saml_camel 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: db6a8d7294f375eadf0c0358d7e438fb367a2b45
+  data.tar.gz: c89095973afa1aaa726f242cabb7b2d360360f33
+SHA512:
+  metadata.gz: ba097413cf902c8bd2184c64e4fcb87b39027cf223042952732a5022245901196edafd7e3b9c20d9f9e76b76c95eb23bf1eda86f2b3d5c35d9ba814e5b5ad280
+  data.tar.gz: afb5650b0e054af8cb911461b7211106eddb305d994e77c9941738f03f6c085a6a0fa8fe1a05ca1c0fe0d561214ac0304cfeac3bb97a880cee5fd0423b9b7ff7

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 Danai Adkisson 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,68 @@
+# SamlCamel - (not production ready)
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+source "https://gems-internal.oit.duke.edu" do
+  gem 'saml_camel'
+end
+```
+
+
+And then execute:
+```bash
+$ bundle
+```
+
+
+## Usage
+1. run `rake saml_camel:generate_saml` to generate metadata files for each environment. you can also specify a specifc/custom environment like this `rake saml_camel:generate_saml  environment=acceptance`
+
+**Note: these steps will use development as an example, if you use seperate metadata per environemtn, you will repeat each step for your chosed environement**
+
+2. from the root of your app open `saml/development/settings.json` and specify an entity ID of your choice. this is a unique identifier used by the
+Identity Provider(idp) to recognize your app. Typically it should take the form of a url, however note that it is just an identifier and does not have to be routeable (e.g. https://my-app-name/not/a/real/route)
+
+3. Go to https://idms-web.oit.duke.edu/spreg/sps and register your metadata with the identity provider. You will need the values from `saml/development/settings.json` in addition to the `saml/development/saml_certificate.crt`
+
+  - copy the entity_id you chose in the `settings.json` file and paste it into the "Entity Field"
+  - fill out functional purpose, responsible dept, function owner dept, and audience with information relevent to your application
+  - copy the cert from `saml/development/saml_certificate.crt` and paste it into the Certificate Field
+  - copy the acs value and paste it into the Location field in the Assertion Consumer Service box
+    - note that the default host value for ACS is `http://locahost:3000` which is the default `rails s` host. If you're using a differnet host (such as in production or using docker) you will want to replace the host value with what is relevent for your situation(*e.g. https://my-app.duke.edu/saml/consumeSaml*), but keep the path `/saml/consumeSaml`
+
+4. In your app mount the engine in config/routes.rb
+```ruby
+mount SamlCamel::Engine, at: "/saml"
+```
+
+5. include saml helpers in `app/controllers/application_controller.rb`
+```ruby
+class ApplicationController < ActionController::Base
+  include SamlCamel::SamlHelpers
+end
+```
+
+6. now simply provide the `saml protect` method in your controllers (via `around_action`) to protect paths
+**NOTE: it is important you MUST use around_action**
+
+7. to logout simply make a post to `localhost:3000/saml/logout`. This will kill the local saml session, and the session with the identity provider. You can specify a return url in `saml/development/settings.json`
+
+```ruby
+class DashboardController < ApplicationController
+  around_action :saml_protect, except: [:home]
+
+  def home
+  end
+
+  def index
+  end
+
+end
+```
+
+7. response attributes found in `session[:saml_attributes]`
+
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,34 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'SamlCamel'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/assets/config/saml_camel_manifest.js

@@ -0,0 +1,2 @@
+//= link_directory ../javascripts/saml_camel .js
+//= link_directory ../stylesheets/saml_camel .css

data/app/assets/javascripts/saml_camel/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/saml_camel/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/assets/stylesheets/scaffold.css

