Sha256: 520f622fac016d7145bff6ec88224e2553748acc6dc28abe252f76245f5e66de
Contents?: true
Size: 1.97 KB
Versions: 1
Compression:
Stored size: 1.97 KB
Contents
module Saml
module Kit
module Bindings
class HttpRedirect < Binding
include Serializable
def initialize(location:)
super(binding: Saml::Kit::Bindings::HTTP_REDIRECT, location: location)
end
def serialize(builder, relay_state: nil)
builder.sign = false
builder.destination = location
document = builder.build
[UrlBuilder.new(configuration: builder.configuration).build(document, relay_state: relay_state), {}]
end
def deserialize(params, configuration: Saml::Kit.configuration)
document = deserialize_document_from!(params, configuration)
ensure_valid_signature!(params, document)
document.signature_verified!
document
end
private
def deserialize_document_from!(params, configuration)
xml = inflate(decode(unescape(saml_param_from(params))))
Saml::Kit.logger.debug(xml)
Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
end
def ensure_valid_signature!(params, document)
return if params['Signature'].blank? || params['SigAlg'].blank?
signature = decode(params['Signature'])
canonical_form = ['SAMLRequest', 'SAMLResponse', 'RelayState', 'SigAlg'].map do |key|
value = params[key]
value.present? ? "#{key}=#{value}" : nil
end.compact.join('&')
valid = document.provider.verify(algorithm_for(params['SigAlg']), signature, canonical_form)
raise ArgumentError.new("Invalid Signature") unless valid
end
def algorithm_for(algorithm)
case algorithm =~ /(rsa-)?sha(.*?)$/i && $2.to_i
when 256
OpenSSL::Digest::SHA256.new
when 384
OpenSSL::Digest::SHA384.new
when 512
OpenSSL::Digest::SHA512.new
else
OpenSSL::Digest::SHA1.new
end
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| saml-kit-0.2.6 | lib/saml/kit/bindings/http_redirect.rb |