saml-kit 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/exe/saml-kit-create-self-signed-certificate +1 -1
  3. data/exe/saml-kit-decode-http-post +1 -3
  4. data/exe/saml-kit-decode-http-redirect +2 -3
  5. data/lib/saml/kit.rb +1 -14
  6. data/lib/saml/kit/assertion.rb +14 -11
  7. data/lib/saml/kit/bindings/url_builder.rb +1 -1
  8. data/lib/saml/kit/builders.rb +2 -2
  9. data/lib/saml/kit/builders/assertion.rb +3 -2
  10. data/lib/saml/kit/builders/authentication_request.rb +3 -2
  11. data/lib/saml/kit/builders/encrypted_assertion.rb +20 -0
  12. data/lib/saml/kit/builders/identity_provider_metadata.rb +4 -3
  13. data/lib/saml/kit/builders/logout_request.rb +3 -2
  14. data/lib/saml/kit/builders/logout_response.rb +3 -2
  15. data/lib/saml/kit/builders/metadata.rb +4 -3
  16. data/lib/saml/kit/builders/response.rb +14 -5
  17. data/lib/saml/kit/builders/service_provider_metadata.rb +2 -1
  18. data/lib/saml/kit/builders/templates/assertion.builder +21 -23
  19. data/lib/saml/kit/builders/templates/encrypted_assertion.builder +5 -0
  20. data/lib/saml/kit/configuration.rb +2 -2
  21. data/lib/saml/kit/document.rb +11 -1
  22. data/lib/saml/kit/metadata.rb +13 -6
  23. data/lib/saml/kit/namespaces.rb +0 -11
  24. data/lib/saml/kit/signature.rb +1 -1
  25. data/lib/saml/kit/trustable.rb +7 -1
  26. data/lib/saml/kit/version.rb +1 -1
  27. data/lib/saml/kit/xml_templatable.rb +37 -0
  28. data/saml-kit.gemspec +1 -3
  29. metadata +10 -56
  30. data/lib/saml/kit/builders/templates/certificate.builder +0 -7
  31. data/lib/saml/kit/builders/templates/nil_class.builder +0 -0
  32. data/lib/saml/kit/builders/templates/xml_encryption.builder +0 -16
  33. data/lib/saml/kit/builders/templates/xml_signature.builder +0 -20
  34. data/lib/saml/kit/builders/xml_encryption.rb +0 -20
  35. data/lib/saml/kit/builders/xml_signature.rb +0 -40
  36. data/lib/saml/kit/certificate.rb +0 -96
  37. data/lib/saml/kit/crypto.rb +0 -17
  38. data/lib/saml/kit/crypto/oaep_cipher.rb +0 -22
  39. data/lib/saml/kit/crypto/rsa_cipher.rb +0 -23
  40. data/lib/saml/kit/crypto/simple_cipher.rb +0 -38
  41. data/lib/saml/kit/crypto/unknown_cipher.rb +0 -18
  42. data/lib/saml/kit/fingerprint.rb +0 -50
  43. data/lib/saml/kit/id.rb +0 -14
  44. data/lib/saml/kit/key_pair.rb +0 -29
  45. data/lib/saml/kit/self_signed_certificate.rb +0 -28
  46. data/lib/saml/kit/signatures.rb +0 -57
  47. data/lib/saml/kit/templatable.rb +0 -67
  48. data/lib/saml/kit/template.rb +0 -33
  49. data/lib/saml/kit/xml.rb +0 -80
  50. data/lib/saml/kit/xml_decryption.rb +0 -44
@@ -24,6 +24,13 @@ module Saml
24
24
  # {include:file:spec/examples/metadata_spec.rb}
25
25
  class Metadata
26
26
  METADATA_XSD = File.expand_path("./xsd/saml-schema-metadata-2.0.xsd", File.dirname(__FILE__)).freeze
