rsaml 0.1.2

data/lib/xml_sig/signature.rb

@@ -0,0 +1,29 @@
+module XmlSig #:nodoc:
+  # An XML signature.
+  class Signature
+    attr_accessor :id
+    attr_accessor :signed_info
+    attr_accessor :signature_value
+    attr_accessor :key_info
+
+    def objects
+      @objects ||= []
+    end
+
+    def assert
+      # raise AssertionError, "An assertion signature must be valid"
+    end
+
+    # Construct an XML fragment representing the signature
+    def to_xml(xml=Builder::XmlMarkup.new)
+      attributes = {}
+      attributes['Id'] = id unless id.nil?
+      attributes['xmlns:ds'] = "http://www.w3.org/2000/09/xmldsig#"
+      xml.tag!('ds:Signature', attributes) {
+        xml << signed_info.to_xml if signed_info
+        xml.tag!('ds:SignatureValue')
+        xml.tag!('ds:KeyInfo') if key_info
+      }
+    end
+  end
+end

data/lib/xml_sig/signature_method.rb

@@ -0,0 +1,20 @@
+module XmlSig #:nodoc:
+  # SignatureMethod is a required element that specifies the algorithm used for 
+  # signature generation and validation. This algorithm identifies all cryptographic 
+  # functions involved in the signature operation (e.g. hashing, public key 
+  # algorithms, MACs, padding, etc.).
+  class SignatureMethod
+    attr_accessor :algorithm
+
+    def validate
+      raise ValidationError, "Algorithm is required" if algorithm.nil?
+    end
+
+    def to_xml(xml=Builder::XmlMarkup.new)
+      attributes = {'Algorightm' => algorithm}
+      xml.tag!('ds:SignatureMethod', attributes) {
+        xml.tag!('ds:HMACOutputLength', hmac_output_length) unless hmac_output_length.nil?
+      }
+    end
+  end
+end

data/lib/xml_sig/signed_info.rb

@@ -0,0 +1,27 @@
+module XmlSig #:nodoc:
+  class SignedInfo
+    attr_accessor :id
+    attr_accessor :canonicalization_method
+    attr_accessor :signature_method
+
+    def references
+      @references ||= []
+    end
+
+    def validate
+      raise ValidationError, "Canonicalization method is required" if canonicalization_method.nil?
+      raise ValidationError, "Signature method is required" if signature_method.nil?
+      raise ValidationError, "At least one reference is required" if references.empty?
+    end
+
+    def to_xml(xml=Builder::XmlMarkup.new)
+      attributes = {}
+      attributes['Id'] = id unless id.nil?
+      xml.tag!('ds:SignedInfo', attributes) {
+        xml << canonicalization_method.to_xml unless canonicalization_method.nil?
+        xml << signature_method.to_xml unless signature_method.nil?
+        references.each { |reference| xml << reference.to_xml }
+      }
+    end
+  end
+end

data/lib/xml_sig/transform.rb

@@ -0,0 +1,37 @@
+module XmlSig #:nodoc:
+    class Transform
+    attr_accessor :algorithm
+    attr_accessor :xpath
+
+    def to_xml(xml=Builder::XmlMarkup.new)
+      attributes = {'Algorightm' => algorithm}
+      xml.tag!('ds:Transform', attributes) {
+        xml.tag!('ds:XPath', xpath) unless xpath.nil?
+      }
+    end
+  end
+  class Base64Transform
+    IDENTIFIER = 'http://www.w3.org/2000/09/xmldsig#base64'
+    def process(content)
+      content # TODO: implement
+    end
+  end
+  class XPathFiltering
+    IDENTIFIER = 'http://www.w3.org/TR/1999/REC-xpath-19991116'
+    def process(content)
+      content # TODO: implement
+    end
+  end
+  class EnvelopedSignatureTransform
+    IDENTIFIER = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
+    def process(content)
+      content # TODO: implement
+    end
+  end
+  class XSLTTransform
+    IDENTIFIER = 'http://www.w3.org/TR/1999/REC-xslt-19991116'
+    def process(content)
+      content # TODO: implement
+    end
+  end
+end

