Class: Saml::Kit::Metadata

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
ActiveModel::Validations, Buildable, Translatable, XmlParseable, XsdValidatable
Defined in:
lib/saml/kit/metadata.rb,
lib/saml/kit/deprecated/metadata.rb

Overview

The Metadata object can be used to parse an XML string of metadata.

 = Saml::Kit::.from(raw_xml)

It can also be used to generate a new metadata string.

 = Saml::Kit::.build do |builder|
  builder.entity_id = "my-issuer"
  builder.build_service_provider do |x|
    x.add_assertion_consumer_service(assertions_url, binding: :http_post)
    x.add_single_logout_service(logout_url, binding: :http_post)
  end
  builder.build_identity_provider do |x|
    x.add_single_sign_on_service(, binding: :http_redirect)
    x.add_single_logout_service(logout_url, binding: :http_post)
  end
end
puts .to_xml(pretty: true)

See Builders::ServiceProviderMetadata and Builders::IdentityProviderMetadata for a list of options that can be specified.

Constant Summary

Constants included from XsdValidatable

XsdValidatable::METADATA_XSD, XsdValidatable::PROTOCOL_XSD

Constants included from XmlParseable

XmlParseable::NAMESPACES

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from XmlParseable

#present?, #to_h, #to_s, #to_xhtml, #to_xml

Constructor Details

#initialize(name, content) ⇒ Metadata


45
46
47
48
# File 'lib/saml/kit/metadata.rb', line 45

def initialize(name, content)
  @name = name
  @content = content
end

Instance Attribute Details

#contentObject (readonly)

Returns the value of attribute content


43
44
45
# File 'lib/saml/kit/metadata.rb', line 43

def content
  @content
end

#nameObject (readonly)

Returns the value of attribute name


43
44
45
# File 'lib/saml/kit/metadata.rb', line 43

def name
  @name
end

Class Method Details

.builder_classObject


174
175
176
# File 'lib/saml/kit/metadata.rb', line 174

def self.builder_class
  Saml::Kit::Builders::
end

.from(content) ⇒ Object


170
171
172
# File 'lib/saml/kit/metadata.rb', line 170

def self.from(content)
  Saml::Kit::Parser.new.(content)
end

Instance Method Details

#certificates(xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor") ⇒ Object

Returns each of the X509 certificates.


70
71
72
73
74
75
76
77
78
79
80
# File 'lib/saml/kit/metadata.rb', line 70

def certificates(
  xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor"
)
  @certificates ||= search(xpath).map do |item|
    xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate'
    namespaces = { 'ds' => ::Xml::Kit::Namespaces::XMLDSIG }
    cert = item.at_xpath(xpath, namespaces).try(:text)
    use_attribute = item.attribute('use')
    ::Xml::Kit::Certificate.new(cert, use: use_attribute.try(:value))
  end
end

#contact_person_companyObject

Returns the Company


65
66
67
# File 'lib/saml/kit/metadata.rb', line 65

def contact_person_company
  at_xpath('/md:EntityDescriptor/md:ContactPerson/md:Company').try(:text)
end

#encryption_certificatesObject

Returns the encryption certificates


83
84
85
# File 'lib/saml/kit/metadata.rb', line 83

def encryption_certificates
  certificates.find_all(&:encryption?)
end

#entity_idObject

Returns the /EntityDescriptor/@entityID


51
52
53
# File 'lib/saml/kit/metadata.rb', line 51

def entity_id
  at_xpath('/md:EntityDescriptor/@entityID').try(:value)
end

#logout_request_for(user, binding: :http_post, relay_state: nil) ⇒ Array

Creates a serialized LogoutRequest.

`assertion_attributes_for`. send to the other party.


