samlr 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aa55b3484fd8e8dd43b93e1143b624040e15f0c3
-  data.tar.gz: 3696af964c60dbe42ed471ad8b815784e8ff5fc9
+  metadata.gz: 0852aa5599b1b20def86254089762f655d8c94f3
+  data.tar.gz: da955b9cbe77bf644dbfba9a55dc3b2e1404e570
 SHA512:
-  metadata.gz: 7d2197f6871a43e2d2b494710b6e728ac2da02f40581be76a1e661662b3dcb912ba80db082d42b81dda2a8d83eb0200d958863caba0243587532b73cd62df69a
-  data.tar.gz: 0f96bf4a8c71de4372005b7f13fb054ea6c63cd6e4a9e913f8b10aaaa8e81cd0fa38ef76d24e12a00072ac4530e1e66e1265eefcb417b4f572d52ae93e965a32
+  metadata.gz: 838a2bc524572107e674137f34fe76ed60133bab454f063e5b27459cb9379019e71ed539e7c4ca7421f03191c92ca3072e4e948fdbe369e184901cec55df3398
+  data.tar.gz: 401beca2ecbefa2b58db24fea53060065a946f8b17247c718859c04678238359b2f95ee6b71b569d500f807f2f537c9bafcd55821a20ad4cae85b5adc510525f

data/bin/samlr

@@ -1,19 +1,21 @@
 #!/usr/bin/env ruby
 
 require "samlr"
+require "samlr/version"
 require "samlr/command"
 
-require "trollop"
+require "optparse"
 
 ARGV << "--help" if ARGV.empty?
 
-opts = Trollop.options do
-  banner <<-EOS
+options = {}
+OptionParser.new do |opt|
+  opt.banner = <<-EOS
 SAML response command line tool.
 
 Usage examples:
   samlr --verify --fingerprint ab:23:cd --skip-conditions <response.xml|directory of responses>
-  samlr --verify --certificate <x509_certificate.crt> --skip-conditions <response.xml|directory of responses> 
+  samlr --verify --certificate <x509_certificate.crt> --skip-conditions <response.xml|directory of responses>
   samlr --verify --skip-fingerprint --skip-conditions <response.xml|directory of responses>
   samlr --schema-validate response.xml
   samlr --print response.xml[.base64]
@@ -25,22 +27,24 @@ Try it with the gem examples:
 Full list of options:
 EOS
 
-  opt :verify, "Verify a SAML response document"
-  opt :fingerprint, "The fingerprint to verify the certificate against", :type => String
-  opt :certificate, "A certificate (PEM or DER) to validate the signature against (assuming no certificate embedded in the response)", :type => IO
-  opt :skip_conditions, "Skip conditions check"
-  opt :skip_validation, "Skip schema validation rejection"
-  opt :skip_fingerprint, "Skip certificate fingerprint check"
-  opt :verbose, "Log to STDOUT"
-  opt :schema_validate, "Perform a schema validation against the input"
-  opt :print, "Pretty prints the XML"
-end
+  opt.on("-v", "--verify", "Verify a SAML response document") { options[:verify] = true }
+  opt.on("-f", "--fingerprint FINGERPRINT", "The fingerprint to verify the certificate against") { |c| options[:fingerprint] = c }
+  opt.on("-c", "--certificate FILE", "A certificate (PEM or DER) to validate the signature against (assuming no certificate embedded in the response)") { |c| options[:certificate] = File.open(c) }
+  opt.on("--skip-conditions", "Skip conditions check") { options[:skip_conditions] = true }
+  opt.on("--skip-validation", "Skip schema validation rejection") { options[:skip_validation] = true }
+  opt.on("--skip-fingerprint", "Skip certificate fingerprint check") { options[:skip_fingerprint] = true }
+  opt.on("--verbose", "Log to STDOUT") { options[:verbose] = true }
+  opt.on("--schema-validate", "Perform a schema validation against the input") { options[:schema_validate] = true }
+  opt.on("--print", "Pretty prints the XML") { options[:print] = true }
+  opt.on("-h", "--help", "Show this.") { puts opt; exit }
+  opt.on("--version", "Show Version"){ puts Samlr::VERSION; exit}
+end.parse!
 
 if ARGV.empty? || !File.exist?(ARGV[0])
   puts "Input file not given or does not exist"
   exit 1
 end
 
