ruby-saml 0.0.5

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

data/.document ADDED
@@ -0,0 +1,5 @@
1
+ README.rdoc
2
+ lib/**/*.rb
3
+ bin/*
4
+ features/**/*.feature
5
+ LICENSE
data/.gitignore ADDED
@@ -0,0 +1,5 @@
1
+ *.sw?
2
+ .DS_Store
3
+ coverage
4
+ rdoc
5
+ pkg
data/LICENSE ADDED
@@ -0,0 +1,19 @@
1
+ Copyright (c) 2010 OneLogin, LLC
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ of this software and associated documentation files (the "Software"), to deal
5
+ in the Software without restriction, including without limitation the rights
6
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ copies of the Software, and to permit persons to whom the Software is
8
+ furnished to do so, subject to the following conditions:
9
+
10
+ The above copyright notice and this permission notice shall be included in
11
+ all copies or substantial portions of the Software.
12
+
13
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ THE SOFTWARE.
data/README.rdoc ADDED
@@ -0,0 +1,15 @@
1
+ = ruby-saml
2
+
3
+ * To build the gem run rake build
4
+ * To install the gem run sudo gem install pkg/ruby-saml-x.x.x.gem
5
+
6
+ == Note on Patches/Pull Requests
7
+
8
+ * Fork the project.
9
+ * Make your feature addition or bug fix.
10
+ * Add tests for it. This is important so I don't break it in a
11
+ future version unintentionally.
12
+ * Commit, do not mess with rakefile, version, or history.
13
+ (if you want to have your own version, that is fine but
14
+ bump version in a commit by itself I can ignore when I pull)
15
+ * Send me a pull request. Bonus points for topic branches.
data/Rakefile ADDED
@@ -0,0 +1,58 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+
4
+ begin
5
+ require 'jeweler'
6
+ Jeweler::Tasks.new do |gem|
7
+ gem.name = "ruby-saml"
8
+ gem.summary = %Q{SAML Ruby Tookit}
9
+ gem.description = %Q{SAML toolkit for Ruby on Rails}
10
+ gem.email = "support@onelogin.com"
11
+ gem.homepage = "http://github.com/onelogin/ruby-saml"
12
+ gem.authors = ["OneLogin LLC"]
13
+ gem.add_dependency("XMLCanonicalizer",">= 1.0.1")
14
+ #gem.add_development_dependency "thoughtbot-shoulda"
15
+ #gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
16
+ end
17
+ rescue LoadError
18
+ puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
19
+ end
20
+
21
+ #not being used yet.
22
+ require 'rake/testtask'
23
+ Rake::TestTask.new(:test) do |test|
24
+ test.libs << 'lib' << 'test'
25
+ test.pattern = 'test/**/*_test.rb'
26
+ test.verbose = true
27
+ end
28
+
29
+ begin
30
+ require 'rcov/rcovtask'
31
+ Rcov::RcovTask.new do |test|
32
+ test.libs << 'test'
33
+ test.pattern = 'test/**/*_test.rb'
34
+ test.verbose = true
35
+ end
36
+ rescue LoadError
37
+ task :rcov do
38
+ abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
39
+ end
40
+ end
41
+
42
+ task :test => :check_dependencies
43
+
44
+ task :default => :test
45
+
46
+ # require 'rake/rdoctask'
47
+ # Rake::RDocTask.new do |rdoc|
48
+ # if File.exist?('VERSION')
49
+ # version = File.read('VERSION')
50
+ # else
51
+ # version = ""
52
+ # end
53
+
54
+ # rdoc.rdoc_dir = 'rdoc'
55
+ # rdoc.title = "ruby-saml #{version}"
56
+ # rdoc.rdoc_files.include('README*')
57
+ # rdoc.rdoc_files.include('lib/**/*.rb')
58
+ #end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.0.4
@@ -0,0 +1 @@
1
+ require 'onelogin/saml'
@@ -0,0 +1,35 @@
1
+ require "base64"
2
+ require "uuid"
3
+
4
+ module Onelogin::Saml
5
+ class Authrequest
6
+ def create(settings)
7
+ id = Onelogin::Saml::Authrequest.generateUniqueID(42)
8
+ issue_instant = Onelogin::Saml::Authrequest.getTimestamp
9
+
10
+ request =
11