@@ -0,0 +1,80 @@
+body {
+  background-color: #fff;
+  color: #333;
+  margin: 33px;
+}
+
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a {
+  color: #000;
+}
+
+a:visited {
+  color: #666;
+}
+
+a:hover {
+  color: #fff;
+  background-color: #000;
+}
+
+th {
+  padding-bottom: 5px;
+}
+
+td {
+  padding: 0 5px 7px;
+}
+
+div.field,
+div.actions {
+  margin-bottom: 10px;
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px 7px 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px -7px 0;
+  background-color: #c00;
+  color: #fff;
+}
+
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}
+
+label {
+  display: block;
+}

data/app/controllers/concerns/saml_camel/saml_helpers.rb

@@ -0,0 +1,30 @@
+require_dependency "saml_camel/application_controller"
+
+module SamlCamel::SamlHelpers
+    extend ActiveSupport::Concern
+
+    #this generates a call to the idp, which will then be returned to the consume action the in saml_contorller
+    def saml_request(host_request)
+      request = OneLogin::RubySaml::Authrequest.new
+      cookies.encrypted[:saml_camel_redirect] = host_request.url
+      redirect_to(request.create(SamlCamel::Transaction.saml_settings))
+    end
+
+
+    def saml_reset
+      session[:saml_success] = nil
+    end
+
+
+    def saml_protect
+      begin
+        saml_request(request) unless (session[:saml_success] || session[:sp_session]) #keeps us from looping, and maintains sp session
+        yield
+      ensure
+        saml_reset #keeps us from looping
+      end
+    end
+
+
+
+end

data/app/controllers/saml_camel/application_controller.rb

@@ -0,0 +1,5 @@
+module SamlCamel
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+  end
+end

data/app/controllers/saml_camel/saml_controller.rb

@@ -0,0 +1,48 @@
+require_dependency "saml_camel/application_controller"
+
+module SamlCamel
+  class SamlController < ApplicationController
+    skip_before_action :verify_authenticity_token ,only: [:consume,:logout]
+
+
+    #TODO ROUTABLE STUFF GOES IN THE SHIB CONTROLLER, METHODS CALLED BUT NOT ROUTED GO TO SAML_CONTROLLER
+    def index
+      @attributes = session[:saml_attributes]
+    end
+
+    def consume
+      response          = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
+      response.settings = saml_settings
+
+      if response.is_valid? # validate the SAML Response
+        # authorize_success, log the user
+        session[:saml_success] = true
+        session[:sp_session] = true
+        session[:saml_attributes] = SamlCamel::Transaction.map_attributes(response.attributes)
+
+        #TODO account for nil redirect
+        redirect_to cookies.encrypted[:saml_camel_redirect]
+      else # otherwise list out the errors in the response
+        #TODO how do we handle errors?
+        session[:saml_success] = false
+        response.errors
+        redirect_to main_app.try('root_path')
+      end
+    end
+
+    def logout
+      session[:saml_attributes] = nil
+      session[:sp_session] = nil
+
+      return_url = SamlCamel::Transaction.logout #this methods logs the user out of the IDP, and returns a url to be redirected to
+      redirect_to return_url
+    end
+
+
+    private
+    def saml_settings
+      SamlCamel::Transaction.saml_settings
+    end
+
+  end
+end

data/app/helpers/saml_camel/application_helper.rb

@@ -0,0 +1,4 @@
+module SamlCamel
+  module ApplicationHelper
+  end
+end

data/app/jobs/saml_camel/application_job.rb

@@ -0,0 +1,4 @@
+module SamlCamel
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/saml_camel/application_mailer.rb

@@ -0,0 +1,6 @@
+module SamlCamel
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/saml_camel/application_record.rb

@@ -0,0 +1,5 @@
+module SamlCamel
+  class ApplicationRecord 
+    self.abstract_class = true
+  end
+end

