samlr 2.1.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of samlr might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/bin/samlr +20 -16
- data/lib/samlr/version.rb +3 -0
- metadata +12 -38
- data/.gitignore +0 -3
- data/.travis.yml +0 -5
- data/Gemfile +0 -8
- data/Rakefile +0 -12
- data/samlr.gemspec +0 -19
- data/test/fixtures/default_samlr_certificate.pem +0 -11
- data/test/fixtures/default_samlr_private_key.pem +0 -9
- data/test/fixtures/no_cert_response.xml +0 -2
- data/test/fixtures/sample_metadata.xml +0 -7
- data/test/fixtures/sample_response.xml +0 -2
- data/test/test_helper.rb +0 -55
- data/test/unit/test_assertion.rb +0 -71
- data/test/unit/test_condition.rb +0 -154
- data/test/unit/test_fingerprint.rb +0 -45
- data/test/unit/test_logout_request.rb +0 -73
- data/test/unit/test_reference.rb +0 -32
- data/test/unit/test_request.rb +0 -34
- data/test/unit/test_response.rb +0 -94
- data/test/unit/test_response_scenarios.rb +0 -126
- data/test/unit/test_signature.rb +0 -54
- data/test/unit/test_timestamp.rb +0 -58
- data/test/unit/test_tools.rb +0 -100
- data/test/unit/tools/test_certificate_builder.rb +0 -41
- data/test/unit/tools/test_logout_request_builder.rb +0 -26
- data/test/unit/tools/test_metadata_builder.rb +0 -26
- data/test/unit/tools/test_request_builder.rb +0 -35
- data/test/unit/tools/test_response_builder.rb +0 -19
data/test/unit/test_timestamp.rb
DELETED
@@ -1,58 +0,0 @@
|
|
1
|
-
require File.expand_path("test/test_helper")
|
2
|
-
|
3
|
-
describe Samlr::Tools::Timestamp do
|
4
|
-
before { Samlr.jitter = nil }
|
5
|
-
after { Samlr.jitter = nil }
|
6
|
-
|
7
|
-
describe "::parse" do
|
8
|
-
before { @time = ::Time.now }
|
9
|
-
it "turns an iso8601 string into a time instance" do
|
10
|
-
iso8601 = @time.utc.iso8601
|
11
|
-
assert_equal @time.to_i, Samlr::Tools::Timestamp.parse(iso8601).to_i
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
describe "::stamp" do
|
16
|
-
it "converts a given time to an iso8601 string in UTC" do
|
17
|
-
assert_equal "2012-08-08T18:28:38Z", Samlr::Tools::Timestamp.stamp(Time.at(1344450518))
|
18
|
-
end
|
19
|
-
|
20
|
-
it "defaults to a current timestamp in iso8601" do
|
21
|
-
assert ::Time.iso8601(Samlr::Tools::Timestamp.stamp).is_a?(Time)
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
describe "::not_on_or_after?" do
|
26
|
-
describe "when no jitter is allowed" do
|
27
|
-
it "disallows imprecision" do
|
28
|
-
assert Samlr::Tools::Timestamp.not_on_or_after?(Time.now + 5)
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
describe "when jitter is allowed" do
|
33
|
-
before { Samlr.jitter = 10 }
|
34
|
-
|
35
|
-
it "allows imprecision" do
|
36
|
-
assert Samlr::Tools::Timestamp.not_on_or_after?(Time.now - 5)
|
37
|
-
refute Samlr::Tools::Timestamp.not_on_or_after?(Time.now - 15)
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
describe "::before?" do
|
43
|
-
describe "when no jitter is allowed" do
|
44
|
-
it "disallows imprecision" do
|
45
|
-
assert Samlr::Tools::Timestamp.not_before?(Time.now - 5)
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
describe "when jitter is allowed" do
|
50
|
-
before { Samlr.jitter = 10 }
|
51
|
-
|
52
|
-
it "allows imprecision" do
|
53
|
-
assert Samlr::Tools::Timestamp.not_before?(Time.now + 5)
|
54
|
-
refute Samlr::Tools::Timestamp.not_before?(Time.now + 15)
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
data/test/unit/test_tools.rb
DELETED
@@ -1,100 +0,0 @@
|
|
1
|
-
require File.expand_path("test/test_helper")
|
2
|
-
require "openssl"
|
3
|
-
|
4
|
-
describe Samlr::Tools do
|
5
|
-
|
6
|
-
describe "::canonicalize" do
|
7
|
-
before do
|
8
|
-
@fixture = fixed_saml_response.document.to_xml
|
9
|
-
end
|
10
|
-
|
11
|
-
it "should namespace the SignedInfo element" do
|
12
|
-
path = "/samlp:Response/ds:Signature/ds:SignedInfo"
|
13
|
-
assert_match '<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">', Samlr::Tools.canonicalize(@fixture, { :path => path })