-opts[:certificate] &&= opts[:certificate].read
+options[:certificate] &&= options[:certificate].read
 
-puts Samlr::Command.execute(opts, ARGV[0])
+puts Samlr::Command.execute(options, ARGV[0])

data/lib/samlr/version.rb

@@ -0,0 +1,3 @@
+module Samlr
+  VERSION = "2.2.0"
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: samlr
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Morten Primdahl
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-10 00:00:00.000000000 Z
+date: 2015-10-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -39,21 +39,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.1.3
 - !ruby/object:Gem::Dependency
-  name: trollop
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.16.2
-  type: :runtime
+        version: '0'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.16.2
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: bump
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -101,12 +101,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".travis.yml"
-- Gemfile
 - LICENSE
 - README.md
-- Rakefile
 - bin/samlr
 - config/schemas/XMLSchema.xsd
 - config/schemas/saml-schema-assertion-2.0.xsd
@@ -134,30 +130,8 @@ files:
 - lib/samlr/tools/request_builder.rb
 - lib/samlr/tools/response_builder.rb
 - lib/samlr/tools/timestamp.rb
-- samlr.gemspec
-- test/fixtures/default_samlr_certificate.pem
-- test/fixtures/default_samlr_private_key.pem
-- test/fixtures/no_cert_response.xml
-- test/fixtures/sample_metadata.xml
-- test/fixtures/sample_response.xml
-- test/test_helper.rb
-- test/unit/test_assertion.rb
-- test/unit/test_condition.rb
-- test/unit/test_fingerprint.rb
-- test/unit/test_logout_request.rb
-- test/unit/test_reference.rb
-- test/unit/test_request.rb
-- test/unit/test_response.rb
-- test/unit/test_response_scenarios.rb
-- test/unit/test_signature.rb
-- test/unit/test_timestamp.rb
-- test/unit/test_tools.rb
-- test/unit/tools/test_certificate_builder.rb
-- test/unit/tools/test_logout_request_builder.rb
-- test/unit/tools/test_metadata_builder.rb
-- test/unit/tools/test_request_builder.rb
-- test/unit/tools/test_response_builder.rb
-homepage: http://github.com/zendesk/samlr
+- lib/samlr/version.rb
+homepage: https://github.com/zendesk/samlr
 licenses:
 - Apache License Version 2.0
 metadata: {}
@@ -169,7 +143,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/.gitignore

@@ -1,3 +0,0 @@
-Gemfile.lock
-.rbenv-version
-pkg/

data/.travis.yml

@@ -1,5 +0,0 @@
-language: ruby
-bundler_args: --without test
-rvm:
-  - 1.9.3
-#  - jruby

data/Gemfile

@@ -1,8 +0,0 @@
-source "http://rubygems.org"
-
-group :test do
-  gem "ruby-debug", "~> 0.10.4", :require => nil, :platforms => :ruby_18
-  gem "debugger",   "~> 1.1.1",  :require => nil, :platforms => :ruby_19
-end
-
-gemspec

data/Rakefile

@@ -1,12 +0,0 @@
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-
-Rake::TestTask.new do |test|
-  test.libs << 'lib'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
-end
-
-task :default do
-  sh "bundle exec rake test"
-end

data/samlr.gemspec

@@ -1,19 +0,0 @@
-Gem::Specification.new "samlr", "2.1.0" do |s|
-  s.summary     = "Ruby tools for SAML"
-  s.description = "Helps you implement a SAML SP"
-  s.authors     = ["Morten Primdahl"]
-  s.email       = "primdahl@me.com"
-  s.homepage    = "http://github.com/zendesk/samlr"
-  s.files       = `git ls-files`.split("\n")
-  s.license     = "Apache License Version 2.0"
-
-  s.add_runtime_dependency("nokogiri", ">= 1.5.5")
-  s.add_runtime_dependency("uuidtools", ">= 2.1.3")
-  s.add_runtime_dependency("trollop", ">= 1.16.2")
-
-  s.add_development_dependency("rake")
-  s.add_development_dependency("bundler")
-  s.add_development_dependency("minitest")
-
-  s.executables << "samlr"
-end

