Class: SAML2::KeyInfo

Inherits:
Base
  • Object
show all
Defined in:
lib/saml2/key.rb

Overview

This represents the XML Signatures <KeyInfo> element, and actually contains a reference to an X.509 certificate, not solely a public key.

Direct Known Subclasses

KeyDescriptor

Instance Attribute Summary collapse

Attributes inherited from Base

#xml

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#decrypt, from_xml, #inspect, load_object_array, load_string_array, lookup_qname, #to_s, #to_xml

Constructor Details

#initialize(x509 = nil) ⇒ KeyInfo

Returns a new instance of KeyInfo.

Parameters:

  • x509 (String) (defaults to: nil)

    The PEM encoded certificate.


18
19
20
# File 'lib/saml2/key.rb', line 18

def initialize(x509 = nil)
  self.x509 = x509
end

Instance Attribute Details

#keyOpenSSL::PKey::PKey

Returns An RSA Public Key.

Returns:

  • (OpenSSL::PKey::PKey)

    An RSA Public Key


15
16
17
# File 'lib/saml2/key.rb', line 15

def key
  @key
end

#x509String

Returns The PEM encoded certificate.

Returns:

  • (String)

    The PEM encoded certificate.


13
14
15
# File 'lib/saml2/key.rb', line 13

def x509
  @x509
end

Class Method Details

.format_fingerprint(fingerprint) ⇒ String

Formats a fingerprint as all lowercase, with a : every two characters, stripping all non-hexadecimal characters.

Parameters:

  • fingerprint (String)

Returns:

  • (String)

54
55
56
# File 'lib/saml2/key.rb', line 54

def self.format_fingerprint(fingerprint)
  fingerprint.downcase.gsub(/[^0-9a-f]/, '').gsub(/(\h{2})(?=\h)/, '\1:')
end

Instance Method Details

#build(builder) ⇒ void

This method returns an undefined value.

Serialize this object to XML, as part of a larger document

Parameters:

  • builder (Nokogiri::XML::Builder)

    The builder helper object to serialize to.


65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'lib/saml2/key.rb', line 65

def build(builder)
  builder['dsig'].KeyInfo do |key_info|
    if x509
      key_info['dsig'].X509Data do |x509_data|
        x509_data['dsig'].X509Certificate(x509)
      end
    end
    if key.is_a?(OpenSSL::PKey::RSA)
      key_info['dsig'].KeyValue do |key_value|
        key_value['dsig'].RSAKeyValue do |rsa_key_value|
          rsa_key_value['dsig'].Modulus(Base64.encode64(key.n.to_s(2)))
          rsa_key_value['dsig'].Exponent(Base64.encode64(key.e.to_s(2)))
        end
      end
    end
  end
end

#certificateOpenSSL::X509::Certificate

Returns:

  • (OpenSSL::X509::Certificate)

40
41
42
43
# File 'lib/saml2/key.rb', line 40

def certificate
  return nil if x509.nil?
  @certificate ||= OpenSSL::X509::Certificate.new(Base64.decode64(x509))
end

#fingerprintString

Returns:

  • (String)

59
60
61
62
# File 'lib/saml2/key.rb', line 59

def fingerprint
  return nil unless certificate
  @fingerprint ||= self.class.format_fingerprint(Digest::SHA1.hexdigest(certificate.to_der))
end

#from_xml(node) ⇒ void

This method returns an undefined value.

Parse an XML element into this object.

Parameters:

  • node (Nokogiri::XML::Element)

23
24
25
26
27
28
29
30
31
32
33
# File 'lib/saml2/key.rb', line 23

def from_xml(node)
  self.x509 = node.at_xpath('dsig:X509Data/dsig:X509Certificate', Namespaces::ALL)&.content&.strip
  if (rsa_key_value = node.at_xpath('dsig:KeyValue/dsig:RSAKeyValue', Namespaces::ALL))
    modulus = crypto_binary_to_integer(rsa_key_value.at_xpath('dsig:Modulus', Namespaces::ALL)&.content&.strip)
    exponent = crypto_binary_to_integer(rsa_key_value.at_xpath('dsig:Exponent', Namespaces::ALL)&.content&.strip)
    if modulus && exponent
      @key = OpenSSL::PKey::RSA.new
      key.set_key(modulus, exponent, nil)
    end
  end
end

#public_keyOpenSSL::PKey::PKey

Returns:

  • (OpenSSL::PKey::PKey)

46
47
48
# File 'lib/saml2/key.rb', line 46

def public_key
  key || certificate&.public_key
end