saml2 3.1.2 → 3.1.4

data/lib/saml2/conditions.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'active_support/core_ext/array/wrap'
+require "active_support/core_ext/array/wrap"
 
 module SAML2
   class Conditions < Array
@@ -12,6 +12,7 @@ module SAML2
     # (see Base.from_xml)
     def self.from_xml(node)
       return nil unless node
+
       result = new
       result.from_xml(node)
       result
@@ -20,15 +21,15 @@ module SAML2
     # (see Base#from_xml)
     def from_xml(node)
       @xml = node
-      @not_before = Time.parse(node['NotBefore']) if node['NotBefore']
-      @not_on_or_after = Time.parse(node['NotOnOrAfter']) if node['NotOnOrAfter']
+      @not_before = Time.parse(node["NotBefore"]) if node["NotBefore"]
+      @not_on_or_after = Time.parse(node["NotOnOrAfter"]) if node["NotOnOrAfter"]
 
       replace(node.element_children.map do |restriction|
         klass = if self.class.const_defined?(restriction.name, false)
-          self.class.const_get(restriction.name, false)
-        else
-          Condition
-        end
+                  self.class.const_get(restriction.name, false)
+                else
+                  Condition
+                end
         klass.from_xml(restriction)
       end)
     end
@@ -67,9 +68,9 @@ module SAML2
 
     # (see Base#build)
     def build(builder)
-      builder['saml'].Conditions do |conditions|
-        conditions.parent['NotBefore'] = not_before.iso8601 if not_before
-        conditions.parent['NotOnOrAfter'] = not_on_or_after.iso8601 if not_on_or_after
+      builder["saml"].Conditions do |conditions|
+        conditions.parent["NotBefore"] = not_before.iso8601 if not_before
+        conditions.parent["NotOnOrAfter"] = not_on_or_after.iso8601 if not_on_or_after
 
         each do |condition|
           condition.build(conditions)
@@ -81,7 +82,7 @@ module SAML2
     class Condition < Base
       # @return []
       def validate(_)
-        ["unable to validate #{xml&.name || 'unrecognized'} condition"]
+        ["unable to validate #{xml&.name || "unrecognized"} condition"]
       end
 
       def valid?(*args)
@@ -94,6 +95,7 @@ module SAML2
 
       # @param audience [Array<String>]
       def initialize(audience = [])
+        super()
         @audience = audience
       end
 
@@ -105,7 +107,7 @@ module SAML2
 
       # @return [Array<String>] Allowed audiences
       def audience
-        @audience ||= load_string_array(xml, 'saml:Audience')
+        @audience ||= load_string_array(xml, "saml:Audience")
       end
 
       # @param audience [String]
@@ -113,16 +115,17 @@ module SAML2
         return [] if ignore_audience_condition
 
         unless Array.wrap(self.audience).include?(audience)
-          return ["audience #{audience} not in allowed list of #{Array.wrap(self.audience).join(', ')}"]
+          return ["audience #{audience} not in allowed list of #{Array.wrap(self.audience).join(", ")}"]
         end
+
         []
       end
 
       # (see Base#build)
       def build(builder)
-        builder['saml'].AudienceRestriction do |audience_restriction|
+        builder["saml"].AudienceRestriction do |audience_restriction|
           Array.wrap(audience).each do |single_audience|
-            audience_restriction['saml'].Audience(single_audience)
+            audience_restriction["saml"].Audience(single_audience)
           end
         end
       end
@@ -138,7 +141,7 @@ module SAML2
 
       # (see Base#build)
       def build(builder)
-        builder['saml'].OneTimeUse
+        builder["saml"].OneTimeUse
       end
     end
   end

data/lib/saml2/contact.rb

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
 
-require 'saml2/base'
+require "saml2/base"
 
 module SAML2
   class Contact < Base
     module Type
-      ADMINISTRATIVE = 'administrative'
-      BILLING        = 'billing'
-      OTHER          = 'other'
-      SUPPORT        = 'support'
-      TECHNICAL      = 'technical'
+      ADMINISTRATIVE = "administrative"
+      BILLING        = "billing"
+      OTHER          = "other"
+      SUPPORT        = "support"
+      TECHNICAL      = "technical"
     end
 
