Class: Saml::Kit::Metadata
- Inherits:
-
Object
- Object
- Saml::Kit::Metadata
- Extended by:
- Forwardable
- Includes:
- ActiveModel::Validations, Buildable, Translatable, XmlParseable, XsdValidatable
- Defined in:
- lib/saml/kit/metadata.rb,
lib/saml/kit/deprecated/metadata.rb
Overview
The Metadata object can be used to parse an XML string of metadata.
= Saml::Kit::Metadata.from(raw_xml)
It can also be used to generate a new metadata string.
= Saml::Kit::Metadata.build do |builder|
builder.entity_id = "my-issuer"
builder.build_service_provider do |x|
x.add_assertion_consumer_service(assertions_url, binding: :http_post)
x.add_single_logout_service(logout_url, binding: :http_post)
end
builder.build_identity_provider do |x|
x.add_single_sign_on_service(login_url, binding: :http_redirect)
x.add_single_logout_service(logout_url, binding: :http_post)
end
end
puts .to_xml(pretty: true)
See Builders::ServiceProviderMetadata and Builders::IdentityProviderMetadata for a list of options that can be specified.
Direct Known Subclasses
CompositeMetadata, IdentityProviderMetadata, ServiceProviderMetadata
Constant Summary
Constants included from XsdValidatable
XsdValidatable::METADATA_XSD, XsdValidatable::PROTOCOL_XSD
Constants included from XmlParseable
Instance Attribute Summary collapse
-
#content ⇒ Object
readonly
Returns the value of attribute content.
-
#name ⇒ Object
readonly
Returns the value of attribute name.
Class Method Summary collapse
Instance Method Summary collapse
-
#certificates(xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor") ⇒ Object
Returns each of the X509 certificates.
-
#contact_person_company ⇒ Object
Returns the Company.
-
#encryption_certificates ⇒ Object
Returns the encryption certificates.
-
#entity_id ⇒ Object
Returns the /EntityDescriptor/@entityID.
-
#initialize(name, content) ⇒ Metadata
constructor
A new instance of Metadata.
-
#logout_request_for(user, binding: :http_post, relay_state: nil) ⇒ Array
Creates a serialized LogoutRequest.
-
#matches?(fingerprint, use: :signing) ⇒ Xml::Kit::Certificate
Returns the certificate that matches the fingerprint.
-
#name_id_formats ⇒ Object
Returns the supported NameIDFormats.
- #organization(xpath = '/md:EntityDescriptor/md:Organization') ⇒ Object
- #organization_name ⇒ Object deprecated Deprecated.
- #organization_url ⇒ Object deprecated Deprecated.
-
#service_for(binding:, type:) ⇒ Object
Returns a specifing service binding.
-
#services(type) ⇒ Object
Returns each of the service endpoints supported by this metadata.
- #signature(xpath = '/md:EntityDescriptor/ds:Signature') ⇒ Object
-
#signing_certificates ⇒ Object
Returns the signing certificates.
-
#single_logout_service_for(binding:) ⇒ Object
Returns the SingleLogoutService that matches the specified binding.
-
#single_logout_services ⇒ Object
Returns each of the SingleLogoutService bindings.
-
#verify(algorithm, signature, data) ⇒ Xml::Kit::Certificate
Verifies the signature and data using the signing certificates.
Methods included from XmlParseable
#present?, #to_h, #to_s, #to_xhtml, #to_xml
Constructor Details
#initialize(name, content) ⇒ Metadata
Returns a new instance of Metadata.
45 46 47 48 |
# File 'lib/saml/kit/metadata.rb', line 45 def initialize(name, content) @name = name @content = content end |
Instance Attribute Details
#content ⇒ Object (readonly)
Returns the value of attribute content.
43 44 45 |
# File 'lib/saml/kit/metadata.rb', line 43 def content @content end |
#name ⇒ Object (readonly)
Returns the value of attribute name.
43 44 45 |
# File 'lib/saml/kit/metadata.rb', line 43 def name @name end |
Class Method Details
Instance Method Details
#certificates(xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor") ⇒ Object
Returns each of the X509 certificates.
70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/saml/kit/metadata.rb', line 70 def certificates( xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor" ) @certificates ||= search(xpath).map do |item| xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate' namespaces = { 'ds' => ::Xml::Kit::Namespaces::XMLDSIG } cert = item.at_xpath(xpath, namespaces).try(:text) use_attribute = item.attribute('use') ::Xml::Kit::Certificate.new(cert, use: use_attribute.try(:value)) end end |
#contact_person_company ⇒ Object
Returns the Company
65 66 67 |
# File 'lib/saml/kit/metadata.rb', line 65 def contact_person_company at_xpath('/md:EntityDescriptor/md:ContactPerson/md:Company').try(:text) end |
#encryption_certificates ⇒ Object
Returns the encryption certificates
83 84 85 |
# File 'lib/saml/kit/metadata.rb', line 83 def encryption_certificates certificates.find_all(&:encryption?) end |
#entity_id ⇒ Object
Returns the /EntityDescriptor/@entityID
51 52 53 |
# File 'lib/saml/kit/metadata.rb', line 51 def entity_id at_xpath('/md:EntityDescriptor/@entityID').try(:value) end |
#logout_request_for(user, binding: :http_post, relay_state: nil) ⇒ Array
Creates a serialized LogoutRequest.
