class Saml::Utils
- Saml::Utils
- Reference
- Object
Overview
SAML2 Auxiliary class
Defined in:
saml/utils.crConstant Summary
-
BINDINGS =
{:post => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", :redirect => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"}
-
DSIG =
"http://www.w3.org/2000/09/xmldsig#"
-
DURATION_FORMAT =
/^ (-?)P # 1: Duration sign (?: (?:(\d+)Y)? # 2: Years (?:(\d+)M)? # 3: Months (?:(\d+)D)? # 4: Days (?:T (?:(\d+)H)? # 5: Hours (?:(\d+)M)? # 6: Minutes (?:(\d+(?:[.,]\d+)?)S)? # 7: Seconds )? | (\d+)W # 8: Weeks ) $/x
-
UUID_PREFIX =
"_"
-
XENC =
"http://www.w3.org/2001/04/xmlenc#"
Class Method Summary
-
.build_query(params)
Build the Query String signature that will be used in the HTTP-Redirect binding to generate the Signature @param params [Hash] Parameters to build the Query String @option params [String] :type 'SAMLRequest' or 'SAMLResponse' @option params [String] :data Base64 encoded SAMLRequest or SAMLResponse @option params [String] :relay_state The RelayState parameter @option params [String] :sig_alg The SigAlg parameter @return [String] The Query String
-
.build_query_from_raw_parts(params)
Reconstruct a canonical query string from raw URI-encoded parts, to be used in verifying a signature
-
.decrypt_data(encrypted_node : XML::Node, private_key)
Obtains the decrypted string from an Encrypted node element in XML @param encrypted_node [XML::Node] The Encrypted element @param private_key [OpenSSL::PKey::RSA] The Service provider private key @return [String] The decrypted data
-
.element_text(element)
Given a XML::Node instance, return the concatenation of all child text nodes.
- .escape_request_param(param, lowercase_url_encoding)
-
.format_cert(cert)
Return a properly formatted x509 certificate
-
.format_private_key(key)
Return a properly formatted private key
-
.is_cert_expired(cert)
Checks if the x509 cert provided is expired
-
.original_uri_match?(destination_url, settings_url)
If URI.parse can't match to valid URL, default back to the original matching service.
-
.parse_duration(duration, timestamp = Time.utc)
Interprets a ISO8601 duration value relative to a given timestamp.
-
.prepare_raw_get_params(rawparams, params, lowercase_url_encoding = false)
Prepare raw GET parameters (build them from normal parameters if not provided).
-
.retrieve_plaintext(cipher_text, symmetric_key : String | Slice(UInt8) | Nil, algorithm)
Obtains the deciphered text @param cipher_text [String] The ciphered text @param symmetric_key [String] The symetric key used to encrypt the text @param algorithm [String] The encrypted algorithm @return [String] The deciphered text
- .retrieve_symetric_key_reference(encrypt_data : XML::Node)
-
.retrieve_symmetric_key(encrypt_data : XML::Node, private_key)
Obtains the symmetric key from the EncryptedData element @param encrypt_data [XML::Node] The EncryptedData element @param private_key [OpenSSL::PKey::RSA] The Service provider private key @return [String] The symmetric key
- .set_prefix(value)
-
.status_error_msg(error_msg, raw_status_code = nil, status_message = nil)
Build the status error message @param status_code [String] StatusCode value @param status_message [Strig] StatusMessage value @return [String] The status error message
-
.uri_match?(destination_url : String, settings_url : String)
Given two strings, attempt to match them as URIs using URL parse method.
- .url_encode(input : String | Nil)
- .uuid
-
.verify_signature(params)
Validate the Signature parameter sent on the HTTP-Redirect binding @param params [Hash] Parameters to be used in the validation process @option params [OpenSSL::X509::Certificate] cert The Identity provider public certtificate @option params [String] sig_alg The SigAlg parameter @option params [String] signature The Signature parameter (base64 encoded) @option params [String] query_string The full GET Query String to be compared @return [Boolean] True if the Signature is valid, False otherwise
Class Method Detail
Build the Query String signature that will be used in the HTTP-Redirect binding to generate the Signature @param params [Hash] Parameters to build the Query String @option params [String] :type 'SAMLRequest' or 'SAMLResponse' @option params [String] :data Base64 encoded SAMLRequest or SAMLResponse @option params [String] :relay_state The RelayState parameter @option params [String] :sig_alg The SigAlg parameter @return [String] The Query String
Reconstruct a canonical query string from raw URI-encoded parts, to be used in verifying a signature
@param params [Hash] Parameters to build the Query String @option params [String] :type 'SAMLRequest' or 'SAMLResponse' @option params [String] :raw_data URI-encoded, base64 encoded SAMLRequest or SAMLResponse, as sent by IDP @option params [String] :raw_relay_state URI-encoded RelayState parameter, as sent by IDP @option params [String] :raw_sig_alg URI-encoded SigAlg parameter, as sent by IDP @return [String] The Query String
Obtains the decrypted string from an Encrypted node element in XML @param encrypted_node [XML::Node] The Encrypted element @param private_key [OpenSSL::PKey::RSA] The Service provider private key @return [String] The decrypted data
Given a XML::Node instance, return the concatenation of all child text nodes. Assumes that there all children other than text nodes can be ignored (e.g. comments). If nil is passed, nil will be returned.
Return a properly formatted x509 certificate
@param cert [String] The original certificate @return [String] The formatted certificate
Return a properly formatted private key
@param key [String] The original private key @return [String] The formatted private key
Checks if the x509 cert provided is expired
@param cert [Certificate] The x509 certificate
If URI.parse can't match to valid URL, default back to the original matching service. @return [Boolean]
Interprets a ISO8601 duration value relative to a given timestamp.
@param duration [String] The duration, as a string. @param timestamp [Integer] The unix timestamp we should apply the duration to. Optional, default to the current time.
@return [Integer] The new timestamp, after the duration is applied.
Prepare raw GET parameters (build them from normal parameters if not provided).
@param rawparams [Hash] Raw GET Parameters @param params [Hash] GET Parameters @param lowercase_url_encoding [bool] Lowercase URL Encoding (For ADFS urlencode compatiblity) @return [Hash] New raw parameters
Obtains the deciphered text @param cipher_text [String] The ciphered text @param symmetric_key [String] The symetric key used to encrypt the text @param algorithm [String] The encrypted algorithm @return [String] The deciphered text
Obtains the symmetric key from the EncryptedData element @param encrypt_data [XML::Node] The EncryptedData element @param private_key [OpenSSL::PKey::RSA] The Service provider private key @return [String] The symmetric key
Build the status error message @param status_code [String] StatusCode value @param status_message [Strig] StatusMessage value @return [String] The status error message
Given two strings, attempt to match them as URIs using URL parse method. If they can be parsed, then the fully-qualified domain name and the host should performa a case-insensitive match, per the RFC for URIs. If URL can not parse the string in to URL pieces, return a boolean match of the two strings. This maintains the previous functionality. @return [Boolean]
Validate the Signature parameter sent on the HTTP-Redirect binding @param params [Hash] Parameters to be used in the validation process @option params [OpenSSL::X509::Certificate] cert The Identity provider public certtificate @option params [String] sig_alg The SigAlg parameter @option params [String] signature The Signature parameter (base64 encoded) @option params [String] query_string The full GET Query String to be compared @return [Boolean] True if the Signature is valid, False otherwise