libsaml 2.0.5

data/lib/saml/config.rb

@@ -0,0 +1,49 @@
+module Saml
+  module Config
+    mattr_accessor :provider_type
+    @@provider_type = "service_provider"
+
+    mattr_accessor :provider_store
+    @@provider_store = Saml::ProviderStores::File.new
+
+    mattr_accessor :entity_id
+    @@entity_id = 'SamlEntity'
+
+    mattr_accessor :authn_context_levels
+    @@authn_context_levels = {}
+
+    mattr_accessor :artifact_ttl
+    @@artifact_ttl = 15
+
+    mattr_accessor :private_key
+    @@private_key = 'PRIVATE_KEY'
+
+    mattr_accessor :private_key_file
+    @@private_key_file = 'PRIVATE_KEY_FILE'
+
+    mattr_accessor :max_issue_instant_offset
+    @@max_issue_instant_offset = 2
+
+    mattr_accessor :absolute_timeout
+    @@absolute_timeout = 8*60
+
+    mattr_accessor :graceperiod_timeout
+    @@graceperiod_timeout = 15
+
+    mattr_accessor :session_timeout
+    @@session_timeout = 15
+
+    # SSL
+    mattr_accessor :ssl_private_key
+    @@ssl_private_key = 'SSL_PRIVATE_KEY'
+
+    mattr_accessor :ssl_private_key_file
+    @@ssl_private_key_file = 'SSL_PRIVATE_KEY_FILE'
+
+    mattr_accessor :ssl_certificate
+    @@ssl_certificate = 'SSL_CERTIFICATE'
+
+    mattr_accessor :ssl_certificate_file
+    @@ssl_certificate_file = 'SSL_CERTIFICATE_FILE'
+  end
+end

data/lib/saml/elements/attribute.rb

@@ -0,0 +1,24 @@
+module Saml
+  module Elements
+    class Attribute
+      include Saml::Base
+
+      tag "Attribute"
+      register_namespace 'saml', Saml::SAML_NAMESPACE
+      namespace 'saml'
+
+      attribute :name, String, :tag => 'Name'
+      attribute :format, String, tag: 'NameFormat'
+      attribute :friendly_name, String, tag: 'FriendlyName'
+      element :attribute_value, String, :namespace => 'saml', :tag => "AttributeValue"
+
+      validates :name, :presence => true
+
+      def initialize(*args)
+        options = args.extract_options!
+        super(*(args << options))
+      end
+
+    end
+  end
+end

data/lib/saml/elements/attribute_statement.rb

@@ -0,0 +1,26 @@
+module Saml
+  module Elements
+    class AttributeStatement
+      include Saml::Base
+
+      tag "AttributeStatement"
+      register_namespace 'saml', Saml::SAML_NAMESPACE
+      namespace 'saml'
+
+      has_many :attribute, Saml::Elements::Attribute
+
+      def initialize(*args)
+        options     = args.extract_options!
+        super(*(args << options))
+      end
+
+      def fetch_attribute(key)
+        attribute = self.attribute.find do |attr|
+          attr.name == key
+        end
+        attribute.attribute_value if attribute
+      end
+
+    end
+  end
+end

data/lib/saml/elements/audience_restriction.rb

@@ -0,0 +1,12 @@
+module Saml
+  module Elements
+    class AudienceRestriction
+      include Saml::Base
+
+      tag "AudienceRestriction"
+      namespace 'saml'
+
+      element :audience, String, :tag => "Audience"
+    end
+  end
+end

data/lib/saml/elements/authn_context.rb

@@ -0,0 +1,13 @@
+module Saml
+  module Elements
+    class AuthnContext
+      include Saml::Base
+
+      tag "AuthnContext"
+      namespace 'saml'
+      element :authn_context_class_ref, String, :tag => "AuthnContextClassRef"
+
+      validates :authn_context_class_ref, :inclusion => ClassRefs::ALL_CLASS_REFS + [nil]
+    end
+  end
+end

data/lib/saml/elements/authn_statement.rb

@@ -0,0 +1,25 @@
+module Saml
+  module Elements
+    class AuthnStatement
+      include Saml::Base
+
+      tag "AuthnStatement"
+      namespace 'saml'
+
+      attribute :authn_instant, Time, :tag => "AuthnInstant", :on_save => lambda { |val| val.utc.xmlschema }
+      attribute :session_index, String, :tag => "SessionIndex"
+
+      has_one :subject_locality, Saml::Elements::SubjectLocality, :tag => "SubjectLocality"
+      has_one :authn_context, Saml::Elements::AuthnContext, :tag => "AuthnContext"
+
+      validates :authn_instant, :authn_context, :presence => true
+
+      def initialize(*args)
+        options = args.extract_options!
+        @subject_locality = Saml::Elements::SubjectLocality.new(:address => options.delete(:address)) if options[:address]
+        @authn_context = Saml::Elements::AuthnContext.new(:authn_context_class_ref => options.delete(:authn_context_class_ref)) if options[:authn_context_class_ref]
+        super(*(args << options))
+      end
+    end
+  end
+end

