libsaml 2.0.5

data/lib/saml/elements/subject_locality.rb

@@ -0,0 +1,12 @@
+module Saml
+  module Elements
+    class SubjectLocality
+      include Saml::Base
+
+      tag "SubjectLocality"
+      namespace 'saml'
+
+      attribute :address, String, :tag => "Address"
+    end
+  end
+end

data/lib/saml/encoding.rb

@@ -0,0 +1,35 @@
+require 'zlib'
+require 'base64'
+
+module Saml
+  class Encoding
+
+    def self.encode_64 string
+      Base64.encode64(string).chomp
+    end
+
+    def self.decode_64 base64_string
+      Base64.decode64 base64_string
+    end
+
+    def self.encode_gzip string
+      Zlib::Deflate.deflate(string, 9)[2..-5]
+    end
+
+    def self.decode_gzip gzip_binary_string
+      # Adding a - sign to MAX_WBITS makes zlib ignore the zlib headers
+      inflate(gzip_binary_string, -Zlib::MAX_WBITS)
+    rescue ::Zlib::DataError
+      inflate(gzip_binary_string) rescue nil
+    end
+
+    def self.inflate gzip_binary_string, max_bits=nil
+      zstream = Zlib::Inflate.new(max_bits)
+      begin
+        zstream.inflate(gzip_binary_string)
+      ensure
+        zstream.close
+      end
+    end
+  end
+end

data/lib/saml/logout_request.rb

@@ -0,0 +1,10 @@
+module Saml
+  class LogoutRequest
+    include Saml::ComplexTypes::RequestAbstractType
+
+    tag "LogoutRequest"
+    element :name_id, String, :tag => "NameID", :namespace => 'saml'
+
+    validates :name_id, :presence => true
+  end
+end

data/lib/saml/logout_response.rb

@@ -0,0 +1,11 @@
+module Saml
+  class LogoutResponse
+    include Saml::ComplexTypes::StatusResponseType
+
+    tag "LogoutResponse"
+
+    def partial_logout?
+      !success? && status.status_code.partial_logout?
+    end
+  end
+end

data/lib/saml/provider.rb

@@ -0,0 +1,85 @@
+module Saml
+  module Provider
+    extend ActiveSupport::Concern
+
+    def assertion_consumer_service_url(index = nil)
+      find_indexed_service(descriptor.assertion_consumer_services, index)
+    end
+
+    def artifact_resolution_service_url(index = nil)
+      find_indexed_service(descriptor.artifact_resolution_services, index)
+    end
+
+    def entity_descriptor
+      @entity_descriptor
+    end
+
+    def entity_id
+      entity_descriptor.entity_id
+    end
+
+    def certificate(use = "signing")
+      key_descriptor = descriptor.key_descriptors.find { |key| key.use == use || key.use == "" }
+      key_descriptor.certificate if key_descriptor
+    end
+
+    def private_key
+      @private_key
+    end
+
+    def sign(signature_algorithm, data)
+      private_key.sign(digest_method(signature_algorithm).new, data)
+    end
+
+    def single_sign_on_service_url(binding)
+      find_binding_service(descriptor.single_sign_on_services, binding)
+    end
+
+    def single_logout_service_url(binding)
+      find_binding_service(descriptor.single_logout_services, binding)
+    end
+
+    def type
+      descriptor.is_a?(Saml::Elements::SPSSODescriptor) ? "service_provider" : "identity_provider"
+    end
+
+    def verify(signature_algorithm, signature, data)
+      certificate.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue nil
+    end
+
+    def authn_requests_signed?
+      descriptor.authn_requests_signed
+    end
+
+    private
+
+    def digest_method(signature_algorithm)
+      digest = signature_algorithm && signature_algorithm =~ /sha(.*?)$/i && $1.to_i
+      case digest
+        when 256 then
+          OpenSSL::Digest::SHA256
+        else
+          OpenSSL::Digest::SHA1
+      end
+    end
+
+    # @return [Saml::ComplexTypes::SSODescriptorType]
+    def descriptor
+      entity_descriptor.sp_sso_descriptor || entity_descriptor.idp_sso_descriptor
+    end
+
+    def find_indexed_service(service_list, index)
+      service = if index
+        service_list.find { |service| service.index == index }
+      else
+        service_list.find { |service| service.is_default }
+      end
+      service.location if service
+    end
+
+    def find_binding_service(service_list, binding)
+      service = service_list.find { |service| service.binding == binding }
+      service.location if service
+    end
+  end
+end