     # @see Type
@@ -22,6 +22,7 @@ module SAML2
 
     # @param type [String]
     def initialize(type = Type::OTHER)
+      super()
       @type = type
       @email_addresses = []
       @telephone_numbers = []
@@ -29,29 +30,29 @@ module SAML2
 
     # (see Base#from_xml)
     def from_xml(node)
-      self.type = node['contactType']
-      company = node.at_xpath('md:Company', Namespaces::ALL)
+      self.type = node["contactType"]
+      company = node.at_xpath("md:Company", Namespaces::ALL)
       self.company = company && company.content && company.content.strip
-      given_name = node.at_xpath('md:GivenName', Namespaces::ALL)
+      given_name = node.at_xpath("md:GivenName", Namespaces::ALL)
       self.given_name = given_name && given_name.content && given_name.content.strip
-      surname = node.at_xpath('md:SurName', Namespaces::ALL)
+      surname = node.at_xpath("md:SurName", Namespaces::ALL)
       self.surname = surname && surname.content && surname.content.strip
-      self.email_addresses = load_string_array(node, 'md:EmailAddress')
-      self.telephone_numbers = load_string_array(node, 'md:TelephoneNumber')
+      self.email_addresses = load_string_array(node, "md:EmailAddress")
+      self.telephone_numbers = load_string_array(node, "md:TelephoneNumber")
       self
     end
 
     # (see Base#build)
     def build(builder)
-      builder['md'].ContactPerson('contactType' => type) do |contact_person|
-        contact_person['md'].Company(company) if company
-        contact_person['md'].GivenName(given_name) if given_name
-        contact_person['md'].SurName(surname) if surname
+      builder["md"].ContactPerson("contactType" => type) do |contact_person|
+        contact_person["md"].Company(company) if company
+        contact_person["md"].GivenName(given_name) if given_name
+        contact_person["md"].SurName(surname) if surname
         email_addresses.each do |email|
-          contact_person['md'].EmailAddress(email)
+          contact_person["md"].EmailAddress(email)
         end
         telephone_numbers.each do |tel|
-          contact_person['md'].TelephoneNumber(tel)
+          contact_person["md"].TelephoneNumber(tel)
         end
       end
     end

data/lib/saml2/endpoint.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'saml2/bindings/http_post'
+require "saml2/bindings/http_post"
 
 module SAML2
   class Endpoint < Base
@@ -10,25 +10,27 @@ module SAML2
     # @param location [String]
     # @param binding [String]
     def initialize(location = nil, binding = Bindings::HTTP_POST::URN)
-      @location, @binding = location, binding
+      super()
+      @location = location
+      @binding = binding
     end
 
     # @param rhs [Endpoint]
     # @return [Boolean]
-    def ==(rhs)
-      location == rhs.location && binding == rhs.binding
+    def ==(other)
+      location == other.location && binding == other.binding
     end
 
     # (see Base#from_xml)
     def from_xml(node)
       super
-      @location = node['Location']
-      @binding = node['Binding']
+      @location = node["Location"]
+      @binding = node["Binding"]
     end
 
     # (see Base#build)
     def build(builder, element)
-      builder['md'].__send__(element, 'Location' => location, 'Binding' => binding)
+      builder["md"].__send__(element, "Location" => location, "Binding" => binding)
     end
 
     class Indexed < Endpoint
@@ -40,12 +42,13 @@ module SAML2
       # @param binding [String]
       def initialize(location = nil, index = nil, is_default = nil, binding = Bindings::HTTP_POST::URN)
         super(location, binding)
-        @index, @is_default = index, is_default
+        @index = index
+        @is_default = is_default
       end
 
-      def eql?(rhs)
-        location == rhs.location &&
-            binding == rhs.binding && super
+      def eql?(other)
+        location == other.location &&
+          binding == other.binding && super
       end
     end
   end

data/lib/saml2/entity.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require 'nokogiri'
+require "nokogiri"
 
