0"
+        xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
+        <Issuer><ISSUER_DOMAIN></Issuer>
+        <Subject>
+            <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
+                <USERNAME_STRING>
+            </NameID>
+            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+                <SubjectConfirmationData
+                    Recipient="<DESTINATION>"
+                    NotOnOrAfter="<NOT_ON_OR_AFTER>"
+                    InResponseTo="<REQUEST_ID>"/>
+            </SubjectConfirmation>
+        </Subject>
+        <Conditions NotBefore="<NOT_BEFORE>"
+            NotOnOrAfter="<NOT_ON_OR_AFTER>">
+            <AudienceRestriction>
+                <Audience><DESTINATION></Audience>
+            </AudienceRestriction>
+        </Conditions>
+        <AuthnStatement AuthnInstant="<AUTHN_INSTANT>">
+            <AuthnContext>
+                <AuthnContextClassRef>
+                urn:oasis:names:tc:SAML:2.0:ac:classes:Password
+                </AuthnContextClassRef>
+            </AuthnContext>
+        </AuthnStatement>
+    </Assertion>
+</samlp:Response>

data/lib/SignatureTemplate.xml

@@ -0,0 +1,19 @@
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+  <SignedInfo>
+    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+    <Reference URI="">
+      <Transforms>
+        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+      </Transforms>
+      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+      <DigestValue></DigestValue>
+    </Reference>
+  </SignedInfo>
+  <SignatureValue></SignatureValue>
+  <KeyInfo>
+    <X509Data>
+      <X509Certificate></X509Certificate>
+    </X509Data>
+  </KeyInfo>
+</Signature>

data/lib/processresponse.rb

@@ -0,0 +1,270 @@
+require "openssl"
+require "openssl/x509"
+require "base64"
+require "rexml/document"
+require "rexml/xpath"
+require "zlib"
+require "digest/sha1"
+require "xmlcanonicalizer"
+
+include REXML
+include OpenSSL
+
+  class XmlProcessResponse
+    attr_accessor :acs, :encodedresponse, :authenticateform, :logger
+      
+    # Constructor @.@
+    #**********************************************************************************
+    def initialize(certificate_path, private_key_path, crypt_type = "rsa", issuer = "", issueinstant = "", providername = "", acs = "", relayState = "")
+      @certificate_path = certificate_path
+      @private_key_path = private_key_path
+      @crypt_type = crypt_type
+      @issuer = issuer
+      @issueinstant = issueinstant
+      @providername = providername
+      @acs = acs
+      @relayState = relayState
+      @requestID = ""
+
+      libpath = "#{Gem.dir}/gems/fractalpenguin-googlesso-#{FractalPenguinGoogleSSO::VERSION}/lib"
+      @signature_template_path = "#{libpath}/SignatureTemplate.xml"
+      @response_template_path = "#{libpath}/SamlResponseTemplate.xml"
+      
+      @encodedresponse = ""
+      @authenticateform = ""
+
+      @logger = Logger.new("response.log")
+      @logger.level = Logger::DEBUG
+    end
+    
+    # Process the SAML request, generate a response, and generate an auth form @.@
+    #**********************************************************************************
+    def process_response(samlRequest, relayState, username, form_only = nil)
+      xml_string = decodeAuthnRequestXML(samlRequest)
+      getRequestAttributes(xml_string)
+      
+      samlResponse = createSamlResponse(username)   
+      
+      @logger.debug("\nSAML Response\n" + samlResponse.to_s()) if @logger
+      
+      signedResponse = signXML(samlResponse)
+
+      @logger.debug("\nSigned Response\n" + signedResponse.to_s()) if @logger
+
+      @encodedresponse = Base64.encode64(signedResponse)
+      
+      unless form_only
+        @authenticateform = "<html>
+                               <head>
+                                 <script type=\"text/javascript\"> 
+			                             var t = setTimeout(\"document.acsForm.submit();\", 0);
+		                             </script>
+                               </head>
+                               
+                               <body>
+                                 <form name='acsForm' id='acsForm' action='#{@acs}' method='post'>
+			                             <input type='hidden' name='SAMLResponse' value=\"#{signedResponse}\" />
+			                             <input type='hidden' name='RelayState' value=\"#{relayState}\" />
+                                 </form>
+                                 <br/>
+                                 <br/>
+                                 <br/>
+                                 <center>
+                                   <h2>Redirecting...</h2>
+                                 </center>
+                               </body>
+                             </html>"
+      else
