saml 0.1

data/lib/saml/core/response.rb

@@ -0,0 +1,28 @@
+require 'xml_signature'
+
+module SAML
+  module Core
+    class Response < StatusResponse
+
+      attr_reader :assertions
+
+      def self.from_xml(xml); new.from_xml(xml); end
+
+      def from_xml(xml)
+        super(xml)
+        @xml = xml
+
+        @assertions = xml.get_elements('saml:Assertion').map do |a|
+          Assertion.from_xml(a)
+        end
+        
+        self
+      end
+
+      def valid?(expected_certificate)
+        XMLSignature.new(@xml).verify(expected_certificate)
+      end
+
+    end
+  end
+end

data/lib/saml/core/status.rb

@@ -0,0 +1,26 @@
+module SAML
+  module Core
+    class Status
+
+      attr_reader :status_code
+      # FIXME attr_reader :status_message
+      # FIXME attr_reader :status_detail
+      
+      def self.from_xml(xml); new.from_xml(xml); end
+
+      def from_xml(xml)
+        @status_code = REXML::XPath.first(
+          xml,
+          "//samlp:Status/samlp:StatusCode/@Value", 
+          { 'samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol'}
+        ).value
+        self
+      end
+
+      def success?
+        @status_code == 'urn:oasis:names:tc:SAML:2.0:status:Success'
+      end
+      
+    end
+  end
+end

data/lib/saml/core/status_response.rb

@@ -0,0 +1,24 @@
+module SAML
+  module Core
+    class StatusResponse
+
+      attr_reader :id
+      attr_reader :version
+      attr_reader :status
+
+      def self.from_xml(xml); new.from_xml(xml); end
+      
+      def from_xml(xml)
+        @id      = xml.attributes["ID"]
+        @version = xml.attributes["Version"]
+        @status  = Status.from_xml(xml.get_elements("samlp:Status").first)
+        self
+      end
+
+      def success?
+        status.success?
+      end
+
+    end
+  end
+end

data/lib/saml/core/subject.rb

@@ -0,0 +1,13 @@
+module SAML
+  module Core
+    class Subject
+
+      attr_reader :name_id
+
+      def from_xml(xml)
+        @name_id = xml.get_elements('saml:NameID').text
+      end
+
+    end
+  end
+end

data/lib/saml/core/xml_namespaces.rb

@@ -0,0 +1,21 @@
+# XML Namespaces
+# 
+# SAML v2.0 Core
+# 
+# Section 1.2 (and 1.1)
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+module SAML
+  module Core
+    
+    XMLNamespaces = {
+      :saml  => 'urn:oasis:names:tc:SAML:2.0:assertion',
+      :samlp => 'urn:oasis:names:tc:SAML:2.0:protocol',
+      :ds    => 'http://www.w3.org/2000/09/xmldsig#',
+      :xenc  => 'http://www.w3.org/2001/04/xmlenc#',
+    }
+
+  end
+end

data/lib/saml/metadata/document.rb

@@ -0,0 +1,14 @@
+require 'rexml/document'
+
+module SAML
+  module Metadata
+    class Document < REXML::Document
+
+      def initialize(*args)
+        super(*args)
+        XMLNamespaces.each {|k,v| add_namespace(k, v)}
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/endpoint.rb

@@ -0,0 +1,22 @@
+require 'uri'
+
+module SAML
+  module Metadata
+    class Endpoint
+
+      attr_reader :binding
+      attr_reader :location
+      attr_reader :response_location
+
+      def self.from_xml(xml); new.from_xml(xml); end
+
+      def from_xml(xml)
+        @binding  = xml.attributes['Binding']
+        @location = URI(xml.attributes['Location'])
+        @response_location = xml.attributes['ResponseLocation'] && URI(xml.attributes['ResponseLocation'])
+        self
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/entities_descriptor.rb

@@ -0,0 +1,32 @@
+module SAML
+  module Metadata
+    class EntitiesDescriptor
+
+      attr_reader :entity_descriptors
+      
+      def self.from_xml(xml)
+        allocate.from_xml(xml)
+      end
+
+      def from_xml(xml)
+        @entity_descriptors = xml.get_elements('md:EntityDescriptor').map do |ed_node|
+          EntityDescriptor.from_xml(ed_node)
+        end
+        self
+      end
+
+      def sp
+        @entity_descriptors.each do |entity|
+          return entity if entity.sp?
+        end
+      end
+
+      def idp
+        @entity_descriptors.each do |entity|
+          return entity if entity.idp?
+        end
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/entity_descriptor.rb

@@ -0,0 +1,40 @@
+module SAML
+  module Metadata
+    class EntityDescriptor
+      
+      attr_accessor :entity_id
+
+      def self.from_xml(xml)
+        allocate.from_xml(xml)
+      end
+
+      def from_xml(xml)
+        @entity_id = xml.attributes['entityID']
+        @sp_sso_descriptors = xml.get_elements('md:SPSSODescriptor').map do |elem|
+          SPSSODescriptor.from_xml(elem)
+        end
+        @idp_sso_descriptors = xml.get_elements('md:IDPSSODescriptor').map do |elem|
+          IDPSSODescriptor.from_xml(elem)
+        end
+        self
+      end
+
+      def sp_sso_descriptors
+        @sp_sso_descriptors.clone
+      end
+
+      def idp_sso_descriptors
+        @idp_sso_descriptors.clone
+      end
+
+      def sp?
+        not @sp_sso_descriptors.empty?
+      end
+
+      def idp?
+        not @idp_sso_descriptors.empty?
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/idp_sso_descriptor.rb

