saml_tools 0.0.1

data/test/files/TEST_FILES.rdoc

@@ -0,0 +1,22 @@
+= Test files
+
+== response.xml
+
+response.xml was built using xmlsec1 on Ubuntu.
+
+It was based on a response found in ruby-saml's {test suite}[https://github.com/onelogin/ruby-saml/tree/master/test/responses].
+
+The process was very heavily influenced by Philippe Camacho's {"An Introduction
+to XML Signature and XML Encryption with XMLSec"}[http://users.dcc.uchile.cl/~pcamacho/tutorial/web/xmlsec/xmlsec.html]
+
+From these two sources a template was built (test/files/response_template.xml),
+and then this was signed using the certificates from Phillipe's page.
+
+To rebuild the response.xml, open a console at test/files and run the following
+command:
+
+    xmlsec1 --sign --output response.xml --pwd hello --pkcs12 usercert.p12 --trusted-pem cacert.pem --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion response_template.xml
+
+The resulting response.xml can be verified using:
+
+    xmlsec1 --verify response.xml

data/test/files/cacert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfjCCAuegAwIBAgIJAIePNUhzFmNTMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
+VQQGEwJDTDELMAkGA1UECBMCUk0xETAPBgNVBAcTCFNhbnRpYWdvMRwwGgYDVQQK
+ExNsaXR0bGVjcnlwdG9ncmFwaGVyMRkwFwYDVQQDExBQaGlsaXBwZSBDYW1hY2hv
+MR8wHQYJKoZIhvcNAQkBFhBsb3N0aWxvc0BmcmVlLmZyMB4XDTA4MDExOTEyNTAy
+OFoXDTA4MDIxODEyNTAyOFowgYcxCzAJBgNVBAYTAkNMMQswCQYDVQQIEwJSTTER
+MA8GA1UEBxMIU2FudGlhZ28xHDAaBgNVBAoTE2xpdHRsZWNyeXB0b2dyYXBoZXIx
+GTAXBgNVBAMTEFBoaWxpcHBlIENhbWFjaG8xHzAdBgkqhkiG9w0BCQEWEGxvc3Rp
+bG9zQGZyZWUuZnIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKjzAWnn7l/e
+Bgrail/0GRIf8U+Jf4o1QOhLkQfWEldai3vrMW6BRoqlymMR++Gkghnes2ZpM03i
++JOheKq0A4z60DBnOOl/93wL8/BKVsElQVgQktbMdBNhz0h7BBOKPDTa+ro4LYey
+dczm5B8GzJ0NL5NhhTEhv2NOlLBqcIu1AgMBAAGjge8wgewwHQYDVR0OBBYEFP7L
+Vgso6yrpx5zq5TrVTFWE29RqMIG8BgNVHSMEgbQwgbGAFP7LVgso6yrpx5zq5TrV
+TFWE29RqoYGNpIGKMIGHMQswCQYDVQQGEwJDTDELMAkGA1UECBMCUk0xETAPBgNV
+BAcTCFNhbnRpYWdvMRwwGgYDVQQKExNsaXR0bGVjcnlwdG9ncmFwaGVyMRkwFwYD
+VQQDExBQaGlsaXBwZSBDYW1hY2hvMR8wHQYJKoZIhvcNAQkBFhBsb3N0aWxvc0Bm
+cmVlLmZyggkAh481SHMWY1MwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB
+gQB6tmgdeQiPW/OLVR+C2igFVK94vS/Npl4Hlx3JAcvq0ZdlMDddN9feLa+pwC0+
+7/atNl38oNptfJEJl5VXrHDPjmAd20FblafKOj3X02+l6T9UKhw4Qr4DzZB556ms
+aRm7C8hRPssMtaCyV9DImL+enItRZXmKj/4rRkbqYl7raw==
+-----END CERTIFICATE-----

