saml_idp_metadata 0.3.8 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 35868d94a462a7ce8648be65e5d558677e04903827c4debbd7b5ad775a527942
-  data.tar.gz: badd623d95e8d6153df2507e39f6c2afddb66d1e09c2af1190a2583ab5288433
+  metadata.gz: bda49c64b9043ebd4435d5465fd6d1b64463f9082723d8cbb22a930870d9770e
+  data.tar.gz: a4a9e8ec42fcfad075be611070eaf887e1e7d679c0165eac19be8141f4683775
 SHA512:
-  metadata.gz: 7cdfe25c024405ab02cd489863affc7a8ad1702136c6abbc59f197a4db7fc74e1354f9e088e8dd3900cc03e5d339f06720529e2dec79aa393fa42ac7c4ee3bd4
-  data.tar.gz: c1fbb625c786c657b4e385519b9c199f620ad709e46cd0f96f54f68b4f69b08be3618094b376d6382e6b45c162af4c68c378a9831640f4bce784b4ea20007c8b
+  metadata.gz: ed85b896eb68fe0bf0eb37d2fa5814af5243dd7a91a84f1a85e7ec998b00f7a6eed996d6e82b442a1a4db950e18323c0cee07dca99a45caebf43e4981b000c6e
+  data.tar.gz: 6efd585b8266f52ad93a66578792dc6fdceb7d64d511fd196ff8642694ac1edce244199af302e79f129f8bec1ba22652de093b5378cbc2daa3c2a46c52131118

data/.circleci/config.yml

@@ -60,7 +60,6 @@ workflows:
           matrix:
             parameters:
               ruby-version:
-                - "3.1"
                 - "3.2"
                 - "3.3"
                 - "3.4"

data/.github/workflows/ruby.yml

@@ -13,7 +13,6 @@ jobs:
       fail-fast: false
       matrix:
         ruby-version:
-          - '3.1'
           - '3.2'
           - '3.3'
           - '3.4'

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-03-29 08:31:38 UTC using RuboCop version 1.75.1.
+# on 2025-03-29 09:03:43 UTC using RuboCop version 1.75.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -11,9 +11,29 @@
 Metrics/AbcSize:
   Max: 21
 
-# Offense count: 26
+# Offense count: 1
+# Configuration parameters: CountComments, CountAsOne.
+Metrics/ClassLength:
+  Max: 139
+
+# Offense count: 1
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/CyclomaticComplexity:
+  Max: 9
+
+# Offense count: 1
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+Metrics/MethodLength:
+  Max: 12
+
+# Offense count: 1
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/PerceivedComplexity:
+  Max: 9
+
+# Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, SplitStrings.
 # URISchemes: http, https
 Layout/LineLength:
-  Max: 126
+  Max: 121

data/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [v0.3.8](https://github.com/tknzk/saml_idp_metadata/tree/v0.3.8) (2025-03-29)
+
+[Full Changelog](https://github.com/tknzk/saml_idp_metadata/compare/v0.3.7...v0.3.8)
+
+**Merged pull requests:**
+
+- bumpup [\#235](https://github.com/tknzk/saml_idp_metadata/pull/235) ([tknzk](https://github.com/tknzk))
+- Obey rubocop [\#234](https://github.com/tknzk/saml_idp_metadata/pull/234) ([tknzk](https://github.com/tknzk))
+- bundle update [\#233](https://github.com/tknzk/saml_idp_metadata/pull/233) ([tknzk](https://github.com/tknzk))
+- refactor github actions [\#232](https://github.com/tknzk/saml_idp_metadata/pull/232) ([tknzk](https://github.com/tknzk))
+- refactor circleci config [\#231](https://github.com/tknzk/saml_idp_metadata/pull/231) ([tknzk](https://github.com/tknzk))
+- require ruby \>= 3.1 [\#230](https://github.com/tknzk/saml_idp_metadata/pull/230) ([tknzk](https://github.com/tknzk))
+- bundle update [\#229](https://github.com/tknzk/saml_idp_metadata/pull/229) ([tknzk](https://github.com/tknzk))
+
 ## [v0.3.7](https://github.com/tknzk/saml_idp_metadata/tree/v0.3.7) (2025-03-21)
 
