saml-kit 1.0.6 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/.gitlab-ci.yml +5 -5
  3. data/.rubocop.yml +92 -0
  4. data/.rubocop_todo.yml +45 -0
  5. data/.travis.yml +7 -3
  6. data/Gemfile +2 -2
  7. data/Rakefile +5 -3
  8. data/bin/cibuild +23 -0
  9. data/bin/console +3 -3
  10. data/bin/lint +13 -0
  11. data/bin/setup +1 -1
  12. data/bin/test +19 -0
  13. data/exe/saml-kit-create-self-signed-certificate +6 -6
  14. data/exe/saml-kit-decode-http-redirect +6 -2
  15. data/lib/saml/kit.rb +42 -39
  16. data/lib/saml/kit/assertion.rb +67 -25
  17. data/lib/saml/kit/authentication_request.rb +1 -1
  18. data/lib/saml/kit/bindings.rb +8 -8
  19. data/lib/saml/kit/bindings/binding.rb +5 -5
  20. data/lib/saml/kit/bindings/http_redirect.rb +12 -7
  21. data/lib/saml/kit/bindings/url_builder.rb +2 -2
  22. data/lib/saml/kit/buildable.rb +3 -3
  23. data/lib/saml/kit/builders/assertion.rb +4 -0
  24. data/lib/saml/kit/builders/authentication_request.rb +3 -3
  25. data/lib/saml/kit/builders/logout_request.rb +1 -1
  26. data/lib/saml/kit/builders/logout_response.rb +1 -1
  27. data/lib/saml/kit/builders/response.rb +2 -8
  28. data/lib/saml/kit/builders/templates/assertion.builder +1 -1
  29. data/lib/saml/kit/builders/templates/metadata.builder +4 -4
  30. data/lib/saml/kit/builders/templates/service_provider_metadata.builder +1 -1
  31. data/lib/saml/kit/composite_metadata.rb +9 -5
  32. data/lib/saml/kit/configuration.rb +7 -7
  33. data/lib/saml/kit/default_registry.rb +1 -1
  34. data/lib/saml/kit/document.rb +39 -23
  35. data/lib/saml/kit/identity_provider_metadata.rb +6 -6
  36. data/lib/saml/kit/invalid_document.rb +2 -2
  37. data/lib/saml/kit/locales/en.yml +12 -3
  38. data/lib/saml/kit/logout_request.rb +1 -1
  39. data/lib/saml/kit/logout_response.rb +1 -1
  40. data/lib/saml/kit/metadata.rb +43 -41
  41. data/lib/saml/kit/namespaces.rb +25 -25
  42. data/lib/saml/kit/null_assertion.rb +17 -0
  43. data/lib/saml/kit/respondable.rb +2 -3
  44. data/lib/saml/kit/response.rb +23 -4
  45. data/lib/saml/kit/rspec/have_query_param.rb +1 -1
  46. data/lib/saml/kit/service_provider_metadata.rb +3 -3
  47. data/lib/saml/kit/signature.rb +74 -4
  48. data/lib/saml/kit/translatable.rb +3 -2
  49. data/lib/saml/kit/trustable.rb +4 -11
  50. data/lib/saml/kit/version.rb +1 -1
  51. data/lib/saml/kit/xml_templatable.rb +10 -5
  52. data/saml-kit.gemspec +25 -22
  53. metadata +54 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 27101b53cc92074aa1b0ea8f84d40d41f1bf32b6b208a1a5d9b94d92087cfa51
4
- data.tar.gz: c0ad9546f68fa6feb9afaf34e8609cfac835ab7607790542a9a7146fe94ed846
3
+ metadata.gz: f336ef3e71456ef8822afe806133e69cdf66051db1cb47ff29b4604cd3c14080
4
+ data.tar.gz: 0af28562d5ceeb54517113a179d002584a806f5054f11e73b0aac2c91c392640
5
5
  SHA512:
6
- metadata.gz: 656acd1866446463a4bf2578eb0b543657713ec83e8cf9c9cde89c6298c54075f857bf008c7812e42539bb715e4c5158fce899fff390c558dedc0dd692d09aac
7
- data.tar.gz: bb7a65a294eb4a47edc1c29e16908f12c57fe74a0423b26baefc713e9fc223f47ef6533f35b66cb2ffc4bb64921352afd849296dbfed98e202ab4d53ae03f67e
6
+ metadata.gz: ff41286ca85b6fa5d076ba78fabf7f7fe3e8e1cf7e951af112a2e77e1e90d7f073515694ba63e688e38263456f24fe12af0e775c6d836e8a77becf82ebbb6034
7
+ data.tar.gz: bb1b0cf0d15d68af2115f1c14f36aa702c7367c9f34af031214263b0c405e1bb078a9b5783184979eef431caa37075639a4640a842f80fb92d445e4545a5bf53
data/.gitlab-ci.yml CHANGED
@@ -5,11 +5,11 @@ before_script:
5
5
  - echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
6
6
  - locale-gen
7
7
  - export LC_ALL=en_US.UTF-8
8
- - ruby -v
9
- - which ruby
10
- - gem install bundler --no-ri --no-rdoc
11
- - bundle install --jobs $(nproc) "${FLAGS[@]}"
12
8
 