data/test/files/open_saml_response.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" Destination="https://example.hello.com/access/saml" ID="jVFQbyEpSfUwqhZtJtarIaGoshwuAQMDwLoiMhzJXsv" InResponseTo="cfeooghajnhofcmogakmlhpkohnmikicnfhdnjlc" IssueInstant="2011-06-21T13:54:38.661Z" Version="2.0">
+  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idm.orademo.com</saml2:Issuer>
+  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+    <ds:SignedInfo>
+      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <ds:Reference URI="#jVFQbyEpSfUwqhZtJtarIaGoshwuAQMDwLoiMhzJXsv">
+        <ds:Transforms>
+          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
+          </ds:Transform>
+        </ds:Transforms>
+        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+        <ds:DigestValue>uHuSry39P16Yh7srS32xESmj4Lw=</ds:DigestValue>
+      </ds:Reference>
+    </ds:SignedInfo>
+    <ds:SignatureValue>fdghdfggfd=</ds:SignatureValue>
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>dfghjkl</ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </ds:Signature>
+  <saml2p:Status>
+    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </saml2p:Status>
+  <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="emmCjammnYdAbMWDuMAJeZvQIMBayeeYqqwvQoDclKE" IssueInstant="2011-06-21T13:54:38.676Z" Version="2.0">
+    <saml2:Issuer>https://idm.orademo.com</saml2:Issuer>
+    <saml2:Subject>
+      <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="idp.example.org">someone@example.org</saml2:NameID>
+      <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml2:SubjectConfirmationData InResponseTo="cfeooghajnhofcmogakmlhpkohnmikicnfhdnjlc" NotOnOrAfter="2011-06-21T14:09:38.676Z" Recipient="https://example.hello.com/access/saml"/>
+      </saml2:SubjectConfirmation>
+    </saml2:Subject>
+    <saml2:Conditions NotBefore="2011-06-21T13:54:38.683Z" NotOnOrAfter="2011-06-21T14:09:38.683Z">
+      <saml2:AudienceRestriction>
+        <saml2:Audience>hello.com</saml2:Audience>
+      </saml2:AudienceRestriction>
+    </saml2:Conditions>
+    <saml2:AuthnStatement AuthnInstant="2011-06-21T13:54:38.685Z" SessionIndex="perdkjfskdjfksdiertusfsdfsddeurtherukjdfgkdffg">
+      <saml2:AuthnContext>
+        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
+      </saml2:AuthnContext>
+    </saml2:AuthnStatement>
+    <saml2:AttributeStatement>
+      <saml2:Attribute Name="FirstName">
+        <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Someone</saml2:AttributeValue>
+      </saml2:Attribute>
+      <saml2:Attribute Name="LastName">
+        <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Special</saml2:AttributeValue>
+      </saml2:Attribute>
+    </saml2:AttributeStatement>
+  </saml2:Assertion>
+</saml2p:Response>

data/test/files/request.saml.erb

@@ -0,0 +1,28 @@
+<samlp:AuthnRequest
+  AssertionConsumerServiceURL='<%= settings.assertion_consumer_service_url %>'
+  Destination='<%= settings.idp_sso_target_url %>'
+  ID='<%= settings.id %>'
+  IssueInstant='<%= settings.issue_instance %>'
+  Version='2.0'
+  xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'
+>
+  <saml:Issuer xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>
+    <%= settings.issuer %>
+  </saml:Issuer>
+  <samlp:NameIDPolicy
+    AllowCreate='true'
+    Format='<%= settings.name_identifier_format %>'
+    xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'
+  />
+  <samlp:RequestedAuthnContext
+    Comparison='exact'
+    xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'
+  >
+    <saml:AuthnContextClassRef
+      xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'
+    >
+      <%= settings.authn_context %>
+    </saml:AuthnContextClassRef>
+  </samlp:RequestedAuthnContext>
+</samlp:AuthnRequest>
+

