Class: SAML2::KeyInfo

Inherits:
Base
  • Object
show all
Defined in:
lib/saml2/key.rb

Overview

This represents the XML Signatures <KeyInfo> element, and actually contains a reference to an X.509 certificate, not solely a public key.

Direct Known Subclasses

KeyDescriptor

Instance Attribute Summary collapse

Attributes inherited from Base

#xml

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#decrypt, from_xml, #inspect, load_object_array, load_string_array, lookup_qname, #to_s, #to_xml

Constructor Details

#initialize(x509 = nil) ⇒ KeyInfo

Returns a new instance of KeyInfo.

Parameters:

  • x509 (String) (defaults to: nil)

    The PEM encoded certificate.



18
19
20
21
# File 'lib/saml2/key.rb', line 18

def initialize(x509 = nil)
  super()
  self.x509 = x509
end

Instance Attribute Details

#keyOpenSSL::PKey::PKey

Returns An RSA Public Key.

Returns:

  • (OpenSSL::PKey::PKey)

    An RSA Public Key



15
16
17
# File 'lib/saml2/key.rb', line 15

def key
  @key
end

#x509String

Returns The PEM encoded certificate.

Returns:

  • (String)

    The PEM encoded certificate.



13
14
15
# File 'lib/saml2/key.rb', line 13

def x509
  @x509
end

Class Method Details

.format_fingerprint(fingerprint) ⇒ String

Formats a fingerprint as all lowercase, with a : every two characters, stripping all non-hexadecimal characters.

Parameters:

  • fingerprint (String)

Returns:

  • (String)


57
58
59
# File 'lib/saml2/key.rb', line 57

def self.format_fingerprint(fingerprint)
  fingerprint.downcase.gsub(/[^0-9a-f]/, "").gsub(/(\h{2})(?=\h)/, '\1:')
end

Instance Method Details

#build(builder) ⇒ void

This method returns an undefined value.

Serialize this object to XML, as part of a larger document

Parameters:

  • builder (Nokogiri::XML::Builder)

    The builder helper object to serialize to.



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'lib/saml2/key.rb', line 69

def build(builder)
  builder["dsig"].KeyInfo do |key_info|
    if x509
      key_info["dsig"].X509Data do |x509_data|
        x509_data["dsig"].X509Certificate(x509)
      end
    end
    if key.is_a?(OpenSSL::PKey::RSA)
      key_info["dsig"].KeyValue do |key_value|
        key_value["dsig"].RSAKeyValue do |rsa_key_value|
          rsa_key_value["dsig"].Modulus(Base64.encode64(key.n.to_s(2)))
          rsa_key_value["dsig"].Exponent(Base64.encode64(key.e.to_s(2)))
        end
      end
    end
  end
end

#certificateOpenSSL::X509::Certificate

Returns:

  • (OpenSSL::X509::Certificate)


42
43
44
45
46
# File 'lib/saml2/key.rb', line 42

def certificate
  return nil if x509.nil?

  @certificate ||= OpenSSL::X509::Certificate.new(Base64.decode64(x509))
end

#fingerprintString

Returns:

  • (String)


62
63
64
65
66
# File 'lib/saml2/key.rb', line 62

def fingerprint
  return nil unless certificate

  @fingerprint ||= self.class.format_fingerprint(Digest::SHA1.hexdigest(certificate.to_der))
end

#from_xml(node) ⇒ void

This method returns an undefined value.

Parse an XML element into this object.

Parameters:

  • node (Nokogiri::XML::Element)


24
25
26
27
28
29
30
31
32
33
34
35
# File 'lib/saml2/key.rb', line 24

def from_xml(node)
  self.x509 = node.at_xpath("dsig:X509Data/dsig:X509Certificate", Namespaces::ALL)&.content&.strip
  return unless (rsa_key_value = node.at_xpath("dsig:KeyValue/dsig:RSAKeyValue", Namespaces::ALL))

  modulus = crypto_binary_to_integer(rsa_key_value.at_xpath("dsig:Modulus", Namespaces::ALL)&.content&.strip)
  exponent = crypto_binary_to_integer(rsa_key_value.at_xpath("dsig:Exponent", Namespaces::ALL)&.content&.strip)
  return unless modulus && exponent

  @key = OpenSSL::PKey::RSA.new(
    OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer(modulus), OpenSSL::ASN1::Integer(exponent)]).to_der
  )
end

#public_keyOpenSSL::PKey::PKey

Returns:

  • (OpenSSL::PKey::PKey)


49
50
51
# File 'lib/saml2/key.rb', line 49

def public_key
  key || certificate&.public_key
end