saml 0.1

data/spec/saml/bindings/http_redirect_spec.rb

@@ -0,0 +1,49 @@
+# HTTP Redirect Binding
+# 
+# SAML v2.0 Bindings
+# 
+# Section 3.4
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Bindings
+    describe HTTPRedirect do
+
+      let :endpoint do
+        endpoint = double('Endpoint')
+        endpoint.stub(:location).and_return('')
+        endpoint
+      end
+        
+      let(:rake) { double('Rake') }
+
+      describe "#send_request" do
+        it "should base64 and url encode the SAMLRequest query parameter" do
+          sr = Core::AuthnRequest.new
+          rake.should_receive(:redirect).with(/\?SAMLRequest=[A-za-z0-9%]+/)
+
+          subject.build_request(rake, endpoint, sr)
+        end
+      
+        context "with relay_state parameter" do
+          let(:saml_request) { double('SAMLRequest').as_null_object }
+
+          it "should accept a relay_state and URL encode it" do
+            rake.should_receive(:redirect).with(/RelayState=A\+relay\+state/)
+            subject.build_request(rake, endpoint, saml_request, 'A relay state')
+          end
+
+          it "should not accept relay_state longer than 80 bytes" do
+            expect {
+              subject.build_request(rake, endpoint, saml_request, 'x'*81)
+            }.to raise_error(ArgumentError)
+          end
+        end
+      end
+    end
+  end
+end

data/spec/saml/core/assertion_spec.rb

@@ -0,0 +1,50 @@
+# Assertion
+# 
+# SAML v2.0 Core
+# 
+# Section 2.3.3
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require "spec_helper"
+
+module SAML
+  module Core
+    describe Assertion do
+
+      describe "#from_xml" do
+
+        def xml(str='')
+          Document.new(<<EOT).root
+<s:Assertion xmlns:s='urn:oasis:names:tc:SAML:2.0:assertion' ID="1" Version="2.0" IssueInstant="2012-01-01T07:00:00Z">
+  <s:Issuer>Me</s:Issuer>
+  #{str}
+</s:Assertion>
+EOT
+        end
+
+        context "Minimal valid XML" do
+          
+          subject do
+            Assertion.from_xml(xml)
+          end
+          
+          its(:id)             { should == "1" }
+          its(:version)        { should == "2.0" }
+          its(:issue_instant)  { should == "2012-01-01T07:00:00Z" }
+        end
+
+        context "With AttributeStatement" do
+          it do
+            a = Assertion.from_xml(xml('<s:AttributeStatement><s:Attribute Name="Foo"><s:AttributeValue>Bar</s:AttributeValue></s:Attribute></s:AttributeStatement>'))
+            a.attribute_statement.attributes.first.name.should == "Foo"
+          end
+        end
+        
+        it "should fail when required fields are missing"
+      end
+    end
+  end
+end
+      

data/spec/saml/core/attribute_spec.rb

@@ -0,0 +1,36 @@
+# Attribute
+# 
+# SAML v2.0 Core
+# 
+# Section 2.7.3.1
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe Attribute do
+
+      describe "#from_xml" do
+
+        context "Minimal valid XML" do
+          
+          subject do
+            r = Attribute.from_xml(Document.new(<<EOT).root)
+<s:Attribute xmlns:s='urn:oasis:names:tc:SAML:2.0:assertion' Name="Foo">
+  <s:AttributeValue>Hei</s:AttributeValue>
+</s:Attribute>
+EOT
+          end
+          
+          its(:name)             { should == "Foo" }
+          its(:name_format)      { should == "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" }
+          its(:attribute_values) { subject.first.should =~ /Hei/ }
+
+        end
+      end
+    end
+  end
+end

data/spec/saml/core/attribute_statement_spec.rb

@@ -0,0 +1,18 @@
+# AttributeStatement
+# 
+# SAML v2.0 Core
+# 
+# Section 2.7.3
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require "spec_helper"
+
+module SAML
+  module Core
+    describe AttributeStatement do
+
+    end
+  end
+end

data/spec/saml/core/authn_request_spec.rb

@@ -0,0 +1,39 @@
+# AuthnRequest
+# 
+# SAML v2.0 Core
+# 
+# Section 3.4.1
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe AuthnRequest do
+
+      it "should extend RequestAbstract" do
+        AuthnRequest.new.should be_kind_of(RequestAbstract)
+      end
+
+      describe "#to_xml" do
+        context "attributes" do
+          subject { AuthnRequest.new.to_xml.root.attributes }
+          it { should include('Version') }
+          it { should include('ID') }
+          it { should include('IssueInstant') }
+        end
+
+        context "with Issuer" do
+          it "should have an Issuer element in the xml" do
+            r = AuthnRequest.new
+            r.issuer = "me"
+            xml = r.to_xml.root
+            xml.get_elements('saml:Issuer').first.text.should == "me"
+          end
+        end
+      end
+    end
+  end
+end

data/spec/saml/core/authn_statement_spec.rb

@@ -0,0 +1,17 @@
+# AuthnStatement
+# 
+# SAML v2.0 Core
+# 
+# Section 2.7.2
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe AuthnStatement do
+    end
+  end
+end

