Module: Saml::Provider
- Extended by:
- ActiveSupport::Concern
- Included in:
- BasicProvider, NullProvider
- Defined in:
- lib/saml/provider.rb
Instance Method Summary collapse
- #artifact_resolution_service_url(index = nil, type = :descriptor) ⇒ Object
- #assertion_consumer_service(index = nil) ⇒ Object
- #assertion_consumer_service_indices ⇒ Object
- #assertion_consumer_service_url(index = nil) ⇒ Object
- #attribute_consuming_service(index = nil) ⇒ Object
- #attribute_service_url(binding) ⇒ Object
- #authn_requests_signed? ⇒ Boolean
- #certificate(key_name = nil, use = "signing", type = :descriptor) ⇒ Object
- #encryption_key ⇒ Object
- #entity_descriptor ⇒ Object
- #entity_id ⇒ Object
- #find_key_descriptor(key_name = nil, use = "signing", type = :descriptor) ⇒ Object
- #find_key_descriptors_by_use(use, type = :descriptor) ⇒ Object
- #find_key_descriptors_by_use_or_without(use, type = :descriptor) ⇒ Object
- #iterate_certificates_until_verified? ⇒ Boolean
- #sign(signature_algorithm, data) ⇒ Object
- #signing_key ⇒ Object
- #single_logout_service_url(binding, type = :descriptor) ⇒ Object
- #single_sign_on_service_url(binding) ⇒ Object
- #type ⇒ Object
- #verify(signature_algorithm, signature, data, key_name = nil) ⇒ Object
Instance Method Details
#artifact_resolution_service_url(index = nil, type = :descriptor) ⇒ Object
10 11 12 |
# File 'lib/saml/provider.rb', line 10 def artifact_resolution_service_url(index = nil, type = :descriptor) find_indexed_service_url(descriptor(type).artifact_resolution_services, index) end |
#assertion_consumer_service(index = nil) ⇒ Object
18 19 20 |
# File 'lib/saml/provider.rb', line 18 def assertion_consumer_service(index = nil) find_indexed_service(sp_descriptor.assertion_consumer_services, index) end |
#assertion_consumer_service_indices ⇒ Object
22 23 24 25 26 27 28 |
# File 'lib/saml/provider.rb', line 22 def assertion_consumer_service_indices if sp_descriptor.assertion_consumer_services.present? sp_descriptor.assertion_consumer_services.map(&:index) else [] end end |
#assertion_consumer_service_url(index = nil) ⇒ Object
5 6 7 |
# File 'lib/saml/provider.rb', line 5 def assertion_consumer_service_url(index = nil) find_indexed_service_url(sp_descriptor.assertion_consumer_services, index) end |
#attribute_consuming_service(index = nil) ⇒ Object
14 15 16 |
# File 'lib/saml/provider.rb', line 14 def attribute_consuming_service(index = nil) find_indexed_service(sp_descriptor.attribute_consuming_services, index) end |
#attribute_service_url(binding) ⇒ Object
78 79 80 |
# File 'lib/saml/provider.rb', line 78 def attribute_service_url(binding) find_binding_service(aa_descriptor.attribute_service, binding) end |
#authn_requests_signed? ⇒ Boolean
110 111 112 |
# File 'lib/saml/provider.rb', line 110 def authn_requests_signed? sp_descriptor(false).try(:authn_requests_signed) end |
#certificate(key_name = nil, use = "signing", type = :descriptor) ⇒ Object
39 40 41 42 |
# File 'lib/saml/provider.rb', line 39 def certificate(key_name = nil, use = "signing", type = :descriptor) key_descriptor = find_key_descriptor(key_name, use, type) key_descriptor.certificate if key_descriptor end |
#encryption_key ⇒ Object
61 62 63 |
# File 'lib/saml/provider.rb', line 61 def encryption_key @encryption_key end |
#entity_descriptor ⇒ Object
30 31 32 |
# File 'lib/saml/provider.rb', line 30 def entity_descriptor @entity_descriptor end |
#entity_id ⇒ Object
34 35 36 |
# File 'lib/saml/provider.rb', line 34 def entity_id entity_descriptor.entity_id end |
#find_key_descriptor(key_name = nil, use = "signing", type = :descriptor) ⇒ Object
45 46 47 |
# File 'lib/saml/provider.rb', line 45 def find_key_descriptor(key_name = nil, use = "signing", type = :descriptor) descriptor(type).find_key_descriptor(key_name, use) end |
#find_key_descriptors_by_use(use, type = :descriptor) ⇒ Object
49 50 51 |
# File 'lib/saml/provider.rb', line 49 def find_key_descriptors_by_use(use, type = :descriptor) descriptor(type).find_key_descriptors_by_use(use) end |
#find_key_descriptors_by_use_or_without(use, type = :descriptor) ⇒ Object
53 54 55 |
# File 'lib/saml/provider.rb', line 53 def find_key_descriptors_by_use_or_without(use, type = :descriptor) descriptor(type).find_key_descriptors_by_use_or_without(use) end |
#iterate_certificates_until_verified? ⇒ Boolean
114 115 116 |
# File 'lib/saml/provider.rb', line 114 def iterate_certificates_until_verified? false end |
#sign(signature_algorithm, data) ⇒ Object
65 66 67 |
# File 'lib/saml/provider.rb', line 65 def sign(signature_algorithm, data) signing_key.sign(digest_method(signature_algorithm).new, data) end |
#signing_key ⇒ Object
57 58 59 |
# File 'lib/saml/provider.rb', line 57 def signing_key @signing_key || encryption_key end |
#single_logout_service_url(binding, type = :descriptor) ⇒ Object
74 75 76 |
# File 'lib/saml/provider.rb', line 74 def single_logout_service_url(binding, type = :descriptor) find_binding_service(descriptor(type).single_logout_services, binding) end |
#single_sign_on_service_url(binding) ⇒ Object
69 70 71 |
# File 'lib/saml/provider.rb', line 69 def single_sign_on_service_url(binding) find_binding_service(idp_descriptor.single_sign_on_services, binding) end |
#type ⇒ Object
82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/saml/provider.rb', line 82 def type if idp_descriptor(false) if sp_descriptor(false) "identity_and_service_provider" else "identity_provider" end else "service_provider" end end |
#verify(signature_algorithm, signature, data, key_name = nil) ⇒ Object
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/saml/provider.rb', line 94 def verify(signature_algorithm, signature, data, key_name = nil) certificates = if key_name.blank? && iterate_certificates_until_verified? find_key_descriptors_by_use_or_without('signing').collect(&:certificate) else Array(certificate(key_name)) end valid = certificates.any? do |cert| cert.public_key.verify(digest_method(signature_algorithm).new, signature, data) rescue false end # Clear OpenSSL error queue if verification fails - https://bugs.ruby-lang.org/issues/7215 OpenSSL.errors if !valid valid end |