‘assertion_attributes_for`. send to the other party.
135 136 137 138 139 |
# File 'lib/saml/kit/metadata.rb', line 135 def logout_request_for(user, binding: :http_post, relay_state: nil) builder = LogoutRequest.builder(user) { |x| yield x if block_given? } request_binding = single_logout_service_for(binding: binding) request_binding.serialize(builder, relay_state: relay_state) end |
#matches?(fingerprint, use: :signing) ⇒ Xml::Kit::Certificate
Returns the certificate that matches the fingerprint
Can be ‘:signing` or `:encryption`. `Xml::Kit::Certificate`
148 149 150 |
# File 'lib/saml/kit/metadata.rb', line 148 def matches?(fingerprint, use: :signing) certificates.find { |x| x.for?(use) && x.fingerprint == fingerprint } end |
#name_id_formats ⇒ Object
Returns the supported NameIDFormats.
56 57 58 |
# File 'lib/saml/kit/metadata.rb', line 56 def name_id_formats search("/md:EntityDescriptor/md:#{name}/md:NameIDFormat").map(&:text) end |
#organization(xpath = '/md:EntityDescriptor/md:Organization') ⇒ Object
60 61 62 |
# File 'lib/saml/kit/metadata.rb', line 60 def organization(xpath = '/md:EntityDescriptor/md:Organization') @organization ||= Organization.new(at_xpath(xpath)) end |
#organization_name ⇒ Object
7 8 9 10 |
# File 'lib/saml/kit/deprecated/metadata.rb', line 7 def organization_name Saml::Kit.deprecate('`organization_name` is deprecated. Use `organization.name`') organization.name end |
#organization_url ⇒ Object
13 14 15 16 |
# File 'lib/saml/kit/deprecated/metadata.rb', line 13 def organization_url Saml::Kit.deprecate('`organization_url` is deprecated. Use `organization.url`') organization.url end |
#service_for(binding:, type:) ⇒ Object
Returns a specifing service binding.
‘AssertionConsumerServiceURL`, `SingleSignOnService` or `SingleLogoutService`.
110 111 112 113 |
# File 'lib/saml/kit/metadata.rb', line 110 def service_for(binding:, type:) binding = Saml::Kit::Bindings.binding_for(binding) services(type).find { |x| x.binding?(binding) } end |
#services(type) ⇒ Object
Returns each of the service endpoints supported by this metadata.
.E.g. ‘AssertionConsumerServiceURL`
96 97 98 99 100 101 102 |
# File 'lib/saml/kit/metadata.rb', line 96 def services(type) search("/md:EntityDescriptor/md:#{name}/md:#{type}").map do |item| binding = item.attribute('Binding').value location = item.attribute('Location').value Saml::Kit::Bindings.create_for(binding, location) end end |
#signature(xpath = '/md:EntityDescriptor/ds:Signature') ⇒ Object
166 167 168 |
# File 'lib/saml/kit/metadata.rb', line 166 def signature(xpath = '/md:EntityDescriptor/ds:Signature') @signature ||= Signature.new(at_xpath(xpath)) end |
#signing_certificates ⇒ Object
Returns the signing certificates.
88 89 90 |
# File 'lib/saml/kit/metadata.rb', line 88 def signing_certificates certificates.find_all(&:signing?) end |
#single_logout_service_for(binding:) ⇒ Object
Returns the SingleLogoutService that matches the specified binding.
123 124 125 |
# File 'lib/saml/kit/metadata.rb', line 123 def single_logout_service_for(binding:) service_for(binding: binding, type: 'SingleLogoutService') end |
#single_logout_services ⇒ Object
Returns each of the SingleLogoutService bindings
116 117 118 |
# File 'lib/saml/kit/metadata.rb', line 116 def single_logout_services services('SingleLogoutService') end |
#verify(algorithm, signature, data) ⇒ Xml::Kit::Certificate
Verifies the signature and data using the signing certificates.
E.g. ‘OpenSSL::Digest::SHA256` produce the signature.
160 161 162 163 164 |
# File 'lib/saml/kit/metadata.rb', line 160 def verify(algorithm, signature, data) signing_certificates.find do |certificate| certificate.public_key.verify(algorithm, signature, data) end end |