-require 'saml2/base'
-require 'saml2/identity_provider'
-require 'saml2/organization_and_contacts'
-require 'saml2/service_provider'
-require 'saml2/signable'
+require "saml2/base"
+require "saml2/identity_provider"
+require "saml2/organization_and_contacts"
+require "saml2/service_provider"
+require "saml2/signable"
 
 module SAML2
   class Entity < Base
@@ -39,15 +39,16 @@ module SAML2
       include Enumerable
       include Signable
 
-      [:each, :[]].each do |method|
+      %i[each \[\]].each do |method|
         class_eval <<-RUBY, __FILE__, __LINE__ + 1
-          def #{method}(*args, &block)
-            @entities.#{method}(*args, &block)
-          end
+          def #{method}(*args, &block)          # def each(*args, &block)
+            @entities.#{method}(*args, &block)  #   @entities.each(*args, &block)
+          end                                   # end
         RUBY
       end
 
       def initialize
+        super
         @entities = []
         @id = "_#{SecureRandom.uuid}"
         @valid_until = nil
@@ -58,9 +59,10 @@ module SAML2
         super
         @id = nil
         remove_instance_variable(:@valid_until)
-        @entities = Base.load_object_array(xml, "md:EntityDescriptor|md:EntitiesDescriptor",
-                'EntityDescriptor' => Entity,
-                'EntitiesDescriptor' => Group)
+        @entities = Base.load_object_array(xml,
+                                           "md:EntityDescriptor|md:EntitiesDescriptor",
+                                           "EntityDescriptor" => Entity,
+                                           "EntitiesDescriptor" => Group)
       end
 
       # (see Message#valid_schema?)
@@ -70,13 +72,13 @@ module SAML2
 
       # (see Message#id)
       def id
-        @id ||= xml['ID']
+        @id ||= xml["ID"]
       end
 
       # @return [Time, nil]
       def valid_until
         unless instance_variable_defined?(:@valid_until)
-          @valid_until = xml['validUntil'] && Time.parse(xml['validUntil'])
+          @valid_until = xml["validUntil"] && Time.parse(xml["validUntil"])
         end
         @valid_until
       end
@@ -106,19 +108,17 @@ module SAML2
 
     # @return [String]
     def entity_id
-      @entity_id || xml && xml['entityID']
+      @entity_id || (xml && xml["entityID"])
     end
 
     # (see Message#id)
     def id
-      @id ||= xml['ID']
+      @id ||= xml["ID"]
     end
 
     # @return [Time, nil]
     def valid_until
-      unless instance_variable_defined?(:@valid_until)
-        @valid_until = xml['validUntil'] && Time.parse(xml['validUntil'])
-      end
+      @valid_until = xml["validUntil"] && Time.parse(xml["validUntil"]) unless instance_variable_defined?(:@valid_until)
       @valid_until
     end
 
@@ -134,17 +134,17 @@ module SAML2
 
     # @return [Array<Role>]
     def roles
-      @roles ||= load_object_array(xml, 'md:IDPSSODescriptor', IdentityProvider) +
-          load_object_array(xml, 'md:SPSSODescriptor', ServiceProvider)
+      @roles ||= load_object_array(xml, "md:IDPSSODescriptor", IdentityProvider) +
+                 load_object_array(xml, "md:SPSSODescriptor", ServiceProvider)
     end
 
     # (see Base#build)
     def build(builder)
-      builder['md'].EntityDescriptor('entityID' => entity_id,
-                                     'xmlns:md' => Namespaces::METADATA,
-                                     'xmlns:dsig' => Namespaces::DSIG,
-                                     'xmlns:xenc' => Namespaces::XENC) do |entity_descriptor|
-        entity_descriptor.parent['ID'] = id if id
+      builder["md"].EntityDescriptor("entityID" => entity_id,
+                                     "xmlns:md" => Namespaces::METADATA,
+                                     "xmlns:dsig" => Namespaces::DSIG,
+                                     "xmlns:xenc" => Namespaces::XENC) do |entity_descriptor|
+        entity_descriptor.parent["ID"] = id if id
 