27
+ NAMESPACES = {
28
+ "NameFormat": Namespaces::ATTR_SPLAT,
29
+ "ds": ::Xml::Kit::Namespaces::XMLDSIG,
30
+ "md": Namespaces::METADATA,
31
+ "saml": Namespaces::ASSERTION,
32
+ "samlp": Namespaces::PROTOCOL,
33
+ }.freeze
27
34
  include ActiveModel::Validations
28
35
  include XsdValidatable
29
36
  include Translatable
@@ -69,8 +76,8 @@ module Saml
69
76
  # Returns each of the X509 certificates.
70
77
  def certificates
71
78
  @certificates ||= document.find_all("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
72
- cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", Xml::NAMESPACES).text
73
- Certificate.new(cert, use: item.attribute('use').value.to_sym)
79
+ cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", NAMESPACES).text
80
+ ::Xml::Kit::Certificate.new(cert, use: item.attribute('use').value.to_sym)
74
81
  end
75
82
  end
76
83
 
@@ -134,7 +141,7 @@ module Saml
134
141
  #
135
142
  # @param fingerprint [Saml::Kit::Fingerprint] the fingerprint to search for.
136
143
  # @param use [Symbol] the type of certificates to look at. Can be `:signing` or `:encryption`.
137
- # @return [Saml::Kit::Certificate] returns the matching `{Saml::Kit::Certificate}`
144
+ # @return [Xml::Kit::Certificate] returns the matching `{Xml::Kit::Certificate}`
138
145
  def matches?(fingerprint, use: :signing)
139
146
  certificates.find do |certificate|
140
147
  certificate.for?(use) && certificate.fingerprint == fingerprint
@@ -163,7 +170,7 @@ module Saml
163
170
  # @param algorithm [OpenSSL::Digest] the digest algorithm to use. E.g. `OpenSSL::Digest::SHA256`
164
171
  # @param signature [String] the signature to verify
165
172
  # @param data [String] the data that is used to produce the signature.
166
- # @return [Saml::Kit::Certificate] the certificate that was used to produce the signature.
173
+ # @return [Xml::Kit::Certificate] the certificate that was used to produce the signature.
167
174
  def verify(algorithm, signature, data)
168
175
  signing_certificates.find do |certificate|
169
176
  certificate.public_key.verify(algorithm, signature, data)
@@ -196,7 +203,7 @@ module Saml
196
203
  attr_reader :xml
197
204
 
198
205
  def document
199
- @document ||= Xml.new(xml)
206
+ @document ||= ::Xml::Kit::Document.new(xml, namespaces: NAMESPACES)
200
207
  end
201
208
 
202
209
  def metadata
@@ -220,7 +227,7 @@ module Saml
220
227
  end
221
228
 
222
229
  def valid_signature?
223
- xml = Saml::Kit::Xml.new(to_xml)
230
+ xml = document
224
231
  result = xml.valid?
225
232
  xml.errors.each do |error|
226
233
  errors[:base] << error
@@ -6,7 +6,6 @@ module Saml
6
6
  BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
7
7
  BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
8
8
  EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
9
- ENVELOPED_SIG = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
10
9
  METADATA = "urn:oasis:names:tc:SAML:2.0:metadata"
11
10
  PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
12
11
  PASSWORD_PROTECTED = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
@@ -14,22 +13,12 @@ module Saml
14
13
  PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol"
15
14
  REQUESTER_ERROR = "urn:oasis:names:tc:SAML:2.0:status:Requester"
16
15
  RESPONDER_ERROR = "urn:oasis:names:tc:SAML:2.0:status:Responder"
17
- RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
18
- RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
19
- RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
20
- RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
21
- SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1"
22
- SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'
23
- SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384"
24
- SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'
25
16
  SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success"
26
17
  TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
27
18
  UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:consent:unspecified"
28
19
  UNSPECIFIED_NAMEID = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
29
20
  URI = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
30
21
  VERSION_MISMATCH_ERROR = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"
31
- XMLDSIG = "http://www.w3.org/2000/09/xmldsig#"
32
- XMLENC = "http://www.w3.org/2001/04/xmlenc#"
33
22
  end
34
23
  end
35
24
  end
@@ -9,7 +9,7 @@ module Saml
9
9
  def certificate
10
10
  value = to_h.fetch('KeyInfo', {}).fetch('X509Data', {}).fetch('X509Certificate', nil)
11
11
  return if value.nil?
