ruby-saml-bm 0.6.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (43) hide show
  1. data/Gemfile +12 -0
  2. data/Gemfile.lock +51 -0
  3. data/LICENSE +19 -0
  4. data/README.md +126 -0
  5. data/Rakefile +41 -0
  6. data/lib/onelogin/ruby-saml-bm/authrequest.rb +79 -0
  7. data/lib/onelogin/ruby-saml-bm/logging.rb +26 -0
  8. data/lib/onelogin/ruby-saml-bm/logoutrequest.rb +80 -0
  9. data/lib/onelogin/ruby-saml-bm/metadata.rb +47 -0
  10. data/lib/onelogin/ruby-saml-bm/response.rb +180 -0
  11. data/lib/onelogin/ruby-saml-bm/settings.rb +18 -0
  12. data/lib/onelogin/ruby-saml-bm/validation_error.rb +7 -0
  13. data/lib/onelogin/ruby-saml-bm/version.rb +5 -0
  14. data/lib/ruby-saml.rb +8 -0
  15. data/lib/schemas/saml20assertion_schema.xsd +283 -0
  16. data/lib/schemas/saml20protocol_schema.xsd +302 -0
  17. data/lib/schemas/xenc_schema.xsd +146 -0
  18. data/lib/schemas/xmldsig_schema.xsd +318 -0
  19. data/lib/xml_security.rb +165 -0
  20. data/ruby-saml-bm.gemspec +29 -0
  21. data/test/certificates/certificate1 +12 -0
  22. data/test/logoutrequest_test.rb +98 -0
  23. data/test/request_test.rb +53 -0
  24. data/test/response_test.rb +219 -0
  25. data/test/responses/adfs_response_sha1.xml +46 -0
  26. data/test/responses/adfs_response_sha256.xml +46 -0
  27. data/test/responses/adfs_response_sha384.xml +46 -0
  28. data/test/responses/adfs_response_sha512.xml +46 -0
  29. data/test/responses/no_signature_ns.xml +48 -0
  30. data/test/responses/open_saml_response.xml +56 -0
  31. data/test/responses/response1.xml.base64 +1 -0
  32. data/test/responses/response2.xml.base64 +79 -0
  33. data/test/responses/response3.xml.base64 +66 -0
  34. data/test/responses/response4.xml.base64 +93 -0
  35. data/test/responses/response5.xml.base64 +102 -0
  36. data/test/responses/response_with_ampersands.xml +139 -0
  37. data/test/responses/response_with_ampersands.xml.base64 +93 -0
  38. data/test/responses/simple_saml_php.xml +71 -0
  39. data/test/responses/wrapped_response_2.xml.base64 +150 -0
  40. data/test/settings_test.rb +43 -0
  41. data/test/test_helper.rb +66 -0
  42. data/test/xml_security_test.rb +123 -0
  43. metadata +165 -0
@@ -0,0 +1,150 @@
1
+ 77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4NCjxzYW1s
2
+ cDpSZXNwb25zZSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6
3
+ Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN
4
+ TDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzI2NTAyNGI0NjAyZmM2OGMwMTQ1YzZlOWM1
5
+ NzFkOGY2MjE5ZTZjZmVlMCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIw
6
+ MTEtMDYtMTNUMTY6MDI6MjVaIiBEZXN0aW5hdGlvbj0iaHR0cDovL2xvY2FsaG9z
7
+ dC9waHAtc2FtbC1maXhlZC9jb25zdW1lLnBocCIgSW5SZXNwb25zZVRvPSJfMzI0
8
+ NDJhOGMzZDFiYThlYTEzNmMiPg0KICA8c2FtbDpJc3N1ZXI+aHR0cHM6Ly9pZHAv
9
+ c2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj4N
10
+ CiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0i
11
+ dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPg0K
12
+ ICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0i
13
+ aHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5z
14
+ OnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9Il82M2Iw
15
+ YWVhZWMyYmJiNDU4ZjcxMTUzZjIxODBjNzJjNDM5MzFkM2M5MjAiIFZlcnNpb249
16
+ IjIuMCIgSXNzdWVJbnN0YW50PSIyMDExLTA2LTEzVDE2OjAyOjI1WiI+DQogICAg
17
+ PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21l
18
+ dGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+DQogICAgPHNhbWw6U3ViamVjdD4NCiAg
19
+ ICAgIDxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9InBocC1zYW1sLWZpeGVk
20
+ IiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9y
21
+ bWF0OmVtYWlsQWRkcmVzcyI+cm9vdEBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+
22
+ DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9h
23
+ c2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1s
24
+ OlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMS0wNi0x
25
+ M1QxNjowNzoyNVoiIFJlY2lwaWVudD0iaHR0cDovL2xvY2FsaG9zdC9waHAtc2Ft
26
