Class: Saml::Kit::Metadata

Inherits:
Object
  • Object
show all
Includes:
ActiveModel::Validations, Buildable, Translatable, XsdValidatable
Defined in:
lib/saml/kit/metadata.rb

Overview

The Metadata object can be used to parse an XML string of metadata.

metadata = Saml::Kit::Metadata.from(raw_xml)

It can also be used to generate a new metadata string.

metadata = Saml::Kit::Metadata.build do |builder|
  builder.entity_id = "my-issuer"
  builder.build_service_provider do |x|
    x.add_assertion_consumer_service(assertions_url, binding: :http_post)
    x.add_single_logout_service(logout_url, binding: :http_post)
  end
  builder.build_identity_provider do |x|
    x.add_single_sign_on_service(, binding: :http_redirect)
    x.add_single_logout_service(logout_url, binding: :http_post)
  end
end
puts metadata.to_xml(pretty: true)

See Builders::ServiceProviderMetadata and Builders::IdentityProviderMetadata for a list of options that can be specified.

Constant Summary collapse

METADATA_XSD = 
File.expand_path('./xsd/saml-schema-metadata-2.0.xsd', File.dirname(__FILE__)).freeze
NAMESPACES = 
{
  NameFormat: Namespaces::ATTR_SPLAT,
  ds: ::Xml::Kit::Namespaces::XMLDSIG,
  md: Namespaces::METADATA,
  saml: Namespaces::ASSERTION,
  samlp: Namespaces::PROTOCOL,
}.freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name, xml) ⇒ Metadata 



48
49
50
51
 
# File 'lib/saml/kit/metadata.rb', line 48

def initialize(name, xml)
  @name = name
  @xml = xml
end

Instance Attribute Details

#nameObject (readonly)

Returns the value of attribute name.



46
47
48
 
# File 'lib/saml/kit/metadata.rb', line 46

def name
  @name
end

Class Method Details

.from(content) ⇒ Saml::Kit::Metadata

Creates a ‘Saml::Kit::Metadata` object from a raw XML [String].



187
188
189
190
191
192
193
194
195
196
197
198
199
 
# File 'lib/saml/kit/metadata.rb', line 187

def from(content)
  document = Nokogiri::XML(content)
  return unless document.at_xpath('/md:EntityDescriptor', NAMESPACES)
  sp = document.at_xpath('/md:EntityDescriptor/md:SPSSODescriptor', NAMESPACES)
  idp = document.at_xpath('/md:EntityDescriptor/md:IDPSSODescriptor', NAMESPACES)
  if sp && idp
    Saml::Kit::CompositeMetadata.new(content)
  elsif sp
    Saml::Kit::ServiceProviderMetadata.new(content)
  elsif idp
    Saml::Kit::IdentityProviderMetadata.new(content)
  end
end

Instance Method Details

#certificatesObject

Returns each of the X509 certificates.



79
80
81
82
83
84
 
# File 'lib/saml/kit/metadata.rb', line 79

def certificates
  @certificates ||= search("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
    cert = item.at_xpath('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', 'ds' => ::Xml::Kit::Namespaces::XMLDSIG).try(:text)
    ::Xml::Kit::Certificate.new(cert, use: item.attribute('use').try(:value))
  end
end

#contact_person_companyObject

Returns the Company



74
75
76
 
# File 'lib/saml/kit/metadata.rb', line 74

def contact_person_company
  at_xpath('/md:EntityDescriptor/md:ContactPerson/md:Company').try(:text)
end

#encryption_certificatesObject

Returns the encryption certificates



87
88
89
 
# File 'lib/saml/kit/metadata.rb', line 87

def encryption_certificates
  certificates.find_all(&:encryption?)
end

#entity_idObject

Returns the /EntityDescriptor/@entityID



54
55
56
 
# File 'lib/saml/kit/metadata.rb', line 54

def entity_id
  at_xpath('/md:EntityDescriptor/@entityID').try(:value)
end

#logout_request_for(user, binding: :http_post, relay_state: nil) ⇒ Array

Creates a serialized LogoutRequest.