 [Full Changelog](https://github.com/tknzk/saml_idp_metadata/compare/v0.3.6...v0.3.7)

data/Gemfile.lock

@@ -1,45 +1,22 @@
 PATH
   remote: .
   specs:
-    saml_idp_metadata (0.3.8)
-      activesupport (< 8)
+    saml_idp_metadata (1.0.0)
       rexml
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.2.2.1)
-      base64
-      benchmark (>= 0.3)
-      bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.3.1)
-      connection_pool (>= 2.2.5)
-      drb
-      i18n (>= 1.6, < 2)
-      logger (>= 1.4.2)
-      minitest (>= 5.1)
-      securerandom (>= 0.3)
-      tzinfo (~> 2.0, >= 2.0.5)
     ast (2.4.3)
-    base64 (0.2.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.9)
     coderay (1.1.3)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.0)
-    diff-lcs (1.6.1)
+    diff-lcs (1.6.2)
     docile (1.4.1)
-    drb (2.2.1)
-    i18n (1.14.7)
-      concurrent-ruby (~> 1.0)
-    json (2.10.2)
-    language_server-protocol (3.17.0.4)
+    json (2.12.2)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
-    logger (1.7.0)
     method_source (1.1.0)
-    minitest (5.25.5)
-    parallel (1.26.3)
-    parser (3.3.7.3)
+    parallel (1.27.0)
+    parser (3.3.8.0)
       ast (~> 2.4.1)
       racc
     prism (1.4.0)
@@ -57,14 +34,14 @@ GEM
       rspec-mocks (~> 3.13.0)
     rspec-core (3.13.3)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.4)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.2)
-    rubocop (1.75.1)
+    rspec-support (3.13.3)
+    rubocop (1.75.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -72,28 +49,25 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.43.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.43.0)
+    rubocop-ast (1.44.1)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
     rubocop-rake (0.7.1)
       lint_roller (~> 1.1)
       rubocop (>= 1.72.1)
-    rubocop-rspec (3.5.0)
+    rubocop-rspec (3.6.0)
       lint_roller (~> 1.1)
       rubocop (~> 1.72, >= 1.72.1)
     ruby-progressbar (1.13.0)
-    securerandom (0.4.1)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.13.1)
     simplecov_json_formatter (0.1.4)
-    tzinfo (2.0.6)
-      concurrent-ruby (~> 1.0)
     unicode-display_width (3.1.4)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)

data/lib/saml_idp_metadata/parser.rb

@@ -1,11 +1,10 @@
 # frozen_string_literal: true
 
-require 'active_support'
-require 'active_support/core_ext'
+require 'rexml/document'
 
 module SamlIdpMetadata
   #
-  # SAML IdP metadata parser
+  # SAML IdP metadata parser with REXML
   #
   class Parser
     attr_reader :xml, :xmlns, :entity_id, :sso_http_redirect_url, :sso_http_post_url, :slo_url, :nameid_format,
@@ -13,7 +12,7 @@ module SamlIdpMetadata
 
     def initialize(xml:)
       @xml = xml
-      @hash = Hash.from_xml(xml)
+      @doc = REXML::Document.new(xml)
 
       @xmlns = nil
       @entity_id = nil
@@ -30,10 +29,9 @@ module SamlIdpMetadata
 
     def call
       @xmlns = parse_xmlns
-
       @entity_id = parse_entity_id
       @sso_http_redirect_url = parse_sso_http_redirect_url
-      @sso_http_post_url = parse_sso_http_post_url.presence || parse_sso_http_redirect_url
+      @sso_http_post_url = parse_sso_http_post_url || parse_sso_http_redirect_url
       @slo_url = parse_slo_url
       @nameid_format = parse_nameid_format
       @x509_certificate = parse_x509_certificate
@@ -46,7 +44,7 @@ module SamlIdpMetadata
     end
 
     def ensure_params?
-      entity_id.present? && sso_http_redirect_url.present? && sso_http_post_url.present? && x509_certificate.present?
+      present?(entity_id) && present?(sso_http_redirect_url) && present?(sso_http_post_url) && present?(x509_certificate)
     end
 
