Class: Saml::Kit::Assertion

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
ActiveModel::Validations, Translatable, XmlParseable
Defined in:
lib/saml/kit/assertion.rb

Overview

This class validates the Assertion element nested in a Response element of a SAML document.

Constant Summary collapse

XPATH = 
[
  '/samlp:Response/saml:Assertion',
  '/samlp:Response/saml:EncryptedAssertion'
].join('|')

Constants included from XmlParseable

XmlParseable::NAMESPACES

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from XmlParseable

#present?, #to_h, #to_xhtml, #to_xml

Constructor Details

#initialize(node, configuration: Saml::Kit.configuration, private_keys: []) ⇒ Assertion

Returns a new instance of Assertion.



27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/saml/kit/assertion.rb', line 27

def initialize(
  node, configuration: Saml::Kit.configuration, private_keys: []
)
  @name = 'Assertion'
  @to_nokogiri = node
  @configuration = configuration
  @occurred_at = Time.current
  @cannot_decrypt = false
  @encrypted = false
  keys = configuration.private_keys(use: :encryption) + private_keys
  decrypt(::Xml::Kit::Decryption.new(private_keys: keys.uniq))
end

Instance Attribute Details

#nameObject (readonly)

Returns the value of attribute name.



24
25
26
 
# File 'lib/saml/kit/assertion.rb', line 24

def name
  @name
end

#occurred_atObject

Returns the value of attribute occurred_at.



25
26
27
 
# File 'lib/saml/kit/assertion.rb', line 25

def occurred_at
  @occurred_at
end

Instance Method Details

#active?(now = occurred_at) ⇒ Boolean

Returns:

  • (Boolean) 


64
65
66
67
 
# File 'lib/saml/kit/assertion.rb', line 64

def active?(now = occurred_at)
  drifted_started_at = started_at - configuration.clock_drift.to_i.seconds
  now > drifted_started_at && !expired?(now)
end

#attribute_statementObject 



69
70
71
72
 
# File 'lib/saml/kit/assertion.rb', line 69

def attribute_statement
  @attribute_statement ||=
    AttributeStatement.new(search('./saml:AttributeStatement'))
end

#conditionsObject 



74
75
76
 
# File 'lib/saml/kit/assertion.rb', line 74

def conditions
  @conditions ||= Conditions.new(search('./saml:Conditions'))
end

#decryptable?Boolean

Returns:

  • (Boolean) 


82
83
84
85
 
# File 'lib/saml/kit/assertion.rb', line 82

def decryptable?
  return true unless encrypted?
  !@cannot_decrypt
end

#encrypted?Boolean

Returns:

  • (Boolean) 


78
79
80
 
# File 'lib/saml/kit/assertion.rb', line 78

def encrypted?
  @encrypted
end

#expired?(now = occurred_at) ⇒ Boolean

Returns:

  • (Boolean) 


60
61
62
 
# File 'lib/saml/kit/assertion.rb', line 60

def expired?(now = occurred_at)
  now > expired_at
end

#issuerObject 



40
41
42
 
# File 'lib/saml/kit/assertion.rb', line 40

def issuer
  at_xpath('./saml:Issuer').try(:text)
end

#name_idObject 



44
45
46
 
# File 'lib/saml/kit/assertion.rb', line 44

def name_id
  at_xpath('./saml:Subject/saml:NameID').try(:text)
end

#name_id_formatObject 



48
49
50
 
# File 'lib/saml/kit/assertion.rb', line 48

def name_id_format
  at_xpath('./saml:Subject/saml:NameID').attribute('Format').try(:value)
end

#signatureObject 



56
57
58
 
# File 'lib/saml/kit/assertion.rb', line 56

def signature
  @signature ||= Signature.new(at_xpath('./ds:Signature'))
end

#signed?Boolean

Returns:

  • (Boolean) 


52
53
54
 
# File 'lib/saml/kit/assertion.rb', line 52

def signed?
  signature.present?
end

#to_sObject 



87
88
89
 
# File 'lib/saml/kit/assertion.rb', line 87

def to_s
  @to_nokogiri.to_s
end