+        @authenticateform = "<form name='acsForm' id='acsForm' action='#{@acs}' method='post'>
+			                         <input type='hidden' name='SAMLResponse' value=\"#{signedResponse}\" />
+			                         <input type='hidden' name='RelayState' value=\"#{relayState}\" />
+                             </form>"
+      end
+    end
+
+    # Generate a response, and generate an auth form @.@
+    #**********************************************************************************
+    def process_response_wo_request(username, form_only = nil)
+      samlResponse = createSamlResponse(username)   
+      
+      @logger.debug("\nSAML Response\n" + samlResponse.to_s()) if @logger
+      
+      signedResponse = signXML(samlResponse)
+
+      @logger.debug("\nSigned Response\n" + signedResponse.to_s()) if @logger
+
+      @encodedresponse = Base64.encode64(signedResponse)
+      
+      unless form_only
+        @authenticateform = "<html>
+                               <head>
+                                 <script type=\"text/javascript\"> 
+			                             var t = setTimeout(\"document.acsForm.submit();\", 0);
+		                             </script>
+                               </head>
+                               
+                               <body>
+                                 <form name='acsForm' id='acsForm' action='#{@acs}' method='post'>
+			                             <input type='hidden' name='SAMLResponse' value=\"#{signedResponse}\" />
+			                             <input type='hidden' name='RelayState' value=\"#{@relayState}\" />
+                                 </form>
+                                 <br/>
+                                 <br/>
+                                 <br/>
+                                 <center>
+                                   <h2>Redirecting...</h2>
+                                 </center>
+                               </body>
+                             </html>"
+      else
+        @authenticateform = "<form name='acsForm' id='acsForm' action='#{@acs}' method='post'>
+			                         <input type='hidden' name='SAMLResponse' value=\"#{signedResponse}\" />
+			                         <input type='hidden' name='RelayState' value=\"#{@relayState}\" />
+                             </form>"
+      end
+    end
+    
+    # private
+    
+    # Decode the SAML request @.@
+    #**********************************************************************************
+    def decodeAuthnRequestXML(encodedRequestXmlString)
+      unzipper = Zlib::Inflate.new( -Zlib::MAX_WBITS )
+      return unzipper.inflate(Base64.decode64( encodedRequestXmlString ))
+    end
+    
+    # Get needed attributes from the decoded SAML request @.@
+    #**********************************************************************************
+    def getRequestAttributes(xmlString)
+      doc = Document.new( xmlString )
+      @issueinstant = doc.root.attributes["IssueInstant"]
+      @providername = doc.root.attributes["ProviderName"]
+      @acs = doc.root.attributes["AssertionConsumerServiceURL"]
+      @requestID = doc.root.attributes["ID"]
+    end
+    
+    # Generate SAML response @.@
+    #**********************************************************************************
+    def createSamlResponse(authenticatedUser)
+      current_time = Time.new().utc().strftime("%Y-%m-%dT%H:%M:%SZ")
+      # 20 minutes after issued time
+      notOnOrAfter = (Time.new().utc()+60*20).strftime("%Y-%m-%dT%H:%M:%SZ")
+  
+      samlResponse = ""
+      File.open(@response_template_path).each { |line|
+        samlResponse += line
+      }
+      
+      samlResponse.gsub!("<USERNAME_STRING>", authenticatedUser)
+      samlResponse.gsub!("<RESPONSE_ID>",  generateUniqueHexCode(42))
+      samlResponse.gsub!("<ISSUE_INSTANT>",  current_time)
+      samlResponse.gsub!("<AUTHN_INSTANT>",  current_time)
+      samlResponse.gsub!("<NOT_BEFORE>",  @issueinstant)
+      samlResponse.gsub!("<NOT_ON_OR_AFTER>",  notOnOrAfter)
+      samlResponse.gsub!("<ASSERTION_ID>",  generateUniqueHexCode(42))
+      (@requestID == "") ? samlResponse.gsub!("InResponseTo=\"<REQUEST_ID>\"", @requestID) : samlResponse.gsub!("<REQUEST_ID>", @requestID)
+      samlResponse.gsub!("<RSADSA>", @crypt_type)
+      samlResponse.gsub!("<DESTINATION>", @acs)
+      samlResponse.gsub!("<ISSUER_DOMAIN>", @issuer)
+      
+      return samlResponse
+    end
+    
+    # Sign the SAML response @.@
+    #**********************************************************************************
+    def signXML(xml)
+      signature = ""
+      File.open(@signature_template_path).each { |line|
+        signature += line
+      }
+    
+      document = Document.new(xml)
+      sigDoc = Document.new(signature)
+
+      # 3. Apply digesting algorithms over the resource, and calculate the digest value.
