ruby-saml 0.4.7 → 0.5.0

data/test/test_helper.rb

@@ -38,6 +38,10 @@ class Test::Unit::TestCase
     @response_document5 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response5.xml.base64'))
   end
 
+  def ampersands_response
+    @ampersands_resposne ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response_with_ampersands.xml.base64'))
+  end
+
   def response_document_6
     doc = Base64.decode64(response_document)
     doc.gsub!(/NotBefore=\"(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z\"/, "NotBefore=\"#{(Time.now-300).getutc.strftime("%Y-%m-%dT%XZ")}\"")
@@ -45,6 +49,10 @@ class Test::Unit::TestCase
     Base64.encode64(doc)
   end
 
+  def wrapped_response_2
+    @wrapped_response_2 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'wrapped_response_2.xml.base64'))
+  end
+
   def signature_fingerprint_1
     @signature_fingerprint1 ||= "C5:19:85:D9:47:F1:BE:57:08:20:25:05:08:46:EB:27:F6:CA:B7:83"
   end

metadata

@@ -1,13 +1,12 @@
 --- !ruby/object:Gem::Specification 
 name: ruby-saml
 version: !ruby/object:Gem::Version 
-  hash: 1
   prerelease: false
   segments: 
   - 0
-  - 4
-  - 7
-  version: 0.4.7
+  - 5
+  - 0
+  version: 0.5.0
 platform: ruby
 authors: 
 - OneLogin LLC
@@ -15,18 +14,16 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-06-30 00:00:00 +02:00
+date: 2011-06-30 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: canonix
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 9
         segments: 
         - 0
         - 1
@@ -37,11 +34,9 @@ dependencies:
   name: uuid
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 5
         segments: 
         - 2
         - 3
@@ -52,11 +47,9 @@ dependencies:
   name: shoulda
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 0
         version: "0"
@@ -66,11 +59,9 @@ dependencies:
   name: ruby-debug
   prerelease: false
   requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 0
         version: "0"
@@ -80,11 +71,9 @@ dependencies:
   name: mocha
   prerelease: false
   requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 0
         version: "0"
@@ -106,11 +95,13 @@ files:
 - README.rdoc
 - Rakefile
 - VERSION
-- lib/onelogin/saml.rb
-- lib/onelogin/saml/authrequest.rb
-- lib/onelogin/saml/response.rb
-- lib/onelogin/saml/settings.rb
-- lib/onelogin/saml/validation_error.rb
+- lib/onelogin/ruby-saml/authrequest.rb
+- lib/onelogin/ruby-saml/logging.rb
+- lib/onelogin/ruby-saml/metadata.rb
+- lib/onelogin/ruby-saml/response.rb
+- lib/onelogin/ruby-saml/settings.rb
+- lib/onelogin/ruby-saml/validation_error.rb
+- lib/onelogin/ruby-saml/version.rb
 - lib/ruby-saml.rb
 - lib/xml_security.rb
 - ruby-saml.gemspec
@@ -124,7 +115,10 @@ files:
 - test/responses/response3.xml.base64
 - test/responses/response4.xml.base64
 - test/responses/response5.xml.base64
+- test/responses/response_with_ampersands.xml
+- test/responses/response_with_ampersands.xml.base64
 - test/responses/simple_saml_php.xml
+- test/responses/wrapped_response_2.xml.base64
 - test/settings_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb
@@ -138,33 +132,41 @@ rdoc_options:
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
       segments: 
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
       segments: 
       - 0
       version: "0"
 requirements: []
 
-rubyforge_project: 
-rubygems_version: 1.3.7
+rubyforge_project: http://www.rubygems.org/gems/ruby-saml
+rubygems_version: 1.3.6
 signing_key: 
 specification_version: 3
 summary: SAML Ruby Tookit
 test_files: 
+- test/certificates/certificate1
 - test/request_test.rb
 - test/response_test.rb
+- test/responses/adfs_response.xml.base64
+- test/responses/open_saml_response.xml
+- test/responses/response1.xml.base64
+- test/responses/response2.xml.base64
+- test/responses/response3.xml.base64
+- test/responses/response4.xml.base64
+- test/responses/response5.xml.base64
+- test/responses/response_with_ampersands.xml
+- test/responses/response_with_ampersands.xml.base64
+- test/responses/simple_saml_php.xml
+- test/responses/wrapped_response_2.xml.base64
 - test/settings_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb

data/lib/onelogin/saml.rb

@@ -1,5 +0,0 @@
-require 'onelogin/saml/authrequest'
-require 'onelogin/saml/response'
-require 'onelogin/saml/settings'
-require 'onelogin/saml/validation_error'
-