data/test/action_namespace_test.rb

@@ -0,0 +1,93 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class ActionNamespaceTest < Test::Unit::TestCase
+  context "the ActionNamespace class" do
+    should "define all of the namespaces in the SAML 2.0 specification" do
+      namespace_uris = ActionNamespace.namespaces.values.collect { |ns| ns.uri }
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:rwedc')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:rwedc-negation')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:ghpp')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:unix')
+    end
+    should "return a namespace instance given a URI" do
+      assert_equal(ActionNamespace.namespaces[:rwedc], 
+        ActionNamespace.namespace_for_uri('urn:oasis:names:tc:SAML:1.0:action:rwedc')
+      )
+      assert_equal(ActionNamespace.namespaces[:rwedc_negation], 
+        ActionNamespace.namespace_for_uri('urn:oasis:names:tc:SAML:1.0:action:rwedc-negation')
+      )
+    end
+  end
+  context "the rwdec namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:rwedc]
+      @expected_actions = ['Read','Write','Execute','Delete','Control']
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:rwedc', @action_namespace.uri
+    end
+    should "return the uri when to_s is invoked" do
+      assert_equal @action_namespace.uri, @action_namespace.to_s
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return true for a valid action" do
+      @expected_actions.each do |action|
+        assert @action_namespace.valid_action?(action)
+      end
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the rwdec-negation namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:rwedc_negation]
+      @expected_actions = [
+        'Read','Write','Execute','Delete','Control',
+        '~Read','~Write','~Execute','~Delete','~Control'
+      ]
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:rwedc-negation', @action_namespace.uri
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return true for a valid action" do
+      @expected_actions.each do |action|
+        assert @action_namespace.valid_action?(action)
+      end
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the ghpp namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:ghpp]
+      @expected_actions = ['GET','HEAD','PUT','POST']
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:ghpp', @action_namespace.uri
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the unix file permissions namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:unix]
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:unix', @action_namespace.uri
+    end
+    should_eventually "have the correct actions" do
+      
+    end
+  end
+end

data/test/action_test.rb

@@ -0,0 +1,51 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class ActionTest < Test::Unit::TestCase
+  context "an action" do
+    setup do
+      @action = Action.new('Read')
+    end
+    should "have the rwedc_negation namespace by default" do
+      assert_equal Action.namespaces[:rwedc_negation], @action.namespace
+    end
+    should "be valid by default" do
+      assert @action.valid?
+    end
+    context "when producing xml" do
+      should "optionally have a namespace" do
+        assert_match(/<saml:Action Namespace="#{@action.namespace}"/, @action.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid Action instance" do
+        action = Action.from_xml('<saml:Action xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Read</saml:Action>')
+        assert_not_nil(action)
+        assert_equal 'Read', action.value
+        assert_equal Action.namespaces[:rwedc_negation], action.namespace
+        assert action.valid?
+      end
+      context "with an action namespace attribute" do
+        should "return a valid Action instance with an action namespace" do
+          action = Action.from_xml(%Q(<saml:Action xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Namespace="#{Action.namespaces[:rwedc]}">Write</saml:Action>))
+          assert_not_nil(action)
+          assert_equal 'Write', action.value
+          assert_equal Action.namespaces[:rwedc], action.namespace
+        end
+      end
+    end
+    context "when validating" do
+      should "raise an error if no value is provided" do
+        assert_raise ValidationError do
+          @action.value = nil
+          @action.validate
+        end
+      end
+      should "raise an error if the value is not in the specified namespace" do
+        assert_raise ValidationError do
+          @action.value = 'PUT'
+          @action.validate
+        end
+      end
+    end
+  end
+end

data/test/advice_test.rb

@@ -0,0 +1,25 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class AdviceTest < Test::Unit::TestCase
+  context "an advice" do
+    setup { @advice = Advice.new }
+    should "have 0 assertions by default" do
+      assert @advice.assertions.empty?
+    end
+    should "be valid if all assertions are valid" do
+      assert @advice.valid?
+    end
+    context "when producing xml" do
+      should "produce an empty advice tag when there are no assertions" do
+        assert_match(/<saml:Advice><\/saml:Advice>/, @advice.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid Advice instance" do
+        advice = Advice.from_xml('<saml:Advice xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"></saml:Advice>')
+        assert_not_nil(advice)
+        assert advice.valid?
+      end
+    end
+  end
+end

