Module: XMLSecurity

Defined in:
lib/xml_security.rb

Defined Under Namespace

Classes: SignedDocument

Class Method Summary collapse

Class Method Details

.decode_request(request) ⇒ Object 



55
56
57
58
59
60
61
62
 
# File 'lib/xml_security.rb', line 55

def self.decode_request(request)
 request = Base64.decode64(request)
	zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
	buf = zstream.inflate(request)
	zstream.finish
	zstream.close
	buf
end

.request_params(query, request_str = "SAMLRequest") ⇒ Object 



64
65
66
67
 
# File 'lib/xml_security.rb', line 64

def self.request_params(query,request_str = "SAMLRequest")
  deflated_request  = Zlib::Deflate.deflate(query, 9)[2..-5]
  request_str + "=" + CGI.escape(Base64.encode64(deflated_request))
end

.return_to(uri_string) ⇒ Object 



41
42
43
 
# File 'lib/xml_security.rb', line 41

def self.return_to(uri_string)
  "&" + "returnTo=" + CGI.escape(uri_string)
end

.sign_query(request_params, settings) ⇒ Object 



35
36
37
38
39
 
# File 'lib/xml_security.rb', line 35

def self.sign_query(request_params, settings)
  request_params = request_params + "&" + "SigAlg=" + CGI.escape('http://www.w3.org/2000/09/xmldsig#rsa-sha1')
  request_params << "&" + "Signature=" + CGI.escape(Base64.encode64(settings.private_key.sign(OpenSSL::Digest::SHA1.new, request_params)))
  request_params
end

.validate_request(saml_request, sing_alg, signature, settings) ⇒ Object 



45
46
47
48
49
50
51
52
53
 
# File 'lib/xml_security.rb', line 45

def self.validate_request(saml_request, sing_alg, signature, settings)
  raise 'Signature must be rsa-sha1 based' unless  sing_alg == "http://www.w3.org/2000/09/xmldsig#rsa-sha1"

  # building query string
  query = 'SAMLRequest' + '=' + CGI.escape(saml_request)
  query = query +  "&" + "SigAlg=" + CGI.escape(sing_alg)
  signature = Base64.decode64(signature)
  settings.idp_public_cert.public_key.verify(OpenSSL::Digest::SHA1.new, signature, query)
end