12
- Saml::Kit::Certificate.new(value, use: :signing)
12
+ ::Xml::Kit::Certificate.new(value, use: :signing)
13
13
  end
14
14
 
15
15
  # Returns true when the fingerprint of the certificate matches one of the certificates registered in the metadata.
@@ -44,7 +44,13 @@ module Saml
44
44
  def must_have_valid_signature
45
45
  return if to_xml.blank?
46
46
 
47
- xml = Saml::Kit::Xml.new(to_xml)
47
+ xml = ::Xml::Kit::Document.new(to_xml, namespaces: {
48
+ "NameFormat": Namespaces::ATTR_SPLAT,
49
+ "ds": ::Xml::Kit::Namespaces::XMLDSIG,
50
+ "md": Namespaces::METADATA,
51
+ "saml": Namespaces::ASSERTION,
52
+ "samlp": Namespaces::PROTOCOL,
53
+ })
48
54
  xml.valid?
49
55
  xml.errors.each do |error|
50
56
  errors[:base] << error
@@ -1,5 +1,5 @@
1
1
  module Saml
2
2
  module Kit
3
- VERSION = "0.3.0"
3
+ VERSION = "0.3.1"
4
4
  end
5
5
  end
@@ -0,0 +1,37 @@
1
+ module Saml
2
+ module Kit
3
+ module XmlTemplatable
4
+ include ::Xml::Kit::Templatable
5
+
6
+ def template_path
7
+ root_path = File.expand_path(File.dirname(__FILE__))
8
+ template_name = "#{self.class.name.split("::").last.underscore}.builder"
9
+ File.join(root_path, "builders/templates/", template_name)
10
+ end
11
+
12
+ # Returns true if an embedded signature is requested and at least one signing certificate is available via the configuration.
13
+ def sign?
14
+ return configuration.sign? if embed_signature.nil?
15
+ embed_signature && configuration.sign?
16
+ end
17
+
18
+ # @deprecated Use {#embed_signature=} instead of this method.
19
+ def sign=(value)
20
+ Saml::Kit.deprecate("sign= is deprecated. Use embed_signature= instead.")
21
+ self.embed_signature = value
22
+ end
23
+
24
+ def digest_method
25
+ configuration.digest_method
26
+ end
27
+
28
+ def signature_method
29
+ configuration.signature_method
30
+ end
31
+
32
+ def signing_key_pair
33
+ configuration.key_pairs(use: :signing).last
34
+ end
35
+ end
36
+ end
37
+ end
@@ -24,10 +24,8 @@ Gem::Specification.new do |spec|
24
24
  spec.require_paths = ["lib"]
25
25
 
26
26
  spec.add_dependency "activemodel", ">= 4.2.0"
27
- spec.add_dependency "builder", "~> 3.2"
28
27
  spec.add_dependency "nokogiri", "~> 1.8"
29
- spec.add_dependency "tilt", "~> 2.0"
30
- spec.add_dependency "xmldsig", "~> 0.6"
28
+ spec.add_dependency "xml-kit", "0.1.0"
31
29
  spec.add_development_dependency "bundler", "~> 1.15"
32
30
  spec.add_development_dependency "ffaker", "~> 2.7"
33
31
  spec.add_development_dependency "rake", "~> 10.0"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml-kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-12-24 00:00:00.000000000 Z
11
+ date: 2017-12-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activemodel
@@ -24,20 +24,6 @@ dependencies:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: 4.2.0
27
- - !ruby/object:Gem::Dependency
28
- name: builder
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - "~>"
32
- - !ruby/object:Gem::Version
33
- version: '3.2'
34
- type: :runtime
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - "~>"
39
- - !ruby/object:Gem::Version
40
- version: '3.2'
41
27
  - !ruby/object:Gem::Dependency
42
28
