ruby-saml 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

data/.document ADDED
@@ -0,0 +1,5 @@
1
+ README.rdoc
2
+ lib/**/*.rb
3
+ bin/*
4
+ features/**/*.feature
5
+ LICENSE
data/.gitignore ADDED
@@ -0,0 +1,5 @@
1
+ *.sw?
2
+ .DS_Store
3
+ coverage
4
+ rdoc
5
+ pkg
data/LICENSE ADDED
@@ -0,0 +1,19 @@
1
+ Copyright (c) 2010 OneLogin, LLC
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ of this software and associated documentation files (the "Software"), to deal
5
+ in the Software without restriction, including without limitation the rights
6
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ copies of the Software, and to permit persons to whom the Software is
8
+ furnished to do so, subject to the following conditions:
9
+
10
+ The above copyright notice and this permission notice shall be included in
11
+ all copies or substantial portions of the Software.
12
+
13
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ THE SOFTWARE.
data/README.rdoc ADDED
@@ -0,0 +1,15 @@
1
+ = ruby-saml
2
+
3
+ * To build the gem run rake build
4
+ * To install the gem run sudo gem install pkg/ruby-saml-x.x.x.gem
5
+
6
+ == Note on Patches/Pull Requests
7
+
8
+ * Fork the project.
9
+ * Make your feature addition or bug fix.
10
+ * Add tests for it. This is important so I don't break it in a
11
+ future version unintentionally.
12
+ * Commit, do not mess with rakefile, version, or history.
13
+ (if you want to have your own version, that is fine but
14
+ bump version in a commit by itself I can ignore when I pull)
15
+ * Send me a pull request. Bonus points for topic branches.
data/Rakefile ADDED
@@ -0,0 +1,58 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+
4
+ begin
5
+ require 'jeweler'
6
+ Jeweler::Tasks.new do |gem|
7
+ gem.name = "ruby-saml"
8
+ gem.summary = %Q{SAML Ruby Tookit}
9
+ gem.description = %Q{SAML toolkit for Ruby on Rails}
10
+ gem.email = "support@onelogin.com"
11
+ gem.homepage = "http://github.com/onelogin/ruby-saml"
12
+ gem.authors = ["OneLogin LLC"]
13
+ gem.add_dependency("XMLCanonicalizer",">= 1.0.1")
14
+ #gem.add_development_dependency "thoughtbot-shoulda"
15
+ #gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
16
+ end
17
+ rescue LoadError
18
+ puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
19
+ end
20
+
21
+ #not being used yet.
22
+ require 'rake/testtask'
23
+ Rake::TestTask.new(:test) do |test|
24
+ test.libs << 'lib' << 'test'
25
+ test.pattern = 'test/**/*_test.rb'
26
+ test.verbose = true
27
+ end
28
+
29
+ begin
30
+ require 'rcov/rcovtask'
31
+ Rcov::RcovTask.new do |test|
32
+ test.libs << 'test'
33
+ test.pattern = 'test/**/*_test.rb'
34
+ test.verbose = true
35
+ end
36
+ rescue LoadError
37
+ task :rcov do
38
+ abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
39
+ end
40
+ end
41
+
42
+ task :test => :check_dependencies
43
+
44
+ task :default => :test
45
+
46
+ # require 'rake/rdoctask'
47
+ # Rake::RDocTask.new do |rdoc|
48
+ # if File.exist?('VERSION')
49
+ # version = File.read('VERSION')
50
+ # else
51
+ # version = ""
52
+ # end
53
+
54
+ # rdoc.rdoc_dir = 'rdoc'
55
+ # rdoc.title = "ruby-saml #{version}"
56
+ # rdoc.rdoc_files.include('README*')
57
+ # rdoc.rdoc_files.include('lib/**/*.rb')
58
+ #end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.0.4
@@ -0,0 +1 @@
1
+ require 'onelogin/saml'
@@ -0,0 +1,35 @@
1
+ require "base64"
2
+ require "uuid"
3
+
4
+ module Onelogin::Saml
5
+ class Authrequest
6
+ def create(settings)
7
+ id = Onelogin::Saml::Authrequest.generateUniqueID(42)
8
+ issue_instant = Onelogin::Saml::Authrequest.getTimestamp
9
+
10
+ request =
11
