Class: Saml::Kit::Configuration
- Inherits:
-
Object
- Object
- Saml::Kit::Configuration
- Defined in:
- lib/saml/kit/configuration.rb
Overview
This class represents the main configuration that is use for generating SAML documents.
Saml::Kit::Configuration.new do |config|
config.entity_id = "com:saml:kit"
config.signature_method = :SHA256
config.digest_method = :SHA256
config.registry = Saml::Kit::DefaultRegistry.new
config.session_timeout = 30.minutes
config.logger = Rails.logger
end
To specify global configuration it is best to do this in an initializer
that runs at the start of the program.
Saml::Kit.configure do |configuration|
configuration.entity_id = "https://www.example.com/saml/metadata"
configuration.generate_key_pair_for(use: :signing)
configuration.add_key_pair(
ENV["X509_CERTIFICATE"],
ENV["PRIVATE_KEY"],
passphrase: ENV['PRIVATE_KEY_PASSPHRASE'],
use: :encryption
)
end
Constant Summary collapse
- USES =
%i[signing encryption].freeze
Instance Attribute Summary collapse
-
#clock_drift ⇒ Object
The total allowable clock drift for session timeout validation.
-
#digest_method ⇒ Object
The digest method to use when generating signatures (See Builders::XmlSignature::DIGEST_METHODS).
-
#entity_id ⇒ Object
The issuer to use in requests or responses from this entity to use.
-
#logger ⇒ Object
The logger to write log messages to.
-
#registry ⇒ Object
The metadata registry to use for searching for metadata associated with an issuer.
-
#session_timeout ⇒ Object
The session timeout to use when generating an Assertion.
-
#signature_method ⇒ Object
The signature method to use when generating signatures (See Builders::XmlSignature::SIGNATURE_METHODS).
Instance Method Summary collapse
-
#add_key_pair(certificate, private_key, passphrase: nil, use: :signing) ⇒ Object
Add a key pair that can be used for either signing or encryption.
-
#certificates(use: nil) ⇒ Object
Return each certificate for a specific use.
-
#generate_key_pair_for(use:, passphrase: SecureRandom.uuid) ⇒ Object
Generates a unique key pair that can be used for signing or encryption.
-
#initialize {|_self| ... } ⇒ Configuration
constructor
A new instance of Configuration.
-
#key_pairs(use: nil) ⇒ Object
Return each key pair for a specific use.
-
#private_keys(use: nil) ⇒ Object
Return each private for a specific use.
-
#sign? ⇒ Boolean
Returns true if there is at least one signing certificate registered.
Constructor Details
#initialize {|_self| ... } ⇒ Configuration
Returns a new instance of Configuration.
50 51 52 53 54 55 56 57 58 59 |
# File 'lib/saml/kit/configuration.rb', line 50 def initialize @clock_drift = 30.seconds @digest_method = :SHA256 @key_pairs = [] @logger = Logger.new(STDOUT) @registry = DefaultRegistry.new @session_timeout = 3.hours @signature_method = :SHA256 yield self if block_given? end |
Instance Attribute Details
#clock_drift ⇒ Object
The total allowable clock drift for session timeout validation.
48 49 50 |
# File 'lib/saml/kit/configuration.rb', line 48 def clock_drift @clock_drift end |
#digest_method ⇒ Object
The digest method to use when generating signatures (See Builders::XmlSignature::DIGEST_METHODS)
39 40 41 |
# File 'lib/saml/kit/configuration.rb', line 39 def digest_method @digest_method end |
#entity_id ⇒ Object
The issuer to use in requests or responses from this entity to use.
33 34 35 |
# File 'lib/saml/kit/configuration.rb', line 33 def entity_id @entity_id end |
#logger ⇒ Object
The logger to write log messages to.
46 47 48 |
# File 'lib/saml/kit/configuration.rb', line 46 def logger @logger end |
#registry ⇒ Object
The metadata registry to use for searching for metadata associated with an issuer.
42 43 44 |
# File 'lib/saml/kit/configuration.rb', line 42 def registry @registry end |
#session_timeout ⇒ Object
The session timeout to use when generating an Assertion.
44 45 46 |
# File 'lib/saml/kit/configuration.rb', line 44 def session_timeout @session_timeout end |
#signature_method ⇒ Object
The signature method to use when generating signatures (See Builders::XmlSignature::SIGNATURE_METHODS)
36 37 38 |
# File 'lib/saml/kit/configuration.rb', line 36 def signature_method @signature_method end |
Instance Method Details
#add_key_pair(certificate, private_key, passphrase: nil, use: :signing) ⇒ Object
Add a key pair that can be used for either signing or encryption.
67 68 69 70 71 72 73 74 |
# File 'lib/saml/kit/configuration.rb', line 67 def add_key_pair(certificate, private_key, passphrase: nil, use: :signing) ensure_proper_use(use) @key_pairs.push( ::Xml::Kit::KeyPair.new( certificate, private_key, passphrase, use.to_sym ) ) end |
#certificates(use: nil) ⇒ Object
Return each certificate for a specific use.
‘nil`, `:signing` or `:encryption`
100 101 102 |
# File 'lib/saml/kit/configuration.rb', line 100 def certificates(use: nil) key_pairs(use: use).flat_map(&:certificate) end |
#generate_key_pair_for(use:, passphrase: SecureRandom.uuid) ⇒ Object
Generates a unique key pair that can be used for signing or encryption.
80 81 82 83 84 85 86 |
# File 'lib/saml/kit/configuration.rb', line 80 def generate_key_pair_for(use:, passphrase: SecureRandom.uuid) ensure_proper_use(use) certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create( passphrase: passphrase ) add_key_pair(certificate, private_key, passphrase: passphrase, use: use) end |
#key_pairs(use: nil) ⇒ Object
Return each key pair for a specific use.
‘nil`, `:signing` or `:encryption`
92 93 94 |
# File 'lib/saml/kit/configuration.rb', line 92 def key_pairs(use: nil) use.present? ? active_key_pairs.find_all { |xxx| xxx.for?(use) } : active_key_pairs end |
#private_keys(use: nil) ⇒ Object
Return each private for a specific use.
‘nil`, `:signing` or `:encryption`
108 109 110 |
# File 'lib/saml/kit/configuration.rb', line 108 def private_keys(use: nil) key_pairs(use: use).flat_map(&:private_key) end |
#sign? ⇒ Boolean
Returns true if there is at least one signing certificate registered.
113 114 115 |
# File 'lib/saml/kit/configuration.rb', line 113 def sign? @sign ||= certificates(use: :signing).any? end |