Class: Saml::Kit::Assertion

Inherits:
Object
  • Object
show all
Includes:
ActiveModel::Validations, Translatable
Defined in:
lib/saml/kit/assertion.rb

Constant Summary collapse

XPATH = 
[
  '/samlp:Response/saml:Assertion',
  '/samlp:Response/saml:EncryptedAssertion'
].join('|')

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(node, configuration: Saml::Kit.configuration, private_keys: []) ⇒ Assertion

Returns a new instance of Assertion.



18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/saml/kit/assertion.rb', line 18

def initialize(node, configuration: Saml::Kit.configuration, private_keys: [])
  @name = 'Assertion'
  @node = node
  @xml_hash = hash_from(node)['Response'] || {}
  @configuration = configuration
  @occurred_at = Time.current
  decrypt!(::Xml::Kit::Decryption.new(
             private_keys: (
               configuration.private_keys(use: :encryption) + private_keys
             ).uniq
  ))
end

Instance Attribute Details

#nameObject (readonly)

Returns the value of attribute name.



15
16
17
 
# File 'lib/saml/kit/assertion.rb', line 15

def name
  @name
end

#occurred_atObject

Returns the value of attribute occurred_at.



16
17
18
 
# File 'lib/saml/kit/assertion.rb', line 16

def occurred_at
  @occurred_at
end

Instance Method Details

#active?(now = occurred_at) ⇒ Boolean

Returns:

  • (Boolean) 


51
52
53
54
 
# File 'lib/saml/kit/assertion.rb', line 51

def active?(now = occurred_at)
  drifted_started_at = started_at - configuration.clock_drift.to_i.seconds
  now > drifted_started_at && !expired?(now)
end

#attributesObject 



56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/saml/kit/assertion.rb', line 56

def attributes
  @attributes ||=
    begin
      attrs = assertion.fetch('AttributeStatement', {}).fetch('Attribute', [])
      items = if attrs.is_a? Hash
                [[attrs['Name'], attrs['AttributeValue']]]
              else
                attrs.map { |item| [item['Name'], item['AttributeValue']] }
              end
      Hash[items].with_indifferent_access
    end
end

#audiencesObject 



77
78
79
80
81
82
 
# File 'lib/saml/kit/assertion.rb', line 77

def audiences
  Array(assertion['Conditions']['AudienceRestriction']['Audience'])
rescue StandardError => error
  Saml::Kit.logger.error(error)
  []
end

#decryptable?Boolean

Returns:

  • (Boolean) 


88
89
90
91
 
# File 'lib/saml/kit/assertion.rb', line 88

def decryptable?
  return true unless encrypted?
  !@cannot_decrypt
end

#encrypted?Boolean

Returns:

  • (Boolean) 


84
85
86
 
# File 'lib/saml/kit/assertion.rb', line 84

def encrypted?
  @xml_hash.fetch('EncryptedAssertion', nil).present?
end

#expired?(now = occurred_at) ⇒ Boolean

Returns:

  • (Boolean) 


47
48
49
 
# File 'lib/saml/kit/assertion.rb', line 47

def expired?(now = occurred_at)
  now > expired_at
end

#expired_atObject 



73
74
75
 
# File 'lib/saml/kit/assertion.rb', line 73

def expired_at
  parse_date(assertion.fetch('Conditions', {}).fetch('NotOnOrAfter', nil))
end

#issuerObject 



31
32
33
 
# File 'lib/saml/kit/assertion.rb', line 31

def issuer
  assertion.fetch('Issuer')
end

#name_idObject 



35
36
37
 
# File 'lib/saml/kit/assertion.rb', line 35

def name_id
  assertion.fetch('Subject', {}).fetch('NameID', nil)
end

#present?Boolean

Returns:

  • (Boolean) 


93
94
95
 
# File 'lib/saml/kit/assertion.rb', line 93

def present?
  assertion.present?
end

#signatureObject 



43
44
45
 
# File 'lib/saml/kit/assertion.rb', line 43

def signature
  @signature ||= Signature.new(at_xpath('./ds:Signature'))
end

#signed?Boolean

Returns:

  • (Boolean) 


39
40
41
 
# File 'lib/saml/kit/assertion.rb', line 39

def signed?
  signature.present?
end

#started_atObject 



69
70
71
 
# File 'lib/saml/kit/assertion.rb', line 69

def started_at
  parse_date(assertion.fetch('Conditions', {}).fetch('NotBefore', nil))
end

#to_xml(pretty: false) ⇒ Object 



97
98
99
 
# File 'lib/saml/kit/assertion.rb', line 97

def to_xml(pretty: false)
  pretty ? @node.to_xml(indent: 2) : @node.to_s
end