data/app/models/saml_camel/transaction.rb

@@ -0,0 +1,69 @@
+module SamlCamel
+  class Transaction
+    SP_SETTINGS = JSON.parse(File.read("saml/#{Rails.env}/settings.json"))
+
+    def self.saml_settings
+      sp_settings = SP_SETTINGS["settings"]
+      settings = OneLogin::RubySaml::Settings.new
+      settings.assertion_consumer_service_url = sp_settings["acs"]
+
+
+      settings.issuer                         = sp_settings["entity_id"]
+      settings.idp_sso_target_url             = sp_settings["sso_url"]
+
+
+      #certificate to register with IDP and key to decrypt
+      settings.certificate = File.read("saml/#{Rails.env}/saml_certificate.crt")
+
+      #certificate to decrypt SAML response
+      settings.private_key = File.read("saml/#{Rails.env}/saml_key.key")
+
+      #certificate to verify IDP signature
+      settings.idp_cert = File.read("saml/#{Rails.env}/idp_certificate.crt")
+
+      # Optional for most SAML IdPs
+      settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+      settings.attribute_consuming_service.configure do
+        service_name "Service"
+        service_index 5
+        add_attribute :redirect_path => "root_path"
+      end
+      settings
+    end
+
+    def self.map_attributes(attrs)
+      attr_map = SP_SETTINGS["attribute_map"]
+      mapped_attributes = {}
+
+      attrs.each do |attr,value|
+        mapped_name = attr_map[attr]
+        if mapped_name.nil? #handles attributes not in map
+          mapped_attributes[attr] = value
+        else
+          mapped_attributes[mapped_name] = value
+        end
+      end
+      mapped_attributes
+    end
+
+
+    def self.logout
+      url = URI("https://shib.oit.duke.edu/cgi-bin/logout.pl")
+
+      http = Net::HTTP.new(url.host, url.port)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+      request = Net::HTTP::Post.new(url)
+      request["authorization"] = 'Basic c29hcC5pZG1zLm9pdDowRGFvdXU2Y1g4MEJ1Vkg2QlFaaA=='
+      request["content-type"] = 'application/x-www-form-urlencoded'
+      request["cache-control"] = 'no-cache'
+      request.body = "logoutWithoutPrompt=1"
+
+      response = http.request(request)
+
+      logout_return = SP_SETTINGS["settings"]["logout_return_url"]
+    end
+
+  end
+end

data/app/views/layouts/saml_camel/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Saml camel</title>
+  <%= stylesheet_link_tag    "saml_camel/application", media: "all" %>
+  <%= javascript_include_tag "saml_camel/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,5 @@
+SamlCamel::Engine.routes.draw do
+  get "/" => "saml#index"
+  post "/consumeSaml" => "saml#consume"
+  post "/logout" => "saml#logout"
+end

data/lib/saml_camel.rb

@@ -0,0 +1,5 @@
+require "saml_camel/engine"
+
+module SamlCamel
+  # Your code goes here...
+end

data/lib/saml_camel/engine.rb

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'onelogin/ruby-saml'
+
+module SamlCamel
+  class Engine < ::Rails::Engine
+    isolate_namespace SamlCamel
+
+    config.to_prepare do
+
+      Dir.glob(Rails.root + "app/decorators/**/*_decorator*.rb").each do |c|
+        require_dependency(c)
+      end
+    end
+
+  end
+end