@@ -0,0 +1,25 @@
+module SAML
+  module Metadata
+    class IDPSSODescriptor < SSODescriptor
+
+      def self.from_xml(xml); new.from_xml(xml); end
+
+      def from_xml(xml)
+        super(xml)
+        @single_signon_services = xml.get_elements('md:SingleSignOnService').map do |elem|
+          Endpoint.from_xml(elem)
+        end
+        self
+      end
+
+      def want_authn_requests_signed?
+        false
+      end
+
+      def single_signon_services
+        @single_signon_services.clone
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/indexed_endpoint.rb

@@ -0,0 +1,19 @@
+module SAML
+  module Metadata
+    class IndexedEndpoint < Endpoint
+
+      attr_reader :index
+      attr_reader :is_default
+
+      def self.from_xml(xml); new.from_xml(xml); end
+
+      def from_xml(xml)
+        super(xml)
+        @index      = xml.attributes['Index']
+        @is_default = xml.attributes['IsDefault']
+        self
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/key_descriptor.rb

@@ -0,0 +1,21 @@
+module SAML
+  module Metadata
+    class KeyDescriptor
+      
+      attr_accessor :use
+      attr_accessor :key_info
+      attr_accessor :x509_certificate
+
+      def self.from_xml(xml); new.from_xml(xml); end
+
+      def from_xml(xml)
+        @use = xml.attributes['use']
+        puts xml.to_s(2)
+        @x509_certificate = REXML::XPath.first(xml, '//ds:X509Certificate').text
+        
+        self
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/role_descriptor.rb

@@ -0,0 +1,21 @@
+module SAML
+  module Metadata
+    class RoleDescriptor
+      
+      attr_accessor :protocol_support_enumeration
+      attr_accessor :key_descriptors
+
+      def from_xml(xml)
+        @key_descriptors = xml.get_elements('md:KeyDescriptor').map do |kd_node|
+          KeyDescriptor.from_xml(kd_node)
+        end
+        self
+      end
+
+      def signing_key_descriptor
+        @key_descriptors.find {|kd| kd.use == 'signing' }
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/sp_sso_descriptor.rb

@@ -0,0 +1,23 @@
+module SAML
+  module Metadata
+    class SPSSODescriptor < SSODescriptor
+
+      def self.from_xml(xml); new.from_xml(xml); end
+
+      def from_xml(xml)
+        super(xml)
+
+        @assertion_consumer_services = xml.get_elements('md:AssertionConsumerService').map do |elem|
+          IndexedEndpoint.from_xml(elem)
+        end
+
+        self
+      end
+
+      def assertion_consumer_services
+        @assertion_consumer_services.clone
+      end
+
+    end
+  end
+end

data/lib/saml/metadata/sso_descriptor.rb

@@ -0,0 +1,21 @@
+require 'saml/metadata/role_descriptor'
+
+module SAML
+  module Metadata
+    class SSODescriptor < RoleDescriptor
+
+      def from_xml(xml)
+        super(xml)
+        @single_logout_services = xml.get_elements('md:SingleLogoutService').map do |elem|
+          Endpoint.from_xml(elem)
+        end
+        self
+      end
+
+      def single_logout_services
+        @single_logout_services.clone
+      end
+      
+    end
+  end
+end

data/lib/saml/metadata/xml_namespaces.rb

@@ -0,0 +1,19 @@
+# XML Namespaces
+# 
+# SAML v2.0 Metadata
+# 
+# Section FIXME
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
+#
+
+module SAML
+  module Metadata
+    
+    XMLNamespaces = {
+      :md  => 'urn:oasis:names:tc:SAML:2.0:metadata',
+      :ds    => 'http://www.w3.org/2000/09/xmldsig#',
+    }
+
+  end
+end

data/lib/saml/session.rb

@@ -0,0 +1,22 @@
+module SAML
+
+  class Session
+
+    attr_reader :id
+    
+    def initialize(id)
+      @id = id
+      @participants = []
+    end
+
+    def add_participant(service_provider)
+      @participants << service_provider
+    end
+
+    def logout_participants
+      @participants.each { |p| p.logout(@id) }
+    end
+
+  end
+
+end

data/lib/saml/version.rb

@@ -0,0 +1,3 @@
+module SAML
+  VERSION = "0.1"
+end

data/saml.gemspec

@@ -0,0 +1,24 @@
+# encoding: utf-8
+$:.push File.expand_path("../lib", __FILE__)
+require "saml/version"
+
+development_files = %w(.gitignore Guardfile Gemfile)
+
+Gem::Specification.new do |s|
+  s.name        = "saml"
+  s.version     = SAML::VERSION
+  s.author      = "Kjell-Magne Øierud"
+  s.email       = ["kjellm@oierud.net"]
+  s.homepage    = "https://github.com/kjellm/skeleton"
+  s.license     = "MIT"
+  s.summary     = %q{Partial implementation of the SAML Standard}
+  s.description = %q{Partial implementation of the SAML Standard}
+  
+  s.files         = `git ls-files`.split("\n") - development_files
+  s.require_paths = ["lib"]
+
+  s.required_ruby_version = '>= 1.8.7'
+
+  s.add_runtime_dependency "uuid"
+  s.add_runtime_dependency "xml_signature"
+end