+      digestValue = calculateDigest(document)
+  
+      # 4. Enclose the details in the <Reference> element.
+      # 5. Collect all <Reference> elements inside the <SignedInfo> element. Indicate the canonicalization and signature methodologies.
+      digestElement = XPath.first(sigDoc, "//DigestValue")
+      digestElement.add_text(digestValue)
+
+      # 6. Canonicalize contents of <SignedInfo>, apply the signature algorithm, and generate the XML Digital signature.
+      signedElement = XPath.first(sigDoc, "//SignedInfo")
+      signatureValue = calculateSignatureValue(signedElement)
+
+      # 7. Enclose the signature within the <SignatureValue> element.
+      signatureValueElement = XPath.first(sigDoc, "//SignatureValue")
+      signatureValueElement.add_text(signatureValue)
+
+      # 8. Add relevant key information, if any, and produce the <Signature> element.
+      cert = ""
+      File.open(@certificate_path).each { |line|
+        cert += line
+      }
+      
+      cert.sub!(/.*BEGIN CERTIFICATE-----\s*(.*)\s*-----END CERT.*/m, '\1')
+  
+      certNode = XPath.first(sigDoc, "//X509Certificate")
+      certNode.add_text(cert)
+
+      # 9. put it all together
+      status_child = document.elements["//samlp:Status"]
+      status_child.parent.insert_before(status_child, sigDoc.root)
+      retval = document.to_s()
+      
+      return retval
+    end
+    
+    # Generate Signature @.@
+    #**********************************************************************************
+    def calculateSignatureValue(element)
+      element.add_namespace("http://www.w3.org/2000/09/xmldsig#")
+      element.add_namespace("xmlns:samlp", "urn:oasis:names:tc:SAML:2.0:protocol")
+      element.add_namespace("xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#")
+
+      canoner = XmlCanonicalizer.new(false, true)
+      canon_element = canoner.canonicalize(element)
+      
+      if @crypt_type == "rsa"
+        pkey = PKey::RSA.new(File::read(@private_key_path))
+      elsif @crypt_type == "dsa"
+        pkey = PKey::DSA.new(File::read(@private_key_path))
+      end
+      
+      signature = Base64.encode64(pkey.sign(OpenSSL::Digest::SHA1.new, canon_element.to_s.chomp).chomp).chomp
+
+      element.delete_attribute("xmlns")
+      element.delete_attribute("xmlns:samlp")
+      element.delete_attribute("xmlns:xenc")
+      return signature
+    end
+    
+    # Apply digesting algorithms over the resource, and calculate the digest value @.@
+    #**********************************************************************************
+    def calculateDigest(element)
+      canoner = XmlCanonicalizer.new(false, true)
+      canon_element = canoner.canonicalize(element)
+      
+      element_hash = Base64.encode64(Digest::SHA1.digest(canon_element.to_s.chomp).chomp).chomp
+      
+      return element_hash
+    end
+    
+    # Create response ID @.@
+    #**********************************************************************************
+    def generateUniqueHexCode( codeLength )
+      validChars = ("A".."F").to_a + ("0".."9").to_a
+      length = validChars.size
+      
+      validStartChars = ("A".."F").to_a
+      startLength = validStartChars.size
+      
+      hexCode = ""
+      hexCode << validStartChars[rand(startLength-1)]
+      
+      1.upto(codeLength-1) { |i| hexCode << validChars[rand(length-1)] }
+        
+      return hexCode
+    end
+  end

data/lib/xmlcanonicalizer.rb

