Class: Saml::Kit::Metadata

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
ActiveModel::Validations, Buildable, Translatable, XmlParseable, XsdValidatable
Defined in:
lib/saml/kit/metadata.rb,
lib/saml/kit/deprecated/metadata.rb

Overview

The Metadata object can be used to parse an XML string of metadata.

 = Saml::Kit::Metadata.from(raw_xml)

It can also be used to generate a new metadata string.

 = Saml::Kit::Metadata.build do |builder|
  builder.entity_id = "my-issuer"
  builder.build_service_provider do |x|
    x.add_assertion_consumer_service(assertions_url, binding: :http_post)
    x.add_single_logout_service(logout_url, binding: :http_post)
  end
  builder.build_identity_provider do |x|
    x.add_single_sign_on_service(, binding: :http_redirect)
    x.add_single_logout_service(logout_url, binding: :http_post)
  end
end
puts .to_xml(pretty: true)

See Builders::ServiceProviderMetadata and Builders::IdentityProviderMetadata for a list of options that can be specified.

Constant Summary

Constants included from XsdValidatable

XsdValidatable::METADATA_XSD, XsdValidatable::PROTOCOL_XSD

Constants included from XmlParseable

XmlParseable::NAMESPACES

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from XmlParseable

#present?, #to_h, #to_s, #to_xhtml, #to_xml

Constructor Details

#initialize(name, content) ⇒ Metadata

Returns a new instance of Metadata.



45
46
47
48
# File 'lib/saml/kit/metadata.rb', line 45

def initialize(name, content)
  @name = name
  @content = content
end

Instance Attribute Details

#contentObject (readonly)

Returns the value of attribute content.



43
44
45
# File 'lib/saml/kit/metadata.rb', line 43

def content
  @content
end

#nameObject (readonly)

Returns the value of attribute name.



43
44
45
# File 'lib/saml/kit/metadata.rb', line 43

def name
  @name
end

Class Method Details

.builder_classObject



174
175
176
# File 'lib/saml/kit/metadata.rb', line 174

def self.builder_class
  Saml::Kit::Builders::Metadata
end

.from(content) ⇒ Object



170
171
172
# File 'lib/saml/kit/metadata.rb', line 170

def self.from(content)
  Saml::Kit::Parser.new.(content)
end

Instance Method Details

#certificates(xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor") ⇒ Object

Returns each of the X509 certificates.



70
71
72
73
74
75
76
77
78
79
80
# File 'lib/saml/kit/metadata.rb', line 70

def certificates(
  xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor"
)
  @certificates ||= search(xpath).map do |item|
    xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate'
    namespaces = { 'ds' => ::Xml::Kit::Namespaces::XMLDSIG }
    cert = item.at_xpath(xpath, namespaces).try(:text)
    use_attribute = item.attribute('use')
    ::Xml::Kit::Certificate.new(cert, use: use_attribute.try(:value))
  end
end

#contact_person_companyObject

Returns the Company



65
66
67
# File 'lib/saml/kit/metadata.rb', line 65

def contact_person_company
  at_xpath('/md:EntityDescriptor/md:ContactPerson/md:Company').try(:text)
end

#encryption_certificatesObject

Returns the encryption certificates



83
84
85
# File 'lib/saml/kit/metadata.rb', line 83

def encryption_certificates
  certificates.find_all(&:encryption?)
end

#entity_idObject

Returns the /EntityDescriptor/@entityID



51
52
53
# File 'lib/saml/kit/metadata.rb', line 51

def entity_id
  at_xpath('/md:EntityDescriptor/@entityID').try(:value)
end

#logout_request_for(user, binding: :http_post, relay_state: nil) ⇒ Array

Creates a serialized LogoutRequest.

‘assertion_attributes_for`. send to the other party.

Parameters:

  • user (Object)

    a user object that responds to ‘name_id_for` and

  • binding (Symbol) (defaults to: :http_post)

    can be ‘:http_post` or `:http_redirect`.

  • relay_state (String) (defaults to: nil)

    the relay state to have echo’d back.

Returns:

  • (Array)

    Returns an array with a url and Hash of parameters to



135
136
137
138
139
# File 'lib/saml/kit/metadata.rb', line 135

def logout_request_for(user, binding: :http_post, relay_state: nil)
  builder = LogoutRequest.builder(user) { |x| yield x if block_given? }
  request_binding = single_logout_service_for(binding: binding)
  request_binding.serialize(builder, relay_state: relay_state)
end

#matches?(fingerprint, use: :signing) ⇒ Xml::Kit::Certificate

Returns the certificate that matches the fingerprint

Can be ‘:signing` or `:encryption`. `Xml::Kit::Certificate`

Parameters:

  • fingerprint (Saml::Kit::Fingerprint)

    the fingerprint to search.