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
describe "::uuid" do
|
18
|
-
it "generates a valid xs:ID" do
|
19
|
-
assert Samlr::Tools.uuid !~ /^\d/
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
describe "::algorithm" do
|
24
|
-
[ 1, 384, 512 ].each do |i|
|
25
|
-
describe "when fed SHA#{i}" do
|
26
|
-
subject { "#sha#{i}" }
|
27
|
-
|
28
|
-
it "should return the corresponding implementation" do
|
29
|
-
assert_equal eval("OpenSSL::Digest::SHA#{i}"), Samlr::Tools.algorithm(subject)
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
describe "when not specified" do
|
35
|
-
subject { nil }
|
36
|
-
|
37
|
-
it "should default to SHA1" do
|
38
|
-
assert_equal OpenSSL::Digest::SHA1, Samlr::Tools.algorithm(subject)
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
describe "when not known" do
|
43
|
-
subject { "sha73" }
|
44
|
-
|
45
|
-
it "should default to SHA1" do
|
46
|
-
assert_equal OpenSSL::Digest::SHA1, Samlr::Tools.algorithm(subject)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
describe "::encode and ::decode" do
|
52
|
-
it "compresses a string in a reversible fashion" do
|
53
|
-
assert_equal "12345678", Samlr::Tools.decode(Samlr::Tools.encode("12345678"))
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
describe "::validate" do
|
58
|
-
subject { saml_response_document(:certificate => TEST_CERTIFICATE) }
|
59
|
-
|
60
|
-
it "returns true for valid documents" do
|
61
|
-
assert Samlr::Tools.validate(:document => subject)
|
62
|
-
end
|
63
|
-
|
64
|
-
it "returns false for invalid documents" do
|
65
|
-
mangled = subject.gsub("Assertion", "AyCaramba")
|
66
|
-
refute Samlr::Tools.validate(:document => mangled)
|
67
|
-
end
|
68
|
-
|
69
|
-
it "does not change the working directory" do
|
70
|
-
path = Dir.pwd
|
71
|
-
assert Samlr::Tools.validate(:document => subject)
|
72
|
-
assert_equal path, Dir.pwd
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
describe "::validate!" do
|
77
|
-
subject { saml_response_document(:certificate => TEST_CERTIFICATE) }
|
78
|
-
|
79
|
-
it "returns true for valid documents" do
|
80
|
-
assert Samlr::Tools.validate!(:document => subject)
|
81
|
-
end
|
82
|
-
|
83
|
-
it "raises for invalid documents" do
|
84
|
-
mangled = subject.gsub("Assertion", "AyCaramba")
|
85
|
-
|
86
|
-
begin
|
87
|
-
Samlr::Tools.validate!(:document => mangled)
|
88
|
-
flunk "Errors expected"
|
89
|
-
rescue Samlr::FormatError => e
|
90
|
-
assert_equal "Schema validation failed", e.message
|
91
|
-
end
|
92
|
-
end
|
93
|
-
|
94
|
-
it "does not change the working directory" do
|
95
|
-
path = Dir.pwd
|
96
|
-
assert Samlr::Tools.validate!(:document => subject)
|
97
|
-
assert_equal path, Dir.pwd
|
98
|
-
end
|
99
|
-
end
|
100
|
-
end
|
@@ -1,41 +0,0 @@
|
|
1
|
-
require File.expand_path("test/test_helper")
|
2
|
-
|
3
|
-
describe Samlr::Tools::CertificateBuilder do
|
4
|
-
before { @certificate = TEST_CERTIFICATE }
|
5
|
-
|
6
|
-
it "provides a certificate" do
|
7
|
-
assert_equal OpenSSL::X509::Certificate, @certificate.x509.class
|
8
|
-
end
|
9
|
-
|
10
|
-
describe "#verify" do
|
11
|
-
it "verifies its own signature" do
|
12
|
-
assert @certificate.verify(@certificate.sign("12345678"), "12345678")
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
describe "serialization" do
|
17
|
-
before do
|
18
|
-
@path = Dir.tmpdir
|
19
|
-
Dir.glob("#{@path}/*.pem").map { |f| File.unlink(f) }
|
20
|
-
end
|
21
|
-
|
22
|
-
describe "self#dump" do
|
23
|
-
before { Samlr::Tools::CertificateBuilder.dump(@path, @certificate) }
|
24
|
-
|
25
|
-
it "creates a key file and a certificate file on disk" do
|
26
|
-
state = Dir.glob("#{@path}/*.pem")
|
27
|
-
assert_equal 2, state.size
|
28
|
-
end
|
29
|
-
|
30
|
-
describe "#load" do
|
31
|
-
before { @loaded = Samlr::Tools::CertificateBuilder.load(@path) }
|
32
|
-
|
33
|
-
it "verified the signature signed by the unserialized certificate" do
|
34
|
-
assert @loaded.verify(@certificate.sign("12345678"), "12345678")
|