data/lib/saml_camel/version.rb

@@ -0,0 +1,3 @@
+module SamlCamel
+  VERSION = '0.1.1'
+end

data/lib/tasks/saml_camel_tasks.rake

@@ -0,0 +1,155 @@
+namespace :saml_camel do
+  desc "Generate Files for Saml"
+  task :generate_saml  do
+    dir = "#{Rails.root}/saml/"
+    FileUtils.mkdir(dir) unless Dir.exists?(dir)
+
+    specified_env = ENV['environment']
+    default_envs = ["production","test","development"]
+    key = generate_key
+    cert = generate_cert(key)
+    settings = generate_saml_settings.to_json
+
+    #TODO pull in specified idp certificate
+    # idp_cert = File.read("saml/idp_certs/#{ENV['idp']}.crt") if ENV['idp']
+  idp_cert = """MIIEWjCCA0KgAwIBAgIJAP1rB/FjRgy6MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEPMA0GA1UEBxMGRHVyaGFt
+MRgwFgYDVQQKEw9EdWtlIFVuaXZlcnNpdHkxDDAKBgNVBAsTA09JVDEaMBgGA1UE
+AxMRc2hpYi5vaXQuZHVrZS5lZHUwHhcNMTAwOTA5MTI0NDU1WhcNMjgwOTA0MTI0
+NDU1WjB7MQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzAN
+BgNVBAcTBkR1cmhhbTEYMBYGA1UEChMPRHVrZSBVbml2ZXJzaXR5MQwwCgYDVQQL
+EwNPSVQxGjAYBgNVBAMTEXNoaWIub2l0LmR1a2UuZWR1MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAt+hnl6gSRi0Y8VuNl6PCPYejj7VfVs/y8bRa5zAY
+RHwb75+vBSs2j1yeUcSore9Ba5Ni7v947V34afRMGRPOqr4TEDZxU+1Bg0zAvSrR
+n4Y8B+zyJuhtOpmOZzTwE9o/Oc+CB4kYV/K0woKZdcoxHJm8TbqBqdxU4fFYUlNU
+o4Dr5jRdCSr9MHBOqGWXtQMg16qYNB7StNk4twY29FNnpZwkVTfsE76uVsRMkG8i
+6/RiHpXZ/ioOOqndptbEGdsOIE3ivAJOZdvYwnDe5NnTH06P01HsxH3OOnYqhuG2
+J6qdhqoelGeHRG+jfl8YkYXCcKQvja2tJ5G+6iqSN7DP6QIDAQABo4HgMIHdMB0G
+A1UdDgQWBBQHYXwB6otkfyMOmUI59j8823hFRDCBrQYDVR0jBIGlMIGigBQHYXwB
+6otkfyMOmUI59j8823hFRKF/pH0wezELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5v
+cnRoIENhcm9saW5hMQ8wDQYDVQQHEwZEdXJoYW0xGDAWBgNVBAoTD0R1a2UgVW5p
+dmVyc2l0eTEMMAoGA1UECxMDT0lUMRowGAYDVQQDExFzaGliLm9pdC5kdWtlLmVk
+dYIJAP1rB/FjRgy6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG7q
+wJpiSLJbx2gj/cGDYeuBW/CeRGNghjQ/mb076P3WXsRNPAimcXulSUbQkS6eDH4t
+Ifvsa0jf4FRsEOwH/x8354/0wyv4RwuavX25kjpmoFn3O+eKokyzsc7/Q2gsm0mv
+V8XQo+5b+4we8AFYlAVp26nLeIqAiJM8xZJ9yHuzVL1O4yxIWIKECWHLqY5+1nas
+XNiLURrHhsK5pZUPLuhzJFgZuJT62TtnrjJXlrRhJ389VSkh6R64C6ncjNkg6/Cu
+tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
+9TEfyQ5QpfRYAUFWXBc=
+  """
+
+    unless specified_env
+      default_envs.each do |e|
+        dir = "#{Rails.root}/saml/#{e}"
+        FileUtils.mkdir(dir) unless Dir.exists?(dir)
+        File.open("#{Rails.root}/saml/#{e}/saml_certificate.crt","w+") {|f| f.write(cert) }
+        File.open("#{Rails.root}/saml/#{e}/saml_key.key","w+") {|f| f.write(key) }
+        File.open("#{Rails.root}/saml/#{e}/idp_certificate.crt","w+") {|f| f.write(idp_cert) }
+        File.open("#{Rails.root}/saml/#{e}/settings.json","w+") {|f| f.write(settings) }
+      end
+    else
+      dir = "#{Rails.root}/saml/#{specified_env}"
+      FileUtils.mkdir(dir) unless Dir.exists?(dir)
+      File.open("#{Rails.root}/saml/#{specified_env}/saml_certificate.crt","w+") {|f| f.write(cert) }
+      File.open("#{Rails.root}/saml/#{specified_env}/saml_key.key","w+") {|f| f.write(key) }
+      File.open("#{Rails.root}/saml/#{specified_env}/idp_certificate.crt","w+") {|f| f.write(idp_cert) }
+      File.open("#{Rails.root}/saml/#{specified_env}/settings.json","w+") {|f| f.write(settings) }
+    end
+  end
+
+
+
+
+
+
+  def generate_saml_settings
+    {
+      _comment: "note you will need to restart the application when you make changes to this file",
+      settings: {
+        acs: "http://localhost:3000/saml/consumeSaml" ,
+        entity_id: "https://your-entity-id.com",
+        sso_url: "https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO",
+        logout_return_url: "http://localhost:3000"
+      },
+      "attribute_map": {
+        "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation",
+        "urn:oid:1.3.6.1.4.1.5923.1.1.1.6": "eduPersonPrincipalName",
+        "urn:oid:2.5.4.3": "cn",
+        "urn:oid:0.9.2342.19200300.100.1.1": "uid",
+        "urn:oid:0.9.2342.19200300.100.1.3": "mail",
