RubyGems - rsaml - Versions diffs - 0.1.2 - Mend

rsaml 0.1.2

Files changed (97) hide show

data/LICENSE +0 -0
data/README +13 -0
data/Rakefile +136 -0
data/lib/rsaml.rb +57 -0
data/lib/rsaml/action.rb +57 -0
data/lib/rsaml/action_namespace.rb +63 -0
data/lib/rsaml/advice.rb +34 -0
data/lib/rsaml/assertion.rb +192 -0
data/lib/rsaml/attribute.rb +76 -0
data/lib/rsaml/audience.rb +19 -0
data/lib/rsaml/authentication_context.rb +34 -0
data/lib/rsaml/authn_context/README +1 -0
data/lib/rsaml/authn_context/authentication_context_declaration.rb +42 -0
data/lib/rsaml/authn_context/identification.rb +10 -0
data/lib/rsaml/authn_context/physical_verification.rb +24 -0
data/lib/rsaml/condition.rb +13 -0
data/lib/rsaml/conditions.rb +107 -0
data/lib/rsaml/encrypted.rb +12 -0
data/lib/rsaml/errors.rb +16 -0
data/lib/rsaml/evidence.rb +21 -0
data/lib/rsaml/ext/string.rb +5 -0
data/lib/rsaml/identifier.rb +9 -0
data/lib/rsaml/identifier/base.rb +23 -0
data/lib/rsaml/identifier/issuer.rb +28 -0
data/lib/rsaml/identifier/name.rb +55 -0
data/lib/rsaml/parser.rb +23 -0
data/lib/rsaml/protocol.rb +21 -0
data/lib/rsaml/protocol/artifact_resolve.rb +14 -0
data/lib/rsaml/protocol/assertion_id_request.rb +18 -0
data/lib/rsaml/protocol/authn_request.rb +91 -0
data/lib/rsaml/protocol/idp_entry.rb +18 -0
data/lib/rsaml/protocol/idp_list.rb +28 -0
data/lib/rsaml/protocol/message.rb +65 -0
data/lib/rsaml/protocol/name_id_policy.rb +31 -0
data/lib/rsaml/protocol/query.rb +12 -0
data/lib/rsaml/protocol/query/attribute_query.rb +56 -0
data/lib/rsaml/protocol/query/authn_query.rb +30 -0
data/lib/rsaml/protocol/query/authz_decision_query.rb +40 -0
data/lib/rsaml/protocol/query/subject_query.rb +22 -0
data/lib/rsaml/protocol/request.rb +27 -0
data/lib/rsaml/protocol/requested_authn_context.rb +34 -0
data/lib/rsaml/protocol/response.rb +56 -0
data/lib/rsaml/protocol/scoping.rb +33 -0
data/lib/rsaml/protocol/status.rb +38 -0
data/lib/rsaml/protocol/status_code.rb +84 -0
data/lib/rsaml/proxy_restriction.rb +30 -0
data/lib/rsaml/statement.rb +10 -0
data/lib/rsaml/statement/attribute_statement.rb +27 -0
data/lib/rsaml/statement/authentication_statement.rb +57 -0
data/lib/rsaml/statement/authorization_decision_statement.rb +53 -0
data/lib/rsaml/statement/base.rb +9 -0
data/lib/rsaml/subject.rb +37 -0
data/lib/rsaml/subject_confirmation.rb +35 -0
data/lib/rsaml/subject_confirmation_data.rb +55 -0
data/lib/rsaml/subject_locality.rb +27 -0
data/lib/rsaml/validatable.rb +21 -0
data/lib/rsaml/version.rb +9 -0
data/lib/xml_enc.rb +3 -0
data/lib/xml_sig.rb +11 -0
data/lib/xml_sig/canonicalization_method.rb +43 -0
data/lib/xml_sig/key_info.rb +55 -0
data/lib/xml_sig/reference.rb +57 -0
data/lib/xml_sig/signature.rb +29 -0
data/lib/xml_sig/signature_method.rb +20 -0
data/lib/xml_sig/signed_info.rb +27 -0
data/lib/xml_sig/transform.rb +37 -0
data/test/action_namespace_test.rb +93 -0
data/test/action_test.rb +51 -0
data/test/advice_test.rb +25 -0
data/test/assertion_test.rb +192 -0
data/test/attribute_test.rb +60 -0
data/test/authentication_context_test.rb +26 -0
data/test/conditions_test.rb +84 -0
data/test/evidence_test.rb +33 -0
data/test/identifier_test.rb +22 -0
data/test/issuer_test.rb +33 -0
data/test/name_test.rb +33 -0
data/test/parser_test.rb +32 -0
data/test/protocol/assertion_id_request_test.rb +19 -0
data/test/protocol/attribute_query_test.rb +30 -0
data/test/protocol/authn_query_test.rb +20 -0
data/test/protocol/authn_request_test.rb +56 -0
data/test/protocol/authz_decision_query_test.rb +31 -0
data/test/protocol/idp_list_test.rb +15 -0
data/test/protocol/request_test.rb +66 -0
data/test/protocol/response_test.rb +68 -0
data/test/protocol/scoping_test.rb +20 -0
data/test/protocol/status_code_test.rb +34 -0
data/test/protocol/status_test.rb +16 -0
data/test/proxy_restriction_test.rb +20 -0
data/test/rsaml_test.rb +12 -0
data/test/statement_test.rb +101 -0
data/test/subject_locality_test.rb +27 -0
data/test/subject_test.rb +44 -0
data/test/test_helper.rb +16 -0
data/test/xml_sig/canonicalization_test.rb +19 -0
metadata +187 -0