     def build_params
@@ -64,78 +62,148 @@ module SamlIdpMetadata
     private
 
     def entity_descriptor
-      if @hash['EntitiesDescriptor'].present?
-        @hash['EntitiesDescriptor']['EntityDescriptor']
+      # Handle EntitiesDescriptor case
+      if @doc.root.name == 'EntitiesDescriptor'
+        find_with_namespace(@doc.root.elements, 'EntityDescriptor')
       else
-        @hash['EntityDescriptor']
+        @doc.root
       end
     end
 
     def parse_entity_id
-      entity_descriptor['entityID']
+      entity_descriptor&.attributes&.[]('entityID')
     end
 
     def parse_xmlns
-      entity_descriptor.key?('xmlns:md') ? entity_descriptor['xmlns:md'] : entity_descriptor['xmlns']
+      if entity_descriptor&.attributes&.[]('xmlns:md')
+        entity_descriptor.attributes['xmlns:md']
+      else
+        entity_descriptor&.attributes&.[]('xmlns')
+      end
     end
 
-    def parse_sso_http_redirect_url
-      return nil if entity_descriptor.dig('IDPSSODescriptor', 'SingleSignOnService').nil?
+    def idp_descriptor
+      find_with_namespace(entity_descriptor&.elements, 'IDPSSODescriptor')
+    end
 
-      single_signon_services = entity_descriptor['IDPSSODescriptor']['SingleSignOnService']
+    def parse_sso_http_redirect_url
+      services = find_all_with_namespace(idp_descriptor&.elements, 'SingleSignOnService')
+      return nil if services.empty?
 
-      return single_signon_services['Location'] if single_signon_services.is_a?(Hash)
+      # If there's only one service
+      return services.first.attributes['Location'] if services.size == 1
 
-      single_signon_services.each do |service|
-        return service['Location'] if service['Binding'] == 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
+      # Find service with HTTP-Redirect binding
+      services.each do |service|
+        binding = service.attributes['Binding']
+        return service.attributes['Location'] if binding == 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
       end
+
       nil
     end
 
     def parse_sso_http_post_url
-      return nil if entity_descriptor.dig('IDPSSODescriptor', 'SingleSignOnService').nil?
-
-      single_signon_services = entity_descriptor['IDPSSODescriptor']['SingleSignOnService']
+      services = find_all_with_namespace(idp_descriptor&.elements, 'SingleSignOnService')
+      return nil if services.empty?
 
-      return single_signon_services['Location'] if single_signon_services.is_a?(Hash)
+      # If there's only one service
+      return services.first.attributes['Location'] if services.size == 1
 
-      single_signon_services.each do |service|
-        return service['Location'] if service['Binding'] == 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
+      # Find service with HTTP-POST binding
+      services.each do |service|
+        binding = service.attributes['Binding']
+        return service.attributes['Location'] if binding == 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
       end
+
       nil
     end
 
     def parse_slo_url
-      return nil if entity_descriptor.dig('IDPSSODescriptor', 'SingleLogoutService').nil?
-
-      single_logout_services = entity_descriptor['IDPSSODescriptor']['SingleLogoutService']
+      services = find_all_with_namespace(idp_descriptor&.elements, 'SingleLogoutService')
+      return nil if services.empty?
 
-      return single_logout_services['Location'] if single_logout_services.is_a?(Hash)
+      # If there's only one service
+      return services.first.attributes['Location'] if services.size == 1
 
-      single_logout_services.each do |service|
-        return service['Location'] if service['Binding'] == 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
+      # Find service with HTTP-Redirect binding
+      services.each do |service|
+        binding = service.attributes['Binding']
+        return service.attributes['Location'] if binding == 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
       end
+
       nil
     end
 
     def parse_nameid_format
-      return nil if entity_descriptor.dig('IDPSSODescriptor', 'NameIDFormat').nil?
+      formats = find_all_with_namespace(idp_descriptor&.elements, 'NameIDFormat')
+      return nil if formats.empty?
 