  name: nokogiri
43
29
  requirement: !ruby/object:Gem::Requirement
@@ -53,33 +39,19 @@ dependencies:
53
39
  - !ruby/object:Gem::Version
54
40
  version: '1.8'
55
41
  - !ruby/object:Gem::Dependency
56
- name: tilt
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - "~>"
60
- - !ruby/object:Gem::Version
61
- version: '2.0'
62
- type: :runtime
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: '2.0'
69
- - !ruby/object:Gem::Dependency
70
- name: xmldsig
42
+ name: xml-kit
71
43
  requirement: !ruby/object:Gem::Requirement
72
44
  requirements:
73
- - - "~>"
45
+ - - '='
74
46
  - !ruby/object:Gem::Version
75
- version: '0.6'
47
+ version: 0.1.0
76
48
  type: :runtime
77
49
  prerelease: false
78
50
  version_requirements: !ruby/object:Gem::Requirement
79
51
  requirements:
80
- - - "~>"
52
+ - - '='
81
53
  - !ruby/object:Gem::Version
82
- version: '0.6'
54
+ version: 0.1.0
83
55
  - !ruby/object:Gem::Dependency
84
56
  name: bundler
85
57
  requirement: !ruby/object:Gem::Requirement
@@ -199,6 +171,7 @@ files:
199
171
  - lib/saml/kit/builders.rb
200
172
  - lib/saml/kit/builders/assertion.rb
201
173
  - lib/saml/kit/builders/authentication_request.rb
174
+ - lib/saml/kit/builders/encrypted_assertion.rb
202
175
  - lib/saml/kit/builders/identity_provider_metadata.rb
203
176
  - lib/saml/kit/builders/logout_request.rb
204
177
  - lib/saml/kit/builders/logout_response.rb
@@ -207,33 +180,19 @@ files:
207
180
  - lib/saml/kit/builders/service_provider_metadata.rb
208
181
  - lib/saml/kit/builders/templates/assertion.builder
209
182
  - lib/saml/kit/builders/templates/authentication_request.builder
210
- - lib/saml/kit/builders/templates/certificate.builder
183
+ - lib/saml/kit/builders/templates/encrypted_assertion.builder
211
184
  - lib/saml/kit/builders/templates/identity_provider_metadata.builder
212
185
  - lib/saml/kit/builders/templates/logout_request.builder
213
186
  - lib/saml/kit/builders/templates/logout_response.builder
214
187
  - lib/saml/kit/builders/templates/metadata.builder
215
- - lib/saml/kit/builders/templates/nil_class.builder
216
188
  - lib/saml/kit/builders/templates/response.builder
217
189
  - lib/saml/kit/builders/templates/service_provider_metadata.builder
218
- - lib/saml/kit/builders/templates/xml_encryption.builder
219
- - lib/saml/kit/builders/templates/xml_signature.builder
220
- - lib/saml/kit/builders/xml_encryption.rb
221
- - lib/saml/kit/builders/xml_signature.rb
222
- - lib/saml/kit/certificate.rb
223
190
  - lib/saml/kit/composite_metadata.rb
224
191
  - lib/saml/kit/configuration.rb
225
- - lib/saml/kit/crypto.rb
226
- - lib/saml/kit/crypto/oaep_cipher.rb
227
- - lib/saml/kit/crypto/rsa_cipher.rb
228
- - lib/saml/kit/crypto/simple_cipher.rb
229
- - lib/saml/kit/crypto/unknown_cipher.rb
230
192
  - lib/saml/kit/default_registry.rb
231
193
  - lib/saml/kit/document.rb
232
- - lib/saml/kit/fingerprint.rb
233
- - lib/saml/kit/id.rb
234
194
  - lib/saml/kit/identity_provider_metadata.rb
235
195
  - lib/saml/kit/invalid_document.rb
236
- - lib/saml/kit/key_pair.rb
237
196
  - lib/saml/kit/locales/en.yml
238
197
  - lib/saml/kit/logout_request.rb
239
198