+ "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{id}\" Version=\"2.0\" IssueInstant=\"#{issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
12
+ "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
13
+ "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
14
+ "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
15
+ "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
16
+ "</samlp:AuthnRequest>"
17
+
18
+ deflated_request = Zlib::Deflate.deflate(request, 9)[2..-5]
19
+ base64_request = Base64.encode64(deflated_request)
20
+ encoded_request = CGI.escape(base64_request)
21
+
22
+ settings.idp_sso_target_url + "?SAMLRequest=" + encoded_request
23
+ end
24
+
25
+ private
26
+
27
+ def self.generateUniqueID(length)
28
+ UUID.new.generate
29
+ end
30
+
31
+ def self.getTimestamp
32
+ Time.new().strftime("%Y-%m-%dT%H:%M:%SZ")
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,29 @@
1
+ require "rexml/document"
2
+ require "xml_sec"
3
+
4
+ module Onelogin::Saml
5
+ class Response
6
+ def initialize(response)
7
+ @response = response
8
+ @document = XMLSecurity::SignedDocument.new(Base64.decode64(@response))
9
+ end
10
+
11
+ def logger=(val)
12
+ @logger = val
13
+ end
14
+
15
+ def settings=(_settings)
16
+ @settings = _settings
17
+ end
18
+
19
+ def is_valid?
20
+ unless @response.blank?
21
+ @document.validate(@settings.idp_cert_fingerprint, @logger) unless !@settings.idp_cert_fingerprint
22
+ end
23
+ end
24
+
25
+ def name_id
26
+ @document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"].text
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,45 @@
1
+ module Onelogin::Saml
2
+ class Settings
3
+ def assertion_consumer_service_url
4
+ @assertion_consumer_service_url
5
+ end
6
+ def assertion_consumer_service_url=(val)
7
+ @assertion_consumer_service_url = val
8
+ end
9
+
10
+ def issuer
11
+ @issuer
12
+ end
13
+ def issuer=(val)
14
+ @issuer = val
15
+ end
16
+
17
+ def sp_name_qualifier
18
+ @sp_name_qualifier
19
+ end
20
+ def sp_name_qualifier=(val)
21
+ @sp_name_qualifier = val
22
+ end
23
+
24
+ def idp_sso_target_url
25
+ @idp_sso_target_url
26
+ end
27
+ def idp_sso_target_url=(val)
28
+ @idp_sso_target_url = val
29
+ end
30
+
31
+ def idp_cert_fingerprint
32
+ @idp_cert_fingerprint
33
+ end
34
+ def idp_cert_fingerprint=(val)
35
+ @idp_cert_fingerprint = val
36
+ end
37
+
38
+ def name_identifier_format
39
+ @name_identifier_format
40
+ end
41
+ def name_identifier_format=(val)
42
+ @name_identifier_format = val
43
+ end
44
+ end
45
+ end
data/lib/ruby-saml.rb ADDED
@@ -0,0 +1,5 @@
1
+ module Onelogin
2
+ end
3
+
4
+ require 'onelogin/saml'
5
+
data/lib/xml_sec.rb ADDED
@@ -0,0 +1,91 @@
1
+ # The contents of this file are subject to the terms
2
+ # of the Common Development and Distribution License
3
+ # (the License). You may not use this file except in
4
+ # compliance with the License.
5
+ #
6
+ # You can obtain a copy of the License at
7
+ # https://opensso.dev.java.net/public/CDDLv1.0.html or
8
+ # opensso/legal/CDDLv1.0.txt
9
+ # See the License for the specific language governing
10
+ # permission and limitations under the License.
11
+ #
12
+ # When distributing Covered Code, include this CDDL
13
+ # Header Notice in each file and include the License file
14
+ # at opensso/legal/CDDLv1.0.txt.
15
+ # If applicable, add the following below the CDDL Header,
16
+ # with the fields enclosed by brackets [] replaced by
17
+ # your own identifying information:
18
+ # "Portions Copyrighted [year] [name of copyright owner]"
19
+ #
20
+ # $Id: xml_sec.rb,v 1.6 2007/10/24 00:28:41 todddd Exp $
21
+ #
22
+ # Copyright 2007 Sun Microsystems Inc. All Rights Reserved
23
+ # Portions Copyrighted 2007 Todd W Saxton.