+        "urn:oid:1.3.6.1.4.1.5923.1.1.1.5": "eduPersonPrimaryAffiliation",
+        "urn:oid:2.16.840.1.113730.3.1.241": "displayName",
+        "urn:mace:duke.edu:idms:unique-id": "duDukeID",
+        "urn:mace:duke.edu:idms:dku-id": "urn:mace:duke.edu:idms:dku-id",
+        "urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "isMemberOf",
+        "urn:oid:2.5.4.42": "givenName",
+        "urn:oid:2.5.4.4": "sn",
+        "urn:oid:2.5.4.11": "ou",
+        "urn:oid:1.3.6.1.4.1.5923.1.1.1.1": "eduPersonAffiliation",
+        "urn:oid:2.5.4.20": "telephoneNumber",
+        "urn:oid:2.5.4.12": "title",
+        "urn:mace:duke.edu:idms:middle-name1": "duMiddleName1",
+        "urn:mace:duke.edu:idms:sap:name-first": "duSAPNameFirst",
+        "urn:mace:duke.edu:idms:sap:name-last": "duSAPNameLast",
+        "urn:mace:duke.edu:idms:proxy-token": "duProxyToken"
+      }
+    }
+  end
+
+
+  def generate_key
+    OpenSSL::PKey::RSA.new(2048)
+  end
+
+  def generate_cert(key)
+    STDOUT.puts "Country Name (2 letter code) [AU]:"
+    country = STDIN.gets.strip
+
+    STDOUT.puts "State or Province Name (full name) [Some-State]:"
+    state = STDIN.gets.strip
+
+    STDOUT.puts "Locality Name (eg, city):"
+    city = STDIN.gets.strip
+
+    STDOUT.puts "Organization Name (eg, company):"
+    org = STDIN.gets.strip
+
+    STDOUT.puts "Organizational Unit Name (eg, section):"
+    unit = STDIN.gets.strip
+
+    STDOUT.puts "Common Name (non url name, remember this is not a server cert):"
+    cn = STDIN.gets.strip
+
+    STDOUT.puts "Email Address:"
+    email = STDIN.gets.strip
+
+
+    public_key = key.public_key
+
+    #generate subject line of cert
+    subject = "/C=#{country}/ST=#{state}/L=#{city}/O=#{org}/OU=#{unit}/CN=#{cn}/emailAddress=#{email}"
+
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject) #TODO this line breaks when https:// is added for CN
+    cert.not_before = Time.now
+    cert.not_after = Time.now + 365 * 24 * 60 * 60
+    cert.public_key = public_key
+    cert.serial = 0x0
+    cert.version = 2
+
+    ef = OpenSSL::X509::ExtensionFactory.new
+    ef.subject_certificate = cert
+    ef.issuer_certificate = cert
+    cert.extensions = [
+      ef.create_extension("basicConstraints","CA:TRUE", true),
+      ef.create_extension("subjectKeyIdentifier", "hash"),
+      # ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
+    ]
+    cert.add_extension ef.create_extension("authorityKeyIdentifier",
+                                           "keyid:always,issuer:always")
+
+    cert.sign key, OpenSSL::Digest::SHA256.new
+  end
+
+
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: saml_camel
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- 'Danai Adkisson '
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-04-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.2
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.2
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: SAML tool wrapping onelogin/rubysaml
+email:
+- da129@duke.edu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/saml_camel_manifest.js
+- app/assets/javascripts/saml_camel/application.js
+- app/assets/stylesheets/saml_camel/application.css
+- app/assets/stylesheets/scaffold.css
+- app/controllers/concerns/saml_camel/saml_helpers.rb
+- app/controllers/saml_camel/application_controller.rb
+- app/controllers/saml_camel/saml_controller.rb
+- app/helpers/saml_camel/application_helper.rb
+- app/jobs/saml_camel/application_job.rb
+- app/mailers/saml_camel/application_mailer.rb
+- app/models/saml_camel/application_record.rb
+- app/models/saml_camel/transaction.rb
+- app/views/layouts/saml_camel/application.html.erb
+- config/routes.rb
+- lib/saml_camel.rb
+- lib/saml_camel/engine.rb
+- lib/saml_camel/version.rb
+- lib/tasks/saml_camel_tasks.rake
+homepage: https://oit.duke.edu
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: SAML tool wrapping onelogin/rubysaml
+test_files: []