         roles.each do |role|
           role.build(entity_descriptor)

data/lib/saml2/identity_provider.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'saml2/attribute'
-require 'saml2/sso'
+require "saml2/attribute"
+require "saml2/sso"
 
 module SAML2
   class IdentityProvider < SSO
@@ -29,39 +29,42 @@ module SAML2
     # @return [Boolean, nil]
     def want_authn_requests_signed?
       unless instance_variable_defined?(:@want_authn_requests_signed)
-        @want_authn_requests_signed = xml['WantAuthnRequestsSigned'] && xml['WantAuthnRequestsSigned'] == 'true'
+        @want_authn_requests_signed = xml["WantAuthnRequestsSigned"] && xml["WantAuthnRequestsSigned"] == "true"
       end
       @want_authn_requests_signed
     end
 
     # @return [Array<Endpoint>]
     def single_sign_on_services
-      @single_sign_on_services ||= load_object_array(xml, 'md:SingleSignOnService', Endpoint)
+      @single_sign_on_services ||= load_object_array(xml, "md:SingleSignOnService", Endpoint)
     end
 
     # @return [Array<String>]
     def attribute_profiles
-      @attribute_profiles ||= load_string_array(xml, 'md:AttributeProfile')
+      @attribute_profiles ||= load_string_array(xml, "md:AttributeProfile")
     end
 
     # @return [Array<Attribute>]
     def attributes
-      @attributes ||= load_object_array(xml, 'saml:Attribute', Attribute)
+      @attributes ||= load_object_array(xml, "saml:Attribute", Attribute)
     end
 
     # (see Base#build)
     def build(builder)
-      builder['md'].IDPSSODescriptor do |idp_sso_descriptor|
+      builder["md"].IDPSSODescriptor do |idp_sso_descriptor|
         super(idp_sso_descriptor)
 
-        idp_sso_descriptor.parent['WantAuthnRequestsSigned'] = want_authn_requests_signed? unless want_authn_requests_signed?.nil?
+        unless want_authn_requests_signed?.nil?
+          idp_sso_descriptor.parent["WantAuthnRequestsSigned"] =
+            want_authn_requests_signed?
+        end
 
         single_sign_on_services.each do |sso|
-          sso.build(idp_sso_descriptor, 'SingleSignOnService')
+          sso.build(idp_sso_descriptor, "SingleSignOnService")
         end
 
         attribute_profiles.each do |ap|
-          idp_sso_descriptor['md'].AttributeProfile(ap)
+          idp_sso_descriptor["md"].AttributeProfile(ap)
         end
 
         attributes.each do |attr|

data/lib/saml2/indexed_object.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'saml2/base'
+require "saml2/base"
 
 module SAML2
   module IndexedObject
@@ -12,9 +12,9 @@ module SAML2
       super
     end
 
-    def eql?(rhs)
-      index == rhs.index &&
-        default? == rhs.default? &&
+    def eql?(other)
+      index == other.index &&
+        default? == other.default? &&
         super
     end
 
@@ -28,8 +28,8 @@ module SAML2
 
     # (see Base#from_xml)
     def from_xml(node)
-      @index = node['index'] && node['index'].to_i
-      @is_default = node['isDefault'] && node['isDefault'] == 'true'
+      @index = node["index"]&.to_i
+      @is_default = node["isDefault"] && node["isDefault"] == "true"
       super
     end
 
@@ -41,10 +41,15 @@ module SAML2
       attr_reader :default
 
       def self.from_xml(nodes)
-        new(nodes.map { |node| name.split('::')[1..-2].inject(SAML2) { |mod, klass| mod.const_get(klass) }.from_xml(node) }).freeze
+        new(nodes.map do |node|
+              name.split("::")[1..-2].inject(SAML2) do |mod, klass|
+                mod.const_get(klass)
+              end.from_xml(node)
+            end).freeze
       end
 
       def initialize(objects = nil)
+        super()
         replace(objects.sort_by { |object| object.index || 0 }) if objects
         re_index
       end
@@ -72,19 +77,17 @@ module SAML2
           last_index = object.index
           @index[object.index] = object
         end
-        @default = find { |object| object.default? } || first
+        @default = find(&:default?) || first
       end
     end
 