@@ -0,0 +1,29 @@
+module XmlSig #:nodoc:
+  # An XML signature.
+  class Signature
+    attr_accessor :id
+    attr_accessor :signed_info
+    attr_accessor :signature_value
+    attr_accessor :key_info
+    def objects
+      @objects ||= []
+    end
+    def assert
+      # raise AssertionError, "An assertion signature must be valid"
+    end
+    # Construct an XML fragment representing the signature
+    def to_xml(xml=Builder::XmlMarkup.new)
+      attributes = {}
+      attributes['Id'] = id unless id.nil?
+      attributes['xmlns:ds'] = "http://www.w3.org/2000/09/xmldsig#"
+      xml.tag!('ds:Signature', attributes) {
+        xml << signed_info.to_xml if signed_info
+        xml.tag!('ds:SignatureValue')
+        xml.tag!('ds:KeyInfo') if key_info
+      }
+    end
+  end
+end

data/lib/xml_sig/signature_method.rb ADDED

@@ -0,0 +1,20 @@
+module XmlSig #:nodoc:
+  # SignatureMethod is a required element that specifies the algorithm used for
+  # signature generation and validation. This algorithm identifies all cryptographic
+  # functions involved in the signature operation (e.g. hashing, public key
+  # algorithms, MACs, padding, etc.).
+  class SignatureMethod
+    attr_accessor :algorithm
+    def validate
+      raise ValidationError, "Algorithm is required" if algorithm.nil?
+    end
+    def to_xml(xml=Builder::XmlMarkup.new)
+      attributes = {'Algorightm' => algorithm}
+      xml.tag!('ds:SignatureMethod', attributes) {
+        xml.tag!('ds:HMACOutputLength', hmac_output_length) unless hmac_output_length.nil?
+      }
+    end
+  end
+end

data/lib/xml_sig/signed_info.rb ADDED

@@ -0,0 +1,27 @@
+module XmlSig #:nodoc:
+  class SignedInfo
+    attr_accessor :id
+    attr_accessor :canonicalization_method
+    attr_accessor :signature_method
+    def references
+      @references ||= []
+    end
+    def validate
+      raise ValidationError, "Canonicalization method is required" if canonicalization_method.nil?
+      raise ValidationError, "Signature method is required" if signature_method.nil?
+      raise ValidationError, "At least one reference is required" if references.empty?
+    end
+    def to_xml(xml=Builder::XmlMarkup.new)
+      attributes = {}
+      attributes['Id'] = id unless id.nil?
+      xml.tag!('ds:SignedInfo', attributes) {
+        xml << canonicalization_method.to_xml unless canonicalization_method.nil?
+        xml << signature_method.to_xml unless signature_method.nil?
+        references.each { |reference| xml << reference.to_xml }
+      }
+    end
+  end
+end

