Class: Saml::Kit::Assertion

Inherits:
Document show all
Extended by:
Forwardable
Defined in:
lib/saml/kit/assertion.rb

Overview

This class validates the Assertion element nested in a Response element of a SAML document.

Constant Summary collapse

XPATH =
[
  '/samlp:Response/saml:Assertion',
  '/samlp:Response/saml:EncryptedAssertion'
].join('|')

Constants inherited from Document

Document::CONSTRUCTORS

Constants included from XsdValidatable

XsdValidatable::METADATA_XSD, XsdValidatable::PROTOCOL_XSD

Constants included from XmlParseable

XmlParseable::NAMESPACES

Instance Attribute Summary collapse

Attributes inherited from Document

#registry

Instance Method Summary collapse

Methods inherited from Document

#destination, #issue_instant, to_saml_document

Methods included from XmlParseable

#present?, #to_h, #to_xhtml, #to_xml

Methods included from Trustable

#trusted?

Constructor Details

#initialize(node, configuration: Saml::Kit.configuration, private_keys: []) ⇒ Assertion

Returns a new instance of Assertion


24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/saml/kit/assertion.rb', line 24

def initialize(
  node, configuration: Saml::Kit.configuration, private_keys: []
)
  @name = 'Assertion'
  @to_nokogiri = node.is_a?(String) ? Nokogiri::XML(node).root : node
  @configuration = configuration
  @occurred_at = Time.current
  @cannot_decrypt = false
  @encrypted = false
  keys = configuration.private_keys(use: :encryption) + private_keys
  decrypt(::Xml::Kit::Decryption.new(private_keys: keys.uniq))
  super(to_s, name: 'Assertion', configuration: configuration)
end

Instance Attribute Details

#configurationObject (readonly)

Returns the value of attribute configuration


21
22
23
# File 'lib/saml/kit/assertion.rb', line 21

def configuration
  @configuration
end

#nameObject (readonly)

Returns the value of attribute name


21
22
23
# File 'lib/saml/kit/assertion.rb', line 21

def name
  @name
end

#occurred_atObject

Returns the value of attribute occurred_at


22
23
24
# File 'lib/saml/kit/assertion.rb', line 22

def occurred_at
  @occurred_at
end

Instance Method Details

#active?(now = occurred_at) ⇒ Boolean

Returns:

  • (Boolean)

70
71
72
73
# File 'lib/saml/kit/assertion.rb', line 70

def active?(now = occurred_at)
  drifted_started_at = started_at - configuration.clock_drift.to_i.seconds
  now > drifted_started_at && !expired?(now)
end

#attribute_statement(xpath = './saml:AttributeStatement') ⇒ Object


79
80
81
# File 'lib/saml/kit/assertion.rb', line 79

def attribute_statement(xpath = './saml:AttributeStatement')
  @attribute_statement ||= AttributeStatement.new(search(xpath))
end

#conditionsObject


83
84
85
# File 'lib/saml/kit/assertion.rb', line 83

def conditions
  @conditions ||= Conditions.new(search('./saml:Conditions'))
end

#decryptable?Boolean

Returns:

  • (Boolean)

91
92
93
94
95
# File 'lib/saml/kit/assertion.rb', line 91

def decryptable?
  return true unless encrypted?

  !@cannot_decrypt
end

#encrypted?Boolean

Returns:

  • (Boolean)

87
88
89
# File 'lib/saml/kit/assertion.rb', line 87

def encrypted?
  @encrypted
end

#expected_type?Boolean

Returns:

  • (Boolean)

75
76
77
# File 'lib/saml/kit/assertion.rb', line 75

def expected_type?
  at_xpath('../saml:Assertion|../saml:EncryptedAssertion').present?
end

#expired?(now = occurred_at) ⇒ Boolean

Returns:

  • (Boolean)

66
67
68
# File 'lib/saml/kit/assertion.rb', line 66

def expired?(now = occurred_at)
  now > expired_at
end

#idObject


38
39
40
# File 'lib/saml/kit/assertion.rb', line 38

def id
  at_xpath('./@ID').try(:value)
end

#issuerObject


42
43
44
# File 'lib/saml/kit/assertion.rb', line 42

def issuer
  at_xpath('./saml:Issuer').try(:text)
end

#name_idObject


50
51
52
# File 'lib/saml/kit/assertion.rb', line 50

def name_id
  at_xpath('./saml:Subject/saml:NameID').try(:text)
end

#name_id_formatObject


54
55
56
# File 'lib/saml/kit/assertion.rb', line 54

def name_id_format
  at_xpath('./saml:Subject/saml:NameID').attribute('Format').try(:value)
end

#signatureObject


62
63
64
# File 'lib/saml/kit/assertion.rb', line 62

def signature
  @signature ||= Signature.new(at_xpath('./ds:Signature'))
end

#signed?Boolean

Returns:

  • (Boolean)

58
59
60
# File 'lib/saml/kit/assertion.rb', line 58

def signed?
  signature.present?
end

#to_sObject


97
98
99
# File 'lib/saml/kit/assertion.rb', line 97

def to_s
  @to_nokogiri.to_s
end

#versionObject


46
47
48
# File 'lib/saml/kit/assertion.rb', line 46

def version
  at_xpath('./@Version').try(:value)
end