data/lib/saml/elements/conditions.rb

@@ -0,0 +1,24 @@
+module Saml
+  module Elements
+    class Conditions
+      include Saml::Base
+
+      tag "Conditions"
+      namespace 'saml'
+
+      attribute :not_before, Time, :tag => "NotBefore", :on_save => lambda { |val| val.utc.xmlschema }
+      attribute :not_on_or_after, Time, :tag => "NotOnOrAfter", :on_save => lambda { |val| val.utc.xmlschema }
+
+      has_one :audience_restriction, Saml::Elements::AudienceRestriction
+
+      def initialize(*args)
+        options = args.extract_options!
+        @audience_restriction = Saml::Elements::AudienceRestriction.new(:audience => options.delete(:audience)) if options[:audience]
+        self.not_before       = Time.now - Saml::Config.max_issue_instant_offset.minutes
+        self.not_on_or_after  = Time.now + Saml::Config.max_issue_instant_offset.minutes
+        super(*(args << options))
+      end
+
+    end
+  end
+end

data/lib/saml/elements/contact_person.rb

@@ -0,0 +1,33 @@
+module Saml
+  module Elements
+    class ContactPerson
+      include Saml::Base
+
+      tag 'ContactPerson'
+      namespace 'md'
+
+      module ContactTypes
+        TECHNICAL = 'technical'
+        SUPPORT = 'support'
+        ADMINISTRATIVE = 'administrative'
+        BILLING = 'billing'
+        OTHER = 'other'
+
+        ALL = [TECHNICAL, SUPPORT, ADMINISTRATIVE, BILLING, OTHER]
+      end
+
+      attribute :contact_type, String, :tag => "ContactType"
+
+      element :company, String, :tag => "Company"
+      element :given_name, String, :tag => "GivenName"
+      element :sur_name, String, :tag => "SurName"
+
+      has_many :email_addresses, String, :tag => "EmailAddress"
+      has_many :telephone_numbers, String, :tag => "TelephoneNumber"
+
+      validates :contact_type, :inclusion => ContactTypes::ALL
+
+      validates :email_addresses, :telephone_numbers, :presence => true
+    end
+  end
+end

data/lib/saml/elements/entities_descriptor.rb

@@ -0,0 +1,27 @@
+module Saml
+  module Elements
+    class EntitiesDescriptor
+      include Saml::Base
+      include Saml::XMLHelpers
+
+      register_namespace "md", Saml::MD_NAMESPACE
+
+      tag "EntitiesDescriptor"
+      namespace "md"
+
+      attribute :_id, String, :tag => "ID"
+      attribute :name, String, :tag => "Name"
+      attribute :valid_until, Time, :tag => "validUntil"
+      attribute :cache_duration, Integer, :tag => "cacheDuration"
+
+      has_one :signature, Saml::Elements::Signature
+
+      has_many :entities_descriptors, Saml::Elements::EntitiesDescriptor
+      has_many :entity_descriptors, Saml::Elements::EntityDescriptor
+
+      validates :entities_descriptors, :length => { :minimum => 1 }, :if => lambda { |ed| ed.entity_descriptors.blank? }
+      validates :entity_descriptors, :length => { :minimum => 1 }, :if => lambda { |ed| ed.entities_descriptors.blank? }
+
+    end
+  end
+end

data/lib/saml/elements/entity_descriptor.rb

@@ -0,0 +1,37 @@
+module Saml
+  module Elements
+    class EntityDescriptor
+      include Saml::Base
+      include Saml::XMLHelpers
+
+
+      register_namespace 'md', Saml::MD_NAMESPACE
+
+      tag 'EntityDescriptor'
+      namespace 'md'
+
+      attribute :_id, String, :tag => 'ID'
+      attribute :name, String, :tag => "Name"
+      attribute :entity_id, String, :tag => "entityID"
+      attribute :valid_until, Time, :tag => "validUntil"
+      attribute :cache_duration, Integer, :tag => "cacheDuration"
+
+      has_one :signature, Saml::Elements::Signature
+
+      has_one :organization, Saml::Elements::Organization
+      has_many :contact_persons, Saml::Elements::ContactPerson
+
+      has_one :idp_sso_descriptor, Saml::Elements::IDPSSODescriptor
+      has_one :sp_sso_descriptor, Saml::Elements::SPSSODescriptor
+
+      validates :entity_id, :presence => true
+
+      def initialize(*args)
+        super(*args)
+        @contact_persons ||= []
+        @_id             ||= Saml.generate_id
+      end
+
+    end
+  end
+end

