saml2 1.0.0

data/spec/lib/identity_provider_spec.rb

@@ -0,0 +1,23 @@
+require_relative '../spec_helper'
+
+module SAML2
+  describe IdentityProvider do
+    it "should serialize valid xml" do
+      entity = Entity.new
+      entity.entity_id = 'http://sso.canvaslms.com/SAML2'
+      entity.organization = Organization.new('Canvas', 'Canvas by Instructure', 'https://www.canvaslms.com/')
+      contact = Contact.new(Contact::Type::TECHNICAL)
+      contact.company = 'Instructure'
+      contact.email_addresses << 'mailto:ops@instructure.com'
+      entity.contacts << contact
+
+      idp = IdentityProvider.new
+      idp.name_id_formats << NameID::Format::PERSISTENT
+      idp.single_sign_on_services << Endpoint.new('https://sso.canvaslms.com/SAML2/Login')
+      idp.keys << Key.new('somedata', Key::Type::SIGNING)
+
+      entity.roles << idp
+      Schemas.metadata.validate(Nokogiri::XML(entity.to_s)).must_equal []
+    end
+  end
+end

data/spec/lib/indexed_object_spec.rb

@@ -0,0 +1,38 @@
+require_relative '../spec_helper'
+
+module SAML2
+  describe IndexedObject::Array do
+    it "should sort by index" do
+      acses = Endpoint::Indexed::Array.new(
+          [Endpoint::Indexed.new('b', 1),
+           Endpoint::Indexed.new('a', 0)])
+      acses.map(&:location).must_equal ['a', 'b']
+    end
+
+    it "should be accessible by index" do
+      acses = Endpoint::Indexed::Array.new(
+          [Endpoint::Indexed.new('b', 3),
+           Endpoint::Indexed.new('a', 1)])
+      acses.map(&:location).must_equal ['a', 'b']
+      acses[1].location.must_equal 'a'
+      acses[3].location.must_equal 'b'
+      acses[0].must_equal nil
+    end
+
+    describe "#default" do
+      it "should default to first entry if not otherwise specified" do
+        acses = Endpoint::Indexed::Array.new(
+            [Endpoint::Indexed.new('a', 0),
+             Endpoint::Indexed.new('b', 1)])
+        acses.default.location.must_equal 'a'
+      end
+
+      it "should default to a tagged default" do
+        acses = Endpoint::Indexed::Array.new(
+            [Endpoint::Indexed.new('a', 0),
+             Endpoint::Indexed.new('b', 1, true)])
+        acses.default.location.must_equal 'b'
+      end
+    end
+  end
+end

data/spec/lib/response_spec.rb

@@ -0,0 +1,60 @@
+require_relative '../spec_helper'
+
+module SAML2
+  describe Response do
+    let(:sp) { Entity.parse(fixture('service_provider.xml')).roles.first }
+
+    let(:request) do
+      request = AuthnRequest.parse(fixture('authnrequest.xml'))
+      request.resolve(sp)
+      request
+    end
+
+    let(:response) do
+      response = Response.respond_to(request,
+                                     NameID.new('issuer'),
+                                     NameID.new('jacob', NameID::Format::PERSISTENT))
+      response
+    end
+
+    it "should generate valid XML" do
+      xml = response.to_s
+      Schemas.protocol.validate(Nokogiri::XML(xml)).must_equal []
+    end
+
+    def freeze_response
+      response.instance_variable_set(:@id, "_9a15e699-2d04-4ba7-a521-cfa4dcd21f44")
+      assertion = response.assertions.first
+      assertion.instance_variable_set(:@id, "_cdfc3faf-90ad-462f-880d-677483210684")
+      response.instance_variable_set(:@issue_instant, Time.parse("2015-02-12T22:51:29Z"))
+      assertion.instance_variable_set(:@issue_instant, Time.parse("2015-02-12T22:51:29Z"))
+      assertion.statements.first.authn_instant = Time.parse("2015-02-12T22:51:29Z")
+      confirmation = assertion.subject.confirmation
+      confirmation.not_before = Time.parse("2015-02-12T22:51:29Z")
+      confirmation.not_on_or_after = Time.parse("2015-02-12T22:54:29Z")
+      confirmation.recipient = response.destination
+      confirmation.in_response_to = response.in_response_to
+    end
+
+    it "should generate a valid signature" do
+      freeze_response
+      response.sign(fixture('certificate.pem'), fixture('privatekey.key'))
+      # verifiable on the command line with:
+      # xmlsec1 --verify --pubkey-cert-pem certificate.pem --privkey-pem privatekey.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion response_signed.xml
+      response.to_s.must_equal fixture('response_signed.xml')
+    end
+
+    it "should generate a valid signature when attributes are present" do
+      freeze_response
+      response.assertions.first.statements << sp.attribute_consuming_services.default.create_statement('givenName' => 'cody')
+      response.sign(fixture('certificate.pem'), fixture('privatekey.key'))
+      response.to_s.must_equal fixture('response_with_attribute_signed.xml')
+    end
+
+    it "should generate valid XML for IdP initiated response" do
+      response = Response.initiate(sp, NameID.new('issuer'),
+                              NameID.new('jacob', NameID::Format::PERSISTENT))
+      Schemas.protocol.validate(Nokogiri::XML(response.to_s)).must_equal []
+    end
+  end
+end