134
135
136
137
138
 
# File 'lib/saml/kit/metadata.rb', line 134

def logout_request_for(user, binding: :http_post, relay_state: nil)
  builder = Saml::Kit::LogoutRequest.builder(user) { |x| yield x if block_given? }
  request_binding = single_logout_service_for(binding: binding)
  request_binding.serialize(builder, relay_state: relay_state)
end

#matches?(fingerprint, use: :signing) ⇒ Xml::Kit::Certificate

Returns the certificate that matches the fingerprint



145
146
147
 
# File 'lib/saml/kit/metadata.rb', line 145

def matches?(fingerprint, use: :signing)
  certificates.find { |x| x.for?(use) && x.fingerprint == fingerprint }
end

#name_id_formatsObject

Returns the supported NameIDFormats.



59
60
61
 
# File 'lib/saml/kit/metadata.rb', line 59

def name_id_formats
  search("/md:EntityDescriptor/md:#{name}/md:NameIDFormat").map(&:text)
end

#organization_nameObject

Returns the Organization Name



64
65
66
 
# File 'lib/saml/kit/metadata.rb', line 64

def organization_name
  at_xpath('/md:EntityDescriptor/md:Organization/md:OrganizationName').try(:text)
end

#organization_urlObject

Returns the Organization URL



69
70
71
 
# File 'lib/saml/kit/metadata.rb', line 69

def organization_url
  at_xpath('/md:EntityDescriptor/md:Organization/md:OrganizationURL').try(:text)
end

#service_for(binding:, type:) ⇒ Object

Returns a specifing service binding.



111
112
113
114
 
# File 'lib/saml/kit/metadata.rb', line 111

def service_for(binding:, type:)
  binding = Saml::Kit::Bindings.binding_for(binding)
  services(type).find { |x| x.binding?(binding) }
end

#services(type) ⇒ Object

Returns each of the service endpoints supported by this metadata.



99
100
101
102
103
104
105
 
# File 'lib/saml/kit/metadata.rb', line 99

def services(type)
  search("/md:EntityDescriptor/md:#{name}/md:#{type}").map do |item|
    binding = item.attribute('Binding').value
    location = item.attribute('Location').value
    Saml::Kit::Bindings.create_for(binding, location)
  end
end

#signatureObject 



178
179
180
 
# File 'lib/saml/kit/metadata.rb', line 178

def signature
  @signature ||= Signature.new(at_xpath('/md:EntityDescriptor/ds:Signature'))
end

#signing_certificatesObject

Returns the signing certificates.



92
93
94
 
# File 'lib/saml/kit/metadata.rb', line 92

def signing_certificates
  certificates.find_all(&:signing?)
end

#single_logout_service_for(binding:) ⇒ Object

Returns the SingleLogoutService that matches the specified binding.



124
125
126
 
# File 'lib/saml/kit/metadata.rb', line 124

def single_logout_service_for(binding:)
  service_for(binding: binding, type: 'SingleLogoutService')
end

#single_logout_servicesObject

Returns each of the SingleLogoutService bindings



117
118
119
 
# File 'lib/saml/kit/metadata.rb', line 117

def single_logout_services
  services('SingleLogoutService')
end

#to_hObject

Returns the XML document converted to a Hash.



150
151
152
 
# File 'lib/saml/kit/metadata.rb', line 150

def to_h
  @xml_hash ||= Hash.from_xml(to_xml)
end

#to_sObject

Returns the XML document as a [String].



162
163
164
 
# File 'lib/saml/kit/metadata.rb', line 162

def to_s
  to_xml
end

#to_xml(pretty: false) ⇒ Object

Returns the XML document as a String.



157
158
159
 
# File 'lib/saml/kit/metadata.rb', line 157

def to_xml(pretty: false)
  pretty ? to_nokogiri.to_xml(indent: 2) : @xml
end

#verify(algorithm, signature, data) ⇒ Xml::Kit::Certificate

Verifies the signature and data using the signing certificates.



172
173
174
175
176
 
# File 'lib/saml/kit/metadata.rb', line 172

def verify(algorithm, signature, data)
  signing_certificates.find do |certificate|
    certificate.public_key.verify(algorithm, signature, data)
  end
end