  • use (Symbol) (defaults to: :signing)

    the type of certificates to look at.

Returns:

  • (Xml::Kit::Certificate)

    returns the matching



148
149
150
# File 'lib/saml/kit/metadata.rb', line 148

def matches?(fingerprint, use: :signing)
  certificates.find { |x| x.for?(use) && x.fingerprint == fingerprint }
end

#name_id_formatsObject

Returns the supported NameIDFormats.



56
57
58
# File 'lib/saml/kit/metadata.rb', line 56

def name_id_formats
  search("/md:EntityDescriptor/md:#{name}/md:NameIDFormat").map(&:text)
end

#organization(xpath = '/md:EntityDescriptor/md:Organization') ⇒ Object



60
61
62
# File 'lib/saml/kit/metadata.rb', line 60

def organization(xpath = '/md:EntityDescriptor/md:Organization')
  @organization ||= Organization.new(at_xpath(xpath))
end

#organization_nameObject

Deprecated.


7
8
9
10
# File 'lib/saml/kit/deprecated/metadata.rb', line 7

def organization_name
  Saml::Kit.deprecate('`organization_name` is deprecated. Use `organization.name`')
  organization.name
end

#organization_urlObject

Deprecated.


13
14
15
16
# File 'lib/saml/kit/deprecated/metadata.rb', line 13

def organization_url
  Saml::Kit.deprecate('`organization_url` is deprecated. Use `organization.url`')
  organization.url
end

#service_for(binding:, type:) ⇒ Object

Returns a specifing service binding.

‘AssertionConsumerServiceURL`, `SingleSignOnService` or `SingleLogoutService`.

Parameters:

  • binding (Symbol)

    can be ‘:http_post` or `:http_redirect`.

  • type (Symbol)

    can be on the service element like



110
111
112
113
# File 'lib/saml/kit/metadata.rb', line 110

def service_for(binding:, type:)
  binding = Saml::Kit::Bindings.binding_for(binding)
  services(type).find { |x| x.binding?(binding) }
end

#services(type) ⇒ Object

Returns each of the service endpoints supported by this metadata.

.E.g. ‘AssertionConsumerServiceURL`

Parameters:

  • type (String)

    the type of service.



96
97
98
99
100
101
102
# File 'lib/saml/kit/metadata.rb', line 96

def services(type)
  search("/md:EntityDescriptor/md:#{name}/md:#{type}").map do |item|
    binding = item.attribute('Binding').value
    location = item.attribute('Location').value
    Saml::Kit::Bindings.create_for(binding, location)
  end
end

#signature(xpath = '/md:EntityDescriptor/ds:Signature') ⇒ Object



166
167
168
# File 'lib/saml/kit/metadata.rb', line 166

def signature(xpath = '/md:EntityDescriptor/ds:Signature')
  @signature ||= Signature.new(at_xpath(xpath))
end

#signing_certificatesObject

Returns the signing certificates.



88
89
90
# File 'lib/saml/kit/metadata.rb', line 88

def signing_certificates
  certificates.find_all(&:signing?)
end

#single_logout_service_for(binding:) ⇒ Object

Returns the SingleLogoutService that matches the specified binding.

Parameters:

  • binding (Symbol)

    can be ‘:http_post` or `:http_redirect`.



123
124
125
# File 'lib/saml/kit/metadata.rb', line 123

def single_logout_service_for(binding:)
  service_for(binding: binding, type: 'SingleLogoutService')
end

#single_logout_servicesObject

Returns each of the SingleLogoutService bindings



116
117
118
# File 'lib/saml/kit/metadata.rb', line 116

def single_logout_services
  services('SingleLogoutService')
end

#verify(algorithm, signature, data) ⇒ Xml::Kit::Certificate

Verifies the signature and data using the signing certificates.

E.g. ‘OpenSSL::Digest::SHA256` produce the signature.

Parameters:

  • algorithm (OpenSSL::Digest)

    the digest algorithm to use.

  • signature (String)

    the signature to verify

  • data (String)

    the data that is used to produce the signature.

Returns:

  • (Xml::Kit::Certificate)

    the certificate that was used to



160
161
162
163
164
# File 'lib/saml/kit/metadata.rb', line 160

def verify(algorithm, signature, data)
  signing_certificates.find do |certificate|
    certificate.public_key.verify(algorithm, signature, data)
  end
end