+ bC1maXhlZC9jb25zdW1lLnBocCIgSW5SZXNwb25zZVRvPSJfMzI0NDJhOGMzZDFi
27
+ YThlYTEzNmMiIC8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4N
28
+ CiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJl
29
+ Zm9yZT0iMjAxMS0wNi0xM1QxNjowMTo1NVoiIE5vdE9uT3JBZnRlcj0iMjAxMS0w
30
+ Ni0xM1QxNjowNzoyNVoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlv
31
+ bj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+cGhwLXNhbWwtZml4ZWQ8L3NhbWw6
32
+ QXVkaWVuY2U+DQogICAgICA8L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAg
33
+ ICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBB
34
+ dXRobkluc3RhbnQ9IjIwMTEtMDYtMTNUMTI6NDc6MzNaIiBTZXNzaW9uTm90T25P
35
+ ckFmdGVyPSIyMDExLTA2LTE0VDAwOjAyOjI1WiIgU2Vzc2lvbkluZGV4PSJfNTk5
36
+ NGFjYjUyODc4MTc4ZjAyYjY2ZTY5M2RlYmUzNDA3MjU3OTZjZDJjIj4NCiAgICAg
37
+ IDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0
38
+ Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6
39
+ UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3Nh
40
+ bWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAg
41
+ PC9zYW1sOkFzc2VydGlvbj4NCiAgPG1kOkVudGl0eURlc2NyaXB0b3IgeG1sbnM6
42
+ bWQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDptZXRhZGF0YSIgeG1sbnM6
43
+ ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIGVudGl0eUlE
44
+ PSJodHRwczovL2lkcC9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHAi
45
+ IElEPSJwZng4YjhmZTFkMC0wZjhmLTJlMDAtYTAwOC1iOThiYmM1ZGExZDAiPg0K
46
+ ICAgIDxkczpTaWduYXR1cmU+DQogICAgICA8ZHM6U2lnbmVkSW5mbz4NCiAgICAg
47
+ ICAgPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v
48
+ d3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+DQogICAgICAgIDxk
49
+ czpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y
50
+ MDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiIC8+DQogICAgICAgIDxkczpSZWZlcmVu
51
+ Y2UgVVJJPSIjcGZ4OGI4ZmUxZDAtMGY4Zi0yZTAwLWEwMDgtYjk4YmJjNWRhMWQw
52
+ Ij4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpU
53
+ cmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht
54
+ bGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz4NCiAgICAgICAgICAgIDxkczpU
55
+ cmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3ht
56
+ bC1leGMtYzE0biMiIC8+DQogICAgICAgICAgPC9kczpUcmFuc2Zvcm1zPg0KICAg
57
+ ICAgICAgIDxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3Lncz
58
+ Lm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4NCiAgICAgICAgICA8ZHM6RGln
59
+ ZXN0VmFsdWU+NVVmdy9lUlMwVHpIbC9vc2pMVCtJOGxlUDZVPTwvZHM6RGlnZXN0
60
+ VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWdu
61
+ ZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPkM0OFpLQ2FwQVdsNHBx
62
+ WlM1ZFhMTmVmdjZSYS9hMXZGSDlGWDZsd3c3RS94VmxtZXFTbHh1WGEra0JicE4r
63
+ RWFzWmJaMGE4blYxTE1oNGN5TER2ajVnVURyYkhvMG1aOVNhRDBZaFhxcnBQY21H
64
+ djVmSGZxZFRtRTVJUUs2MjQ0UkFPdk05MklyYU0vU0hRQ0dROE1hdkhTNSs4Nm11
65
+ MGdkbjVuNWJrcUU1ND08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktl
66
+ eUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUw
67
+ OUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtp
68
+ Rzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBG
69
+ dVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFR
70
+ S0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04
71
+ eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpB
72
+ ZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFz
73
+ d0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhK
74
+ bk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RB
75
+ V0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFF
76
+ SkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFF
77
+ QkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9s
78
+ aXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJ
79
+ ZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNm
80
+ Q0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJ
81
+ REFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVv
82
+ V1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtG
83
+ RGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRV
84
+ dnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhv
85
+ cGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+DQogICAgICAgIDwvZHM6WDUw
86
+ OURhdGE+DQogICAgICA8L2RzOktleUluZm8+DQogICAgPC9kczpTaWduYXR1cmU+
87
+ DQogICAgPG1kOklEUFNTT0Rlc2NyaXB0b3IgcHJvdG9jb2xTdXBwb3J0RW51bWVy
88
+ YXRpb249InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+DQog
89
+ ICAgICA8bWQ6S2V5RGVzY3JpcHRvciB1c2U9InNpZ25pbmciPg0KICAgICAgICA8
90
+ ZHM6S2V5SW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94
91
+ bWxkc2lnIyI+DQogICAgICAgICAgPGRzOlg1MDlEYXRhPg0KICAgICAgICAgICAg
92
+ PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFO
93
+ QmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05W
94
+ QkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3
95
+ RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXho
96
+ Ym1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYw
97
+ ZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZh
98
+ TUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJU
99
+ YjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVG
100
+ VkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FH
101
+ U0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FH
102
+ U0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBR
103
+ ZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIx
104
+ NjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQ
105
+ NXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1
106
+ VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2Jx
107
+ WStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2
108
+ M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11
109
+ bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdS
110
+ K1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICAg
111
+ IDwvZHM6WDUwOURhdGE+DQogICAgICAgIDwvZHM6S2V5SW5mbz4NCiAgICAgIDwv
112
+ bWQ6S2V5RGVzY3JpcHRvcj4NCiAgICAgIDxtZDpLZXlEZXNjcmlwdG9yIHVzZT0i
113
+ ZW5jcnlwdGlvbiI+DQogICAgICAgIDxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRw
114
+ Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgICAgICA8ZHM6
115
+ WDUwOURhdGE+DQogICAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNn
116
+ VENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxN
117
+ QWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnla
118
+ ekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dG
119
+ Z1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJD
120
+ UUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhN
121
+ elZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlN
122
+ QllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3Tkdi
123
+ Mjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxM
124
+ bVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFi
125
+ bWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0Jn
126
+ UURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwz
127
+ K3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBs
128
+ QWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJv
129
+ MDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNE
130
+ UUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandP
131
+ c2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29u
132
+ eWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhU
133
+ eXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5
134
+ Q2VydGlmaWNhdGU+DQogICAgICAgICAgPC9kczpYNTA5RGF0YT4NCiAgICAgICAg
135
+ PC9kczpLZXlJbmZvPg0KICAgICAgPC9tZDpLZXlEZXNjcmlwdG9yPg0KICAgICAg
136
+ PG1kOlNpbmdsZUxvZ291dFNlcnZpY2UgQmluZGluZz0idXJuOm9hc2lzOm5hbWVz
137
+ OnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUmVkaXJlY3QiIExvY2F0aW9uPSJo
138
+ dHRwczovL2lkcC9zaW1wbGVzYW1sL3NhbWwyL2lkcC9TaW5nbGVMb2dvdXRTZXJ2
139
+ aWNlLnBocCIgLz4NCiAgICAgIDxtZDpOYW1lSURGb3JtYXQ+dXJuOm9hc2lzOm5h
140
+ bWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50PC9tZDpOYW1l
141
+ SURGb3JtYXQ+DQogICAgICA8bWQ6U2luZ2xlU2lnbk9uU2VydmljZSBCaW5kaW5n
142
+ PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1SZWRp