35
|
-
assert @certificate.verify(@loaded.sign("12345678"), "12345678")
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
end
|
41
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
require File.expand_path("test/test_helper")
|
2
|
-
|
3
|
-
describe Samlr::Tools::LogoutRequestBuilder do
|
4
|
-
describe "#build" do
|
5
|
-
before do
|
6
|
-
@xml = Samlr::Tools::LogoutRequestBuilder.build(
|
7
|
-
:issuer => "https://sp.example.com/saml2",
|
8
|
-
:name_id => "test@test.com"
|
9
|
-
)
|
10
|
-
|
11
|
-
@doc = Nokogiri::XML(@xml) { |c| c.strict }
|
12
|
-
end
|
13
|
-
|
14
|
-
it "generates a request document" do
|
15
|
-
assert_equal "LogoutRequest", @doc.root.name
|
16
|
-
|
17
|
-
issuer = @doc.root.at("./saml:Issuer", Samlr::NS_MAP)
|
18
|
-
assert_equal "https://sp.example.com/saml2", issuer.text
|
19
|
-
end
|
20
|
-
|
21
|
-
it "validates against schemas" do
|
22
|
-
result = Samlr::Tools.validate(:document => @xml)
|
23
|
-
assert result
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
@@ -1,26 +0,0 @@
|
|
1
|
-
require File.expand_path("test/test_helper")
|
2
|
-
|
3
|
-
describe Samlr::Tools::MetadataBuilder do
|
4
|
-
describe "#build" do
|
5
|
-
before do
|
6
|
-
@xml = Samlr::Tools::MetadataBuilder.build({
|
7
|
-
:entity_id => "https://sp.example.com/saml2",
|
8
|
-
:name_identity_format => "identity_format",
|
9
|
-
:consumer_service_url => "https://support.sp.example.com/"
|
10
|
-
})
|
11
|
-
|
12
|
-
@doc = Nokogiri::XML(@xml) { |c| c.strict }
|
13
|
-
end
|
14
|
-
|
15
|
-
it "generates a metadata document" do
|
16
|
-
assert_equal "EntityDescriptor", @doc.root.name
|
17
|
-
assert_equal "identity_format", @doc.at("//md:NameIDFormat", { "md" => Samlr::NS_MAP["md"] }).text
|
18
|
-
end
|
19
|
-
|
20
|
-
it "validates against schemas" do
|
21
|
-
result = Samlr::Tools.validate(:document => @xml, :schema => Samlr::META_SCHEMA)
|
22
|
-
assert result
|
23
|
-
end
|
24
|
-
|
25
|
-
end
|
26
|
-
end
|
@@ -1,35 +0,0 @@
|
|
1
|
-
require File.expand_path("test/test_helper")
|
2
|
-
|
3
|
-
describe Samlr::Tools::RequestBuilder do
|
4
|
-
describe "#build" do
|
5
|
-
before do
|
6
|
-
@xml = Samlr::Tools::RequestBuilder.build({
|
7
|
-
:issuer => "https://sp.example.com/saml2",
|
8
|
-
:name_identity_format => "identity_format",
|
9
|
-
:allow_create => "true",
|
10
|
-
:consumer_service_url => "https://support.sp.example.com/",
|
11
|
-
:authn_context => "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
|
12
|
-
})
|
13
|
-
|
14
|
-
@doc = Nokogiri::XML(@xml) { |c| c.strict }
|
15
|
-
end
|
16
|
-
|
17
|
-
it "generates a request document" do
|
18
|
-
assert_equal "AuthnRequest", @doc.root.name
|
19
|
-
assert_equal "https://support.sp.example.com/", @doc.root["AssertionConsumerServiceURL"]
|
20
|
-
|
21
|
-
issuer = @doc.root.at("./saml:Issuer", Samlr::NS_MAP)
|
22
|
-
assert_equal "https://sp.example.com/saml2", issuer.text
|
23
|
-
|
24
|
-
name_id_policy = @doc.root.at("./samlp:NameIDPolicy", Samlr::NS_MAP)
|
25
|
-
assert_equal "true", name_id_policy["AllowCreate"]
|
26
|
-
assert_equal "identity_format", name_id_policy["Format"]
|
27
|
-
end
|
28
|
-
|
29
|
-
it "validates against schemas" do
|
30
|
-
result = Samlr::Tools.validate(:document => @xml)
|
31
|
-
assert result
|
32
|
-
end
|
33
|
-
|
34
|
-
end
|
35
|
-
end
|
@@ -1,19 +0,0 @@
|
|
1
|
-
require File.expand_path("test/test_helper")
|
2
|
-
|
3
|
-
describe Samlr::Tools::ResponseBuilder do
|
4
|
-
before { @certificate = TEST_CERTIFICATE }
|
5
|
-
|
6
|
-
describe "#fixture" do
|
7
|
-
subject { saml_response_document(:certificate => @certificate) }
|
8
|
-
|
9
|
-
it "generates a fully valid response document" do
|
10
|
-
response = Samlr::Response.new(subject, :certificate => @certificate.x509)
|
11
|
-
assert response.verify!
|
12
|
-
end
|
13
|
-
|
14
|
-
it "validates against schemas" do
|
15
|
-
result = Samlr::Tools.validate(:document => subject)
|
16
|
-
assert result
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|