13
9
  rspec:
14
10
  script:
15
- - bundle exec rspec
11
+ - bin/cibuild
12
+
13
+ lint:
14
+ script:
15
+ - bin/lint
data/.rubocop.yml ADDED
@@ -0,0 +1,92 @@
1
+ inherit_from: .rubocop_todo.yml
2
+
3
+ require:
4
+ - rubocop/cop/internal_affairs
5
+ - rubocop-rspec
6
+
7
+ AllCops:
8
+ Exclude:
9
+ - 'coverage/**/*'
10
+ - 'pkg/**/*'
11
+ - 'spec/fixtures/**/*'
12
+ - 'spec/examples/**/*'
13
+ - 'tmp/**/*'
14
+ - 'vendor/**/*'
15
+ TargetRubyVersion: 2.2
16
+
17
+ Layout/ClassStructure:
18
+ Enabled: true
19
+ Categories:
20
+ module_inclusion:
21
+ - include
22
+ - prepend
23
+ - extend
24
+ ExpectedOrder:
25
+ - module_inclusion
26
+ - constants
27
+ - public_class_methods
28
+ - initializer
29
+ - instance_methods
30
+ - protected_methods
31
+ - private_methods
32
+
33
+ Layout/EndOfLine:
34
+ EnforcedStyle: lf
35
+
36
+ Layout/IndentArray:
37
+ EnforcedStyle: consistent
38
+
39
+ Layout/IndentHeredoc:
40
+ EnforcedStyle: active_support
41
+
42
+ Lint/AmbiguousBlockAssociation:
43
+ Exclude:
44
+ - 'spec/**/*.rb'
45
+
46
+ Lint/InterpolationCheck:
47
+ Exclude:
48
+ - 'spec/**/*.rb'
49
+
50
+ Metrics/BlockLength:
51
+ Exclude:
52
+ - '**/**/*.builder'
53
+ - '**/*.rake'
54
+ - '*.gemspec'
55
+ - 'Rakefile'
56
+ - 'spec/**/*.rb'
57
+
58
+ Metrics/ModuleLength:
59
+ Exclude:
60
+ - 'spec/**/*.rb'
61
+
62
+ Metrics/LineLength:
63
+ Exclude:
64
+ - 'spec/**/*.rb'
65
+
66
+ Naming/FileName:
67
+ Exclude:
68
+ - 'lib/saml-kit.rb'
69
+
70
+ Style/Documentation:
71
+ Enabled: false
72
+
73
+ Style/StringLiterals:
74
+ EnforcedStyle: 'single_quotes'
75
+
76
+ Style/TrailingCommaInLiteral:
77
+ Enabled: false
78
+
79
+ RSpec/ExampleLength:
80
+ Max: 80
81
+
82
+ RSpec/MultipleExpectations:
83
+ Enabled: false
84
+
85
+ RSpec/NamedSubject:
86
+ Enabled: false
87
+
88
+ RSpec/NestedGroups:
89
+ Max: 7
90
+
91
+ RSpec/SubjectStub:
92
+ Enabled: false
data/.rubocop_todo.yml ADDED
@@ -0,0 +1,45 @@
1
+ # This configuration was generated by
2
+ # `rubocop --auto-gen-config`
3
+ # on 2018-02-16 22:08:54 -0700 using RuboCop version 0.52.1.
4
+ # The point is for the user to remove these configuration records
5
+ # one by one as the offenses are removed from the code base.
6
+ # Note that changes in the inspected code, or installation of new
7
+ # versions of RuboCop, may require this file to be generated again.
8
+
9
+ # Offense count: 1
10
+ # Cop supports --auto-correct.
11
+ # Configuration parameters: AllowUnusedKeywordArguments, IgnoreEmptyMethods.
12
+ Lint/UnusedMethodArgument:
13
+ Exclude:
14
+ - 'lib/saml/kit/invalid_document.rb'
15
+
16
+ # Offense count: 2
17
+ Metrics/AbcSize:
18
+ Max: 16
19
+
20
+ # Offense count: 3
21
+ # Configuration parameters: CountComments.
22
+ Metrics/ClassLength:
23
+ Max: 136
24
+
25
+ # Offense count: 6
26
+ # Configuration parameters: CountComments.
27
+ Metrics/MethodLength:
28
+ Max: 13
29
+
30
+ # Offense count: 1
31
+ Style/DateTime:
32
+ Exclude:
33
+ - 'lib/saml/kit/assertion.rb'
34
+
35
+ # Offense count: 1
36
+ # Cop supports --auto-correct.
37
+ Style/IfUnlessModifier:
38
+ Exclude:
39
+ - 'lib/saml/kit/builders/authentication_request.rb'
40
+
41
+ # Offense count: 128
42
+ # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
43
+ # URISchemes: http, https
44
+ Metrics/LineLength:
45
+ Max: 313
data/.travis.yml CHANGED
@@ -1,6 +1,10 @@
1
1
  sudo: false
2
2
  language: ruby
3
3
  rvm:
4
- - 2.4.2
5
- before_install: gem install bundler -v 1.15.4
6
- script: "bundle exec rspec"
4
+ - 2.2.9
5
+ - 2.3.6
6
+ - 2.4.3
7
+ - 2.5.0
8
+ script:
9
+ - bin/cibuild
10
+ - bin/lint
data/Gemfile CHANGED
@@ -1,6 +1,6 @@
1
- source "https://rubygems.org"
1
+ source 'https://rubygems.org'
2
2
 