data/lib/xml_sig/transform.rb ADDED

@@ -0,0 +1,37 @@
+module XmlSig #:nodoc:
+    class Transform
+    attr_accessor :algorithm
+    attr_accessor :xpath
+    def to_xml(xml=Builder::XmlMarkup.new)
+      attributes = {'Algorightm' => algorithm}
+      xml.tag!('ds:Transform', attributes) {
+        xml.tag!('ds:XPath', xpath) unless xpath.nil?
+      }
+    end
+  end
+  class Base64Transform
+    IDENTIFIER = 'http://www.w3.org/2000/09/xmldsig#base64'
+    def process(content)
+      content # TODO: implement
+    end
+  end
+  class XPathFiltering
+    IDENTIFIER = 'http://www.w3.org/TR/1999/REC-xpath-19991116'
+    def process(content)
+      content # TODO: implement
+    end
+  end
+  class EnvelopedSignatureTransform
+    IDENTIFIER = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'
+    def process(content)
+      content # TODO: implement
+    end
+  end
+  class XSLTTransform
+    IDENTIFIER = 'http://www.w3.org/TR/1999/REC-xslt-19991116'
+    def process(content)
+      content # TODO: implement
+    end
+  end
+end

data/test/action_namespace_test.rb ADDED

@@ -0,0 +1,93 @@
+require File.dirname(__FILE__) + '/test_helper'
+class ActionNamespaceTest < Test::Unit::TestCase
+  context "the ActionNamespace class" do
+    should "define all of the namespaces in the SAML 2.0 specification" do
+      namespace_uris = ActionNamespace.namespaces.values.collect { |ns| ns.uri }
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:rwedc')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:rwedc-negation')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:ghpp')
+      assert namespace_uris.include?('urn:oasis:names:tc:SAML:1.0:action:unix')
+    end
+    should "return a namespace instance given a URI" do
+      assert_equal(ActionNamespace.namespaces[:rwedc],
+        ActionNamespace.namespace_for_uri('urn:oasis:names:tc:SAML:1.0:action:rwedc')
+      )
+      assert_equal(ActionNamespace.namespaces[:rwedc_negation],
+        ActionNamespace.namespace_for_uri('urn:oasis:names:tc:SAML:1.0:action:rwedc-negation')
+      )
+    end
+  end
+  context "the rwdec namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:rwedc]
+      @expected_actions = ['Read','Write','Execute','Delete','Control']
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:rwedc', @action_namespace.uri
+    end
+    should "return the uri when to_s is invoked" do
+      assert_equal @action_namespace.uri, @action_namespace.to_s
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return true for a valid action" do
+      @expected_actions.each do |action|
+        assert @action_namespace.valid_action?(action)
+      end
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the rwdec-negation namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:rwedc_negation]
+      @expected_actions = [
+        'Read','Write','Execute','Delete','Control',
+        '~Read','~Write','~Execute','~Delete','~Control'
+      ]
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:rwedc-negation', @action_namespace.uri
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return true for a valid action" do
+      @expected_actions.each do |action|
+        assert @action_namespace.valid_action?(action)
+      end
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the ghpp namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:ghpp]
+      @expected_actions = ['GET','HEAD','PUT','POST']
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:ghpp', @action_namespace.uri
+    end
+    should "have the correct actions" do
+      assert_equal @expected_actions, @action_namespace.action_names
+    end
+    should "return false for an invalid action" do
+      assert_equal false, @action_namespace.valid_action?('invalid-action')
+    end
+  end
+  context "the unix file permissions namespace" do
+    setup do
+      @action_namespace = ActionNamespace.namespaces[:unix]
+    end
+    should "have the correct uri" do
+      assert_equal 'urn:oasis:names:tc:SAML:1.0:action:unix', @action_namespace.uri
+    end
+    should_eventually "have the correct actions" do
+    end
+  end
+end

data/test/action_test.rb ADDED

@@ -0,0 +1,51 @@
+require File.dirname(__FILE__) + '/test_helper'
+class ActionTest < Test::Unit::TestCase
+  context "an action" do
+    setup do
+      @action = Action.new('Read')
+    end
+    should "have the rwedc_negation namespace by default" do
+      assert_equal Action.namespaces[:rwedc_negation], @action.namespace
+    end
+    should "be valid by default" do
+      assert @action.valid?
+    end
+    context "when producing xml" do
+      should "optionally have a namespace" do
+        assert_match(/<saml:Action Namespace="#{@action.namespace}"/, @action.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid Action instance" do
+        action = Action.from_xml('<saml:Action xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Read</saml:Action>')
+        assert_not_nil(action)
+        assert_equal 'Read', action.value
+        assert_equal Action.namespaces[:rwedc_negation], action.namespace
+        assert action.valid?
+      end
+      context "with an action namespace attribute" do
+        should "return a valid Action instance with an action namespace" do
+          action = Action.from_xml(%Q(<saml:Action xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Namespace="#{Action.namespaces[:rwedc]}">Write</saml:Action>))
+          assert_not_nil(action)
+          assert_equal 'Write', action.value
+          assert_equal Action.namespaces[:rwedc], action.namespace
+        end
+      end
+    end
+    context "when validating" do
+      should "raise an error if no value is provided" do
+        assert_raise ValidationError do
+          @action.value = nil
+          @action.validate
+        end
+      end
+      should "raise an error if the value is not in the specified namespace" do
+        assert_raise ValidationError do
+          @action.value = 'PUT'
+          @action.validate
+        end
+      end
+    end
+  end
+end

data/test/advice_test.rb ADDED

@@ -0,0 +1,25 @@
+require File.dirname(__FILE__) + '/test_helper'
+class AdviceTest < Test::Unit::TestCase
+  context "an advice" do
+    setup { @advice = Advice.new }
+    should "have 0 assertions by default" do
+      assert @advice.assertions.empty?
+    end
+    should "be valid if all assertions are valid" do
+      assert @advice.valid?
+    end
+    context "when producing xml" do
+      should "produce an empty advice tag when there are no assertions" do
+        assert_match(/<saml:Advice><\/saml:Advice>/, @advice.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid Advice instance" do
+        advice = Advice.from_xml('<saml:Advice xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"></saml:Advice>')
+        assert_not_nil(advice)
+        assert advice.valid?
+      end
+    end
+  end
+end