143
+ cmVjdCIgTG9jYXRpb249Imh0dHBzOi8vaWRwL3NpbXBsZXNhbWwvc2FtbDIvaWRw
144
+ L1NTT1NlcnZpY2UucGhwIiAvPg0KICAgIDwvbWQ6SURQU1NPRGVzY3JpcHRvcj4N
145
+ CiAgICA8bWQ6Q29udGFjdFBlcnNvbiBjb250YWN0VHlwZT0idGVjaG5pY2FsIj4N
146
+ CiAgICAgIDxtZDpHaXZlbk5hbWU+QW5kcmVhczwvbWQ6R2l2ZW5OYW1lPg0KICAg
147
+ ICAgPG1kOlN1ck5hbWU+TWF5ZXI8L21kOlN1ck5hbWU+DQogICAgICA8bWQ6RW1h
148
+ aWxBZGRyZXNzPmFuZHJlYXMubWF5ZXJAd3VlcnRoLmNvbTwvbWQ6RW1haWxBZGRy
149
+ ZXNzPg0KICAgIDwvbWQ6Q29udGFjdFBlcnNvbj4NCiAgPC9tZDpFbnRpdHlEZXNj
150
+ cmlwdG9yPg0KPC9zYW1scDpSZXNwb25zZT4=
@@ -0,0 +1,43 @@
1
+ require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
2
+
3
+ class SettingsTest < Test::Unit::TestCase
4
+
5
+ context "Settings" do
6
+ setup do
7
+ @settings = Onelogin::Saml::Settings.new
8
+ end
9
+ should "should provide getters and settings" do
10
+ accessors = [
11
+ :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
12
+ :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format,
13
+ :idp_slo_target_url, :name_identifier_value, :sessionindex
14
+ ]
15
+
16
+ accessors.each do |accessor|
17
+ value = Kernel.rand
18
+ @settings.send("#{accessor}=".to_sym, value)
19
+ assert_equal value, @settings.send(accessor)
20
+ end
21
+ end
22
+
23
+ should "create settings from hash" do
24
+
25
+ config = {
26
+ :assertion_consumer_service_url => "http://app.muda.no/sso",
27
+ :issuer => "http://muda.no",
28
+ :sp_name_qualifier => "http://sso.muda.no",
29
+ :idp_sso_target_url => "http://sso.muda.no/sso",
30
+ :idp_slo_target_url => "http://sso.muda.no/slo",
31
+ :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
32
+ :name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
33
+ }
34
+ @settings = Onelogin::Saml::Settings.new(config)
35
+
36
+ config.each do |k,v|
37
+ assert_equal v, @settings.send(k)
38
+ end
39
+ end
40
+
41
+ end
42
+
43
+ end
@@ -0,0 +1,66 @@
1
+ require 'rubygems'
2
+ require 'test/unit'
3
+ require 'shoulda'
4
+ require 'mocha/setup'
5
+ require 'ruby-debug'
6
+
7
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
8
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
9
+ require 'ruby-saml-bm'
10
+
11
+ ENV["ruby-saml-bm/testing"] = "1"
12
+
13
+ class Test::Unit::TestCase
14
+ def fixture(document, base64 = true)
15
+ response = Dir.glob(File.join(File.dirname(__FILE__), "responses", "#{document}*")).first
16
+ if base64 && response =~ /\.xml$/
17
+ Base64.encode64(File.read(response))
18
+ else
19
+ File.read(response)
20
+ end
21
+ end
22
+
23
+ def response_document
24
+ @response_document ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response1.xml.base64'))
25
+ end
26
+
27
+ def response_document_2
28
+ @response_document2 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response2.xml.base64'))
29
+ end
30
+
31
+ def response_document_3
32
+ @response_document3 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response3.xml.base64'))
33
+ end
34
+
35
+ def response_document_4
36
+ @response_document4 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response4.xml.base64'))
37
+ end
38
+
39
+ def response_document_5
40
+ @response_document5 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response5.xml.base64'))
41
+ end
42
+
43
+ def ampersands_response
44
+ @ampersands_resposne ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response_with_ampersands.xml.base64'))
45
+ end
46
+
47
+ def response_document_6
48
+ doc = Base64.decode64(response_document)
49
+ doc.gsub!(/NotBefore=\"(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z\"/, "NotBefore=\"#{(Time.now-300).getutc.strftime("%Y-%m-%dT%XZ")}\"")
50
+ doc.gsub!(/NotOnOrAfter=\"(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z\"/, "NotOnOrAfter=\"#{(Time.now+300).getutc.strftime("%Y-%m-%dT%XZ")}\"")
51
+ Base64.encode64(doc)
52
+ end
53
+
54
+ def wrapped_response_2
55
+ @wrapped_response_2 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'wrapped_response_2.xml.base64'))
56
+ end
57
+
58
+ def signature_fingerprint_1
59