3
- git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
3
+ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
4
4
 
5
5
  # Specify your gem's dependencies in saml-kit.gemspec
6
6
  gemspec
data/Rakefile CHANGED
@@ -1,6 +1,8 @@
1
- require "bundler/gem_tasks"
2
- require "rspec/core/rake_task"
1
+ require 'bundler/gem_tasks'
2
+ require 'rspec/core/rake_task'
3
3
 
4
4
  RSpec::Core::RakeTask.new(:spec)
5
+ task default: :spec
5
6
 
6
- task :default => :spec
7
+ require 'rubocop/rake_task'
8
+ RuboCop::RakeTask.new(:rubocop)
data/bin/cibuild ADDED
@@ -0,0 +1,23 @@
1
+ #!/bin/sh
2
+
3
+ # script/cibuild: Setup environment for CI to run tests. This is primarily
4
+ # designed to run on the continuous integration server.
5
+
6
+ set -e
7
+
8
+ cd "$(dirname "$0")/.."
9
+
10
+ echo "Started at…"
11
+ date "+%H:%M:%S"
12
+
13
+ # GC customizations
14
+ export RUBY_GC_MALLOC_LIMIT=79000000
15
+ export RUBY_GC_HEAP_INIT_SLOTS=800000
16
+ export RUBY_HEAP_FREE_MIN=100000
17
+ export RUBY_HEAP_SLOTS_INCREMENT=400000
18
+ export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1
19
+
20
+ gem install bundler --no-ri --no-rdoc --conservative
21
+ # run tests
22
+ ruby -v
23
+ bin/test
data/bin/console CHANGED
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env ruby
2
2
 
3
- require "bundler/setup"
4
- require "saml/kit"
3
+ require 'bundler/setup'
4
+ require 'saml/kit'
5
5
 
6
6
  # You can add fixtures and/or initialization code here to make experimenting
7
7
  # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +10,5 @@ require "saml/kit"
10
10
  # require "pry"
11
11
  # Pry.start
12
12
 