@@ -0,0 +1,395 @@
+require "rexml/document"
+require "base64"
+
+include REXML
+
+ 
+  class REXML::Instruction
+    def write(writer, indent=-1, transitive=false, ie_hack=false)
+      indent(writer, indent)
+      writer << START.sub(/\\/u, '')
+      writer << @target
+      writer << ' '
+      writer << @content if @content != nil
+      writer << STOP.sub(/\\/u, '')
+    end
+  end
+  
+  class REXML::Attribute
+    def <=>(a2)
+      if (self === a2)
+        return 0
+      elsif (self == nil)
+        return -1
+      elsif (a2 == nil)
+        return 1
+      elsif (self.prefix() == a2.prefix())
+        return self.name()<=>a2.name()
+      end
+      if (self.prefix() == nil)
+        return -1
+      elsif (a2.prefix() == nil)
+        return 1
+      end
+      ret = self.namespace()<=>a2.namespace()
+      if (ret == 0)
+        ret = self.prefix()<=>a2.prefix()
+      end
+      return ret
+    end
+  end
+  
+  class REXML::Element
+    def search_namespace(prefix)
+      if (self.namespace(prefix) == nil)
+        return (self.parent().search_namespace(prefix)) if (self.parent() != nil)
+      else
+        return self.namespace(prefix)
+      end
+    end
+    def rendered=(rendered)
+    	@rendered = rendered
+    end
+    def rendered?()
+    	return @rendered
+    end
+    def node_namespaces()
+      ns = Array.new()
+      ns.push(self.prefix())
+      self.attributes().each_attribute{|a|
+        if (a.prefix() == "xmlns" or (a.prefix() == "" && a.local_name() == "xmlns"))
+          ns.push("xmlns")
+        end
+      }
+      self.prefixes().each { |prefix| ns.push(prefix) }
+      ns
+    end
+  end
+  
+  class NamespaceNode
+    attr_reader :prefix, :uri	
+    def initialize(prefix, uri)
+      @prefix = prefix
+      @uri = uri
+    end
+  end
+  
+  class XmlCanonicalizer
+    attr_accessor :prefix_list, :logger
+    
+    BEFORE_DOC_ELEMENT = 0
+    INSIDE_DOC_ELEMENT = 1
+    AFTER_DOC_ELEMENT  = 2
+    
+    NODE_TYPE_ATTRIBUTE  = 3
+    NODE_TYPE_WHITESPACE = 4
+    NODE_TYPE_COMMENT    = 5
+    NODE_TYPE_PI         = 6
+    NODE_TYPE_TEXT       = 7
+    
+    
+    def initialize(with_comments, excl_c14n)
+      @with_comments = with_comments
+      @exclusive = excl_c14n
+      @res = ""
+      @state = BEFORE_DOC_ELEMENT
+      @xnl = Array.new()
+      @prevVisibleNamespacesStart = 0
+      @prevVisibleNamespacesEnd = 0
+      @visibleNamespaces = Array.new()
+      @inclusive_namespaces = Array.new()
+      @prefix_list = nil
+      @rendered_prefixes = Array.new()
+      @logger = Logger.new("xmlcanonicalizer.log")
+      @logger.level = Logger::DEBUG
+    end
+    
+    def add_inclusive_namespaces(prefix_list, element, visible_namespaces)
+      namespaces = element.attributes()
+      namespaces.each_attribute{|ns|
+        if (ns.prefix=="xmlns")
+          if (prefix_list.include?(ns.local_name()))
+            visible_namespaces.push(NamespaceNode.new("xmlns:"+ns.local_name(), ns.value()))
+          end
+        end
+      }
+      parent = element.parent()
+      add_inclusive_namespaces(prefix_list, parent, visible_namespaces) if (parent)
+      visible_namespaces
+    end
+    
+    def canonicalize(document)
+      write_document_node(document)
+      @logger.debug("\nCanonicalized result\n" + @res.to_s()) if @logger
+      @res
+    end
+    
+    def canonicalize_element(element, logging = true)
+      @logger.debug("Canonicalize element:\n" + element.to_s()) if @logger