+ "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{id}\" Version=\"2.0\" IssueInstant=\"#{issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
12
+ "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
13
+ "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
14
+ "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
15
+ "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
16
+ "</samlp:AuthnRequest>"
17
+
18
+ deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
19
+ base64_request = Base64.encode64(deflated_request)
20
+ encoded_request = CGI.escape(base64_request)
21
+
22
+ settings.idp_sso_target_url + "?SAMLRequest=" + encoded_request
23
+ end
24
+
25
+ private
26
+
27
+ def self.generateUniqueID(length)
28
+ UUID.new.generate
29
+ end
30
+
31
+ def self.getTimestamp
32
+ Time.new().strftime("%Y-%m-%dT%H:%M:%SZ")
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,29 @@
1
+ require "rexml/document"
2
+ require "xml_sec"
3
+
4
+ module Onelogin::Saml
5
+ class Response
6
+ def initialize(response)
7
+ @response = response
8
+ @document = XMLSecurity::SignedDocument.new(Base64.decode64(@response))
9
+ end
10
+
11
+ def logger=(val)
12
+ @logger = val
13
+ end
14
+
15
+ def settings=(_settings)
16
+ @settings = _settings
17
+ end
18
+
19
+ def is_valid?
20
+ unless @response.blank?
21
+ @document.validate(@settings.idp_cert_fingerprint, @logger) unless !@settings.idp_cert_fingerprint
22
+ end
23
+ end
24
+
25
+ def name_id
26
+ @document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"].text
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,45 @@
1
+ module Onelogin::Saml
2
+ class Settings
3
+ def assertion_consumer_service_url
4
+ @assertion_consumer_service_url
5
+ end
6
+ def assertion_consumer_service_url=(val)
7
+ @assertion_consumer_service_url = val
8
+ end
9
+
10
+ def issuer
11
+ @issuer
12
+ end
13
+ def issuer=(val)
14
+ @issuer = val
15
+ end
16
+
17
+ def sp_name_qualifier
18
+ @sp_name_qualifier
19
+ end
20
+ def sp_name_qualifier=(val)
21
+ @sp_name_qualifier = val
22
+ end
23
+
24
+ def idp_sso_target_url
25
+ @idp_sso_target_url
26
+ end
27
+ def idp_sso_target_url=(val)
28
+ @idp_sso_target_url = val
29
+ end
30
+
31
+ def idp_cert_fingerprint
32
+ @idp_cert_fingerprint
33
+ end
34
+ def idp_cert_fingerprint=(val)
35
+ @idp_cert_fingerprint = val
36
+ end
37
+
38
+ def name_identifier_format
39
+ @name_identifier_format
40
+ end
41
+ def name_identifier_format=(val)
42
+ @name_identifier_format = val
43
+ end
44
+ end
45
+ end
data/lib/ruby-saml.rb ADDED
@@ -0,0 +1,5 @@
1
+ module Onelogin
2
+ end
3
+
4
+ require 'onelogin/saml'
5
+
data/lib/xml_sec.rb ADDED
@@ -0,0 +1,91 @@
1
+ # The contents of this file are subject to the terms
2
+ # of the Common Development and Distribution License
3
+ # (the License). You may not use this file except in
4
+ # compliance with the License.
5
+ #
6
+ # You can obtain a copy of the License at
7
+ # https://opensso.dev.java.net/public/CDDLv1.0.html or
8
+ # opensso/legal/CDDLv1.0.txt
9
+ # See the License for the specific language governing
10
+ # permission and limitations under the License.
11
+ #
12
+ # When distributing Covered Code, include this CDDL
13
+ # Header Notice in each file and include the License file
14
+ # at opensso/legal/CDDLv1.0.txt.
15
+ # If applicable, add the following below the CDDL Header,
16
+ # with the fields enclosed by brackets [] replaced by
17
+ # your own identifying information:
18
+ # "Portions Copyrighted [year] [name of copyright owner]"
19
+ #
20
+ # $Id: xml_sec.rb,v 1.6 2007/10/24 00:28:41 todddd Exp $
21
+ #
22
+ # Copyright 2007 Sun Microsystems Inc. All Rights Reserved
23
+ # Portions Copyrighted 2007 Todd W Saxton.