data/spec/lib/service_provider_spec.rb

@@ -0,0 +1,30 @@
+require_relative '../spec_helper'
+
+module SAML2
+  describe ServiceProvider do
+    describe "valid metadata" do
+      let(:entity) { Entity.parse(fixture('service_provider.xml')) }
+      let(:sp) { entity.roles.first }
+
+      it "should create the assertion_consumer_services array" do
+        sp.assertion_consumer_services.length.must_equal 4
+        sp.assertion_consumer_services.map(&:index).must_equal [0, 1, 2, 3]
+        sp.assertion_consumer_services.first.location.must_equal 'https://siteadmin.instructure.com/saml_consume'
+      end
+
+      it "should find the signing certificate" do
+        sp.signing_keys.first.x509.must_match /MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD/
+      end
+
+      it "should load the organization" do
+        entity.organization.display_name.must_equal 'Canvas'
+      end
+
+      it "should load contacts" do
+        entity.contacts.length.must_equal 1
+        entity.contacts.first.type.must_equal Contact::Type::TECHNICAL
+        entity.contacts.first.surname.must_equal 'Administrator'
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'minitest/autorun'
+require 'saml2'
+
+def fixture(name)
+  File.read(File.expand_path(File.join(__FILE__, "../fixtures", name)))
+end

metadata

@@ -0,0 +1,191 @@
+--- !ruby/object:Gem::Specification
+name: saml2
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Cody Cutrer
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-03-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.8
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.8
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: nokogiri-xmlsec-me-harder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |2
+    The saml2 library is yet another SAML library for Ruby, with
+    an emphasis on _not_ re-implementing XML, especially XML Security,
+    _not_ parsing via Regex or generating XML by string concatenation,
+    _not_ serializing/re-parsing multiple times just to get it into
+    the correct format to sign or validate.
+
+    For now, it provides a clean interface for implementing an IdP,
+    but not an SP.
+email: cody@instructure.com'
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Rakefile
+- app/views/saml2/http_post.html.erb
+- lib/saml2.rb
+- lib/saml2/assertion.rb
+- lib/saml2/attribute.rb
+- lib/saml2/attribute/x500.rb
+- lib/saml2/attribute_consuming_service.rb
+- lib/saml2/authn_request.rb
+- lib/saml2/authn_statement.rb
+- lib/saml2/base.rb
+- lib/saml2/contact.rb
+- lib/saml2/endpoint.rb
+- lib/saml2/engine.rb
+- lib/saml2/entity.rb
+- lib/saml2/identity_provider.rb
+- lib/saml2/indexed_object.rb
+- lib/saml2/key.rb
+- lib/saml2/name_id.rb
+- lib/saml2/namespaces.rb
+- lib/saml2/organization.rb
+- lib/saml2/organization_and_contacts.rb
+- lib/saml2/profiles.rb
+- lib/saml2/response.rb
+- lib/saml2/role.rb
+- lib/saml2/schemas.rb
+- lib/saml2/service_provider.rb
+- lib/saml2/sso.rb
+- lib/saml2/subject.rb
+- lib/saml2/version.rb
+- schemas/saml-schema-assertion-2.0.xsd
+- schemas/saml-schema-metadata-2.0.xsd
+- schemas/saml-schema-protocol-2.0.xsd
+- schemas/xenc-schema.xsd
+- schemas/xml.xsd
+- schemas/xmldsig-core-schema.xsd
+- spec/fixtures/authnrequest.xml
+- spec/fixtures/calculated.txt
+- spec/fixtures/certificate.pem
+- spec/fixtures/entities.xml
+- spec/fixtures/privatekey.key
+- spec/fixtures/response_signed.xml
+- spec/fixtures/response_with_attribute_signed.xml
+- spec/fixtures/service_provider.xml
+- spec/fixtures/xmlsec.txt
+- spec/lib/attribute_consuming_service_spec.rb
+- spec/lib/attribute_spec.rb
+- spec/lib/authn_request_spec.rb
+- spec/lib/entity_spec.rb
+- spec/lib/identity_provider_spec.rb
+- spec/lib/indexed_object_spec.rb
+- spec/lib/response_spec.rb
+- spec/lib/service_provider_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/instructure/ruby-saml2
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: SAML 2.0 Library
+test_files:
+- spec/fixtures/authnrequest.xml
+- spec/fixtures/calculated.txt
+- spec/fixtures/certificate.pem
+- spec/fixtures/entities.xml
+- spec/fixtures/privatekey.key
+- spec/fixtures/response_signed.xml
+- spec/fixtures/response_with_attribute_signed.xml
+- spec/fixtures/service_provider.xml
+- spec/fixtures/xmlsec.txt
+- spec/lib/attribute_consuming_service_spec.rb
+- spec/lib/attribute_spec.rb
+- spec/lib/authn_request_spec.rb
+- spec/lib/entity_spec.rb
+- spec/lib/identity_provider_spec.rb
+- spec/lib/indexed_object_spec.rb
+- spec/lib/response_spec.rb
+- spec/lib/service_provider_spec.rb
+- spec/spec_helper.rb
+has_rdoc: