Sha256: a25447cd4b51da45eb09d3a80ec0624819ddf24866219f39ca1df35c034d71c7

Contents?: true

Size: 1.88 KB

Versions: 2

Compression:

Stored size: 1.88 KB

Contents

module Saml
  module Kit
    module Bindings
      class HttpRedirect < Binding
        include Serializable

        def initialize(location:)
          super(binding: Saml::Kit::Bindings::HTTP_REDIRECT, location: location)
        end

        def serialize(builder, relay_state: nil)
          builder.sign = false
          builder.destination = location
          document = builder.build
          [UrlBuilder.new(configuration: builder.configuration).build(document, relay_state: relay_state), {}]
        end

        def deserialize(params)
          document = deserialize_document_from!(params)
          ensure_valid_signature!(params, document)
          document.signature_verified!
          document
        end

        private

        def deserialize_document_from!(params)
          xml = inflate(decode(unescape(saml_param_from(params))))
          Saml::Kit.logger.debug(xml)
          Saml::Kit::Document.to_saml_document(xml)
        end

        def ensure_valid_signature!(params, document)
          return if params['Signature'].blank? || params['SigAlg'].blank?

          signature = decode(params['Signature'])
          canonical_form = ['SAMLRequest', 'SAMLResponse', 'RelayState', 'SigAlg'].map do |key|
            value = params[key]
            value.present? ? "#{key}=#{value}" : nil
          end.compact.join('&')

          valid = document.provider.verify(algorithm_for(params['SigAlg']), signature, canonical_form)
          raise ArgumentError.new("Invalid Signature") unless valid
        end

        def algorithm_for(algorithm)
          case algorithm =~ /(rsa-)?sha(.*?)$/i && $2.to_i
          when 256
            OpenSSL::Digest::SHA256.new
          when 384
            OpenSSL::Digest::SHA384.new
          when 512
            OpenSSL::Digest::SHA512.new
          else
            OpenSSL::Digest::SHA1.new
          end
        end
      end
    end
  end
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version Path
saml-kit-0.2.5 lib/saml/kit/bindings/http_redirect.rb
saml-kit-0.2.4 lib/saml/kit/bindings/http_redirect.rb