13
- require "irb"
13
+ require 'irb'
14
14
  IRB.start(__FILE__)
data/bin/lint ADDED
@@ -0,0 +1,13 @@
1
+ #!/bin/sh
2
+
3
+ set -e
4
+
5
+ [ -z "$DEBUG" ] || set -x
6
+
7
+ echo "==> Running setup…"
8
+ date "+%H:%M:%S"
9
+ bin/setup
10
+
11
+ echo "==> Running linters…"
12
+ date "+%H:%M:%S"
13
+ bundle exec rake rubocop
data/bin/setup CHANGED
@@ -3,6 +3,6 @@ set -euo pipefail
3
3
  IFS=$'\n\t'
4
4
  set -vx
5
5
 
6
- bundle install
6
+ bundle check || bundle install --jobs $(nproc)
7
7
 
8
8
  # Do any other automated setup that you need to do here
data/bin/test ADDED
@@ -0,0 +1,19 @@
1
+ #!/bin/sh
2
+
3
+ # script/test: Run test suite for application. Optionally pass in a path to an
4
+ # individual test file to run a single test.
5
+
6
+
7
+ set -e
8
+
9
+ cd "$(dirname "$0")/.."
10
+
11
+ [ -z "$DEBUG" ] || set -x
12
+
13
+ echo "==> Running setup…"
14
+ date "+%H:%M:%S"
15
+ bin/setup
16
+
17
+ echo "==> Running tests…"
18
+ date "+%H:%M:%S"
19
+ bundle exec rake spec
@@ -3,22 +3,22 @@ require 'saml/kit'
3
3
 
4
4
  Saml::Kit.deprecate("Use the 'saml-kit-cli' gem instead. saml-kit-create-self-signed-certificate")
5
5
 
6
- puts "Enter Passphrase:"
6
+ puts 'Enter Passphrase:'
7
7
  passphrase = STDIN.read.strip
8
8
  certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
9
9
 
10
- puts "** BEGIN File Format **"
10
+ puts '** BEGIN File Format **'
11
11
  print certificate
12
12
  puts private_key
13
- puts "***********************"
13
+ puts '***********************'
14
14
 
15
15
  puts
16
16
 
17
- puts "*** BEGIN ENV Format **"
17
+ puts '*** BEGIN ENV Format **'
18
18
  puts certificate.inspect
19
19
  puts private_key.inspect
20
- puts "***********************"
20
+ puts '***********************'
21
21
 
22
22
  puts
23
- puts "Private Key Passphrase:"
23
+ puts 'Private Key Passphrase:'
24
24
  puts passphrase.inspect
@@ -6,9 +6,13 @@ Saml::Kit.deprecate("Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-re
6
6
  input = STDIN.read
7
7
  binding = Saml::Kit::Bindings::HttpRedirect.new(location: '')
8
8
 
9
- uri = URI.parse(input) rescue nil
9
+ uri = begin
10
+ URI.parse(input)
11
+ rescue StandardError
12
+ nil
13
+ end
10
14
  if uri
11
- query_params = Hash[uri.query.split('&').map { |x| x.split('=', 2) }]
15
+ query_params = Hash[uri.query.split('&').map { |x| x.split('=', 2) }]
12
16
  puts binding.deserialize(query_params).to_xml(pretty: true)
13
17
  else
14
18
  puts binding.deserialize('SAMLRequest' => input).to_xml(pretty: true)
data/lib/saml/kit.rb CHANGED
@@ -1,46 +1,49 @@
1
- require "saml/kit/version"
1
+ require 'saml/kit/version'
2
2
 
3
- require "active_model"
4
- require "active_support/core_ext/date/calculations"
5
- require "active_support/core_ext/hash/conversions"
6
- require "active_support/core_ext/hash/indifferent_access"
7
- require "active_support/core_ext/numeric/time"
8
- require "active_support/deprecation"
9
- require "active_support/duration"
10
- require "forwardable"
11
- require "logger"
12
- require "net/http"
13
- require "nokogiri"
14
- require "securerandom"
15
- require "xml/kit"
3
+ require 'active_model'
4
+ require 'active_support/core_ext/date/calculations'
5
+ require 'active_support/core_ext/hash/conversions'
6
+ require 'active_support/core_ext/hash/indifferent_access'
7
+ require 'active_support/core_ext/numeric/time'
8
+ require 'active_support/deprecation'
9
+ require 'active_support/duration'
10
+ require 'forwardable'
11
+ require 'logger'
12
+ require 'net/http'
13
+ require 'nokogiri'
14
+ require 'securerandom'
15
+ require 'uri'
16
+ require 'xml/kit'
16
17
 
