lib/saml/kit/metadata.rb in saml-kit-0.1.0 vs lib/saml/kit/metadata.rb in saml-kit-0.2.0
- old
+ new
@@ -1,18 +1,11 @@
module Saml
module Kit
class Metadata
include ActiveModel::Validations
include XsdValidatable
-
METADATA_XSD = File.expand_path("./xsd/saml-schema-metadata-2.0.xsd", File.dirname(__FILE__)).freeze
- NAMESPACES = {
- "NameFormat": Namespaces::ATTR_SPLAT,
- "ds": Namespaces::XMLDSIG,
- "md": Namespaces::METADATA,
- "saml": Namespaces::ASSERTION,
- }.freeze
validates_presence_of :metadata
validate :must_contain_descriptor
validate :must_match_xsd
validate :must_have_valid_signature
@@ -25,20 +18,20 @@
@xml = xml
@hash_algorithm = OpenSSL::Digest::SHA256
end
def entity_id
- find_by("/md:EntityDescriptor/@entityID").value
+ document.find_by("/md:EntityDescriptor/@entityID").value
end
def name_id_formats
- find_all("/md:EntityDescriptor/md:#{name}/md:NameIDFormat").map(&:text)
+ document.find_all("/md:EntityDescriptor/md:#{name}/md:NameIDFormat").map(&:text)
end
def certificates
- @certificates ||= find_all("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
- cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", NAMESPACES).text
+ @certificates ||= document.find_all("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
+ cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", Xml::NAMESPACES).text
{
text: cert,
fingerprint: Fingerprint.new(cert).algorithm(hash_algorithm),
use: item.attribute('use').value.to_sym,
}
@@ -52,19 +45,19 @@
def signing_certificates
certificates.find_all { |x| x[:use] == :signing }
end
def services(type)
- find_all("/md:EntityDescriptor/md:#{name}/md:#{type}").map do |item|
+ document.find_all("/md:EntityDescriptor/md:#{name}/md:#{type}").map do |item|
binding = item.attribute("Binding").value
location = item.attribute("Location").value
- binding_for(binding, location)
+ Saml::Kit::Bindings.create_for(binding, location)
end
end
def service_for(binding:, type:)
- binding = Saml::Kit::Namespaces.binding_for(binding)
+ binding = Saml::Kit::Bindings.binding_for(binding)
services(type).find { |x| x.binding?(binding) }
end
def single_logout_services
services('SingleLogoutService')
@@ -76,21 +69,22 @@
def matches?(fingerprint, use: :signing)
if :signing == use.to_sym
hash_value = fingerprint.algorithm(hash_algorithm)
signing_certificates.find do |signing_certificate|
+ Saml::Kit.logger.debug [hash_value, signing_certificate[:fingerprint]].inspect
hash_value == signing_certificate[:fingerprint]
end
end
end
def to_h
@xml_hash ||= Hash.from_xml(to_xml)
end
- def to_xml
- @xml
+ def to_xml(pretty: false)
+ document.to_xml(pretty: pretty)
end
def to_s
to_xml
end
@@ -114,23 +108,15 @@
end
private
def document
- @document ||= Nokogiri::XML(@xml)
+ @document ||= Xml.new(xml)
end
- def find_by(xpath)
- document.at_xpath(xpath, NAMESPACES)
- end
-
- def find_all(xpath)
- document.search(xpath, NAMESPACES)
- end
-
def metadata
- find_by("/md:EntityDescriptor/md:#{name}").present?
+ document.find_by("/md:EntityDescriptor/md:#{name}").present?
end
def must_contain_descriptor
errors[:base] << error_message(:invalid) unless metadata
end
@@ -152,20 +138,9 @@
result = xml.valid?
xml.errors.each do |error|
errors[:base] << error
end
result
- end
-
- def binding_for(binding, location)
- case binding
- when Namespaces::HTTP_REDIRECT
- Saml::Kit::HttpRedirectBinding.new(location: location)
- when Namespaces::POST
- Saml::Kit::HttpPostBinding.new(location: location)
- else
- Saml::Kit::Binding.new(binding: binding, location: location)
- end
end
end
end
end