data/test/assertion_test.rb

@@ -0,0 +1,192 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class AssertionTest < Test::Unit::TestCase
+  context "an assertion" do
+    setup do
+      @issuer = Identifier::Issuer.new('example')
+      @assertion = Assertion.new(@issuer)
+    end
+    should "require version of 2.0" do
+      assert_equal "2.0", @assertion.version
+    end
+    should "require ID" do
+      assert_not_nil @assertion.id
+    end
+    should "require issue instant" do
+      assert_not_nil @assertion.issue_instant
+    end
+    should "require an issuer" do
+      assert_not_nil @assertion.issuer
+    end
+    
+    context "with only a subject" do
+      setup do
+        @assertion.subject = 'test'
+      end
+      should "be valid" do
+        assert_nothing_raised do
+          @assertion.validate
+        end
+      end
+    end
+    context "with an authentication statement" do
+      setup do
+        @assertion.statements << AuthenticationStatement.new(AuthenticationContext.new)
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+        assert !@assertion.valid?
+      end
+    end
+    context "with an attribute statement" do
+      setup do
+        @assertion.statements << AttributeStatement.new
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+      end
+    end
+    context "with a authorization decision statement" do
+      setup do
+        @assertion.statements << AuthorizationDecisionStatement.new
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+      end
+    end
+  
+    context "when producing xml" do
+      # TODO: implement tests for XML results
+      should "always include version, id and issue instant attributes and an issuer child element" do
+        xml = @assertion.to_xml
+        assert_match(/^<saml:Assertion/, xml)
+        assert_match(/Version="2.0"/, xml)
+        assert_match(/ID="#{uuid_match}"/, xml)
+        assert_match(/IssueInstant="#{date_match}"/, xml)
+        assert_match(/<saml:Issuer/, xml)
+      end
+      should "optionally include a signature" do
+        @assertion.signature = XmlSig::Signature.new
+        xml = @assertion.to_xml
+        assert_match(/<ds:Signature/, xml)
+      end
+      should "optionally include a subject" do
+        @assertion.subject = Subject.new(Identifier::Name.new('The Subject'))
+        xml = @assertion.to_xml
+        assert_match(%Q(<saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">The Subject</saml:NameID></saml:Subject>), xml)
+      end
+      should "optionally include conditions" do
+        @assertion.conditions << Condition.new
+        xml = @assertion.to_xml
+        assert_match(/<saml:Conditions>/, xml)
+      end
+      should "optionally include advice" do
+        uri = 'http://example.com/some_advice'
+        advice = Advice.new
+        advice.assertions << AssertionIDRef.new(UUID.new.generate)
+        advice.assertions << AssertionURIRef.new(uri) # a URI
+        @assertion.advice << advice
+        xml = @assertion.to_xml
+        assert_match(/<saml:Advice><saml:AssertionIDRef>#{uuid_match}<\/saml:AssertionIDRef>/, xml)
+        assert_match(/<saml:AssertionURIRef>#{uri}<\/saml:AssertionURIRef><\/saml:Advice>/, xml)
+      end
+      should "optionally include statements" do
+        @assertion.statements << AuthenticationStatement.new(AuthenticationContext.new)
+        xml = @assertion.to_xml
+        assert_match(/<saml:AuthnStatement AuthnInstant="#{date_match}"/, xml)
+      end
+    end
+
+    context "when consuming xml" do
+      should "return a valid Assertion instance" do
+        xml_fragment = %Q(
+          <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+            <saml:Issuer>Example</saml:Issuer>
+            <saml:Subject>Anthony</saml:Subject>
+          </saml:Assertion>
+        )
+        assertion = Assertion.from_xml(xml_fragment)
+        assert_not_nil assertion
+        assert_not_nil assertion.issuer
+        assert_equal 'Example', assertion.issuer.value
+        assert_nothing_raised do
+          assertion.validate
+        end
+      end
+      context "where there is no saml:Subject element" do
+        should "raise a validation error" do
+          xml_fragment = %Q(
+            <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+              <saml:Issuer>Example</saml:Issuer>
+            </saml:Assertion>
+          )
+          assertion = Assertion.from_xml(xml_fragment)
+          assert_raise ValidationError do
+            assertion.validate
+          end
+        end
+      end
+    end
+  end
+  context "an assertion URI ref" do
+    setup do
+      @assertion_uri_ref = AssertionURIRef.new('some_uri')
+    end
+    should "provide a uri accessor" do
+      assert_equal 'some_uri', @assertion_uri_ref.uri
+    end
+    context "when validating" do
+      should "raise an error if no uri is provided" do
+        assert_raise ValidationError do
+          @assertion_uri_ref.uri = nil
+          @assertion_uri_ref.validate
+        end
+      end
+    end
+    context "when producing xml" do
+      should "have the uri as the value" do
+        assert_match(/<saml:AssertionURIRef>some_uri<\/saml:AssertionURIRef>/, @assertion_uri_ref.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid AssertionURIRef instance" do
+        assertion_ref = AssertionURIRef.from_xml('<saml:AssertionURIRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">some_uri</saml:AssertionURIRef>')
+        assert_not_nil assertion_ref
+        assert_equal 'some_uri', assertion_ref.uri
+        assert assertion_ref.valid?
+      end
+    end
+  end
+  context "an assertion ID ref" do
+    setup do
+      @assertion_id_ref = AssertionIDRef.new('some_id')
+    end
+    context "when validating" do
+      should "raise an error if no id is provided" do
+        assert_raise ValidationError do
+          @assertion_id_ref.id = nil
+          @assertion_id_ref.validate
+        end
+      end
+    end
+    context "when producing xml" do
+      should "have an id as the value" do
+        assert_match(/<saml:AssertionIDRef>some_id<\/saml:AssertionIDRef>/, @assertion_id_ref.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid AssertionIDRef instance" do
+        assertion_ref = AssertionIDRef.from_xml('<saml:AssertionIDRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">some_id</saml:AssertionIDRef>')
+        assert_not_nil assertion_ref
+        assert_equal 'some_id', assertion_ref.id
+        assert assertion_ref.valid?
+      end
+    end
+  end
+end