Class: Saml::Kit::Assertion

Inherits:

Document

• Object
• Document
• Saml::Kit::Assertion

Extended by:

Forwardable

Defined in:

lib/saml/kit/assertion.rb

Overview

This class validates the Assertion element nested in a Response element of a SAML document.

Constant Summary

XPATH =

[
  '/samlp:Response/saml:Assertion',
  '/samlp:Response/saml:EncryptedAssertion'
].join('|')

Constants inherited from Document

Document::CONSTRUCTORS

Constants included from XsdValidatable

XsdValidatable::METADATA_XSD, XsdValidatable::PROTOCOL_XSD

Constants included from XmlParseable

XmlParseable::NAMESPACES

Instance Attribute Summary

• #configuration ⇒ Object readonly

  Returns the value of attribute configuration.

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #occurred_at ⇒ Object

  Returns the value of attribute occurred_at.

Attributes inherited from Document

#registry

Instance Method Summary

• #active?(now = occurred_at) ⇒ Boolean
• #attribute_statement(xpath = './saml:AttributeStatement') ⇒ Object
• #conditions ⇒ Object
• #decryptable? ⇒ Boolean
• #encrypted? ⇒ Boolean
• #expected_type? ⇒ Boolean
• #expired?(now = occurred_at) ⇒ Boolean
• #id ⇒ Object
• #initialize(node, configuration: Saml::Kit.configuration, private_keys: []) ⇒ Assertion constructor

  A new instance of Assertion.

• #issuer ⇒ Object
• #name_id ⇒ Object
• #name_id_format ⇒ Object
• #signature ⇒ Object
• #signed? ⇒ Boolean
• #to_s ⇒ Object
• #version ⇒ Object

Methods inherited from Document

#destination, #issue_instant, to_saml_document

Methods included from XmlParseable

#present?, #to_h, #to_xhtml, #to_xml

Methods included from Trustable

#trusted?

Methods included from Validatable

#each_error

Constructor Details

#initialize(node, configuration: Saml::Kit.configuration, private_keys: []) ⇒ Assertion

Returns a new instance of Assertion.

# File 'lib/saml/kit/assertion.rb', line 24

def initialize(
  node, configuration: Saml::Kit.configuration, private_keys: []
)
  @name = 'Assertion'
  @to_nokogiri = node.is_a?(String) ? Nokogiri::XML(node).root : node
  @configuration = configuration
  @occurred_at = Time.current
  @cannot_decrypt = false
  @encrypted = false
  keys = configuration.private_keys(use: :encryption) + private_keys
  decrypt(::Xml::Kit::Decryption.new(private_keys: keys.uniq))
  super(to_s, name: 'Assertion', configuration: configuration)
end

Instance Attribute Details

#configuration ⇒ Object (readonly)

Returns the value of attribute configuration.

# File 'lib/saml/kit/assertion.rb', line 21

def configuration
  @configuration
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/saml/kit/assertion.rb', line 21

def name
  @name
end

#occurred_at ⇒ Object

Returns the value of attribute occurred_at.

# File 'lib/saml/kit/assertion.rb', line 22

def occurred_at
  @occurred_at
end

Instance Method Details

#active?(now = occurred_at) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml/kit/assertion.rb', line 70

def active?(now = occurred_at)
  drifted_started_at = started_at - configuration.clock_drift.to_i.seconds
  now > drifted_started_at && !expired?(now)
end

#attribute_statement(xpath = './saml:AttributeStatement') ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 79

def attribute_statement(xpath = './saml:AttributeStatement')
  @attribute_statement ||= AttributeStatement.new(search(xpath))
end

#conditions ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 83

def conditions
  @conditions ||= Conditions.new(search('./saml:Conditions'))
end

#decryptable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml/kit/assertion.rb', line 91

def decryptable?
  return true unless encrypted?

  !@cannot_decrypt
end

#encrypted? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml/kit/assertion.rb', line 87

def encrypted?
  @encrypted
end

#expected_type? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml/kit/assertion.rb', line 75

def expected_type?
  at_xpath('../saml:Assertion|../saml:EncryptedAssertion').present?
end

#expired?(now = occurred_at) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml/kit/assertion.rb', line 66

def expired?(now = occurred_at)
  now > expired_at
end

#id ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 38

def id
  at_xpath('./@ID').try(:value)
end

#issuer ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 42

def issuer
  at_xpath('./saml:Issuer').try(:text)
end

#name_id ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 50

def name_id
  at_xpath('./saml:Subject/saml:NameID').try(:text)
end

#name_id_format ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 54

def name_id_format
  at_xpath('./saml:Subject/saml:NameID').attribute('Format').try(:value)
end

#signature ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 62

def signature
  @signature ||= Signature.new(at_xpath('./ds:Signature'))
end

#signed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/saml/kit/assertion.rb', line 58

def signed?
  signature.present?
end

#to_s ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 97

def to_s
  @to_nokogiri.to_s
end

#version ⇒ Object

# File 'lib/saml/kit/assertion.rb', line 46

def version
  at_xpath('./@Version').try(:value)
end