data/test/files/response.xml

@@ -0,0 +1,94 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="GOSAMLR12901174571794" Version="2.0" IssueInstant="2010-11-18T21:57:37Z" Destination="{recipient}">
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
+  <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfxa46574df-b3b0-a06a-23c8-636413198772" IssueInstant="2010-11-18T21:57:37Z">
+    <saml:Issuer>https://app.onelogin.com/saml/metadata/13590</saml:Issuer>
+    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+     <SignedInfo>
+      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <Reference URI="#pfxa46574df-b3b0-a06a-23c8-636413198772">
+       <Transforms>
+        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+       </Transforms>
+       <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+       <DigestValue>YItEpV0VaEcaafv9X7sFXvSiz2o=</DigestValue>
+      </Reference>
+     </SignedInfo>
+     <SignatureValue>QZcM+V3tDw2yOHEWi7hUDyOFRbmIpwW/dvTFoRi6dkH3bnh3jBVUNZuTu9pHcs5X
+qSFmL2C0zpWomKtxGvxfyIY2dDl8Gbwv+MZssDQ0u/Ce2hh84B6XtW3DtHy8hKSQ
+WgQA/pKoncL0ZOqmCKclPiM/3bkPUYu54JrtIj9YsPc=</SignatureValue>
+     <KeyInfo>
+      <X509Data>
+       
+       
+       
+      <X509Certificate>MIIC6DCCAlGgAwIBAgICAR4wDQYJKoZIhvcNAQEFBQAwgYcxCzAJBgNVBAYTAkNM
+MQswCQYDVQQIEwJSTTERMA8GA1UEBxMIU2FudGlhZ28xHDAaBgNVBAoTE2xpdHRs
+ZWNyeXB0b2dyYXBoZXIxGTAXBgNVBAMTEFBoaWxpcHBlIENhbWFjaG8xHzAdBgkq
+hkiG9w0BCQEWEGxvc3RpbG9zQGZyZWUuZnIwHhcNMDgwMTE5MTI1MjM3WhcNMDkw
+MTE4MTI1MjM3WjBuMQswCQYDVQQGEwJDTDELMAkGA1UECBMCUk0xHDAaBgNVBAoT
+E2xpdHRsZWNyeXB0b2dyYXBoZXIxEzARBgNVBAMTCkpvaG4gU21pdGgxHzAdBgkq
+hkiG9w0BCQEWEGpzbWl0aEBoZWxsby5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBALwShIDVij20XFC8V3Bs8Xn6b3uRa8rnPgkMCc92LoxNc/IzCriw9gu9
+NGps/bwanWgZbK5va46Y27axFhHo2uNk9ZE2lj0UQegFdBGlEIOt9hlpHFSqTnmX
+AKraSHd2yxhVe+JqGIrtyTQluWVNPOCKXd8zubFgWqlUMXMrn8JzAgMBAAGjezB5
+MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
+cnRpZmljYXRlMB0GA1UdDgQWBBQ08GE4h2jHJZOGkDUyQE9EEPMqlDAfBgNVHSME
+GDAWgBT+y1YLKOsq6cec6uU61UxVhNvUajANBgkqhkiG9w0BAQUFAAOBgQAVZMDa
+KVhvX2qOMlcjX7i6DESF7SDyEbjfPk+bYIDm+al45lmzixkFeYUUQcFJMG0s152A
+kFd/fTVMfz/j37OQYxUYwwZQlMW3dVnC+CvjtMlSrReeHThhQFQpO16i21aDitON
+1TFsvO8T+21YGB4kne44vry6O4JJPy8EZBsfbw==</X509Certificate>
+<X509SubjectName>emailAddress=jsmith@hello.com,CN=John Smith,O=littlecryptographer,ST=RM,C=CL</X509SubjectName>
+<X509IssuerSerial>
+<X509IssuerName>emailAddress=lostilos@free.fr,CN=Philippe Camacho,O=littlecryptographer,L=Santiago,ST=RM,C=CL</X509IssuerName>
+<X509SerialNumber>286</X509SerialNumber>
+</X509IssuerSerial>
+</X509Data>
+      <KeyValue>
+<RSAKeyValue>
+<Modulus>
+vBKEgNWKPbRcULxXcGzxefpve5Fryuc+CQwJz3YujE1z8jMKuLD2C700amz9vBqd
+aBlsrm9rjpjbtrEWEeja42T1kTaWPRRB6AV0EaUQg632GWkcVKpOeZcAqtpId3bL
+GFV74moYiu3JNCW5ZU084Ipd3zO5sWBaqVQxcyufwnM=
+</Modulus>
+<Exponent>
+AQAB
+</Exponent>
+</RSAKeyValue>
+</KeyValue>
+     </KeyInfo>
+    </Signature>
+    <saml:Subject>
+      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">support@onelogin.com</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData NotOnOrAfter="2010-11-18T22:02:37Z" Recipient="{recipient}"/></saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotBefore="2010-11-18T21:52:37Z" NotOnOrAfter="2010-11-18T22:02:37Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>{audience}</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement AuthnInstant="2010-11-18T21:57:37Z" SessionNotOnOrAfter="2010-11-19T21:57:37Z" SessionIndex="_531c32d283bdff7e04e487bcdbc4dd8d">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="uid">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">demo</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="another_value">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value1</saml:AttributeValue>
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value2</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="role">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role1</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="role">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role2</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>