17
- require "saml/kit/buildable"
18
- require "saml/kit/builders"
19
- require "saml/kit/namespaces"
20
- require "saml/kit/serializable"
21
- require "saml/kit/xsd_validatable"
22
- require "saml/kit/respondable"
23
- require "saml/kit/requestable"
24
- require "saml/kit/trustable"
25
- require "saml/kit/translatable"
26
- require "saml/kit/document"
18
+ require 'saml/kit/buildable'
19
+ require 'saml/kit/builders'
20
+ require 'saml/kit/namespaces'
21
+ require 'saml/kit/serializable'
22
+ require 'saml/kit/xsd_validatable'
23
+ require 'saml/kit/respondable'
24
+ require 'saml/kit/requestable'
25
+ require 'saml/kit/trustable'
26
+ require 'saml/kit/translatable'
27
+ require 'saml/kit/document'
27
28
 
28
- require "saml/kit/assertion"
29
- require "saml/kit/authentication_request"
30
- require "saml/kit/bindings"
31
- require "saml/kit/configuration"
32
- require "saml/kit/default_registry"
33
- require "saml/kit/logout_response"
34
- require "saml/kit/logout_request"
35
- require "saml/kit/metadata"
36
- require "saml/kit/composite_metadata"
37
- require "saml/kit/response"
38
- require "saml/kit/identity_provider_metadata"
39
- require "saml/kit/invalid_document"
40
- require "saml/kit/service_provider_metadata"
41
- require "saml/kit/signature"
29
+ require 'saml/kit/assertion'
30
+ require 'saml/kit/authentication_request'
31
+ require 'saml/kit/bindings'
32
+ require 'saml/kit/configuration'
33
+ require 'saml/kit/default_registry'
34
+ require 'saml/kit/logout_response'
35
+ require 'saml/kit/logout_request'
36
+ require 'saml/kit/metadata'
37
+ require 'saml/kit/null_assertion'
38
+ require 'saml/kit/composite_metadata'
39
+ require 'saml/kit/response'
40
+ require 'saml/kit/identity_provider_metadata'
41
+ require 'saml/kit/invalid_document'
42
+ require 'saml/kit/service_provider_metadata'
43
+ require 'saml/kit/signature'
42
44
 
43
- I18n.load_path += Dir[File.expand_path("kit/locales/*.yml", File.dirname(__FILE__))]
45
+ I18n.load_path +=
46
+ Dir[File.expand_path('kit/locales/*.yml', File.dirname(__FILE__))]
44
47
 
45
48
  module Saml
46
49
  module Kit
@@ -3,17 +3,29 @@ module Saml
3
3
  class Assertion
4
4
  include ActiveModel::Validations
5
5
  include Translatable
6
-
7
- validate :must_match_issuer
8
- validate :must_be_active_session
6
+ XPATH = [
7
+ '/samlp:Response/saml:Assertion',
8
+ '/samlp:Response/saml:EncryptedAssertion'
9
+ ].join('|')
10
+
11
+ validate :must_be_decryptable
12
+ validate :must_match_issuer, if: :decryptable?
13
+ validate :must_be_active_session, if: :decryptable?
14
+ validate :must_have_valid_signature, if: :decryptable?
9
15
  attr_reader :name
10
16
  attr_accessor :occurred_at
11
17
 
12
- def initialize(xml_hash, configuration: Saml::Kit.configuration)
13
- @name = "Assertion"
14
- @xml_hash = xml_hash
18
+ def initialize(node, configuration: Saml::Kit.configuration, private_keys: [])
19
+ @name = 'Assertion'
20
+ @node = node
21
+ @xml_hash = hash_from(node)['Response'] || {}
15
22
  @configuration = configuration
16
23
  @occurred_at = Time.current
24
+ decrypt!(::Xml::Kit::Decryption.new(
25
+ private_keys: (
26
+ configuration.private_keys(use: :encryption) + private_keys
27
+ ).uniq
28
+ ))
17
29
  end
18
30
 
19
31
  def issuer
@@ -29,8 +41,7 @@ module Saml
29
41
  end
30
42
 
31
43
  def signature
32
- xml_hash = assertion.fetch('Signature', nil)
33
- xml_hash ? Signature.new(xml_hash) : nil
44
+ @signature ||= Signature.new(at_xpath('./ds:Signature'))
34
45
  end
35
46
 
