Class: Saml::Kit::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/saml/kit/configuration.rb

Overview

This class represents the main configuration that is use for generating SAML documents.

Saml::Kit::Configuration.new do |config|
  config.entity_id = "com:saml:kit"
  config.signature_method = :SHA256
  config.digest_method = :SHA256
  config.registry = Saml::Kit::DefaultRegistry.new
  config.session_timeout = 30.minutes
  config.logger = Rails.logger
end

To specify global configuration it is best to do this in an initializer
that runs at the start of the program.

Saml::Kit.configure do |configuration|
  configuration.entity_id = "https://www.example.com/saml/metadata"
  configuration.generate_key_pair_for(use: :signing)
  configuration.add_key_pair(ENV["X509_CERTIFICATE"], ENV["PRIVATE_KEY"], passphrase: ENV['PRIVATE_KEY_PASSPHRASE'], use: :encryption)
end

Constant Summary collapse

USES = 
%i[signing encryption].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize {|_self| ... } ⇒ Configuration

Returns a new instance of Configuration.

Yields:

  • (_self)

Yield Parameters:



39
40
41
42
43
44
45
46
47
48
 
# File 'lib/saml/kit/configuration.rb', line 39

def initialize
  @clock_drift = 30.seconds
  @digest_method = :SHA256
  @key_pairs = []
  @logger = Logger.new(STDOUT)
  @registry = DefaultRegistry.new
  @session_timeout = 3.hours
  @signature_method = :SHA256
  yield self if block_given?
end

Instance Attribute Details

#clock_driftObject

The total allowable clock drift for session timeout validation.



37
38
39
 
# File 'lib/saml/kit/configuration.rb', line 37

def clock_drift
  @clock_drift
end

#digest_methodObject

The digest method to use when generating signatures (See Builders::XmlSignature::DIGEST_METHODS)



29
30
31
 
# File 'lib/saml/kit/configuration.rb', line 29

def digest_method
  @digest_method
end

#entity_idObject

The issuer to use in requests or responses from this entity to use.



25
26
27
 
# File 'lib/saml/kit/configuration.rb', line 25

def entity_id
  @entity_id
end

#loggerObject

The logger to write log messages to.



35
36
37
 
# File 'lib/saml/kit/configuration.rb', line 35

def logger
  @logger
end

#registryObject

The metadata registry to use for searching for metadata associated with an issuer.



31
32
33
 
# File 'lib/saml/kit/configuration.rb', line 31

def registry
  @registry
end

#session_timeoutObject

The session timeout to use when generating an Assertion.



33
34
35
 
# File 'lib/saml/kit/configuration.rb', line 33

def session_timeout
  @session_timeout
end

#signature_methodObject

The signature method to use when generating signatures (See Builders::XmlSignature::SIGNATURE_METHODS)



27
28
29
 
# File 'lib/saml/kit/configuration.rb', line 27

def signature_method
  @signature_method
end

Instance Method Details

#add_key_pair(certificate, private_key, passphrase: '', use: :signing) ⇒ Object

Add a key pair that can be used for either signing or encryption.

Parameters:

  • the x509 certificate with public key.

  • the plain text private key.

  • (defaults to: '')

    the password to decrypt the private key.

  • (defaults to: :signing)

    the type of key pair, :signing or :encryption



56
57
58
59
 
# File 'lib/saml/kit/configuration.rb', line 56

def add_key_pair(certificate, private_key, passphrase: '', use: :signing)
  ensure_proper_use!(use)
  @key_pairs.push(::Xml::Kit::KeyPair.new(certificate, private_key, passphrase, use.to_sym))
end

#certificates(use: nil) ⇒ Object

Return each certificate for a specific use.

Parameters:

  • (defaults to: nil)

    the type of key pair to return nil, :signing or :encryption



81
82
83
 
# File 'lib/saml/kit/configuration.rb', line 81

def certificates(use: nil)
  key_pairs(use: use).flat_map(&:certificate)
end

#generate_key_pair_for(use:, passphrase: SecureRandom.uuid) ⇒ Object

Generates a unique key pair that can be used for signing or encryption.

Parameters:

  • the type of key pair, :signing or :encryption

  • (defaults to: SecureRandom.uuid)

    the private key passphrase to use.



65
66
67
68
69
 
# File 'lib/saml/kit/configuration.rb', line 65

def generate_key_pair_for(use:, passphrase: SecureRandom.uuid)
  ensure_proper_use!(use)
  certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
  add_key_pair(certificate, private_key, passphrase: passphrase, use: use)
end

#key_pairs(use: nil) ⇒ Object

Return each key pair for a specific use.

Parameters:

  • (defaults to: nil)

    the type of key pair to return nil, :signing or :encryption



74
75
76
 
# File 'lib/saml/kit/configuration.rb', line 74

def key_pairs(use: nil)
  use.present? ? @key_pairs.find_all { |x| x.for?(use) } : @key_pairs
end

#private_keys(use: nil) ⇒ Object

Return each private for a specific use.

Parameters:

  • (defaults to: nil)

    the type of key pair to return nil, :signing or :encryption



88
89
90
 
# File 'lib/saml/kit/configuration.rb', line 88

def private_keys(use: nil)
  key_pairs(use: use).flat_map(&:private_key)
end

#sign?Boolean

Returns true if there is at least one signing certificate registered.

Returns:



93
94
95
 
# File 'lib/saml/kit/configuration.rb', line 93

def sign?
  certificates(use: :signing).any?
end