data/test/fixtures/default_samlr_certificate.pem

@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBjTCCATegAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEU
-MBIGA1UECgwLZXhhbXBsZS5vcmcxHTAbBgNVBAsMFFphbWwgUmVzcG9uc2VCdWls
-ZGVyMQswCQYDVQQDDAJDQTAeFw0xMjA4MDgwMjAxMDlaFw0zMjA4MDMwMjAxMTRa
-ME8xCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtleGFtcGxlLm9yZzEdMBsGA1UECwwU
-WmFtbCBSZXNwb25zZUJ1aWxkZXIxCzAJBgNVBAMMAkNBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBALb9pPmyHrbZJMDLLkVsHzzXvP7DFcPiYdaNU50l5znRr8ZGhwRZ
-FAwKroOxXwhK5e9lz06C+kGqnL1v10h1BEUCAwEAATANBgkqhkiG9w0BAQUFAANB
-AKU10RznL2p7xRhO9vOh0CY+gWYmT2kbkLTVRYLApghQFAW8EzIHC/NggfEHM554
-ykzbbPwjSvM7cRBBDHYuWoY=
------END CERTIFICATE-----

data/test/fixtures/default_samlr_private_key.pem

@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBALb9pPmyHrbZJMDLLkVsHzzXvP7DFcPiYdaNU50l5znRr8ZGhwRZ
-FAwKroOxXwhK5e9lz06C+kGqnL1v10h1BEUCAwEAAQJADZ4QgdhkerzsBEDaf6YN
-KQzw7pB79SjKmRnJSB+C9oVo8SE5cDyaomwCCnnYFJm8ACJzCVXhA0eElTtWvkqT
-wQIhAN+rx2zckCPEBH+pxJ6HOkmDG28EUOP3J2llTUA/zArxAiEA0XCgPzCnWdcH
-eJN8z7QLLEGJ/JFTZpgr959RQYuBBpUCIEhrEsehZh3eYmJ/MgTt3aZdh61bJWGZ
-7S3HucpanZLRAiEAzucLd8Fx4f/aYpSZXXtI+lx4m6lZkeXMsaCTHkRZn40CIQDX
-fYUO1wQNBw/mXihtz+jal+kCP7xu0zrOhTQR+UXL9A==
------END RSA PRIVATE KEY-----

data/test/fixtures/no_cert_response.xml

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="samlr-a61f02dc-c4df-11e2-ac02-a4b197fffe98" InResponseTo="samlr-a61c3746-c4df-11e2-ac02-a4b197fffe98" Version="2.0" IssueInstant="2013-05-25T02:06:01Z" Destination="https://example.org/saml/endpoint"><saml:Issuer>ResponseBuilder IdP</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#samlr-a61f02dc-c4df-11e2-ac02-a4b197fffe98"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default samlp saml ds xs xsi"/></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>4Eqkol24EsDrPhY9crTX+TJ8SNM=</DigestValue></Reference></SignedInfo><SignatureValue>hXwitIsw2ZY9/vQCY9feMYf0jn22VdSBDS6ai7F9Ay8QbWQ+R6WI9+k3WatAXMzxnz8lrF3XhL8HoQPac4RCeA==</SignatureValue></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion ID="samlr-a61f0872-c4df-11e2-ac02-a4b197fffe98" IssueInstant="2013-05-25T02:06:01Z" Version="2.0"><saml:Issuer>ResponseBuilder IdP</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#samlr-a61f0872-c4df-11e2-ac02-a4b197fffe98"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default samlp saml ds xs xsi"/></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>3Hd1NIIArmJNLnxjTYG9YY5T1Bw=</DigestValue></Reference></SignedInfo><SignatureValue>NFL3r1Fu0PnKQVUsG6o0l+qjYydGlxTR9w5h06ef+85EjFR4YnJJ7p5p0vSeFuOyvoJZ8OmfbJy9h+1Vbmveig==</SignatureValue></Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">someone@example.org</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="samlr-a61c3746-c4df-11e2-ac02-a4b197fffe98" NotOnOrAfter="2013-05-25T02:07:01Z" Recipient="https://example.org/saml/endpoint"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2013-05-25T02:05:01Z" NotOnOrAfter="2013-05-25T02:07:01Z"><saml:AudienceRestriction><saml:Audience>example.org</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2013-05-25T02:06:01Z" SessionIndex="samlr-a61f0872-c4df-11e2-ac02-a4b197fffe98"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>