24
+
25
+ require 'rubygems'
26
+ require "rexml/document"
27
+ require "rexml/xpath"
28
+ require "openssl"
29
+ require "xmlcanonicalizer"
30
+ require "digest/sha1"
31
+
32
+ module XMLSecurity
33
+
34
+ class SignedDocument < REXML::Document
35
+
36
+ def validate (idp_cert_fingerprint, logger = nil)
37
+ # get cert from response
38
+ base64_cert = self.elements["//ds:X509Certificate"].text
39
+ cert_text = Base64.decode64(base64_cert)
40
+ cert = OpenSSL::X509::Certificate.new(cert_text)
41
+
42
+ # check cert matches registered idp cert
43
+ fingerprint = Digest::SHA1.hexdigest(cert.to_der)
44
+ valid_flag = fingerprint == idp_cert_fingerprint.gsub(":", "").downcase
45
+
46
+ return valid_flag if !valid_flag
47
+
48
+ validate_doc(base64_cert, logger)
49
+ end
50
+
51
+ def validate_doc(base64_cert, logger)
52
+ # validate references
53
+
54
+ # remove signature node
55
+ sig_element = XPath.first(self, "//ds:Signature", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"})
56
+ sig_element.remove
57
+
58
+ #check digests
59
+ XPath.each(sig_element, "//ds:Reference", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"}) do | ref |
60
+
61
+ uri = ref.attributes.get_attribute("URI").value
62
+ hashed_element = XPath.first(self, "//[@ID='#{uri[1,uri.size]}']")
63
+ canoner = XML::Util::XmlCanonicalizer.new(false, true)
64
+ canon_hashed_element = canoner.canonicalize(hashed_element)
65
+ hash = Base64.encode64(Digest::SHA1.digest(canon_hashed_element)).chomp
66
+ digest_value = XPath.first(ref, "//ds:DigestValue", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"}).text
67
+
68
+ valid_flag = hash == digest_value
69
+
70
+ return valid_flag if !valid_flag
71
+ end
72
+
73
+ # verify signature
74
+ canoner = XML::Util::XmlCanonicalizer.new(false, true)
75
+ signed_info_element = XPath.first(sig_element, "//ds:SignedInfo", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"})
76
+ canon_string = canoner.canonicalize(signed_info_element)
77
+
78
+ base64_signature = XPath.first(sig_element, "//ds:SignatureValue", {"ds"=>"http://www.w3.org/2000/09/xmldsig#"}).text
79
+ signature = Base64.decode64(base64_signature)
80
+
81
+ # get certificate object
82
+ cert_text = Base64.decode64(base64_cert)
83
+ cert = OpenSSL::X509::Certificate.new(cert_text)
84
+
85
+ valid_flag = cert.public_key.verify(OpenSSL::Digest::SHA1.new, signature, canon_string)
86
+
87
+ return valid_flag
88
+ end
89
+
90
+ end
91
+ end
data/ruby-saml.gemspec ADDED
@@ -0,0 +1,58 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{ruby-saml}
8
+ s.version = "0.0.5"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["OneLogin LLC"]
12
+ s.date = %q{2010-08-10}
13
+ s.description = %q{SAML toolkit for Ruby on Rails}
14
+ s.email = %q{support@onelogin.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".document",
21
+ ".gitignore",
22
+ "LICENSE",
23
+ "README.rdoc",
24
+ "Rakefile",
25
+ "VERSION",
26
+ "lib/onelogin/saml.rb",
27
+ "lib/onelogin/saml/authrequest.rb",
28
+ "lib/onelogin/saml/response.rb",
29
+ "lib/onelogin/saml/settings.rb",
30
+ "lib/ruby-saml.rb",
31
+ "lib/xml_sec.rb",
32
+ "ruby-saml.gemspec",
33
+ "test/ruby-saml_test.rb",
34
+ "test/test_helper.rb"
35
+ ]
36
+ s.homepage = %q{http://github.com/onelogin/ruby-saml}
37
