Class: Onelogin::Saml::BaseAssertion
- Inherits:
-
Object
- Object
- Onelogin::Saml::BaseAssertion
- Defined in:
- lib/onelogin/saml/base_assertion.rb
Direct Known Subclasses
Instance Attribute Summary collapse
- #base64_assertion ⇒ Object
- #destination ⇒ Object
- #id ⇒ Object
- #in_response_to ⇒ Object
- #issue_instant ⇒ Object
- #issuer ⇒ Object
-
#settings ⇒ Object
Returns the value of attribute settings.
-
#xml ⇒ Object
Returns the value of attribute xml.
Class Method Summary collapse
- .generate(settings, attributes = {}) ⇒ Object
- .generate_unique_id(length = 42) ⇒ Object
- .get_timestamp ⇒ Object
- .parse(raw_assertion, settings = nil) ⇒ Object
Instance Method Summary collapse
- #assertion_type ⇒ Object
- #document ⇒ Object
- #forward_url ⇒ Object
- #generate ⇒ Object
- #node_attribute_value(xpath, attribute) ⇒ Object
- #node_content(xpath) ⇒ Object
- #process(settings) ⇒ Object
- #root_attribute_value(attribute) ⇒ Object
Instance Attribute Details
#base64_assertion ⇒ Object
39 40 41 42 43 44 |
# File 'lib/onelogin/saml/base_assertion.rb', line 39 def base64_assertion @base64_assertion ||= begin deflated_assertion = Zlib::Deflate.deflate(self.xml, 9)[2..-5] Base64.strict_encode64(deflated_assertion) end end |
#destination ⇒ Object
23 24 25 |
# File 'lib/onelogin/saml/base_assertion.rb', line 23 def destination @destination ||= root_attribute_value('Destination') end |
#id ⇒ Object
11 12 13 |
# File 'lib/onelogin/saml/base_assertion.rb', line 11 def id @id ||= root_attribute_value('ID') end |
#in_response_to ⇒ Object
27 28 29 |
# File 'lib/onelogin/saml/base_assertion.rb', line 27 def in_response_to @in_response_to ||= root_attribute_value('InResponseTo') end |
#issue_instant ⇒ Object
15 16 17 |
# File 'lib/onelogin/saml/base_assertion.rb', line 15 def issue_instant @issue_instant ||= root_attribute_value('IssueInstance') end |
#issuer ⇒ Object
19 20 21 |
# File 'lib/onelogin/saml/base_assertion.rb', line 19 def issuer @issuer ||= node_content('saml:Issuer') end |
#settings ⇒ Object
Returns the value of attribute settings.
3 4 5 |
# File 'lib/onelogin/saml/base_assertion.rb', line 3 def settings @settings end |
#xml ⇒ Object
Returns the value of attribute xml.
4 5 6 |
# File 'lib/onelogin/saml/base_assertion.rb', line 4 def xml @xml end |
Class Method Details
.generate(settings, attributes = {}) ⇒ Object
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/onelogin/saml/base_assertion.rb', line 83 def self.generate(settings, attributes = {}) assertion = new assertion.settings = settings assertion.id = generate_unique_id assertion.issue_instant = assertion.issuer = settings.issuer attributes.each do |key, value| if assertion.respond_to? "#{key}=" assertion.send "#{key}=", value end end assertion.xml = assertion.generate assertion end |
.generate_unique_id(length = 42) ⇒ Object
137 138 139 140 141 142 143 |
# File 'lib/onelogin/saml/base_assertion.rb', line 137 def self.generate_unique_id(length = 42) chars = ("a".."f").to_a + ("0".."9").to_a chars_len = chars.size unique_id = ("a".."f").to_a[rand(6)] 2.upto(length) { |i| unique_id << chars[rand(chars_len)] } unique_id end |
.get_timestamp ⇒ Object
145 146 147 |
# File 'lib/onelogin/saml/base_assertion.rb', line 145 def self. Time.new.utc.strftime("%Y-%m-%dT%H:%M:%SZ") end |
.parse(raw_assertion, settings = nil) ⇒ Object
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/onelogin/saml/base_assertion.rb', line 60 def self.parse(raw_assertion, settings = nil) raise "SAML assertion too large" if raw_assertion.bytesize > Onelogin::Saml.config[:max_message_size] assertion = new assertion.base64_assertion = raw_assertion decoded_xml = Base64.decode64(raw_assertion) zlib = Zlib::Inflate.new(-Zlib::MAX_WBITS) xml = '' # do it in 1K slices, so we can protect against bombs (0..decoded_xml.bytesize / 1024).each do |i| xml.concat(zlib.inflate(decoded_xml.byteslice(i * 1024, 1024))) raise "SAML assertion too large" if xml.bytesize > Onelogin::Saml.config[:max_message_size] end xml.concat(zlib.finish) raise "SAML assertion too large" if xml.bytesize > Onelogin::Saml.config[:max_message_size] assertion.xml = xml assertion.process(settings) if settings assertion end |
Instance Method Details
#assertion_type ⇒ Object
46 47 48 49 50 51 52 53 54 |
# File 'lib/onelogin/saml/base_assertion.rb', line 46 def assertion_type return unless document if document.root.name =~ /Request$/ :request elsif document.root.name =~ /Response$/ :response end end |
#document ⇒ Object
31 32 33 |
# File 'lib/onelogin/saml/base_assertion.rb', line 31 def document @document ||= Nokogiri::XML(xml) if xml end |
#forward_url ⇒ Object
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
# File 'lib/onelogin/saml/base_assertion.rb', line 102 def forward_url @forward_url ||= begin url, existing_query_string = destination.split('?') query_string = query_string_append(existing_query_string, query_string_param, base64_assertion) if settings.sign? query_string = query_string_append(query_string, "SigAlg", "http://www.w3.org/2000/09/xmldsig#rsa-sha1") signature = generate_signature(query_string, settings.xmlsec_privatekey) query_string = query_string_append(query_string, "Signature", signature) end if settings.relay_state query_string = query_string_append(query_string, "RelayState", settings.relay_state) end [url, query_string].join("?") end end |
#generate ⇒ Object
121 122 123 |
# File 'lib/onelogin/saml/base_assertion.rb', line 121 def generate raise "Subclass does not implement abstract method generate." end |
#node_attribute_value(xpath, attribute) ⇒ Object
129 130 131 |
# File 'lib/onelogin/saml/base_assertion.rb', line 129 def node_attribute_value(xpath, attribute) document.root.at_xpath(xpath, Onelogin::NAMESPACES)[attribute] rescue nil end |
#node_content(xpath) ⇒ Object
133 134 135 |
# File 'lib/onelogin/saml/base_assertion.rb', line 133 def node_content(xpath) document.root.at_xpath(xpath, Onelogin::NAMESPACES).content rescue nil end |
#process(settings) ⇒ Object
56 57 58 |
# File 'lib/onelogin/saml/base_assertion.rb', line 56 def process(settings) # TODO: Verify signature and decrypt. end |
#root_attribute_value(attribute) ⇒ Object
125 126 127 |
# File 'lib/onelogin/saml/base_assertion.rb', line 125 def root_attribute_value(attribute) document.root[attribute] if document end |