24
+
25
+ require 'rubygems'
26
+ require "rexml/document"
27
+ require "rexml/xpath"
28
+ require "openssl"
29
+ require "xmlcanonicalizer"
30
+ require "digest/sha1"
31
+
32
+ module XMLSecurity
33
+
34
+ class SignedDocument < REXML::Document
35
+
36
+ def validate (idp_cert_fingerprint, logger = nil)
37
+ # get cert from response
38
+ base64_cert = self.elements["//ds:X509Certificate"].text
39
+ cert_text = Base64.decode64(base64_cert)
40
+ cert = OpenSSL::X509::Certificate.new(cert_text)
41
+
42
+ # check cert matches registered idp cert
43
+ fingerprint = Digest::SHA1.hexdigest(cert.to_der)
44
+ valid_flag = fingerprint == idp_cert_fingerprint.gsub(":", "").downcase
45
+
46
+ return valid_flag if !valid_flag
47
+
48
+ validate_doc(base64_cert, logger)
49
+ end
50
+
51
+ def validate_doc(base64_cert, logger)
52
+ # validate references
53
+
54
+ # remove signature node
55
+ sig_element = XPath.first(self, "//ds:Signature", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"})
56
+ sig_element.remove
57
+
58
+ #check digests
59
+ XPath.each(sig_element, "//ds:Reference", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"}) do | ref |
60
+
61
+ uri = ref.attributes.get_attribute("URI").value
62
+ hashed_element = XPath.first(self, "//[@ID='#{uri[1,uri.size]}']")
63
+ canoner = XML::Util::XmlCanonicalizer.new(false, true)
64
+ canon_hashed_element = canoner.canonicalize(hashed_element)
65
+ hash = Base64.encode64(Digest::SHA1.digest(canon_hashed_element)).chomp
66
+ digest_value = XPath.first(ref, "//ds:DigestValue", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"}).text
67
+
68
+ valid_flag = hash == digest_value
69
+
70
+ return valid_flag if !valid_flag
71
+ end
72
+
73
+ # verify signature
74
+ canoner = XML::Util::XmlCanonicalizer.new(false, true)
75
+ signed_info_element = XPath.first(sig_element, "//ds:SignedInfo", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"})
76
+ canon_string = canoner.canonicalize(signed_info_element)
77
+
78
+ base64_signature = XPath.first(sig_element, "//ds:SignatureValue", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"}).text
79
+ signature = Base64.decode64(base64_signature)
80
+
81
+ # get certificate object
82
+ cert_text = Base64.decode64(base64_cert)
83
+ cert = OpenSSL::X509::Certificate.new(cert_text)
84
+
85
+ valid_flag = cert.public_key.verify(OpenSSL::Digest::SHA1.new, signature, canon_string)
86
+
87
+ return valid_flag
88
+ end
89
+
90
+ end
91
+ end
data/ruby-saml.gemspec ADDED
@@ -0,0 +1,58 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{ruby-saml}
8
+ s.version = "0.0.5"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["OneLogin LLC"]
12
+ s.date = %q{2010-08-10}
13
+ s.description = %q{SAML toolkit for Ruby on Rails}
14
+ s.email = %q{support@onelogin.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".document",
21
+ ".gitignore",
22
+ "LICENSE",
23
+ "README.rdoc",
24
+ "Rakefile",
25
+ "VERSION",
26
+ "lib/onelogin/saml.rb",
27
+ "lib/onelogin/saml/authrequest.rb",
28
+ "lib/onelogin/saml/response.rb",
29
+ "lib/onelogin/saml/settings.rb",
30
+ "lib/ruby-saml.rb",
31
+ "lib/xml_sec.rb",
32
+ "ruby-saml.gemspec",
33
+ "test/ruby-saml_test.rb",
34
+ "test/test_helper.rb"
35
+ ]
36
+ s.homepage = %q{http://github.com/onelogin/ruby-saml}
37