135
136
137
138
139
# File 'lib/saml/kit/metadata.rb', line 135

def logout_request_for(user, binding: :http_post, relay_state: nil)
  builder = LogoutRequest.builder(user) { |x| yield x if block_given? }
  request_binding = single_logout_service_for(binding: binding)
  request_binding.serialize(builder, relay_state: relay_state)
end

#matches?(fingerprint, use: :signing) ⇒ Xml::Kit::Certificate

Returns the certificate that matches the fingerprint

Can be `:signing` or `:encryption`. `Xml::Kit::Certificate`


148
149
150
# File 'lib/saml/kit/metadata.rb', line 148

def matches?(fingerprint, use: :signing)
  certificates.find { |x| x.for?(use) && x.fingerprint == fingerprint }
end

#name_id_formatsObject

Returns the supported NameIDFormats.


56
57
58
# File 'lib/saml/kit/metadata.rb', line 56

def name_id_formats
  search("/md:EntityDescriptor/md:#{name}/md:NameIDFormat").map(&:text)
end

#organization(xpath = '/md:EntityDescriptor/md:Organization') ⇒ Object


60
61
62
# File 'lib/saml/kit/metadata.rb', line 60

def organization(xpath = '/md:EntityDescriptor/md:Organization')
  @organization ||= Organization.new(at_xpath(xpath))
end

#organization_nameObject

Deprecated.

7
8
9
10
# File 'lib/saml/kit/deprecated/metadata.rb', line 7

def organization_name
  Saml::Kit.deprecate('`organization_name` is deprecated. Use `organization.name`')
  organization.name
end

#organization_urlObject

Deprecated.

13
14
15
16
# File 'lib/saml/kit/deprecated/metadata.rb', line 13

def organization_url
  Saml::Kit.deprecate('`organization_url` is deprecated. Use `organization.url`')
  organization.url
end

#service_for(binding:, type:) ⇒ Object

Returns a specifing service binding.

`AssertionConsumerServiceURL`, `SingleSignOnService` or `SingleLogoutService`.


110
111
112
113
# File 'lib/saml/kit/metadata.rb', line 110

def service_for(binding:, type:)
  binding = Saml::Kit::Bindings.binding_for(binding)
  services(type).find { |x| x.binding?(binding) }
end

#services(type) ⇒ Object

Returns each of the service endpoints supported by this metadata.

.E.g. `AssertionConsumerServiceURL`


96
97
98
99
100
101
102
# File 'lib/saml/kit/metadata.rb', line 96

def services(type)
  search("/md:EntityDescriptor/md:#{name}/md:#{type}").map do |item|
    binding = item.attribute('Binding').value
    location = item.attribute('Location').value
    Saml::Kit::Bindings.create_for(binding, location)
  end
end

#signature(xpath = '/md:EntityDescriptor/ds:Signature') ⇒ Object


166
167
168
# File 'lib/saml/kit/metadata.rb', line 166

def signature(xpath = '/md:EntityDescriptor/ds:Signature')
  @signature ||= Signature.new(at_xpath(xpath))
end

#signing_certificatesObject

Returns the signing certificates.


88
89
90
# File 'lib/saml/kit/metadata.rb', line 88

def signing_certificates
  certificates.find_all(&:signing?)
end

#single_logout_service_for(binding:) ⇒ Object

Returns the SingleLogoutService that matches the specified binding.


123
124
125
# File 'lib/saml/kit/metadata.rb', line 123

def single_logout_service_for(binding:)
  service_for(binding: binding, type: 'SingleLogoutService')
end

#single_logout_servicesObject

Returns each of the SingleLogoutService bindings


116
117
118
# File 'lib/saml/kit/metadata.rb', line 116

def single_logout_services
  services('SingleLogoutService')
end

#verify(algorithm, signature, data) ⇒ Xml::Kit::Certificate

Verifies the signature and data using the signing certificates.

E.g. `OpenSSL::Digest::SHA256` produce the signature.


160
161
162
163
164
# File 'lib/saml/kit/metadata.rb', line 160

def verify(algorithm, signature, data)
  signing_certificates.find do |certificate|
    certificate.public_key.verify(algorithm, signature, data)
  end
end