Class: Saml::Util

Inherits:

Object

• Object
• Saml::Util

Defined in:

lib/saml/util.rb

Class Method Summary

• .encrypt_assertion(assertion, certificate) ⇒ Object
• .parse_params(url) ⇒ Object
• .post(location, message) ⇒ Object
• .sign_xml(message, format = :xml, &block) ⇒ Object
• .verify_xml(message, raw_body) ⇒ Object

Class Method Details

.encrypt_assertion(assertion, certificate) ⇒ Object

# File 'lib/saml/util.rb', line 42

def encrypt_assertion(assertion, certificate)
  encrypted_data = Xmlenc::Builder::EncryptedData.new
  encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc')

  encrypted_key = encrypted_data.encrypt(assertion)
  encrypted_key.set_encryption_method(algorithm:               'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
                                      digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
  encrypted_key.encrypt(certificate.public_key)

  Saml::Elements::EncryptedAssertion.new(encrypted_data: encrypted_data, encrypted_keys: encrypted_key)
end

.parse_params(url) ⇒ Object

# File 'lib/saml/util.rb', line 4

def parse_params(url)
  query = URI.parse(url).query
  return {} unless query

  params = {}
  query.split(/[&;]/).each do |pairs|
    key, value  = pairs.split('=', 2)
    params[key] = value
  end

  params
end

.post(location, message) ⇒ Object

# File 'lib/saml/util.rb', line 17

def post(location, message)
  request = HTTPI::Request.new

  request.url                     = location
  request.headers['Content-Type'] = 'text/xml'
  request.body                    = message
  request.auth.ssl.cert_file      = Saml::Config.ssl_certificate_file
  request.auth.ssl.cert_key_file  = Saml::Config.ssl_private_key_file

  HTTPI.post request
end

.sign_xml(message, format = :xml, &block) ⇒ Object

# File 'lib/saml/util.rb', line 29

def sign_xml(message, format = :xml, &block)
  message.add_signature

  document = Xmldsig::SignedDocument.new(message.send("to_#{format}"))
  if block_given?
    document.sign(&block)
  else
    document.sign do |data, signature_algorithm|
      message.provider.sign(signature_algorithm, data)
    end
  end
end

.verify_xml(message, raw_body) ⇒ Object

Raises:

• (Saml::Errors::SignatureInvalid)

# File 'lib/saml/util.rb', line 54

def verify_xml(message, raw_body)
  document = Xmldsig::SignedDocument.new(raw_body)

  signature_valid = document.validate do |signature, data, signature_algorithm|
    message.provider.verify(signature_algorithm, signature, data, message.signature.key_name)
  end

  raise Saml::Errors::SignatureInvalid.new unless signature_valid

  signed_node = document.signed_nodes.find { |node| node['ID'] == message._id }

  message.class.parse(signed_node.to_xml, single: true)
end