data/spec/saml/core/logout_request_spec.rb

@@ -0,0 +1,36 @@
+# LogoutRequest
+# 
+# SAML v2.0 Core
+# 
+# Section 3.7.1
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe LogoutRequest do
+
+      it "should extend RequestAbstract" do
+        AuthnRequest.new.should be_kind_of(RequestAbstract)
+      end
+
+      %w(NotOnOrAfter Reason BaseID/EncryptedID SessionIndex).each do |attr|
+        it "should not support optional attribute/element #{attr}"
+      end
+
+      describe "#to_xml" do
+        subject do
+          r = LogoutRequest.new
+          r.name_id = "test@example.com"
+          r.to_xml.root
+        end
+        
+        it { should have(1).elements }
+        its(:name) { should == "LogoutRequest" } 
+      end
+    end
+  end
+end

data/spec/saml/core/request_abstract_spec.rb

@@ -0,0 +1,55 @@
+# RequestAbstract
+# 
+# SAML v2.0 Core
+# 
+# Section 3.2.1
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe RequestAbstract do
+
+      it "should have a ID conforming to the xs:ID data type" do
+        subject.id.should match(/[A-Za-z0-9-]+/)
+      end
+
+      its(:version) { should == "2.0" }
+
+      describe "#issue_instant" do
+        it "should have an issue instant formated as %Y-%m-%dT%H:%M:%SZ" do
+          subject.issue_instant.should match(/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z/)
+        end
+   
+        it "should be set to now" do
+          t = double(Time)
+          t.should_receive(:now).and_return(Time.now)
+          RequestAbstract.new(t)
+        end
+      end
+        
+      describe "#issuer" do
+        it do
+          subject.issuer = 'test'
+        end
+
+        it "should have an issuer element in the xml when issuer is set" do
+          subject.issuer = 'test'
+          subject.to_xml.should match_xpath('//saml:Issuer')
+        end
+
+        it "should not have an issuer element in the xml when issuer is not set" do
+          subject.to_xml.should_not match_xpath('//saml:Issuer')
+        end
+      end
+
+      %w(Destination Consent Signature Extensions).each do |attr|
+        it "should not support #{attr}"
+      end
+      
+    end
+  end
+end

data/spec/saml/core/response_spec.rb

@@ -0,0 +1,32 @@
+# Response
+# 
+# SAML v2.0 Core
+# 
+# Section 3.3.3
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe Response do
+
+      it { should be_kind_of(StatusResponse) }
+
+      describe "#from_xml" do
+
+        it do
+          xml = Document.new(<<EOT).root
+<sp:StatusResponse xmlns:sp='urn:oasis:names:tc:SAML:2.0:protocol' xmlns:s='urn:oasis:names:tc:SAML:2.0:assertion' ID="1" Version="2.0">
+  <sp:Status><sp:StatusCode Value="Jolly good"/></sp:Status>
+  <s:Assertion ID="1" Version="2.0" IssueInstant="right now"></s:Assertion>
+</sp:StatusResponse>
+EOT
+          r = Response.from_xml(xml)
+        end
+      end
+    end
+  end
+end

data/spec/saml/core/status_response_spec.rb

@@ -0,0 +1,49 @@
+# StatusResponse
+# 
+# SAML v2.0 Core
+# 
+# Section 3.2.2
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe StatusResponse do
+
+      #ID [Required]
+      #InResponseTo [Optional]
+      #Version [Required]
+      #IssueInstant [Required]
+      #Destination [Optional]
+      #Consent [Optional]
+      #<saml:Issuer> [Optional]
+      #<ds:Signature> [Optional]
+      #<Extensions> [Optional]
+      #<Status> [Required]
+
+      describe "#from_xml" do
+
+        context "Minimal valid XML" do
+          
+          subject do
+            xml = Document.new(<<EOT)
+<sp:StatusResponse xmlns:sp='urn:oasis:names:tc:SAML:2.0:protocol' ID="1" Version="2.0">
+  <sp:Status><sp:StatusCode Value="Jolly good"/></sp:Status>
+</sp:StatusResponse>
+EOT
+            StatusResponse.from_xml(xml.root)
+          end
+          
+          its(:id)      { should == "1" }
+          its(:version) { should == "2.0" }
+          its(:status)  { subject.status_code.should == "Jolly good" }
+        end
+
+        it "should fail when required fields are missing"
+      end
+    end
+  end
+end

data/spec/saml/core/status_spec.rb

@@ -0,0 +1,27 @@
+# Status
+# 
+# SAML v2.0 Core
+# 
+# Section 3.2.2.1
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe Status do
+      it "should only allow the following top-level status codes"
+      # urn:oasis:names:tc:SAML:2.0:status:Success
+      #   The request succeeded. Additional information MAY be returned in the <StatusMessage> and/or <StatusDetail> elements.
+      # urn:oasis:names:tc:SAML:2.0:status:Requester
+      #   The request could not be performed due to an error on the part of the requester.
+      # urn:oasis:names:tc:SAML:2.0:status:Responder
+      #   The request could not be performed due to an error on the part of the SAML responder or SAML authority.
+      # urn:oasis:names:tc:SAML:2.0:status:VersionMismatch
+      #   The SAML responder could not process the request because the version of the request message was incorrect.
+
+    end
+  end
+end

data/spec/saml/core/subject_spec.rb

@@ -0,0 +1,17 @@
+# Subject
+# 
+# SAML v2.0 Core
+# 
+# Section 2.4.1
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Core
+    describe Subject do
+    end
+  end
+end

data/spec/saml/metadata/endpoint_spec.rb

@@ -0,0 +1,17 @@
+# Status
+# 
+# SAML v2.0 Metadata
+# 
+# Section 2.2.2
+#
+# http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
+#
+
+require 'spec_helper'
+
+module SAML
+  module Metadata
+    describe Endpoint do
+    end
+  end
+end