data/lib/saml/provider_stores/file.rb

@@ -0,0 +1,33 @@
+module Saml
+  module ProviderStores
+    class File
+      class Provider
+        include Saml::Provider
+        attr_accessor :entity_descriptor, :private_key, :type
+
+        def initialize(entity_descriptor, private_key, type)
+          @entity_descriptor = entity_descriptor
+          @private_key       = private_key
+          @type              = type
+        end
+      end
+
+      attr_accessor :providers
+
+      def initialize(metadata_dir = "config/metadata", key_file = "config/ssl/key.pem")
+        self.providers = []
+        Dir[::File.join(metadata_dir, "*.xml")].each do |file|
+          entity_descriptor = Saml::Elements::EntityDescriptor.parse(::File.read(file), single: true)
+          private_key       = OpenSSL::PKey::RSA.new(::File.read(key_file))
+          type              = entity_descriptor.sp_sso_descriptor.present? ? "service_provider" : "identity_provider"
+
+          self.providers << Provider.new(entity_descriptor, private_key, type)
+        end
+      end
+
+      def find_by_entity_id(entity_id)
+        self.providers.find { |provider| provider.entity_id == entity_id }
+      end
+    end
+  end
+end

data/lib/saml/response.rb

@@ -0,0 +1,21 @@
+module Saml
+  class Response
+    include Saml::ComplexTypes::StatusResponseType
+
+    tag "Response"
+    has_one :assertion, Saml::Assertion, :tag => "Assertion"
+    has_many :assertions, Saml::Assertion, :tag => "Assertion"
+
+    def authn_failed?
+      !success? && status.status_code.authn_failed?
+    end
+
+    def request_denied?
+      !success? && status.status_code.request_denied?
+    end
+
+    def no_authn_context?
+      !success? && status.status_code.no_authn_context?
+    end
+  end
+end

data/lib/saml/util.rb

@@ -0,0 +1,51 @@
+module Saml
+  class Util
+    class << self
+      def parse_params(url)
+        query = URI.parse(url).query
+        return {} unless query
+
+        params = {}
+        query.split(/[&;]/).each do |pairs|
+          key, value = pairs.split('=',2)
+          params[key] = value
+        end
+
+        params
+      end
+
+      def post(location, message)
+        request = HTTPI::Request.new
+
+        request.url                     = location
+        request.headers['Content-Type'] = 'text/xml'
+        request.body                    = message
+        request.auth.ssl.cert_file      = Saml::Config.ssl_certificate_file
+        request.auth.ssl.cert_key_file  = Saml::Config.ssl_private_key_file
+
+        HTTPI.post request
+      end
+
+      def sign_xml(message, format = :xml)
+        message.add_signature
+
+        document = Xmldsig::SignedDocument.new(message.send("to_#{format}"))
+        document.sign do |data, signature_algorithm|
+          message.provider.sign(signature_algorithm, data)
+        end
+      end
+
+      def verify_xml(message, raw_body)
+        document = Xmldsig::SignedDocument.new(raw_body)
+
+        signature_valid = document.validate do |signature, data, signature_algorithm|
+          message.provider.verify(signature_algorithm, signature, data)
+        end
+
+        raise Saml::Errors::SignatureInvalid.new unless signature_valid
+
+        message.class.parse(document.signed_nodes.first.to_xml, single: true)
+      end
+    end
+  end
+end

data/lib/saml/version.rb

@@ -0,0 +1,3 @@
+module Saml
+  VERSION = "2.0.5"
+end

data/lib/saml/xml_helpers.rb

@@ -0,0 +1,34 @@
+module Saml
+  module XMLHelpers
+    extend ActiveSupport::Concern
+
+    def to_xml(builder = nil, default_namespace = nil, instruct = true)
+      write_xml            = builder.nil? ? true : false
+      builder              ||= Nokogiri::XML::Builder.new
+      builder.doc.encoding = "UTF-8"
+      result               = super(builder, default_namespace)
+      if write_xml
+        instruct ? result.to_xml : result.doc.root
+      else
+        result
+      end
+
+    end
+
+    def to_soap
+      builder = Nokogiri::XML::Builder.new
+      body    = self.to_xml(builder)
+
+      builder = Nokogiri::XML::Builder.new(:encoding => "UTF-8")
+      builder.Envelope(:'xmlns:soapenv' => "http://schemas.xmlsoap.org/soap/envelope/",
+                       :'xmlns:xsd'     => "http://www.w3.org/2001/XMLSchema",
+                       :'xmlns:xsi'     => "http://www.w3.org/2001/XMLSchema-instance") do |xml|
+        builder.parent.namespace = builder.parent.namespace_definitions.find { |n| n.prefix == 'soapenv' }
+        builder.Body do
+          builder.parent.add_child body.doc.root
+        end
+      end
+      builder.to_xml
+    end
+  end
+end