     # (see Base#build)
     def build(builder, *)
       super
-      builder.parent.children.last['index'] = index
-      builder.parent.children.last['isDefault'] = default? if default_defined?
+      builder.parent.children.last["index"] = index
+      builder.parent.children.last["isDefault"] = default? if default_defined?
     end
 
-    private
-
     def self.included(klass)
       klass.const_set(:Array, Array.dup)
     end

data/lib/saml2/key.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
-require 'openssl'
+require "openssl"
 
-require 'saml2/base'
-require 'saml2/namespaces'
+require "saml2/base"
+require "saml2/namespaces"
 
 module SAML2
   # This represents the XML Signatures <KeyInfo> element, and actually contains a
@@ -16,20 +16,21 @@ module SAML2
 
     # @param x509 [String] The PEM encoded certificate.
     def initialize(x509 = nil)
+      super()
       self.x509 = x509
     end
 
     # (see Base#from_xml)
     def from_xml(node)
-      self.x509 = node.at_xpath('dsig:X509Data/dsig:X509Certificate', Namespaces::ALL)&.content&.strip
-      if (rsa_key_value = node.at_xpath('dsig:KeyValue/dsig:RSAKeyValue', Namespaces::ALL))
-        modulus = crypto_binary_to_integer(rsa_key_value.at_xpath('dsig:Modulus', Namespaces::ALL)&.content&.strip)
-        exponent = crypto_binary_to_integer(rsa_key_value.at_xpath('dsig:Exponent', Namespaces::ALL)&.content&.strip)
-        if modulus && exponent
-          @key = OpenSSL::PKey::RSA.new
-          key.set_key(modulus, exponent, nil)
-        end
-      end
+      self.x509 = node.at_xpath("dsig:X509Data/dsig:X509Certificate", Namespaces::ALL)&.content&.strip
+      return unless (rsa_key_value = node.at_xpath("dsig:KeyValue/dsig:RSAKeyValue", Namespaces::ALL))
+
+      modulus = crypto_binary_to_integer(rsa_key_value.at_xpath("dsig:Modulus", Namespaces::ALL)&.content&.strip)
+      exponent = crypto_binary_to_integer(rsa_key_value.at_xpath("dsig:Exponent", Namespaces::ALL)&.content&.strip)
+      return unless modulus && exponent
+
+      @key = OpenSSL::PKey::RSA.new
+      key.set_key(modulus, exponent, nil)
     end
 
     def x509=(value)
@@ -39,6 +40,7 @@ module SAML2
     # @return [OpenSSL::X509::Certificate]
     def certificate
       return nil if x509.nil?
+
       @certificate ||= OpenSSL::X509::Certificate.new(Base64.decode64(x509))
     end
 
@@ -52,28 +54,29 @@ module SAML2
     # @param fingerprint [String]
     # @return [String]
     def self.format_fingerprint(fingerprint)
-      fingerprint.downcase.gsub(/[^0-9a-f]/, '').gsub(/(\h{2})(?=\h)/, '\1:')
+      fingerprint.downcase.gsub(/[^0-9a-f]/, "").gsub(/(\h{2})(?=\h)/, '\1:')
     end
 
     # @return [String]
     def fingerprint
       return nil unless certificate
+
       @fingerprint ||= self.class.format_fingerprint(Digest::SHA1.hexdigest(certificate.to_der))
     end
 