data/test/files/response_template.xml

@@ -0,0 +1,63 @@
+<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="GOSAMLR12901174571794" Version="2.0" IssueInstant="2010-11-18T21:57:37Z" Destination="{recipient}">
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
+  <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfxa46574df-b3b0-a06a-23c8-636413198772" IssueInstant="2010-11-18T21:57:37Z">
+    <saml:Issuer>https://app.onelogin.com/saml/metadata/13590</saml:Issuer>
+    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+     <SignedInfo>
+      <CanonicalizationMethod Algorithm=
+       "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+      <SignatureMethod Algorithm=
+       "http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+      <Reference URI="#pfxa46574df-b3b0-a06a-23c8-636413198772">
+       <Transforms>
+        <Transform Algorithm=
+         "http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+       </Transforms>
+       <DigestMethod Algorithm=
+         "http://www.w3.org/2000/09/xmldsig#sha1"/>
+       <DigestValue></DigestValue>
+      </Reference>
+     </SignedInfo>
+     <SignatureValue />
+     <KeyInfo>
+      <X509Data >
+       <X509SubjectName/>
+       <X509IssuerSerial/>
+       <X509Certificate/>
+      </X509Data>
+      <KeyValue />
+     </KeyInfo>
+    </Signature>
+    <saml:Subject>
+      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">support@onelogin.com</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData NotOnOrAfter="2010-11-18T22:02:37Z" Recipient="{recipient}"/></saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotBefore="2010-11-18T21:52:37Z" NotOnOrAfter="2010-11-18T22:02:37Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>{audience}</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement AuthnInstant="2010-11-18T21:57:37Z" SessionNotOnOrAfter="2010-11-19T21:57:37Z" SessionIndex="_531c32d283bdff7e04e487bcdbc4dd8d">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="uid">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">demo</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="another_value">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value1</saml:AttributeValue>
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value2</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="role">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role1</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="role">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role2</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>

data/test/files/userkey.pem

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,7D88A380248C2614
+
+02esmv1iImtl5MVME36xJxIF4PGKI66Y1sS/qpgiXupAFA+5sRDviNHYRYWOp8hZ
+W8k0fem0hai82dUQS8bmUdi24ZWyUISMaQFojPcutuDF07HIe8voYpI8iWU/zw2z
+Is6eZlFJvsHDf34igSXaD10EPWbO9uLKlFl1YEwyhAKP6jlo4Oe6d69DBazlH3vT
+ilmOKtkUOoks3Ri9WJH20zqNwLpa4mEt+0sgfkAUPgsOWyJd3BJ3rDdZp4TIFtUU
+MoNqdxb/6vMhghC6yp0uUsu7n9dmmcRcvb+MWC2JOSEIdKvev0bt0Wvk8ZDNId2a
+9V14QCKGGeQ1T9/Mc09nNWlA559By+YZxIn51+J5No2+3G1oPka8jVTZ3Q+orkaU
+nBjgg+e5SIWd6BZF8QZs5vOJhcABAweKsdTJuksVyKTCw9gwcNYTqakKY9Bt+kD0
+Q1hDIjCV725TuML7707cPeBO2Rhpc0Tr79WJepB3L+V0/PLIaYhdhLI0FTpzxUN/
+lWOyy0wzzU9zfGsWCG6KECu+OriX0GSu//F7nZ0/7U0FxzwAqCykS/lej0byS0bK
+iL0nsjMRPlVVnM73Chq7p65pYLJ70K5nSlLoXjPoWGJ0DQYyMnB9WcvbBwvWoRW3
+/9Dm/ZDLj1xP4U5oKHAgkaxJOkKnmoLOG1F/NnwqzXw4+M5BzMWwtXH3QAaKJ9DU
+UiNQgP9O33HMx85n7tugmR0NkZAbeJ8LmSRSoTiZ1UxHtLTRqvWhTRg3e73I4pcG
+gD8t+bNqjbY+XGLmgpAkoAXpjIkkxmZD6layeG+VIC13ZROM5onWyA==
+-----END RSA PRIVATE KEY-----