  - lib/saml/kit/logout_response.rb
@@ -242,18 +201,13 @@ files:
242
201
  - lib/saml/kit/requestable.rb
243
202
  - lib/saml/kit/respondable.rb
244
203
  - lib/saml/kit/response.rb
245
- - lib/saml/kit/self_signed_certificate.rb
246
204
  - lib/saml/kit/serializable.rb
247
205
  - lib/saml/kit/service_provider_metadata.rb
248
206
  - lib/saml/kit/signature.rb
249
- - lib/saml/kit/signatures.rb
250
- - lib/saml/kit/templatable.rb
251
- - lib/saml/kit/template.rb
252
207
  - lib/saml/kit/translatable.rb
253
208
  - lib/saml/kit/trustable.rb
254
209
  - lib/saml/kit/version.rb
255
- - lib/saml/kit/xml.rb
256
- - lib/saml/kit/xml_decryption.rb
210
+ - lib/saml/kit/xml_templatable.rb
257
211
  - lib/saml/kit/xsd/MetadataExchange.xsd
258
212
  - lib/saml/kit/xsd/oasis-200401-wss-wssecurity-secext-1.0.xsd
259
213
  - lib/saml/kit/xsd/oasis-200401-wss-wssecurity-utility-1.0.xsd
@@ -1,7 +0,0 @@
1
- xml.KeyDescriptor use: use do
2
- xml.KeyInfo "xmlns": Saml::Kit::Namespaces::XMLDSIG do
3
- xml.X509Data do
4
- xml.X509Certificate stripped
5
- end
6
- end
7
- end
@@ -1,16 +0,0 @@
1
- xml.EncryptedAssertion xmlns: Saml::Kit::Namespaces::ASSERTION do
2
- xml.EncryptedData xmlns: Saml::Kit::Namespaces::XMLENC do
3
- xml.EncryptionMethod Algorithm: "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
4
- xml.KeyInfo xmlns: Saml::Kit::Namespaces::XMLDSIG do
5
- xml.EncryptedKey xmlns: Saml::Kit::Namespaces::XMLENC do
6
- xml.EncryptionMethod Algorithm: "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
7
- xml.CipherData do
8
- xml.CipherValue Base64.encode64(public_key.public_encrypt(key))
9
- end
10
- end
11
- end
12
- xml.CipherData do
13
- xml.CipherValue Base64.encode64(iv + encrypted)
14
- end
15
- end
16
- end
@@ -1,20 +0,0 @@
1
- xml.Signature "xmlns" => Saml::Kit::Namespaces::XMLDSIG do
2
- xml.SignedInfo do
3
- xml.CanonicalizationMethod Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
4
- xml.SignatureMethod Algorithm: signature_method
5
- xml.Reference URI: "##{reference_id}" do
6
- xml.Transforms do
7
- xml.Transform Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
8
- xml.Transform Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
9
- end
10
- xml.DigestMethod Algorithm: digest_method
11
- xml.DigestValue ""
12
- end
13
- end
14
- xml.SignatureValue ""
15
- xml.KeyInfo do
16
- xml.X509Data do
17
- xml.X509Certificate certificate.stripped
18
- end
19
- end
20
- end
@@ -1,20 +0,0 @@
1
- module Saml
2
- module Kit
3
- module Builders
4
- class XmlEncryption
5
- attr_reader :public_key
6
- attr_reader :key, :iv, :encrypted
7
-
8
- def initialize(raw_xml, public_key)
9
- @public_key = public_key
10
- cipher = OpenSSL::Cipher.new('AES-256-CBC')
11
- cipher.encrypt
12
- @key = cipher.random_key
13
- @iv = cipher.random_iv
14
- @encrypted = cipher.update(raw_xml) + cipher.final
15
- end
16
- end
17
- end
18
- end
19
- end
20
-
@@ -1,40 +0,0 @@
1
- module Saml
2
- module Kit
3
- module Builders
4
- class XmlSignature
5
- SIGNATURE_METHODS = {
6
- SHA1: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
7
- SHA224: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224",
8