data/lib/saml/elements/idp_sso_descriptor.rb

@@ -0,0 +1,23 @@
+module Saml
+  module Elements
+    class IDPSSODescriptor
+      include Saml::ComplexTypes::SSODescriptorType
+
+      class SingleSignOnService
+        include Saml::ComplexTypes::EndpointType
+        tag 'SingleSignOnService'
+      end
+
+      tag 'IDPSSODescriptor'
+
+      has_many :single_sign_on_services, SingleSignOnService
+
+      validates :single_sign_on_services, :presence => true
+
+      def initialize(*args)
+        super(*args)
+        self.single_sign_on_services ||= []
+      end
+    end
+  end
+end

data/lib/saml/elements/key_descriptor.rb

@@ -0,0 +1,34 @@
+require 'saml/elements/key_descriptor/key_info'
+
+module Saml
+  module Elements
+    class KeyDescriptor
+      include Saml::Base
+
+      module UseTypes
+        SIGNING    = "signing"
+        ENCRYPTION = "encryption"
+        ALL        = [SIGNING, ENCRYPTION, nil]
+      end
+
+      tag 'KeyDescriptor'
+      namespace 'md'
+
+      attribute :use, String, :tag => "use"
+
+      has_one :key_info, KeyInfo
+
+      validates :use, :inclusion => UseTypes::ALL
+      validates :certificate, :presence => true
+
+      def certificate
+        key_info.try(:x509Data).try(:x509certificate)
+      end
+
+      def certificate=(cert)
+        self.key_info = KeyInfo.new(cert)
+      end
+
+    end
+  end
+end

data/lib/saml/elements/key_descriptor/key_info.rb

@@ -0,0 +1,30 @@
+require 'saml/elements/key_descriptor/key_info/x509_data'
+
+module Saml
+  module Elements
+    class KeyDescriptor
+      class KeyInfo
+        include Saml::Base
+
+        register_namespace 'ds', Saml::XML_DSIG_NAMESPACE
+        namespace 'ds'
+        tag 'KeyInfo'
+
+        element :key_name, String, :namespace => 'ds', :tag => "KeyName"
+
+        has_one :x509Data, X509Data
+
+        validates :x509Data, :presence => true
+
+        def initialize(cert = nil)
+          if cert
+            self.x509Data = X509Data.new(cert)
+          end
+          if self.x509Data && self.x509Data.x509certificate
+            self.key_name = Digest::SHA1.hexdigest(self.x509Data.x509certificate.to_der)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/saml/elements/key_descriptor/key_info/x509_data.rb

@@ -0,0 +1,34 @@
+module Saml
+  module Elements
+    class KeyDescriptor
+      class KeyInfo
+        class X509Data
+          include Saml::Base
+
+          tag 'X509Data'
+          namespace 'ds'
+
+          element :x509certificate, String, :tag => "X509Certificate", :on_save => lambda { |c| c.present? ? Base64.encode64(c.to_der) : "" }
+
+          validates :x509certificate, :presence => true
+
+          def initialize(cert = nil)
+            self.x509certificate = cert
+          end
+
+          def x509certificate=(cert)
+            if cert.present?
+              unless cert =~ /-----BEGIN CERTIFICATE-----/
+                cert = cert.gsub(/\n/, '')
+                cert = "-----BEGIN CERTIFICATE-----\n#{cert.gsub(/(.{1,64})/, "\\1\n")}-----END CERTIFICATE-----"
+              end
+              @x509certificate = OpenSSL::X509::Certificate.new(cert)
+            end
+          rescue OpenSSL::X509::CertificateError => e
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/saml/elements/name_id.rb

@@ -0,0 +1,14 @@
+module Saml
+  module Elements
+    class NameId
+      include Saml::Base
+
+      tag 'NameID'
+      register_namespace 'saml', Saml::SAML_NAMESPACE
+      namespace 'saml'
+
+      attribute :format, String, :tag => "Format"
+      content :value, String
+    end
+  end
+end

data/lib/saml/elements/organization.rb

@@ -0,0 +1,16 @@
+module Saml
+  module Elements
+    class Organization
+      include Saml::Base
+
+      tag 'Organization'
+      namespace 'md'
+
+      has_many :organization_names, String, :tag => "OrganizationName"
+      has_many :organization_display_names, String, :tag => "OrganizationDisplayName"
+      has_many :organization_urls, String, :tag => "OrganizationURL"
+
+      validates :organization_names, :organization_display_names, :organization_urls, :presence => true
+    end
+  end
+end