+ @signature_fingerprint1 ||= "C5:19:85:D9:47:F1:BE:57:08:20:25:05:08:46:EB:27:F6:CA:B7:83"
60
+ end
61
+
62
+ def signature_1
63
+ @signature1 ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'certificate1'))
64
+ end
65
+
66
+ end
@@ -0,0 +1,123 @@
1
+ require 'test_helper'
2
+ require 'xml_security'
3
+
4
+ class XmlSecurityTest < Test::Unit::TestCase
5
+ include XMLSecurity
6
+
7
+ context "XmlSecurity" do
8
+ setup do
9
+ @document = XMLSecurity::SignedDocument.new(Base64.decode64(response_document))
10
+ @base64cert = @document.elements["//ds:X509Certificate"].text
11
+ end
12
+
13
+ should "should run validate without throwing NS related exceptions" do
14
+ assert !@document.validate_doc(@base64cert, true)
15
+ end
16
+
17
+ should "should run validate with throwing NS related exceptions" do
18
+ assert_raise(Onelogin::Saml::ValidationError) do
19
+ @document.validate_doc(@base64cert, false)
20
+ end
21
+ end
22
+
23
+ should "not raise an error when softly validating the document multiple times" do
24
+ assert_nothing_raised do
25
+ 2.times { @document.validate_doc(@base64cert, true) }
26
+ end
27
+ end
28
+
29
+ should "should raise Fingerprint mismatch" do
30
+ exception = assert_raise(Onelogin::Saml::ValidationError) do
31
+ @document.validate("no:fi:ng:er:pr:in:t", false)
32
+ end
33
+ assert_equal("Fingerprint mismatch", exception.message)
34
+ end
35
+
36
+ should "should raise Digest mismatch" do
37
+ exception = assert_raise(Onelogin::Saml::ValidationError) do
38
+ @document.validate_doc(@base64cert, false)
39
+ end
40
+ assert_equal("Digest mismatch", exception.message)
41
+ end
42
+
43
+ should "should raise Key validation error" do
44
+ response = Base64.decode64(response_document)
45
+ response.sub!("<ds:DigestValue>pJQ7MS/ek4KRRWGmv/H43ReHYMs=</ds:DigestValue>",
46
+ "<ds:DigestValue>b9xsAXLsynugg3Wc1CI3kpWku+0=</ds:DigestValue>")
47
+ document = XMLSecurity::SignedDocument.new(response)
48
+ base64cert = document.elements["//ds:X509Certificate"].text
49
+ exception = assert_raise(Onelogin::Saml::ValidationError) do
50
+ document.validate_doc(base64cert, false)
51
+ end
52
+ assert_equal("Key validation error", exception.message)
53
+ end
54
+ end
55
+
56
+ context "Algorithms" do
57
+ should "validate using SHA1" do
58
+ @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
59
+ assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
60
+ end
61
+
62
+ should "validate using SHA256" do
63
+ @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
64
+ assert @document.validate("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA")
65
+ end
66
+
67
+ should "validate using SHA384" do
68
+ @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
69
+ assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
70
+ end
71
+
72
+ should "validate using SHA512" do
73
+ @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
74
+ assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
75
+ end
76
+ end
77
+
78
+ context "XmlSecurity::SignedDocument" do
79
+
80
+ context "#extract_inclusive_namespaces" do
81
+ should "support explicit namespace resolution for exclusive canonicalization" do
82
+ response = fixture(:open_saml_response, false)
83
+ document = XMLSecurity::SignedDocument.new(response)
84
+ inclusive_namespaces = document.send(:extract_inclusive_namespaces)
85
+
86
+ assert_equal %w[ xs ], inclusive_namespaces
87
+ end
88
+
89
+ should "support implicit namespace resolution for exclusive canonicalization" do
90
+ response = fixture(:no_signature_ns, false)
91
+ document = XMLSecurity::SignedDocument.new(response)
92
+ inclusive_namespaces = document.send(:extract_inclusive_namespaces)
93
+
94
+ assert_equal %w[ #default saml ds xs xsi ], inclusive_namespaces
95
+ end
96
+
97
+ should_eventually 'support inclusive canonicalization' do
98
+
99
+ response = Onelogin::Saml::Response.new(fixture("tdnf_response.xml"))
100
+ response.stubs(:conditions).returns(nil)
101
+ assert !response.is_valid?