-      if entity_descriptor['IDPSSODescriptor']['NameIDFormat'].instance_of?(Array)
-        entity_descriptor['IDPSSODescriptor']['NameIDFormat'].last
-      else
-        entity_descriptor['IDPSSODescriptor']['NameIDFormat']
-      end
+      # Return the last format if there are multiple
+      formats.last.text
     end
 
     def parse_x509_certificate
-      return nil if entity_descriptor.dig('IDPSSODescriptor', 'KeyDescriptor').nil?
+      key_descriptors = find_all_with_namespace(idp_descriptor&.elements, 'KeyDescriptor')
+      return nil if key_descriptors.empty?
 
-      if entity_descriptor['IDPSSODescriptor']['KeyDescriptor'].instance_of?(Array)
-        entity_descriptor['IDPSSODescriptor']['KeyDescriptor'].last['KeyInfo']['X509Data']['X509Certificate']
-      else
-        entity_descriptor['IDPSSODescriptor']['KeyDescriptor']['KeyInfo']['X509Data']['X509Certificate']
-      end
+      # Use the last key descriptor
+      key_descriptor = key_descriptors.last
+
+      # Navigate the XML structure to find the X509Certificate element
+      key_info = find_with_namespace(key_descriptor.elements, 'KeyInfo') ||
+                 find_element(key_descriptor.elements, 'ds:KeyInfo')
+
+      return nil unless key_info
+
+      x509_data = find_with_namespace(key_info.elements, 'X509Data') ||
+                  find_element(key_info.elements, 'ds:X509Data')
+
+      return nil unless x509_data
+
+      cert_element = find_with_namespace(x509_data.elements, 'X509Certificate') ||
+                     find_element(x509_data.elements, 'ds:X509Certificate')
+
+      cert_element&.text
+    end
+
+    # Helper methods to handle namespace variations
+    def find_with_namespace(elements, name)
+      return nil if elements.nil?
+
+      # Try with different namespace prefixes
+      element = find_element(elements, name) ||
+                find_element(elements, "md:#{name}") ||
+                find_element(elements, "saml:#{name}")
+
+      element
+    end
+
+    def find_all_with_namespace(elements, name)
+      return [] if elements.nil?
+
+      # Collect elements with different namespace prefixes
+      result = []
+      result.concat(find_all_elements(elements, name))
+      result.concat(find_all_elements(elements, "md:#{name}"))
+      result.concat(find_all_elements(elements, "saml:#{name}"))
+
+      result
+    end
+
+    def find_element(elements, name)
+      return nil if elements.nil?
+
+      elements.to_a.find { |e| e.name == name }
+    end
+
+    def find_all_elements(elements, name)
+      return [] if elements.nil?
+
+      elements.to_a.select { |e| e.name == name }
+    end
+
+    def present?(value)
+      value && !value.to_s.strip.empty?
     end
   end
 end

data/lib/saml_idp_metadata/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SamlIdpMetadata
-  VERSION = '0.3.8'
+  VERSION = '1.0.0'
 end

data/saml_idp_metadata.gemspec

@@ -6,7 +6,7 @@ require 'saml_idp_metadata/version'
 
 Gem::Specification.new do |spec|
   spec.name                  = 'saml_idp_metadata'
-  spec.required_ruby_version = '>= 3.1', '< 4'
+  spec.required_ruby_version = '>= 3.2', '< 4'
   spec.version               = SamlIdpMetadata::VERSION
   spec.authors               = ['tknzk']
   spec.email                 = ['info@tknzk.dev']
@@ -25,7 +25,6 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'activesupport', '< 8'
   spec.add_dependency 'rexml'
 
   spec.add_development_dependency 'bundler', '~> 2'

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: saml_idp_metadata
 version: !ruby/object:Gem::Version
-  version: 0.3.8
+  version: 1.0.0
 platform: ruby
 authors:
 - tknzk
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-03-29 00:00:00.000000000 Z
+date: 2025-05-26 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: activesupport
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '8'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '8'
 - !ruby/object:Gem::Dependency
   name: rexml
   requirement: !ruby/object:Gem::Requirement
@@ -193,7 +179,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.1'
+      version: '3.2'
   - - "<"
     - !ruby/object:Gem::Version
       version: '4'