Sha256: d53cd1d847d8137f66017ffd4120e556cd84a0cc125feee7bc56f12f4c07d05e
Contents?: true
Size: 1.63 KB
Versions: 2
Compression:
Stored size: 1.63 KB
Contents
module Saml
module Kit
module Trustable
extend ActiveSupport::Concern
included do
validate :must_have_valid_signature, unless: :signature_manually_verified
validate :must_be_registered
validate :must_be_trusted, unless: :signature_manually_verified
end
def certificate
return unless signed?
to_h.fetch(name, {}).fetch('Signature', {}).fetch('KeyInfo', {}).fetch('X509Data', {}).fetch('X509Certificate', nil)
end
def fingerprint
return if certificate.blank?
Fingerprint.new(certificate)
end
def signed?
to_h.fetch(name, {}).fetch('Signature', nil).present?
end
def trusted?
return false if provider.nil?
return false unless signed?
provider.matches?(fingerprint, use: :signing)
end
def provider
registry.metadata_for(issuer)
end
def registry
Saml::Kit.configuration.registry
end
def signature_verified!
@signature_manually_verified = true
end
private
attr_reader :signature_manually_verified
def must_have_valid_signature
return if to_xml.blank?
xml = Saml::Kit::Xml.new(to_xml)
xml.valid?
xml.errors.each do |error|
errors[:base] << error
end
end
def must_be_registered
return unless expected_type?
return if provider.present?
errors[:provider] << error_message(:unregistered)
end
def must_be_trusted
return if trusted?
errors[:fingerprint] << error_message(:invalid_fingerprint)
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| saml-kit-0.2.1 | lib/saml/kit/trustable.rb |
| saml-kit-0.2.0 | lib/saml/kit/trustable.rb |