102
+ settings = Onelogin::Saml::Settings.new
103
+ assert !response.is_valid?
104
+ response.settings = settings
105
+ assert !response.is_valid?
106
+ settings.idp_cert_fingerprint = "e6 38 9a 20 b7 4f 13 db 6a bc b1 42 6a e7 52 1d d6 56 d4 1b".upcase.gsub(" ", ":")
107
+ assert response.validate!
108
+ end
109
+
110
+ should "return an empty list when inclusive namespace element is missing" do
111
+ response = fixture(:no_signature_ns, false)
112
+ response.slice! %r{<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default saml ds xs xsi"/>}
113
+
114
+ document = XMLSecurity::SignedDocument.new(response)
115
+ inclusive_namespaces = document.send(:extract_inclusive_namespaces)
116
+
117
+ assert inclusive_namespaces.empty?
118
+ end
119
+ end
120
+
121
+ end
122
+
123
+ end
metadata ADDED
@@ -0,0 +1,165 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ruby-saml-bm
3
+ version: !ruby/object:Gem::Version
4
+ prerelease:
5
+ version: 0.6.1
6
+ platform: ruby
7
+ authors:
8
+ - WDS development
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-11-30 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: canonix
16
+ version_requirements: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - '='
19
+ - !ruby/object:Gem::Version
20
+ version: 0.1.1
21
+ none: false
22
+ requirement: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - '='
25
+ - !ruby/object:Gem::Version
26
+ version: 0.1.1
27
+ none: false
28
+ prerelease: false
29
+ type: :runtime
30
+ - !ruby/object:Gem::Dependency
31
+ name: uuid
32
+ version_requirements: !ruby/object:Gem::Requirement
33
+ requirements:
34
+ - - ~>
35
+ - !ruby/object:Gem::Version
36
+ version: '2.3'
37
+ none: false
38
+ requirement: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - ~>
41
+ - !ruby/object:Gem::Version
42
+ version: '2.3'
43
+ none: false
44
+ prerelease: false
45
+ type: :runtime
46
+ - !ruby/object:Gem::Dependency
47
+ name: nokogiri
48
+ version_requirements: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - ! '>='
51
+ - !ruby/object:Gem::Version
52
+ version: !binary |-
53
+ MA==
54
+ none: false
55
+ requirement: !ruby/object:Gem::Requirement
56
+ requirements:
57
+ - - ! '>='
58
+ - !ruby/object:Gem::Version
59
+ version: !binary |-
60
+ MA==
61
+ none: false
62
+ prerelease: false
63
+ type: :runtime
64
+ description: SAML toolkit for Ruby on Rails adapted to work with ADFS server
65
+ email: support@onelogin.com
66
+ executables: []
67
+ extensions: []
68
+ extra_rdoc_files:
69
+ - LICENSE
70
+ - README.md
71
+ files:
72
+ - Gemfile
73
+ - Gemfile.lock
74
+ - LICENSE
75
+ - README.md
76
+ - Rakefile
77
+ - lib/onelogin/ruby-saml-bm/authrequest.rb
78
+ - lib/onelogin/ruby-saml-bm/logging.rb
79
+ - lib/onelogin/ruby-saml-bm/logoutrequest.rb
80
+ - lib/onelogin/ruby-saml-bm/metadata.rb
81
+ - lib/onelogin/ruby-saml-bm/response.rb
82
+ - lib/onelogin/ruby-saml-bm/settings.rb
83
+ - lib/onelogin/ruby-saml-bm/validation_error.rb