- SHA256: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
9
- SHA384: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
10
- SHA512: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
11
- }.freeze
12
- DIGEST_METHODS = {
13
- SHA1: "http://www.w3.org/2000/09/xmldsig#SHA1",
14
- SHA224: "http://www.w3.org/2001/04/xmldsig-more#sha224",
15
- SHA256: "http://www.w3.org/2001/04/xmlenc#sha256",
16
- SHA384: "http://www.w3.org/2001/04/xmldsig-more#sha384",
17
- SHA512: "http://www.w3.org/2001/04/xmlenc#sha512",
18
- }.freeze
19
-
20
- attr_reader :embed_signature, :configuration
21
- attr_reader :reference_id
22
- attr_reader :certificate
23
-
24
- def initialize(reference_id, configuration:, certificate: )
25
- @configuration = configuration
26
- @reference_id = reference_id
27
- @certificate = certificate
28
- end
29
-
30
- def signature_method
31
- SIGNATURE_METHODS[configuration.signature_method]
32
- end
33
-
34
- def digest_method
35
- DIGEST_METHODS[configuration.digest_method]
36
- end
37
- end
38
- end
39
- end
40
- end
@@ -1,96 +0,0 @@
1
- module Saml
2
- module Kit
3
- # {include:file:spec/saml/certificate_spec.rb}
4
- class Certificate
5
- BEGIN_CERT=/-----BEGIN CERTIFICATE-----/
6
- END_CERT=/-----END CERTIFICATE-----/
7
- # The use can be `:signing` or `:encryption`
8
- attr_reader :use
9
-
10
- def initialize(value, use:)
11
- @value = value
12
- @use = use.downcase.to_sym
13
- end
14
-
15
- # @return [Saml::Kit::Fingerprint] the certificate fingerprint.
16
- def fingerprint
17
- Fingerprint.new(value)
18
- end
19
-
20
- # Returns true if this certificate is for the specified use.
21
- #
22
- # @param use [Symbol] `:signing` or `:encryption`.
23
- # @return [Boolean] true or false.
24
- def for?(use)
25
- self.use == use.to_sym
26
- end
27
-
28
- # Returns true if this certificate is used for encryption.
29
- #
30
- # return [Boolean] true or false.
31
- def encryption?
32
- for?(:encryption)
33
- end
34
-
35
- # Returns true if this certificate is used for signing.
36
- #
37
- # return [Boolean] true or false.
38
- def signing?
39
- for?(:signing)
40
- end
41
-
42
- # Returns the x509 form.
43
- #
44
- # return [OpenSSL::X509::Certificate] the OpenSSL equivalent.
45
- def x509
46
- self.class.to_x509(value)
47
- end
48
-
49
- # Returns the public key.
50
- #
51
- # @return [OpenSSL::PKey::RSA] the RSA public key.
52
- def public_key
53
- x509.public_key
54
- end
55
-
56
- def ==(other)
57
- self.fingerprint == other.fingerprint
58
- end
59
-
60
- def eql?(other)
61
- self == other
62
- end
63
-
64
- def hash
65
- value.hash
66
- end
67
-
68
- def to_s
69
- value
70
- end
71
-
72
- def to_h
73
- { use: @use, fingerprint: fingerprint.to_s }
74
- end
75
-
76
- def inspect
77
- to_h.inspect
78
- end
79
-
80
- def stripped
81
- value.to_s.gsub(BEGIN_CERT, '').gsub(END_CERT, '').gsub(/\n/, '')
82
- end
83
-
84
- def self.to_x509(value)
85
- OpenSSL::X509::Certificate.new(Base64.decode64(value))
86
- rescue OpenSSL::X509::CertificateError => error
87
- Saml::Kit.logger.warn(error)
88
- OpenSSL::X509::Certificate.new(value)
89
- end
90
-
91
- private
92
-
93
- attr_reader :value
94
- end
95
- end
96
- end