data/test/assertion_test.rb ADDED

@@ -0,0 +1,192 @@
+require File.dirname(__FILE__) + '/test_helper'
+class AssertionTest < Test::Unit::TestCase
+  context "an assertion" do
+    setup do
+      @issuer = Identifier::Issuer.new('example')
+      @assertion = Assertion.new(@issuer)
+    end
+    should "require version of 2.0" do
+      assert_equal "2.0", @assertion.version
+    end
+    should "require ID" do
+      assert_not_nil @assertion.id
+    end
+    should "require issue instant" do
+      assert_not_nil @assertion.issue_instant
+    end
+    should "require an issuer" do
+      assert_not_nil @assertion.issuer
+    end
+    context "with only a subject" do
+      setup do
+        @assertion.subject = 'test'
+      end
+      should "be valid" do
+        assert_nothing_raised do
+          @assertion.validate
+        end
+      end
+    end
+    context "with an authentication statement" do
+      setup do
+        @assertion.statements << AuthenticationStatement.new(AuthenticationContext.new)
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+        assert !@assertion.valid?
+      end
+    end
+    context "with an attribute statement" do
+      setup do
+        @assertion.statements << AttributeStatement.new
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+      end
+    end
+    context "with a authorization decision statement" do
+      setup do
+        @assertion.statements << AuthorizationDecisionStatement.new
+      end
+      should "require a subject" do
+        assert_raise ValidationError do
+          @assertion.validate
+        end
+      end
+    end
+    context "when producing xml" do
+      # TODO: implement tests for XML results
+      should "always include version, id and issue instant attributes and an issuer child element" do
+        xml = @assertion.to_xml
+        assert_match(/^<saml:Assertion/, xml)
+        assert_match(/Version="2.0"/, xml)
+        assert_match(/ID="#{uuid_match}"/, xml)
+        assert_match(/IssueInstant="#{date_match}"/, xml)
+        assert_match(/<saml:Issuer/, xml)
+      end
+      should "optionally include a signature" do
+        @assertion.signature = XmlSig::Signature.new
+        xml = @assertion.to_xml
+        assert_match(/<ds:Signature/, xml)
+      end
+      should "optionally include a subject" do
+        @assertion.subject = Subject.new(Identifier::Name.new('The Subject'))
+        xml = @assertion.to_xml
+        assert_match(%Q(<saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">The Subject</saml:NameID></saml:Subject>), xml)
+      end
+      should "optionally include conditions" do
+        @assertion.conditions << Condition.new
+        xml = @assertion.to_xml
+        assert_match(/<saml:Conditions>/, xml)
+      end
+      should "optionally include advice" do
+        uri = 'http://example.com/some_advice'
+        advice = Advice.new
+        advice.assertions << AssertionIDRef.new(UUID.new.generate)
+        advice.assertions << AssertionURIRef.new(uri) # a URI
+        @assertion.advice << advice
+        xml = @assertion.to_xml
+        assert_match(/<saml:Advice><saml:AssertionIDRef>#{uuid_match}<\/saml:AssertionIDRef>/, xml)
+        assert_match(/<saml:AssertionURIRef>#{uri}<\/saml:AssertionURIRef><\/saml:Advice>/, xml)
+      end
+      should "optionally include statements" do
+        @assertion.statements << AuthenticationStatement.new(AuthenticationContext.new)
+        xml = @assertion.to_xml
+        assert_match(/<saml:AuthnStatement AuthnInstant="#{date_match}"/, xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid Assertion instance" do
+        xml_fragment = %Q(
+          <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+            <saml:Issuer>Example</saml:Issuer>
+            <saml:Subject>Anthony</saml:Subject>
+          </saml:Assertion>
+        )
+        assertion = Assertion.from_xml(xml_fragment)
+        assert_not_nil assertion
+        assert_not_nil assertion.issuer
+        assert_equal 'Example', assertion.issuer.value
+        assert_nothing_raised do
+          assertion.validate
+        end
+      end
+      context "where there is no saml:Subject element" do
+        should "raise a validation error" do
+          xml_fragment = %Q(
+            <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
+              <saml:Issuer>Example</saml:Issuer>
+            </saml:Assertion>
+          )
+          assertion = Assertion.from_xml(xml_fragment)
+          assert_raise ValidationError do
+            assertion.validate
+          end
+        end
+      end
+    end
+  end
+  context "an assertion URI ref" do
+    setup do
+      @assertion_uri_ref = AssertionURIRef.new('some_uri')
+    end
+    should "provide a uri accessor" do
+      assert_equal 'some_uri', @assertion_uri_ref.uri
+    end
+    context "when validating" do
+      should "raise an error if no uri is provided" do
+        assert_raise ValidationError do
+          @assertion_uri_ref.uri = nil
+          @assertion_uri_ref.validate
+        end
+      end
+    end
+    context "when producing xml" do
+      should "have the uri as the value" do
+        assert_match(/<saml:AssertionURIRef>some_uri<\/saml:AssertionURIRef>/, @assertion_uri_ref.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid AssertionURIRef instance" do
+        assertion_ref = AssertionURIRef.from_xml('<saml:AssertionURIRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">some_uri</saml:AssertionURIRef>')
+        assert_not_nil assertion_ref
+        assert_equal 'some_uri', assertion_ref.uri
+        assert assertion_ref.valid?
+      end
+    end
+  end
+  context "an assertion ID ref" do
+    setup do
+      @assertion_id_ref = AssertionIDRef.new('some_id')
+    end
+    context "when validating" do
+      should "raise an error if no id is provided" do
+        assert_raise ValidationError do
+          @assertion_id_ref.id = nil
+          @assertion_id_ref.validate
+        end
+      end
+    end
+    context "when producing xml" do
+      should "have an id as the value" do
+        assert_match(/<saml:AssertionIDRef>some_id<\/saml:AssertionIDRef>/, @assertion_id_ref.to_xml)
+      end
+    end
+    context "when consuming xml" do
+      should "return a valid AssertionIDRef instance" do
+        assertion_ref = AssertionIDRef.from_xml('<saml:AssertionIDRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">some_id</saml:AssertionIDRef>')
+        assert_not_nil assertion_ref
+        assert_equal 'some_id', assertion_ref.id
+        assert assertion_ref.valid?
+      end
+    end
+  end
+end