data/test/fixtures/sample_metadata.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://sp.example.com/saml2">
-  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-    <md:NameIDFormat>identity_format</md:NameIDFormat>
-    <md:AssertionConsumerService index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://support.sp.example.com/"/>
-  </md:SPSSODescriptor>
-</md:EntityDescriptor>

data/test/fixtures/sample_response.xml

@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="samlr-26a4eb6c-e271-11e1-a29c-000a27020041" InResponseTo="samlr-26a4e82e-e271-11e1-a29c-000a27020041" Version="2.0" IssueInstant="2012-08-09T22:25:40Z" Destination="https://example.org/saml/endpoint"><saml:Issuer>ResponseBuilder IdP</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#samlr-26a4eb6c-e271-11e1-a29c-000a27020041"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default samlp saml ds xs xsi"/></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>n4k8S7PsriEcj2en2fXnMwgWruU=</DigestValue></Reference></SignedInfo><SignatureValue>pNUUwVRL92E5tFk1+p77geJqV62PuaG5x27Dn+Xi4ff18NSMLb/XmbL2PJIakYOtwMuwQiNX9qioY3Pt1o/CMw==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIBjTCCATegAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLZXhhbXBsZS5vcmcxHTAbBgNVBAsMFFphbWwgUmVzcG9uc2VCdWlsZGVyMQswCQYDVQQDDAJDQTAeFw0xMjA4MDgwMjAxMDlaFw0zMjA4MDMwMjAxMTRaME8xCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtleGFtcGxlLm9yZzEdMBsGA1UECwwUWmFtbCBSZXNwb25zZUJ1aWxkZXIxCzAJBgNVBAMMAkNBMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALb9pPmyHrbZJMDLLkVsHzzXvP7DFcPiYdaNU50l5znRr8ZGhwRZFAwKroOxXwhK5e9lz06C+kGqnL1v10h1BEUCAwEAATANBgkqhkiG9w0BAQUFAANBAKU10RznL2p7xRhO9vOh0CY+gWYmT2kbkLTVRYLApghQFAW8EzIHC/NggfEHM554ykzbbPwjSvM7cRBBDHYuWoY=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion ID="samlr-26a4ed1a-e271-11e1-a29c-000a27020041" IssueInstant="2012-08-09T22:25:40Z" Version="2.0"><saml:Issuer>ResponseBuilder IdP</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#samlr-26a4ed1a-e271-11e1-a29c-000a27020041"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default samlp saml ds xs xsi"/></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>f6uCnv1PdZqKp/0dz6YtfSFaiHQ=</DigestValue></Reference></SignedInfo><SignatureValue>VqW1I4hlWN3ciKjZ1WUaouvita1e7CldZB0UQKtVrnIdO+6XI7R3i12jfDAKmclQ1E6VrNIdV4/D5eGTRjdTjQ==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIBjTCCATegAwIBAgIBATANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLZXhhbXBsZS5vcmcxHTAbBgNVBAsMFFphbWwgUmVzcG9uc2VCdWlsZGVyMQswCQYDVQQDDAJDQTAeFw0xMjA4MDgwMjAxMDlaFw0zMjA4MDMwMjAxMTRaME8xCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtleGFtcGxlLm9yZzEdMBsGA1UECwwUWmFtbCBSZXNwb25zZUJ1aWxkZXIxCzAJBgNVBAMMAkNBMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALb9pPmyHrbZJMDLLkVsHzzXvP7DFcPiYdaNU50l5znRr8ZGhwRZFAwKroOxXwhK5e9lz06C+kGqnL1v10h1BEUCAwEAATANBgkqhkiG9w0BAQUFAANBAKU10RznL2p7xRhO9vOh0CY+gWYmT2kbkLTVRYLApghQFAW8EzIHC/NggfEHM554ykzbbPwjSvM7cRBBDHYuWoY=</X509Certificate></X509Data></KeyInfo></Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">someone@example.org</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="samlr-26a4e82e-e271-11e1-a29c-000a27020041" NotOnOrAfter="2012-08-09T22:26:40Z" Recipient="https://example.org/saml/endpoint"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2012-08-09T22:24:40Z" NotOnOrAfter="2012-08-09T22:26:40Z"><saml:AudienceRestriction><saml:Audience>example.org</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2012-08-09T22:25:40Z" SessionIndex="samlr-26a4ed1a-e271-11e1-a29c-000a27020041"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>

data/test/test_helper.rb

@@ -1,55 +0,0 @@
-require "bundler"
-require "minitest/autorun"
-
-Bundler.require
-
-require "time"
-require "base64"
-require "tmpdir"
-
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
-
-require "samlr"
-require "samlr/tools/response_builder"
-require "samlr/tools/certificate_builder"
-
-FIXTURE_PATH     = File.join(File.dirname(__FILE__), "fixtures")
-TEST_CERTIFICATE = Samlr::Tools::CertificateBuilder.load(FIXTURE_PATH, "default_samlr")
-
-def saml_response_document(options = {})
-  # Test defaults
-  options = {
-    :destination     => "https://example.org/saml/endpoint",
-    :in_response_to  => Samlr::Tools.uuid,
-    :name_id         => "someone@example.org",
-    :audience        => "example.org",
-    :not_on_or_after => Samlr::Tools::Timestamp.stamp(Time.now + 60),
-    :not_before      => Samlr::Tools::Timestamp.stamp(Time.now - 60),
-    :response_id     => Samlr::Tools.uuid
-  }.merge(options)
-
-  Samlr::Tools::ResponseBuilder.build(options)
-end
-
-def saml_response(options = {})
-  fingerprint   = options[:fingerprint]
-  fingerprint ||= options[:certificate] ? Samlr::Fingerprint.x509(options[:certificate].x509) : nil
-
-  Samlr::Response.new(saml_response_document(options), :fingerprint => fingerprint)
-end
-
-# A response that never changes. Useful for digest checks etc.
-def fixed_saml_response(options = {})
-  options = {
-    :certificate     => TEST_CERTIFICATE,
-    :issue_instant   => Samlr::Tools::Timestamp.stamp(Time.at(1344379365)),
-    :response_id     => "samlr123",
-    :assertion_id    => "samlr456",
-    :in_response_to  => "samlr789",
-    :attributes      => { "tags" => "mean horse", "things" => [ "one", "two", "three" ] },
-    :not_on_or_after => Samlr::Tools::Timestamp.stamp(Time.at(1344379365 + 60)),
-    :not_before      => Samlr::Tools::Timestamp.stamp(Time.at(1344379365 - 60))
-  }.merge(options)
-
-  saml_response(options)
-end

data/test/unit/test_assertion.rb

@@ -1,71 +0,0 @@
-require File.expand_path("test/test_helper")
-require "time"
-
-describe Samlr::Assertion do
-  subject { fixed_saml_response.assertion }
-
-  describe "#skip_conditions?" do
-    it "reflects the passed options" do
-      assert Samlr::Assertion.new(nil, :skip_conditions => true).send(:skip_conditions?)
-      refute Samlr::Assertion.new(nil, :skip_conditions => false).send(:skip_conditions?)
-    end
-  end
-
-  describe "#attributes" do
-    it "returns a hash of assertion attributes" do
-      assert_equal subject.attributes[:tags], "mean horse"
-      assert_equal subject.attributes["tags"], "mean horse"
-    end
-
-    it "turns multiple attribute values into an array" do
-      assert_equal subject.attributes["things"].sort, [ "one", "two", "three" ].sort
-    end
-  end
-
-  describe "#name_id" do
-    it "returns the body of the NameID element" do
-      assert_equal "someone@example.org", subject.name_id
-    end
-  end
-
-  describe "#name_id_options" do
-    subject { fixed_saml_response(:name_qualifier => 'portal-happyservice-idp', :sp_name_qualifier => 'happyservice.zendesk.com').assertion }
-
-    it "returns the options for the NameID element" do
-      expected = {"Format"=>"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "NameQualifier"=>"portal-happyservice-idp", "SPNameQualifier"=>"happyservice.zendesk.com"}
-      assert_equal expected, subject.name_id_options
-    end
-  end
-
-  describe "#verify!" do
-    let(:condition) do
-      Class.new do
-        def verify!
-          raise Samlr::ConditionsError, 'error'
-        end
-      end
-    end
-
-    before do
-      @unsatisfied_condition = condition.new
-    end
-
-    describe "when conditions are not met" do
-      it "should raise" do
-        subject.stub(:conditions, @unsatisfied_condition) do
-          assert_raises(Samlr::ConditionsError) { subject.verify! }
-        end
-      end
-
-      describe "and conditions are to be skipped" do
-        it "should pass" do
-          subject.stub(:skip_conditions?, true) do
-            subject.stub(:conditions, @unsatisfied_condition) do
-              assert subject.verify!
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/test/unit/test_condition.rb

@@ -1,154 +0,0 @@
-require File.expand_path("test/test_helper")
-
-def condition(before, after)
-  element = Nokogiri::XML::Element.new('saml:Condition', Nokogiri::XML(''))
-  element["NotBefore"] = before.utc.iso8601 if before
-  element["NotOnOrAfter"] = after.utc.iso8601 if after
-
-  Samlr::Condition.new(element, {})
-end
-
-def verify!
-  Time.stub(:now, Time.at(1344379365)) do
-    subject.verify!
-  end
-end
-
-describe Samlr::Condition do
-  before do
-    @not_before = (Time.now - 10*60)
-    @not_after  = (Time.now + 10*60)
-  end
-
-  describe "verify!" do
-    describe "audience verification" do
-      let(:response) { fixed_saml_response }
-      subject { response.assertion.conditions }
-
-      describe "when it is wrong" do
-        before do
-          response.options[:audience] = 'example.com'
-        end
-
-        it "raises an exception" do
-          refute subject.audience_satisfied?
-
-          begin
-            verify!
-            flunk "Expected exception"
-          rescue Samlr::ConditionsError => e
-            assert_match /Audience/, e.message
-          end
-        end
-      end
-
-      describe "when it is right" do
-        before do
-          response.options[:audience] = 'example.org'
-        end
-
-        it "does not raise an exception" do
-          assert verify!
-        end
-      end
-
-      describe "using a regex" do
-        describe "valid regex" do
-          before do
-            response.options[:audience] = /example\.(org|com)/
-          end
-
-          it "does not raise an exception" do
-            assert verify!
-          end
-        end
-
-        describe "invalid regex" do
-          before do
-            response.options[:audience] = /\A[a-z]\z/
-          end
-
-          it "raises an exception" do
-            refute subject.audience_satisfied?
-
-            begin
-              verify!
-              flunk "Expected exception"
-            rescue Samlr::ConditionsError => e
-              assert_match /Audience/, e.message
-            end
-          end
-        end
-      end
-    end
-
-    describe "when the lower time has not been met" do
-      before  { @not_before = (Time.now + 5*60) }
-      subject { condition(@not_before, @not_after) }
-
-      it "raises an exception" do
-        assert subject.not_on_or_after_satisfied?
-        refute subject.not_before_satisfied?
-
-        begin
-          subject.verify!
-          flunk "Expected exception"
-        rescue Samlr::ConditionsError => e
-          assert_match /Not before/, e.message
-        end
-      end
-    end
-
-    describe "when the upper time has been exceeded" do
-      before { @not_after = (Time.now - 5*60) }
-      subject { condition(@not_before, @not_after) }
-
-      it "raises an exception" do
-        refute subject.not_on_or_after_satisfied?
-        assert subject.not_before_satisfied?
-
-        begin
-          subject.verify!
-          flunk "Expected exception"
-        rescue Samlr::ConditionsError => e
-          assert_match /Not on or after/, e.message
-        end
-      end
-    end
-
-    describe "when no time boundary has been exeeded" do
-      subject { condition(@not_before, @not_after) }
-
-      it "returns true" do
-        assert subject.verify!
-      end
-    end
-  end
-
-  describe "#audience_satisfied?" do
-    it "returns true when audience is a nil value" do
-      element = Nokogiri::XML::Node.new('saml:Condition', Nokogiri::XML(''))
-      assert Samlr::Condition.new(element, {}).audience_satisfied?
-    end
-
-    it "returns true when passed a nil audience" do
-      condition = fixed_saml_response.assertion.conditions
-      assert_equal 'example.org', condition.audience
-      assert condition.audience_satisfied?
-    end
-  end
-
-  describe "#not_before_satisfied?" do
-    it "returns true when passed a nil value" do
-      element = Nokogiri::XML::Node.new('saml:Condition', Nokogiri::XML(''))
-      assert Samlr::Condition.new(element, {}).not_before_satisfied?
-    end
-  end
-
-  describe "#not_on_or_after_satisfied?" do
-    it "returns true when passed a nil value" do
-      element = Nokogiri::XML::Node.new('saml:Condition', Nokogiri::XML(''))
-      assert Samlr::Condition.new(element, {}).not_on_or_after_satisfied?
-    end
-  end
-end