     # (see Base#build)
     def build(builder)
-      builder['dsig'].KeyInfo do |key_info|
+      builder["dsig"].KeyInfo do |key_info|
         if x509
-          key_info['dsig'].X509Data do |x509_data|
-            x509_data['dsig'].X509Certificate(x509)
+          key_info["dsig"].X509Data do |x509_data|
+            x509_data["dsig"].X509Certificate(x509)
           end
         end
         if key.is_a?(OpenSSL::PKey::RSA)
-          key_info['dsig'].KeyValue do |key_value|
-            key_value['dsig'].RSAKeyValue do |rsa_key_value|
-              rsa_key_value['dsig'].Modulus(Base64.encode64(key.n.to_s(2)))
-              rsa_key_value['dsig'].Exponent(Base64.encode64(key.e.to_s(2)))
+          key_info["dsig"].KeyValue do |key_value|
+            key_value["dsig"].RSAKeyValue do |rsa_key_value|
+              rsa_key_value["dsig"].Modulus(Base64.encode64(key.n.to_s(2)))
+              rsa_key_value["dsig"].Exponent(Base64.encode64(key.e.to_s(2)))
             end
           end
         end
@@ -84,19 +87,20 @@ module SAML2
 
     def crypto_binary_to_integer(str)
       return nil unless str
+
       OpenSSL::BN.new(Base64.decode64(str), 2)
     end
   end
 
   class KeyDescriptor < KeyInfo
     module Type
-      ENCRYPTION = 'encryption'
-      SIGNING    = 'signing'
+      ENCRYPTION = "encryption"
+      SIGNING    = "signing"
     end
 
     class EncryptionMethod < Base
       module Algorithm
-        AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
+        AES128_CBC = "http://www.w3.org/2001/04/xmlenc#aes128-cbc"
       end
 
       # @see Algorithm
@@ -108,19 +112,21 @@ module SAML2
       # @param algorithm [String]
       # @param key_size [Integer]
       def initialize(algorithm = Algorithm::AES128_CBC, key_size = 128)
-        @algorithm, @key_size = algorithm, key_size
+        super()
+        @algorithm = algorithm
+        @key_size = key_size
       end
 
       # (see Base#from_xml)
       def from_xml(node)
-        self.algorithm = node['Algorithm']
-        self.key_size = node.at_xpath('xenc:KeySize', Namespaces::ALL)&.content&.to_i
+        self.algorithm = node["Algorithm"]
+        self.key_size = node.at_xpath("xenc:KeySize", Namespaces::ALL)&.content&.to_i
       end
 
       # (see Base#build)
       def build(builder)
-        builder['md'].EncryptionMethod('Algorithm' => algorithm) do |encryption_method|
-          encryption_method['xenc'].KeySize(key_size) if key_size
+        builder["md"].EncryptionMethod("Algorithm" => algorithm) do |encryption_method|
+          encryption_method["xenc"].KeySize(key_size) if key_size
         end
       end
     end
@@ -133,16 +139,19 @@ module SAML2
 
     # (see Base#from_xml)
     def from_xml(node)
-      super(node.at_xpath('dsig:KeyInfo', Namespaces::ALL))
-      self.use = node['use']
-      self.encryption_methods = load_object_array(node, 'md:EncryptionMethod', EncryptionMethod)
+      super(node.at_xpath("dsig:KeyInfo", Namespaces::ALL))
+      self.use = node["use"]
+      self.encryption_methods = load_object_array(node, "md:EncryptionMethod", EncryptionMethod)
     end
 
     # @param x509 [String] The PEM encoded certificate.
     # @param use optional [String] See {Type}
     # @param encryption_methods [Array<EncryptionMethod>]
     def initialize(x509 = nil, use = nil, encryption_methods = [])
-      @use, self.x509, @encryption_methods = use, x509, encryption_methods
+      super()
+      @use = use
+      self.x509 = x509
+      @encryption_methods = encryption_methods
     end
 
     def encryption?
@@ -155,8 +164,8 @@ module SAML2
 
     # (see Base#build)
     def build(builder)
-      builder['md'].KeyDescriptor do |key_descriptor|
-        key_descriptor.parent['use'] = use if use
+      builder["md"].KeyDescriptor do |key_descriptor|
+        key_descriptor.parent["use"] = use if use
         super(key_descriptor)
         encryption_methods.each do |method|
           method.build(key_descriptor)