Class: OneLogin::RubySaml::IdpMetadataParser::IdpMetadata
- Inherits:
-
Object
- Object
- OneLogin::RubySaml::IdpMetadataParser::IdpMetadata
- Defined in:
- lib/onelogin/ruby-saml/idp_metadata_parser.rb
Instance Attribute Summary collapse
-
#entity_id ⇒ Object
readonly
Returns the value of attribute entity_id.
-
#idpsso_descriptor ⇒ Object
readonly
Returns the value of attribute idpsso_descriptor.
Instance Method Summary collapse
-
#attribute_names ⇒ Array
The names of all SAML attributes if any exist.
-
#cache_duration ⇒ String|nil
‘cacheDuration’ attribute of metadata.
-
#certificates ⇒ String|nil
Unformatted Certificate if exists.
- #certificates_has_one(key) ⇒ Object
-
#fingerprint(certificate, fingerprint_algorithm = XMLSecurity::Document::SHA1) ⇒ String|nil
The fingerpint of the X509Certificate if it exists.
-
#idp_name_id_format ⇒ String|nil
IdP Name ID Format value if exists.
-
#initialize(idpsso_descriptor, entity_id) ⇒ IdpMetadata
constructor
A new instance of IdpMetadata.
- #merge_certificates_into(parsed_metadata) ⇒ Object
-
#single_logout_response_service_url(options = {}) ⇒ String|nil
SingleLogoutService response url if exists.
-
#single_logout_service_binding(binding_priority = nil) ⇒ String|nil
SingleLogoutService binding if exists.
-
#single_logout_service_url(options = {}) ⇒ String|nil
SingleLogoutService endpoint if exists.
-
#single_signon_service_binding(binding_priority = nil) ⇒ String|nil
SingleSignOnService binding if exists.
-
#single_signon_service_url(options = {}) ⇒ String|nil
SingleSignOnService endpoint if exists.
- #to_hash(options = {}) ⇒ Object
-
#valid_until ⇒ String|nil
‘validUntil’ attribute of metadata.
Constructor Details
#initialize(idpsso_descriptor, entity_id) ⇒ IdpMetadata
Returns a new instance of IdpMetadata.
214 215 216 217 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 214 def initialize(idpsso_descriptor, entity_id) @idpsso_descriptor = idpsso_descriptor @entity_id = entity_id end |
Instance Attribute Details
#entity_id ⇒ Object (readonly)
Returns the value of attribute entity_id.
212 213 214 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 212 def entity_id @entity_id end |
#idpsso_descriptor ⇒ Object (readonly)
Returns the value of attribute idpsso_descriptor.
212 213 214 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 212 def idpsso_descriptor @idpsso_descriptor end |
Instance Method Details
#attribute_names ⇒ Array
Returns the names of all SAML attributes if any exist.
392 393 394 395 396 397 398 399 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 392 def attribute_names nodes = REXML::XPath.match( @idpsso_descriptor , "saml:Attribute/@Name", SamlMetadata::NAMESPACE ) nodes.map(&:value) end |
#cache_duration ⇒ String|nil
Returns ‘cacheDuration’ attribute of metadata.
257 258 259 260 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 257 def cache_duration root = @idpsso_descriptor.root root.attributes['cacheDuration'] if root && root.attributes end |
#certificates ⇒ String|nil
Returns Unformatted Certificate if exists.
343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 343 def certificates @certificates ||= begin signing_nodes = REXML::XPath.match( @idpsso_descriptor, "md:KeyDescriptor[not(contains(@use, 'encryption'))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate", SamlMetadata::NAMESPACE ) encryption_nodes = REXML::XPath.match( @idpsso_descriptor, "md:KeyDescriptor[not(contains(@use, 'signing'))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate", SamlMetadata::NAMESPACE ) return nil if signing_nodes.empty? && encryption_nodes.empty? certs = {} unless signing_nodes.empty? certs['signing'] = [] signing_nodes.each do |cert_node| certs['signing'] << Utils.element_text(cert_node) end end unless encryption_nodes.empty? certs['encryption'] = [] encryption_nodes.each do |cert_node| certs['encryption'] << Utils.element_text(cert_node) end end certs end end |
#certificates_has_one(key) ⇒ Object
426 427 428 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 426 def certificates_has_one(key) certificates.key?(key) && certificates[key].size == 1 end |
#fingerprint(certificate, fingerprint_algorithm = XMLSecurity::Document::SHA1) ⇒ String|nil
Returns the fingerpint of the X509Certificate if it exists.