+      @inclusive_namespaces = add_inclusive_namespaces(@prefix_list, element, @inclusive_namespaces) if (@prefix_list)
+      @preserve_document = element.document()
+      tmp_parent = element.parent()
+      body_string = remove_whitespace(element.to_s().gsub("\n","").gsub("\t","").gsub("\r",""))
+      document = Document.new(body_string)
+      tmp_parent.delete_element(element)
+      element = tmp_parent.add_element(document.root())
+      @preserve_element = element
+      document = Document.new(element.to_s())
+      ns = element.namespace(element.prefix())
+      document.root().add_namespace(element.prefix(), ns)
+      write_document_node(document)
+      @logger.debug("Canonicalized result:\n" + @res.to_s()) if @logger
+      @res
+    end
+    
+    def write_document_node(document)
+      @state = BEFORE_DOC_ELEMENT
+      if (document.class().to_s() == "REXML::Element")
+        write_node(document)
+      else
+        document.each_child{|child|
+          write_node(child)
+        }
+      end
+      @res
+    end
+    
+    def write_node(node)
+      visible = is_node_visible(node)
+      if ((node.node_type() == :text) && white_text?(node.value()))
+        res = node.value()
+        res.gsub("\r\n","\n")
+        #res = res.delete(" ").delete("\t")
+        res.delete("\r")
+        @res = @res + res
+        #write_text_node(node,visible) if (@state == INSIDE_DOC_ELEMENT)
+        return
+      end
+      if (node.node_type() == :text)
+        write_text_node(node, visible)
+        return
+      end		
+      if (node.node_type() == :element)
+        write_element_node(node, visible) if (!node.rendered?())
+		    node.rendered=(true)
+      end
+      if (node.node_type() == :processing_instruction)
+      end
+      if (node.node_type() == :comment)
+      end
+    end
+    
+    def write_element_node(node, visible)
+      savedPrevVisibleNamespacesStart = @prevVisibleNamespacesStart
+      savedPrevVisibleNamespacesEnd = @prevVisibleNamespacesEnd
+      savedVisibleNamespacesSize = @visibleNamespaces.size()
+      state = @state
+      state = INSIDE_DOC_ELEMENT if (visible && state == BEFORE_DOC_ELEMENT)
+      @res = @res + "<" + node.expanded_name() if (visible)
+      write_namespace_axis(node, visible)
+      write_attribute_axis(node)
+      @res = @res + ">" if (visible)
+      node.each_child{|child|
+    	 	write_node(child)
+    	}
+      @res = @res + "</" +node.expanded_name() + ">" if (visible)
+      @state = AFTER_DOC_ELEMENT if (visible && state == BEFORE_DOC_ELEMENT)
+      @prevVisibleNamespacesStart = savedPrevVisibleNamespacesStart
+      @prevVisibleNamespacesEnd = savedPrevVisibleNamespacesEnd
+      @visibleNamespaces.slice!(savedVisibleNamespacesSize, @visibleNamespaces.size() - savedVisibleNamespacesSize) 		if (@visibleNamespaces.size() > savedVisibleNamespacesSize)
+    end
+    
+    def write_namespace_axis(node, visible)
+      doc = node.document()
+      has_empty_namespace = false
+      list = Array.new()
+      cur = node
+      #while ((cur != nil) && (cur != doc) && (cur.node_type() != :document)) 
+      namespaces = cur.node_namespaces()
+      namespaces.each{|prefix|
+        next if ((prefix == "xmlns") && (node.namespace(prefix) == "")) 
+        namespace = cur.namespace(prefix)
+        next if (is_namespace_node(namespace))
+        next if (node.namespace(prefix) != cur.namespace(prefix))