data/lib/tasks/saml_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :saml do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,195 @@
+--- !ruby/object:Gem::Specification
+name: libsaml
+version: !ruby/object:Gem::Version
+  version: 2.0.5
+platform: ruby
+authors:
+- Benoist Claassen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: nokogiri-happymapper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.7
+- !ruby/object:Gem::Dependency
+  name: xmldsig
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.2.1
+- !ruby/object:Gem::Dependency
+  name: curb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: httpi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Libsaml makes the creation of SAML 2.0 messages easy. The object structure
+  is modeled after the SAML Core 2.0 specification from OASIS. Supported bindings
+  are HTTP-Post, HTTP-Redirect, HTTP-Artifact and SOAP. Features include XML signing,
+  XML verification and a pluggable backend for providers (FileStore backend included).
+email:
+- bclaassen@digidentity.eu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/saml/artifact.rb
+- lib/saml/artifact_resolve.rb
+- lib/saml/artifact_response.rb
+- lib/saml/assertion.rb
+- lib/saml/authn_request.rb
+- lib/saml/base.rb
+- lib/saml/bindings/http_artifact.rb
+- lib/saml/bindings/http_post.rb
+- lib/saml/bindings/http_redirect.rb
+- lib/saml/bindings/soap.rb
+- lib/saml/complex_types/endpoint_type.rb
+- lib/saml/complex_types/indexed_endpoint_type.rb
+- lib/saml/complex_types/request_abstract_type.rb
+- lib/saml/complex_types/sso_descriptor_type.rb
+- lib/saml/complex_types/status_response_type.rb
+- lib/saml/config.rb
+- lib/saml/elements/attribute.rb
+- lib/saml/elements/attribute_statement.rb
+- lib/saml/elements/audience_restriction.rb
+- lib/saml/elements/authn_context.rb
+- lib/saml/elements/authn_statement.rb
+- lib/saml/elements/conditions.rb
+- lib/saml/elements/contact_person.rb
+- lib/saml/elements/entities_descriptor.rb
+- lib/saml/elements/entity_descriptor.rb
+- lib/saml/elements/idp_sso_descriptor.rb
+- lib/saml/elements/key_descriptor/key_info/x509_data.rb
+- lib/saml/elements/key_descriptor/key_info.rb
+- lib/saml/elements/key_descriptor.rb
+- lib/saml/elements/name_id.rb
+- lib/saml/elements/organization.rb
+- lib/saml/elements/requested_authn_context.rb
+- lib/saml/elements/signature/canonicalization_method.rb
+- lib/saml/elements/signature/digest_method.rb
+- lib/saml/elements/signature/inclusive_namespaces.rb
+- lib/saml/elements/signature/key_info.rb
+- lib/saml/elements/signature/reference.rb
+- lib/saml/elements/signature/signature_method.rb
+- lib/saml/elements/signature/signed_info.rb
+- lib/saml/elements/signature/transform.rb
+- lib/saml/elements/signature/transforms.rb
+- lib/saml/elements/signature.rb
+- lib/saml/elements/sp_sso_descriptor.rb
+- lib/saml/elements/status.rb
+- lib/saml/elements/status_code.rb
+- lib/saml/elements/sub_status_code.rb
+- lib/saml/elements/subject.rb
+- lib/saml/elements/subject_confirmation.rb
+- lib/saml/elements/subject_confirmation_data.rb
+- lib/saml/elements/subject_locality.rb
+- lib/saml/encoding.rb
+- lib/saml/logout_request.rb
+- lib/saml/logout_response.rb
+- lib/saml/provider.rb
+- lib/saml/provider_stores/file.rb
+- lib/saml/response.rb
+- lib/saml/util.rb
+- lib/saml/version.rb
+- lib/saml/xml_helpers.rb
+- lib/saml.rb
+- lib/tasks/saml_tasks.rake
+- MIT-LICENSE
+- Rakefile
+- README.rdoc
+homepage: https://www.digidentity.eu
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.6
+signing_key: 
+specification_version: 4
+summary: A gem to easily create SAML 2.0 messages.
+test_files: []