class Saml::Bindings::HTTPRedirect

Attributes

exclude_signature[RW]
relay_state[RW]
request_or_response[RW]
signature[RW]
signature_algorithm[RW]

Public Class Methods

create_url(request_or_response, options = {}) click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 7
def create_url(request_or_response, options = {})
  options[:signature_algorithm] ||= 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' unless options[:exclude_signature]
  new(request_or_response, options).create_url
end
new(request_or_response, options = {}) click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 52
def initialize(request_or_response, options = {})
  @request_or_response = request_or_response
  @signature_algorithm = options[:signature_algorithm]
  @relay_state         = options[:relay_state]
  @signature           = options[:signature]
  @exclude_signature   = options[:exclude_signature]
end
receive_message(http_request, options = {}) click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 12
def receive_message(http_request, options = {})
  options[:signature]           = Saml::Encoding.decode_64(http_request.params["Signature"] || "")
  options[:signature_algorithm] = http_request.params["SigAlg"]
  options[:relay_state]         = http_request.params["RelayState"]

  receive_xml = http_request.params["SAMLRequest"] || http_request.params["SAMLResponse"]
  if receive_xml.nil?
    raise Saml::Errors::InvalidParams, 'require params `SAMLRequest` or `SAMLResponse`'
  end
  
  request_or_response = parse_request_or_response(options.delete(:type), http_request.params)

  redirect_binding = new(request_or_response, options)
  query_string     = URI.parse(http_request.url).query

  if http_request.params["Signature"].present?
    redirect_binding.verify_signature(query_string)
  else
    raise Saml::Errors::SignatureMissing.new('Signature missing, but provider requires a signature') if request_or_response.provider.authn_requests_signed?
  end

  request_or_response.actual_destination = http_request.url
  request_or_response
end

Private Class Methods

decode_message(message) click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 45
def decode_message(message)
  Saml::Encoding.decode_gzip(Saml::Encoding.decode_64(message))
end
parse_request_or_response(type, params) click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 39
def parse_request_or_response(type, params)
  message = notify('receive_message', decode_message(params["SAMLRequest"] || params["SAMLResponse"]))

  Saml.parse_message(message, type)
end

Public Instance Methods

create_url() click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 66
def create_url
  url = request_or_response.destination
  delimiter = url.include?('?') ? '&' : '?'

  [url, exclude_signature ? unsigned_params : signed_params].join(delimiter)
end
verify_signature(query) click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 60
def verify_signature(query)
  unless request_or_response.provider.verify(signature_algorithm, signature, parse_signature_params(query))
    raise Saml::Errors::SignatureInvalid.new
  end
end

Private Instance Methods

encoded_message() click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 90
def encoded_message
  Saml::Encoding.encode_64(Saml::Encoding.encode_gzip(notify('create_message', request_or_response.to_xml)))
end
encoded_params() click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 94
def encoded_params
  params.collect do |key, value|
    "#{key}=#{CGI.escape(value)}"
  end.join('&')
end
param_key() click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 75
def param_key
  request_or_response.is_a?(Saml::ComplexTypes::StatusResponseType) ? "SAMLResponse" : "SAMLRequest"
end
params() click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 100
def params
  params = {}

  params[param_key] = encoded_message
  params["RelayState"] = relay_state if relay_state
  params["SigAlg"] = signature_algorithm if signature_algorithm

  params
end
parse_signature_params(query) click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 79
def parse_signature_params(query)
  params = {}
  query.split(/[&;]/).each do |pairs|
    key, value  = pairs.split('=', 2)
    params[key] = value
  end

  relay_state = params["RelayState"] ? "&RelayState=#{params['RelayState']}" : ""
  "#{param_key}=#{params[param_key]}#{relay_state}&SigAlg=#{params['SigAlg']}"
end
signed_params() click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 110
def signed_params
  signature = request_or_response.provider.sign(signature_algorithm, encoded_params)

  encoded_signature = CGI.escape(Saml::Encoding.encode_64(signature))

  "#{encoded_params}&Signature=#{encoded_signature}"
end
unsigned_params() click to toggle source
# File lib/saml/bindings/http_redirect.rb, line 118
def unsigned_params
  encoded_params.to_s
end