data/lib/onelogin/saml/authrequest.rb

@@ -1,33 +0,0 @@
-require "base64"
-require "uuid"
-require "zlib"
-require "cgi"
-
-module Onelogin::Saml
-  class Authrequest
-    def create(settings, params = {})
-      uuid = "_" + UUID.new.generate
-      time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
-
-      request =
-        "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{uuid}\" Version=\"2.0\" IssueInstant=\"#{time}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
-        "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
-        "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
-        "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
-        "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
-        "</samlp:AuthnRequest>"
-
-      deflated_request  = Zlib::Deflate.deflate(request, 9)[2..-5]
-      base64_request    = Base64.encode64(deflated_request)
-      encoded_request   = CGI.escape(base64_request)
-      request_params    = "?SAMLRequest=" + encoded_request
-
-      params.each_pair do |key, value|
-        request_params << "&#{key}=#{CGI.escape(value.to_s)}"
-      end
-
-      settings.idp_sso_target_url + request_params
-    end
-
-  end
-end

data/lib/onelogin/saml/response.rb

@@ -1,137 +0,0 @@
-require "xml_security"
-require "time"
-
-module Onelogin::Saml
-
-  class Response
-    ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
-    PROTOCOL  = "urn:oasis:names:tc:SAML:2.0:protocol"
-    DSIG      = "http://www.w3.org/2000/09/xmldsig#"
-
-    attr_accessor :options, :response, :document, :settings
-
-    def initialize(response, options = {})
-      raise ArgumentError.new("Response cannot be nil") if response.nil?
-      self.options  = options
-      self.response = response
-      self.document = XMLSecurity::SignedDocument.new(Base64.decode64(response))
-    end
-
-    def is_valid?
-      validate(soft = true)
-    end
-
-    def validate!
-      validate(soft = false)
-    end
-
-    # The value of the user identifier as designated by the initialization request response
-    def name_id
-      @name_id ||= begin
-        node = REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
-        node ||=  REXML::XPath.first(document, "/p:Response[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Assertion/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
-        node.nil? ? nil : node.text
-      end
-    end
-
-    # A hash of alle the attributes with the response. Assuming there is only one value for each key
-    def attributes
-      @attr_statements ||= begin
-        result = {}
-
-        stmt_element = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AttributeStatement", { "p" => PROTOCOL, "a" => ASSERTION })
-        return {} if stmt_element.nil?
-
-        stmt_element.elements.each do |attr_element|
-          name  = attr_element.attributes["Name"]
-          value = attr_element.elements.first.text
-
-          result[name] = value
-        end
-
-        result.keys.each do |key|
-          result[key.intern] = result[key]
-        end
-
-        result
-      end
-    end
-
-    # When this user session should expire at latest
-    def session_expires_at
-      @expires_at ||= begin
-        node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
-        parse_time(node, "SessionNotOnOrAfter")
-      end
-    end
-
-    # Conditions (if any) for the assertion to run
-    def conditions
-      @conditions ||= begin
-        REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
-      end
-    end
-
-    private
-
-    def validation_error(message)
-      raise ValidationError.new(message)
-    end
-
-    def validate(soft = true)
-      validate_response_state(soft) &&
-      validate_conditions(soft)     &&
-      document.validate(get_fingerprint, soft)
-    end
-
-    def validate_response_state(soft = true)
-      if response.empty?
-        return soft ? false : validation_error("Blank response")
-      end
-
-      if settings.nil?
-        return soft ? false : validation_error("No settings on response")
-      end
-
-      if settings.idp_cert_fingerprint.nil? && settings.idp_cert.nil?
-        return soft ? false : validation_error("No fingerprint or certificate on settings")
-      end
-
-      true
-    end
-    
-    def get_fingerprint
-      if settings.idp_cert
-        cert = OpenSSL::X509::Certificate.new(settings.idp_cert)
-        Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(":")
-      else
-        settings.idp_cert_fingerprint
-      end
-    end
-
-    def validate_conditions(soft = true)
-      return true if conditions.nil?
-      return true if options[:skip_conditions]
-
-      if not_before = parse_time(conditions, "NotBefore")
-        if Time.now.utc < not_before
-          return soft ? false : validation_error("Current time is earlier than NotBefore condition")
-        end
-      end
-
-      if not_on_or_after = parse_time(conditions, "NotOnOrAfter")
-        if Time.now.utc >= not_on_or_after
-          return soft ? false : validation_error("Current time is on or after NotOnOrAfter condition")
-        end
-      end
-
-      true
-    end
-
-    def parse_time(node, attribute)
-      if node && node.attributes[attribute]
-        Time.parse(node.attributes[attribute])
-      end
-    end
-  end
-end

data/lib/onelogin/saml/settings.rb

@@ -1,6 +0,0 @@
-module Onelogin::Saml
-  class Settings
-    attr_accessor :assertion_consumer_service_url, :issuer, :sp_name_qualifier
-    attr_accessor :idp_sso_target_url, :idp_cert_fingerprint, :idp_cert, :name_identifier_format
-  end
-end