+        next if (prefix == "xml" && namespace == "http://www.w3.org/XML/1998/namespace")
+        next if (!is_node_visible(cur))
+        rendered = is_namespace_rendered(prefix, namespace)
+        @visibleNamespaces.push(NamespaceNode.new("xmlns:"+prefix,namespace)) if (visible)
+        if ((!rendered) && !list.include?(prefix))
+          list.push(prefix)
+        end
+        has_empty_namespace = true if (prefix == nil)
+      }
+      if (visible && !has_empty_namespace && !is_namespace_rendered(nil, nil)) 
+        @res = @res + ' xmlns=""'
+      end
+      #TODO: ns of inclusive_list
+#=begin
+      if ((@prefix_list) && (node.to_s() == node.parent().to_s()))
+        #list.push(node.prefix())
+        @inclusive_namespaces.each{|ns|
+          prefix = ns.prefix().split(":")[1]
+          list.push(prefix) if (!list.include?(prefix) && (!node.attributes.prefixes.include?(prefix))) 
+        }
+		@prefix_list = nil
+      end
+#=end
+      list.sort!()
+      list.insert(0, "xmlns") unless list.delete("xmlns").nil?
+      list.each{|prefix|
+        next if (prefix == "")
+    		next if (@rendered_prefixes.include?(prefix))
+    		@rendered_prefixes.push(prefix)
+        ns = node.namespace(prefix)
+        ns = @preserve_element.namespace(prefix) if (ns == nil)
+        @res = @res + normalize_string(" " + prefix + '="' + ns + '"', NODE_TYPE_TEXT) if (prefix == "xmlns")
+        @res = @res + normalize_string(" xmlns:" + prefix + '="' + ns + '"', NODE_TYPE_TEXT) if (prefix != nil && prefix != "xmlns")
+      }
+      if (visible)
+        @prevVisibleNamespacesStart = @prevVisibleNamespacesEnd
+        @prevVisibleNamespacesEnd = @visibleNamespaces.size()	
+      end
+    end
+    
+    def write_attribute_axis(node)
+      list = Array.new()
+      node.attributes().sort.each{|key, attr|
+        list.push(attr) if (!is_namespace_node(attr.value()) && !is_namespace_decl(attr)) # && is_node_visible(
+      }
+      if (!@exclusive && node.parent() != nil && node.parent().parent() != nil)
+        cur = node.parent()
+        while (cur != nil)
+          #next if (cur.attributes() == nil)
+          cur.each_attribute{|attribute|
+            next if (attribute.prefix() != "xml")
+            next if (attribute.prefix().index("xmlns") == 0)
+            next if (node.namespace(attribute.prefix()) == attribute.value())
+            found = true
+            list.each{|n|
+              if (n.prefix() == "xml" && n.value() == attritbute.value())
+                found = true
+                break
+              end
+            }
+            next if (found)
+            list.push(attribute)
+          }
+        end
+      end
+      list.each{|attribute|
+        if (attribute != nil)
+          if (attribute.name() != "xmlns")
+            @res = @res + " " + normalize_string(attribute.to_string(), NODE_TYPE_ATTRIBUTE).gsub("'",'"')
+          end
+          #	else
+          #	@res = @res + " " + normalize_string(attribute.name()+'="'+attribute.to_s()+'"', NODE_TYPE_ATTRIBUTE).gsub("'",'"')
+          #end
+        end
+      }
+    end
+    
+    def is_namespace_node(namespace_uri)
+      return (namespace_uri == "http://www.w3.org/2000/xmlns/")
+    end
+    
+    def is_namespace_rendered(prefix, uri)
+      is_empty_ns = prefix == nil && uri == nil
+      if (is_empty_ns)
+        start = 0
+      else
+        start = @prevVisibleNamespacesStart
+      end
+      @visibleNamespaces.each{|ns|