data/test/files/valid_saml_request.xml

@@ -0,0 +1,13 @@
+<samlp:AuthnRequest
+  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+  ID="aaf23196-1773-2113-474a-fe114412ab72"
+  Version="2.0"
+  IssueInstant="2004-12-05T09:21:59"
+  AssertionConsumerServiceIndex="0"
+  AttributeConsumingServiceIndex="0">
+  <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
+  <samlp:NameIDPolicy
+    AllowCreate="true"
+    Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
+</samlp:AuthnRequest>

data/test/test_helper.rb

@@ -0,0 +1,51 @@
+$:.unshift File.join(File.dirname(__FILE__),'..','lib')
+
+require 'minitest'
+require 'minitest/autorun'
+require 'saml_tool'
+
+class Minitest::Test
+  
+  def valid_xml
+    '<foo>bar</foo>'
+  end
+
+  def saml
+    '<foo>something that behaves like saml</foo>'
+  end
+
+  def valid_saml_request
+    contents_of 'files/valid_saml_request.xml'
+  end
+
+  def request_saml_erb
+    contents_of 'files/request.saml.erb'
+  end
+  
+  def response_xml
+    contents_of 'files/response.xml'
+  end
+  
+  def open_saml_request
+    contents_of 'files/open_saml_response.xml'
+  end
+  
+  def x509_certificate
+    @x509_certificate ||= OpenSSL::PKCS12.new(
+      contents_of('files/usercert.p12'), 
+      'hello'
+    ).certificate
+  end
+  
+  def open_ssl_rsa_key
+    @open_ssl_rsa_key ||= OpenSSL::PKey::RSA.new(
+      contents_of('files/userkey.pem'), 
+      'hello'
+    )
+  end
+
+  def contents_of(file_path)
+    File.read File.expand_path(file_path, File.dirname(__FILE__))
+  end
+
+end

data/test/units/saml_tool/certificate_test.rb

@@ -0,0 +1,30 @@
+require_relative '../../test_helper'
+
+module SamlTool
+  class CertificateTest < Minitest::Test
+    
+    def test_x509_certificate
+      expected = x509_certificate.to_s.lines.to_a[1..-2].join
+      assert_equal expected, certificate.x509_certificate      
+    end
+
+    def test_issuer_name
+      expected = x509_certificate.issuer.to_s[1..-1].split('/').reverse.join(',')
+      assert_equal expected, certificate.issuer_name
+    end
+    
+    def test_subject_name
+      expected = x509_certificate.subject.to_s[1..-1].split('/').reverse.join(',')
+      assert_equal expected, certificate.subject_name      
+    end
+    
+    def test_serial_number
+      assert_equal x509_certificate.serial, certificate.serial_number
+    end
+    
+    def certificate
+      @certificate ||= Certificate.new(x509_certificate)
+    end
+    
+  end
+end

data/test/units/saml_tool/decoder_test.rb

@@ -0,0 +1,36 @@
+require_relative '../../test_helper'
+
+module SamlTool
+  class DecoderTest < Minitest::Test
+
+    def test_class_decode
+      deflated_saml = deflate saml
+      encoded_saml = Base64.encode64 deflated_saml
+      assert_equal Decoder.new(encoded_saml).decode, Decoder.decode(encoded_saml)
+    end
+
+    def test_decode
+      deflated_saml = deflate saml
+      encoded_saml = Base64.encode64 deflated_saml
+      decoded_saml = Decoder.new(encoded_saml).decode
+      assert_equal saml, decoded_saml
+    end
+
+    def test_base64
+      encoded_saml = Base64.encode64 saml
+      decoded_saml = Decoder.new(encoded_saml).base64
+      assert_equal saml, decoded_saml
+    end
+
+    def test_zlib
+      deflated_saml = deflate saml
+      decoded_saml = Decoder.new(deflated_saml).zlib
+      assert_equal saml, decoded_saml
+    end
+
+    def deflate(text)
+      Zlib::Deflate.deflate(text, Zlib::BEST_COMPRESSION)[2..-5]
+    end
+
+  end
+end