saml_idp 0.2.1 → 0.3.0

data/spec/lib/saml_idp/saml_response_spec.rb

@@ -16,6 +16,27 @@ module SamlIdp
       Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
     }
     let(:expiry) { 3 * 60 * 60 }
+    let (:encryption_opts) do
+      {
+        cert: Default::X509_CERTIFICATE,
+        block_encryption: 'aes256-cbc',
+        key_transport: 'rsa-oaep-mgf1p',
+      }
+    end
+    let(:subject_encrypted) { described_class.new(reference_id,
+                                  response_id,
+                                  issuer_uri,
+                                  name_id,
+                                  audience_uri,
+                                  saml_request_id,
+                                  saml_acs_url,
+                                  algorithm,
+                                  authn_context_classref,
+                                  expiry,
+                                  encryption_opts
+                                 )
+    }
+
     subject { described_class.new(reference_id,
                                   response_id,
                                   issuer_uri,
@@ -32,5 +53,16 @@ module SamlIdp
     it "has a valid build" do
       subject.build.should be_present
     end
+
+    it "builds encrypted" do
+      subject_encrypted.build.should_not match(audience_uri)
+      encoded_xml = subject_encrypted.build
+      resp_settings = saml_settings(saml_acs_url)
+      resp_settings.private_key = Default::SECRET_KEY
+      resp_settings.issuer = audience_uri
+      saml_resp = OneLogin::RubySaml::Response.new(encoded_xml, settings: resp_settings)
+      saml_resp.soft = false
+      saml_resp.is_valid?.should == true
+    end
   end
 end

data/spec/support/saml_request_macros.rb

@@ -1,3 +1,5 @@
+require 'saml_idp/logout_request_builder'
+
 module SamlRequestMacros
 
   def make_saml_request(requested_saml_acs_url = "https://foo.example.com/saml/consume")
@@ -6,6 +8,18 @@ module SamlRequestMacros
     CGI.unescape(auth_url.split("=").last)
   end
 
+  def make_saml_logout_request(requested_saml_logout_url = 'https://foo.example.com/saml/logout')
+    request_builder = SamlIdp::LogoutRequestBuilder.new(
+      'some_response_id',
+      'http://example.com',
+      requested_saml_logout_url,
+      'some_name_id',
+      'abc123index',
+      OpenSSL::Digest::SHA256
+    )
+    request_builder.encoded
+  end
+
   def saml_settings(saml_acs_url = "https://foo.example.com/saml/consume")
     settings = OneLogin::RubySaml::Settings.new
     settings.assertion_consumer_service_url = saml_acs_url
@@ -16,4 +30,10 @@ module SamlRequestMacros
     settings
   end
 
+  def print_pretty_xml(xml_string)
+    doc = REXML::Document.new xml_string
+    outbuf = ""
+    doc.write(outbuf, 1)
+    puts outbuf
+  end
 end

data/spec/xml_security_spec.rb

@@ -116,7 +116,8 @@ module SamlIdp
 
       it "be able to validate a good response" do
         Timecop.freeze Time.parse('2012-11-28 17:55:00 UTC') do
-          response.validate!.should be_truthy
+          response.stub(:validate_subject_confirmation).and_return(true)
+          response.should be_is_valid
         end
       end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: saml_idp
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-03 00:00:00.000000000 Z
+date: 2016-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -146,7 +146,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -154,7 +154,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -203,6 +203,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: xmlenc
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.6.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.6.4
 description: SAML IdP (Identity Provider) library in ruby
 email: jon.phenow@sportngin.com
 executables: []
@@ -219,9 +235,13 @@ files:
 - lib/saml_idp/configurator.rb
 - lib/saml_idp/controller.rb
 - lib/saml_idp/default.rb
+- lib/saml_idp/encryptor.rb
 - lib/saml_idp/engine.rb
 - lib/saml_idp/hashable.rb
 - lib/saml_idp/incoming_metadata.rb
+- lib/saml_idp/logout_builder.rb
+- lib/saml_idp/logout_request_builder.rb
+- lib/saml_idp/logout_response_builder.rb
 - lib/saml_idp/metadata_builder.rb
 - lib/saml_idp/name_id_formatter.rb
 - lib/saml_idp/persisted_metadata.rb
@@ -246,6 +266,9 @@ files:
 - spec/lib/saml_idp/attribute_decorator_spec.rb
 - spec/lib/saml_idp/configurator_spec.rb
 - spec/lib/saml_idp/controller_spec.rb
+- spec/lib/saml_idp/encryptor_spec.rb
+- spec/lib/saml_idp/logout_request_builder_spec.rb
+- spec/lib/saml_idp/logout_response_builder_spec.rb
 - spec/lib/saml_idp/metadata_builder_spec.rb
 - spec/lib/saml_idp/name_id_formatter_spec.rb
 - spec/lib/saml_idp/request_spec.rb
@@ -349,6 +372,14 @@ post_install_message: ! 'If you''re just recently updating saml_idp - please be
 
   defaults in a Production environment. Post any issues you to github.
 
+
+  ** New in Version 0.3.0 **
+
+
+  Encrypted Assertions require the xmlenc gem. See the example in the Controller
+
+  section of the README.
+
 '
 rdoc_options:
 - --charset=UTF-8
@@ -362,7 +393,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -213733986109454485
+      hash: 1850283737976678938
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -371,7 +402,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -213733986109454485
+      hash: 1850283737976678938
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.23
@@ -386,6 +417,9 @@ test_files:
 - spec/lib/saml_idp/attribute_decorator_spec.rb
 - spec/lib/saml_idp/configurator_spec.rb
 - spec/lib/saml_idp/controller_spec.rb
+- spec/lib/saml_idp/encryptor_spec.rb
+- spec/lib/saml_idp/logout_request_builder_spec.rb
+- spec/lib/saml_idp/logout_response_builder_spec.rb
 - spec/lib/saml_idp/metadata_builder_spec.rb
 - spec/lib/saml_idp/name_id_formatter_spec.rb
 - spec/lib/saml_idp/request_spec.rb