36
47
  def expired?(now = occurred_at)
@@ -47,7 +58,7 @@ module Saml
47
58
  begin
48
59
  attrs = assertion.fetch('AttributeStatement', {}).fetch('Attribute', [])
49
60
  items = if attrs.is_a? Hash
50
- [[attrs["Name"], attrs["AttributeValue"]]]
61
+ [[attrs['Name'], attrs['AttributeValue']]]
51
62
  else
52
63
  attrs.map { |item| [item['Name'], item['AttributeValue']] }
53
64
  end
@@ -65,57 +76,88 @@ module Saml
65
76
 
66
77
  def audiences
67
78
  Array(assertion['Conditions']['AudienceRestriction']['Audience'])
68
- rescue => error
79
+ rescue StandardError => error
69
80
  Saml::Kit.logger.error(error)
70
81
  []
71
82
  end
72
83
 
73
84
  def encrypted?
74
- @xml_hash.fetch('Response', {}).fetch('EncryptedAssertion', nil).present?
85
+ @xml_hash.fetch('EncryptedAssertion', nil).present?
86
+ end
87
+
88
+ def decryptable?
89
+ return true unless encrypted?
90
+ !@cannot_decrypt
75
91
  end
76
92
 
77
93
  def present?
78
94
  assertion.present?
79
95
  end
80
96
 
97
+ def to_xml(pretty: false)
98
+ pretty ? @node.to_xml(indent: 2) : @node.to_s
99
+ end
100
+
81
101
  private
82
102
 
83
103
  attr_reader :configuration
84
104
 
85
105
  def assertion
86
106
  @assertion ||=
87
- if encrypted?
88
- private_keys = configuration.private_keys(use: :encryption)
89
- decryptor = ::Xml::Kit::Decryption.new(private_keys: private_keys)
90
- decrypted = decryptor.decrypt_hash(@xml_hash['Response']['EncryptedAssertion'])
91
- Saml::Kit.logger.debug(decrypted)
92
- Hash.from_xml(decrypted)['Assertion']
93
- else
94
- result = @xml_hash.fetch('Response', {}).fetch('Assertion', {})
107
+ begin
108
+ result = (hash_from(@node)['Response'] || {})['Assertion']
95
109
  return result if result.is_a?(Hash)
96
-
97
- errors[:assertion] << error_message(:must_contain_single_assertion)
98
110
  {}
99
111
  end
100
112
  end
101
113
 
114
+ def decrypt!(decryptor)
115
+ return unless encrypted?
116
+
117
+ encrypted_assertion = @node.at_xpath('./xmlenc:EncryptedData', Saml::Kit::Document::NAMESPACES)
118
+ @node = decryptor.decrypt_node(encrypted_assertion)
119
+ rescue Xml::Kit::DecryptionError => error
120
+ @cannot_decrypt = true
121
+ Saml::Kit.logger.error(error)
122
+ end
123
+
102
124
  def parse_date(value)
103
125
  DateTime.parse(value)
104
- rescue => error
126
+ rescue StandardError => error
105
127
  Saml::Kit.logger.error(error)
106
128
  Time.at(0).to_datetime
107
129
  end
108
130
 
109
131
  def must_match_issuer
110
- unless audiences.include?(configuration.entity_id)
111
- errors[:audience] << error_message(:must_match_issuer)
112
- end
132
+ return if audiences.include?(configuration.entity_id)
133
+ errors[:audience] << error_message(:must_match_issuer)
113
134
  end
114
135
 
115
136
  def must_be_active_session
116
137
  return if active?
117
138
  errors[:base] << error_message(:expired)
118
139
  end
140
+
141
+ def must_have_valid_signature
142
+ return if !signed? || signature.valid?
143
+
144
+ signature.errors.each do |attribute, message|
145
+ errors.add(attribute, message)
146
+ end
147
+ end
148
+
149
+ def must_be_decryptable
150
+ errors.add(:base, error_message(:cannot_decrypt)) unless decryptable?
151
+ end
152
+
153
+ def at_xpath(xpath)
154
+ @node.at_xpath(xpath, Saml::Kit::Document::NAMESPACES)
155
+ end
156
+
157
+ def hash_from(node)
158
+ return {} if node.nil?
159
+ Hash.from_xml(node.document.root.to_s) || {}
160
+ end
119
161
  end
120
162
  end
121
163
  end