84
+ - lib/onelogin/ruby-saml-bm/version.rb
85
+ - lib/ruby-saml.rb
86
+ - lib/schemas/saml20assertion_schema.xsd
87
+ - lib/schemas/saml20protocol_schema.xsd
88
+ - lib/schemas/xenc_schema.xsd
89
+ - lib/schemas/xmldsig_schema.xsd
90
+ - lib/xml_security.rb
91
+ - ruby-saml-bm-0.6.1.gem
92
+ - ruby-saml-bm.gemspec
93
+ - test/certificates/certificate1
94
+ - test/logoutrequest_test.rb
95
+ - test/request_test.rb
96
+ - test/response_test.rb
97
+ - test/responses/adfs_response_sha1.xml
98
+ - test/responses/adfs_response_sha256.xml
99
+ - test/responses/adfs_response_sha384.xml
100
+ - test/responses/adfs_response_sha512.xml
101
+ - test/responses/no_signature_ns.xml
102
+ - test/responses/open_saml_response.xml
103
+ - test/responses/response1.xml.base64
104
+ - test/responses/response2.xml.base64
105
+ - test/responses/response3.xml.base64
106
+ - test/responses/response4.xml.base64
107
+ - test/responses/response5.xml.base64
108
+ - test/responses/response_with_ampersands.xml
109
+ - test/responses/response_with_ampersands.xml.base64
110
+ - test/responses/simple_saml_php.xml
111
+ - test/responses/wrapped_response_2.xml.base64
112
+ - test/settings_test.rb
113
+ - test/test_helper.rb
114
+ - test/xml_security_test.rb
115
+ homepage: http://github.com/onelogin/ruby-saml-bm
116
+ licenses: []
117
+ post_install_message:
118
+ rdoc_options:
119
+ - --charset=UTF-8
120
+ require_paths:
121
+ - lib
122
+ required_ruby_version: !ruby/object:Gem::Requirement
123
+ requirements:
124
+ - - ! '>='
125
+ - !ruby/object:Gem::Version
126
+ version: !binary |-
127
+ MA==
128
+ none: false
129
+ required_rubygems_version: !ruby/object:Gem::Requirement
130
+ requirements:
131
+ - - ! '>='
132
+ - !ruby/object:Gem::Version
133
+ version: !binary |-
134
+ MA==
135
+ none: false
136
+ requirements: []
137
+ rubyforge_project: http://www.rubygems.org/gems/ruby-saml-bm
138
+ rubygems_version: 1.8.24
139
+ signing_key:
140
+ specification_version: 3
141
+ summary: SAML Ruby Tookit
142
+ test_files:
143
+ - test/certificates/certificate1
144
+ - test/logoutrequest_test.rb
145
+ - test/request_test.rb
146
+ - test/response_test.rb
147
+ - test/responses/adfs_response_sha1.xml
148
+ - test/responses/adfs_response_sha256.xml
149
+ - test/responses/adfs_response_sha384.xml
150
+ - test/responses/adfs_response_sha512.xml
151
+ - test/responses/no_signature_ns.xml
152
+ - test/responses/open_saml_response.xml
153
+ - test/responses/response1.xml.base64
154
+ - test/responses/response2.xml.base64
155
+ - test/responses/response3.xml.base64
156
+ - test/responses/response4.xml.base64
157
+ - test/responses/response5.xml.base64
158
+ - test/responses/response_with_ampersands.xml
159
+ - test/responses/response_with_ampersands.xml.base64
160
+ - test/responses/simple_saml_php.xml
161
+ - test/responses/wrapped_response_2.xml.base64
162
+ - test/settings_test.rb
163
+ - test/test_helper.rb
164
+ - test/xml_security_test.rb
165
+ has_rdoc: