Module: XMLSecurity
- Defined in:
- lib/xml_security.rb
Defined Under Namespace
Classes: SignedDocument
Class Method Summary collapse
- .decode_request(request) ⇒ Object
- .request_params(query, request_str = "SAMLRequest") ⇒ Object
- .return_to(uri_string) ⇒ Object
- .sign_query(request_params, settings) ⇒ Object
- .validate_request(saml_request, sing_alg, signature, settings) ⇒ Object
Class Method Details
.decode_request(request) ⇒ Object
55 56 57 58 59 60 61 62 |
# File 'lib/xml_security.rb', line 55 def self.decode_request(request) request = Base64.decode64(request) zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS) buf = zstream.inflate(request) zstream.finish zstream.close buf end |
.request_params(query, request_str = "SAMLRequest") ⇒ Object
64 65 66 67 |
# File 'lib/xml_security.rb', line 64 def self.request_params(query,request_str = "SAMLRequest") deflated_request = Zlib::Deflate.deflate(query, 9)[2..-5] request_str + "=" + CGI.escape(Base64.encode64(deflated_request)) end |
.return_to(uri_string) ⇒ Object
41 42 43 |
# File 'lib/xml_security.rb', line 41 def self.return_to(uri_string) "&" + "returnTo=" + CGI.escape(uri_string) end |
.sign_query(request_params, settings) ⇒ Object
35 36 37 38 39 |
# File 'lib/xml_security.rb', line 35 def self.sign_query(request_params, settings) request_params = request_params + "&" + "SigAlg=" + CGI.escape('http://www.w3.org/2000/09/xmldsig#rsa-sha1') request_params << "&" + "Signature=" + CGI.escape(Base64.encode64(settings.private_key.sign(OpenSSL::Digest::SHA1.new, request_params))) request_params end |
.validate_request(saml_request, sing_alg, signature, settings) ⇒ Object
45 46 47 48 49 50 51 52 53 |
# File 'lib/xml_security.rb', line 45 def self.validate_request(saml_request, sing_alg, signature, settings) raise 'Signature must be rsa-sha1 based' unless sing_alg == "http://www.w3.org/2000/09/xmldsig#rsa-sha1" # building query string query = 'SAMLRequest' + '=' + CGI.escape(saml_request) query = query + "&" + "SigAlg=" + CGI.escape(sing_alg) signature = Base64.decode64(signature) settings.idp_public_cert.public_key.verify(OpenSSL::Digest::SHA1.new, signature, query) end |