379 380 381 382 383 384 385 386 387 388 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 379 def fingerprint(certificate, fingerprint_algorithm = XMLSecurity::Document::SHA1) @fingerprint ||= begin return unless certificate cert = OpenSSL::X509::Certificate.new(Base64.decode64(certificate)) fingerprint_alg = XMLSecurity::BaseDocument.new.algorithm(fingerprint_algorithm).new fingerprint_alg.hexdigest(cert.to_der).upcase.scan(/../).join(":") end end |
#idp_name_id_format ⇒ String|nil
Returns IdP Name ID Format value if exists.
239 240 241 242 243 244 245 246 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 239 def idp_name_id_format node = REXML::XPath.first( @idpsso_descriptor, "md:NameIDFormat", SamlMetadata::NAMESPACE ) Utils.element_text(node) end |
#merge_certificates_into(parsed_metadata) ⇒ Object
401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 401 def merge_certificates_into() if (certificates.size == 1 && (certificates_has_one('signing') || certificates_has_one('encryption'))) || (certificates_has_one('signing') && certificates_has_one('encryption') && certificates["signing"][0] == certificates["encryption"][0]) if certificates.key?("signing") [:idp_cert] = certificates["signing"][0] [:idp_cert_fingerprint] = fingerprint( [:idp_cert], [:idp_cert_fingerprint_algorithm] ) else [:idp_cert] = certificates["encryption"][0] [:idp_cert_fingerprint] = fingerprint( [:idp_cert], [:idp_cert_fingerprint_algorithm] ) end else # symbolize keys of certificates and pass it on [:idp_cert_multi] = Hash[certificates.map { |k, v| [k.to_sym, v] }] end end |
#single_logout_response_service_url(options = {}) ⇒ String|nil
Returns SingleLogoutService response url if exists.
329 330 331 332 333 334 335 336 337 338 339 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 329 def single_logout_response_service_url( = {}) binding = single_logout_service_binding([:slo_binding]) return if binding.nil? node = REXML::XPath.first( @idpsso_descriptor, "md:SingleLogoutService[@Binding=\"#{binding}\"]/@ResponseLocation", SamlMetadata::NAMESPACE ) return node.value if node end |
#single_logout_service_binding(binding_priority = nil) ⇒ String|nil
Returns SingleLogoutService binding if exists.
297 298 299 300 301 302 303 304 305 306 307 308 309 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 297 def single_logout_service_binding(binding_priority = nil) nodes = REXML::XPath.match( @idpsso_descriptor, "md:SingleLogoutService/@Binding", SamlMetadata::NAMESPACE ) if binding_priority values = nodes.map(&:value) binding_priority.detect{ |binding| values.include? binding } else nodes.first.value if nodes.any? end end |
#single_logout_service_url(options = {}) ⇒ String|nil
Returns SingleLogoutService endpoint if exists.
314 315 316 317 318 319 320 321 322 323 324 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 314 def single_logout_service_url( = {}) binding = single_logout_service_binding([:slo_binding]) return if binding.nil? node = REXML::XPath.first( @idpsso_descriptor, "md:SingleLogoutService[@Binding=\"#{binding}\"]/@Location", SamlMetadata::NAMESPACE ) return node.value if node end |
#single_signon_service_binding(binding_priority = nil) ⇒ String|nil
Returns SingleSignOnService binding if exists.
265 266 267 268 269 270 271 272 273 274 275 276 277 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 265 def single_signon_service_binding(binding_priority = nil) nodes = REXML::XPath.match( @idpsso_descriptor, "md:SingleSignOnService/@Binding", SamlMetadata::NAMESPACE ) if binding_priority values = nodes.map(&:value) binding_priority.detect{ |binding| values.include? binding } else nodes.first.value if nodes.any? end end |
#single_signon_service_url(options = {}) ⇒ String|nil
Returns SingleSignOnService endpoint if exists.
282 283 284 285 286 287 288 289 290 291 292 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 282 def single_signon_service_url( = {}) binding = single_signon_service_binding([:sso_binding]) return if binding.nil? node = REXML::XPath.first( @idpsso_descriptor, "md:SingleSignOnService[@Binding=\"#{binding}\"]/@Location", SamlMetadata::NAMESPACE ) return node.value if node end |
#to_hash(options = {}) ⇒ Object
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 |
# File 'lib/onelogin/ruby-saml/idp_metadata_parser.rb', line 219 def to_hash( = {}) { :idp_entity_id => @entity_id, :name_identifier_format => idp_name_id_format, :idp_sso_service_url => single_signon_service_url(), :idp_slo_service_url => single_logout_service_url(), :idp_slo_response_service_url => single_logout_response_service_url(), :idp_attribute_names => attribute_names, :idp_cert => nil, :idp_cert_fingerprint => nil, :idp_cert_multi => nil, :valid_until => valid_until, :cache_duration => cache_duration, }.tap do |response_hash| merge_certificates_into(response_hash) unless certificates.nil? end end |