+        if (ns.prefix() == "xmlns:"+prefix.to_s() && ns.uri() == uri)
+          return true
+        end
+      }
+      return is_empty_ns
+      #(@visibleNamespaces.size()-1).downto(start) {|i|
+      #   ns = @visibleNamespaces[i]
+      #	return true if (ns.prefix() == "xmlns:"+prefix.to_s() && ns.uri() == uri)
+      #	#p = ns.prefix() if (ns.prefix().index("xmlns") == 0) 
+      #	#return ns.uri() == uri if (p == prefix) 
+      #}
+      #return is_empty_ns
+    end
+    
+    def is_node_visible(node)
+      return true if (@xnl.size() == 0)
+      @xnl.each{|element|
+        return true if (element == node)
+      }
+      return false
+    end
+    
+    def normalize_string(input, type)
+      sb = ""
+      return input
+    end
+    #input.each_byte{|b|
+    #	if (b ==60 && (type == NODE_TYPE_ATTRIBUTE || is_text_node(type)))
+    #		sb = sb + "&lt;"
+    #	elsif (b == 62 && is_text_node(type))
+    #		sb = sb + "&gt;"
+    #	elsif (b == 38 && (is_text_node(type) || is_text_node(type))) #Ampersand
+    #		sb = sb + "&amp;"
+    #	elsif (b == 34 && is_text_node(type)) #Quote
+    #		sb = sb + "&quot;"
+    #	elsif (b == 9 && is_text_node(type)) #Tabulator
+    #		sb = sb + "&#x9;"
+    #	elsif (b == 11 && is_text_node(type)) #CR
+    #		sb = sb + "&#xA;"
+    #	elsif (b == 13 && (type == NODE_TYPE_ATTRIBUTE || (is_text_node(type) && type != NODE_TYPE_WHITESPACE) || type == NODE_TYPE_COMMENT || type == NODE_TYPE_PI))
+    #		sb = sb + "&#xD;"
+    #	elsif (b == 13)
+    #		next
+    #	else
+    #		sb = sb.concat(b)
+    #	end
+    #}
+    #sb
+    #end
+    
+    def write_text_node(node, visible)
+      if (visible)
+        @res = @res + normalize_string(node.value(), node.node_type())
+      end
+    end
+    
+    def white_text?(text)
+      return true if ((text.strip() == "") || (text.strip() == nil))
+      return false
+    end
+    
+    def is_namespace_decl(attribute)
+      #return true if (attribute.name() == "xmlns")
+      return true if (attribute.prefix().index("xmlns") == 0)
+      return false
+    end
+    
+    def is_text_node(type)
+      return true if (type == NODE_TYPE_TEXT || type == NODE_TYPE_CDATA || type == NODE_TYPE_WHITESPACE)
+      return false
+    end
+    
+    def remove_whitespace(string)
+      new_string = ""
+      in_white = false
+      string.each_byte{|b|
+        #if (in_white && b == 32)
+        #else
+        if !(in_white && b == 32)
+          new_string = new_string + b.chr()
+        end
+        if (b == 62) #>
+          in_white = true
+        end
+        if (b == 60) #<
+          in_white = false
+        end
+      }
+      new_string
+    end
+  end
+
+

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification 
+name: fractalpenguin-googlesso
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- FractalPenguin
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-09-19 00:00:00 -05:00
+default_executable: 
+dependencies: []
+
+description: The standard GoogleSSO gem with a few modifications and enhancments
+email: kylerchrdsn@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/FractalPenguinGoogleSSO.rb
+- lib/processresponse.rb
+- lib/xmlcanonicalizer.rb
+- lib/SamlResponseTemplate.xml
+- lib/SignatureTemplate.xml
+has_rdoc: true
+homepage: http://rubygems.org/gems/fractalpenguin-googlesso
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.4.2
+signing_key: 
+specification_version: 3
+summary: Google SSO
+test_files: []
+