+ s.rdoc_options = ["--charset=UTF-8"]
38
+ s.require_paths = ["lib"]
39
+ s.rubygems_version = %q{1.3.6}
40
+ s.summary = %q{SAML Ruby Tookit}
41
+ s.test_files = [
42
+ "test/ruby-saml_test.rb",
43
+ "test/test_helper.rb"
44
+ ]
45
+
46
+ if s.respond_to? :specification_version then
47
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
48
+ s.specification_version = 3
49
+
50
+ if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
51
+ s.add_runtime_dependency(%q<XMLCanonicalizer>, [">= 1.0.1"])
52
+ else
53
+ s.add_dependency(%q<XMLCanonicalizer>, [">= 1.0.1"])
54
+ end
55
+ else
56
+ s.add_dependency(%q<XMLCanonicalizer>, [">= 1.0.1"])
57
+ end
58
+ end
@@ -0,0 +1,7 @@
1
+ require 'test_helper'
2
+
3
+ class RubySamlTest < Test::Unit::TestCase
4
+ should "probably rename this file and start testing for real" do
5
+ flunk "hey buddy, you should probably rename this file and start testing for real"
6
+ end
7
+ end
@@ -0,0 +1,10 @@
1
+ require 'rubygems'
2
+ require 'test/unit'
3
+ require 'shoulda'
4
+
5
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
6
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
7
+ require 'ruby-saml'
8
+
9
+ class Test::Unit::TestCase
10
+ end
metadata ADDED
@@ -0,0 +1,98 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ruby-saml
3
+ version: !ruby/object:Gem::Version
4
+ hash: 21
5
+ prerelease: false
6
+ segments:
7
+ - 0
8
+ - 0
9
+ - 5
10
+ version: 0.0.5
11
+ platform: ruby
12
+ authors:
13
+ - OneLogin LLC
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2010-08-10 00:00:00 -05:00
19
+ default_executable:
20
+ dependencies:
21
+ - !ruby/object:Gem::Dependency
22
+ name: XMLCanonicalizer
23
+ prerelease: false
24
+ requirement: &id001 !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ hash: 21
30
+ segments:
31
+ - 1
32
+ - 0
33
+ - 1
34
+ version: 1.0.1
35
+ type: :runtime
36
+ version_requirements: *id001
37
+ description: SAML toolkit for Ruby on Rails
38
+ email: support@onelogin.com
39
+ executables: []
40
+
41
+ extensions: []
42
+
43
+ extra_rdoc_files:
44
+ - LICENSE
45
+ - README.rdoc
46
+ files:
47
+ - .document
48
+ - .gitignore
49
+ - LICENSE
50
+ - README.rdoc
51
+ - Rakefile
52
+ - VERSION
53
+ - lib/onelogin/saml.rb
54
+ - lib/onelogin/saml/authrequest.rb
55
+ - lib/onelogin/saml/response.rb
56
+ - lib/onelogin/saml/settings.rb
57
+ - lib/ruby-saml.rb
58
+ - lib/xml_sec.rb
59
+ - ruby-saml.gemspec
60
+ - test/ruby-saml_test.rb
61
+ - test/test_helper.rb
62
+ has_rdoc: true
63
+ homepage: http://github.com/onelogin/ruby-saml
64
+ licenses: []
65
+
66
+ post_install_message:
67
+ rdoc_options:
68
+ - --charset=UTF-8
69
+ require_paths:
70
+ - lib
71
+ required_ruby_version: !ruby/object:Gem::Requirement
72
+ none: false
73
+ requirements:
74
+ - - ">="
75
+ - !ruby/object:Gem::Version
76
+ hash: 3
77
+ segments:
78
+ - 0
79
+ version: "0"
80
+ required_rubygems_version: !ruby/object:Gem::Requirement
81
+ none: false
82
+ requirements:
83
+ - - ">="
84
+ - !ruby/object:Gem::Version
85
+ hash: 3
86
+ segments:
87
+ - 0
88
+ version: "0"
89
+ requirements: []
90
+
91
+ rubyforge_project:
92
+ rubygems_version: 1.3.7
93
+ signing_key:
94
+ specification_version: 3
95
+ summary: SAML Ruby Tookit
96
+ test_files:
97
+ - test/ruby-saml_test.rb
98
+ - test/test_helper.rb