+ s.rdoc_options = ["--charset=UTF-8"]
38
+ s.require_paths = ["lib"]
39
+ s.rubygems_version = %q{1.3.6}
40
+ s.summary = %q{SAML Ruby Tookit}
41
+ s.test_files = [
42
+ "test/ruby-saml_test.rb",
43
+ "test/test_helper.rb"
44
+ ]
45
+
46
+ if s.respond_to? :specification_version then
47
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
48
+ s.specification_version = 3
49
+
50
+ if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
51
+ s.add_runtime_dependency(%q<XMLCanonicalizer>, [">= 1.0.1"])
52
+ else
53
+ s.add_dependency(%q<XMLCanonicalizer>, [">= 1.0.1"])
54
+ end
55
+ else
56
+ s.add_dependency(%q<XMLCanonicalizer>, [">= 1.0.1"])
57
+ end
58
+ end
@@ -0,0 +1,7 @@
1
+ require 'test_helper'
2
+
3
+ class RubySamlTest < Test::Unit::TestCase
4
+ should "probably rename this file and start testing for real" do
5
+ flunk "hey buddy, you should probably rename this file and start testing for real"
6
+ end
7
+ end
@@ -0,0 +1,10 @@
1
+ require 'rubygems'
2
+ require 'test/unit'
3
+ require 'shoulda'
4
+
5
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
6
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
7
+ require 'ruby-saml'
8
+
9
+ class Test::Unit::TestCase
10
+ end
metadata ADDED
@@ -0,0 +1,98 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ruby-saml
3
+ version: !ruby/object:Gem::Version
4
+ hash: 21
5
+ prerelease: false
6
+ segments:
7
+ - 0
8
+ - 0
9
+ - 5
10
+ version: 0.0.5
11
+ platform: ruby
12
+ authors:
13
+ - OneLogin LLC
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2010-08-10 00:00:00 -05:00
19
+ default_executable:
20
+ dependencies:
21
+ - !ruby/object:Gem::Dependency
22
+ name: XMLCanonicalizer
23
+ prerelease: false
24
+ requirement: &id001 !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ hash: 21
30
+ segments:
31
+ - 1
32
+ - 0
33
+ - 1
34
+ version: 1.0.1
35
+ type: :runtime
36
+ version_requirements: *id001
37
+ description: SAML toolkit for Ruby on Rails
38
+ email: support@onelogin.com
39
+ executables: []
40
+
41
+ extensions: []
42
+
43
+ extra_rdoc_files:
44
+ - LICENSE
45
+ - README.rdoc
46
+ files:
47
+ - .document
48
+ - .gitignore
49
+ - LICENSE
50
+ - README.rdoc
51
+ - Rakefile
52
+ - VERSION
53
+ - lib/onelogin/saml.rb
54
+ - lib/onelogin/saml/authrequest.rb
55
+ - lib/onelogin/saml/response.rb
56
+ - lib/onelogin/saml/settings.rb
57
+ - lib/ruby-saml.rb
58
+ - lib/xml_sec.rb
59
+ - ruby-saml.gemspec
60
+ - test/ruby-saml_test.rb
61
+ - test/test_helper.rb
62
+ has_rdoc: true
63
+ homepage: http://github.com/onelogin/ruby-saml
64
+ licenses: []
65
+
66
+ post_install_message:
67
+ rdoc_options:
68
+ - --charset=UTF-8
69
+ require_paths:
70
+ - lib
71
+ required_ruby_version: !ruby/object:Gem::Requirement
72
+ none: false
73
+ requirements:
74
+ - - ">="
75
+ - !ruby/object:Gem::Version
76
+ hash: 3
77
+ segments:
78
+ - 0
79
+ version: "0"
80
+ required_rubygems_version: !ruby/object:Gem::Requirement
81
+ none: false
82
+ requirements:
83
+ - - ">="
84
+ - !ruby/object:Gem::Version
85
+ hash: 3
86
+ segments:
87
+ - 0
88
+ version: "0"
89
+ requirements: []
90
+
91
+ rubyforge_project:
92
+ rubygems_version: 1.3.7
93
+ signing_key:
94
+ specification_version: 3
95
+ summary: SAML Ruby Tookit
96
+ test_files:
97
+ - test/ruby-saml_test.rb
98
+ - test/test_helper.rb