1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
module Saml
module Kit
module Cli
class Report
attr_reader :document
def initialize(document)
@document = document
end
def print(shell)
shell.say_status :success, "Decoded #{document.send(:name)}"
shell.print_table build_table_for(document)
signature = document.signature
if signature.present? && signature.certificate.present?
shell.say(signature.certificate.x509.to_text)
end
shell.say document.to_xml(pretty: true), :green
document.errors.full_messages.each do |error|
shell.say_status :error, error, :red
end
end
private
def truncate(text, max: 50)
text.length >= max ? "#{text[0..max]}..." : text
end
def build_header_for(document)
table = []
case document
when Saml::Kit::Document
table.push(['ID', document.id])
table.push(['Issuer', document.issuer])
table.push(['Version', document.version])
table.push(['Issue Instant', document.issue_instant.iso8601])
table.push(['Type', document.send(:name)])
table.push(['Valid', document.valid?])
table.push(['Signed?', document.signed?])
table.push(['Trusted?', document.trusted?])
when Saml::Kit::Metadata
table.push(['Entity Id', document.entity_id])
table.push(['Type', document.send(:name)])
table.push(['Valid', document.valid?])
table.push(['Name Id Formats', document.name_id_formats.inspect])
table.push(['Organization', document.organization_name])
table.push(['Url', document.organization_url])
table.push(['Contact', document.contact_person_company])
%w[
SingleSignOnService
SingleLogoutService
AssertionConsumerService
].each do |type|
document.services(type).each do |service|
table.push([type, [service.location, service.binding]])
end
end
document.certificates.each do |certificate|
table.push(['', certificate.x509.to_text])
end
end
if document.signature.present?
signature = document.signature
table.push(['Digest Value', signature.digest_value])
table.push([
'Expected Digest Value', signature.expected_digest_value
])
table.push(['Digest Method', signature.digest_method])
table.push(['Signature Value', truncate(signature.signature_value)])
table.push(['Signature Method', signature.signature_method])
table.push([
'Canonicalization Method', signature.canonicalization_method
])
table.push(['', signature.certificate.x509.to_text])
end
table
end
def build_body_for(document)
table = []
case document
when Saml::Kit::AuthenticationRequest
table.push(['ACS', document.assertion_consumer_service_url])
table.push(['Name Id Format', document.name_id_format])
when Saml::Kit::LogoutRequest
table.push(['Name Id', document.name_id])
when Saml::Kit::Response
table.push(['Assertion Present?', document.assertion.present?])
table.push(['Issuer', document.assertion.issuer])
table.push(['Name Id', document.assertion.name_id])
table.push(['Signed?', document.assertion.signed?])
table.push(['Attributes', document.assertion.attributes.inspect])
table.push(['Not Before', document.assertion.started_at])
table.push(['Not After', document.assertion.expired_at])
table.push(['Audiences', document.assertion.audiences.inspect])
table.push(['Encrypted?', document.assertion.encrypted?])
table.push(['Decryptable', document.assertion.decryptable?])
if document.assertion.present?
signature = document.assertion.signature
table.push(['Digest Value', signature.digest_value])
table.push([
'Expected Digest Value', signature.expected_digest_value
])
table.push(['Digest Method', signature.digest_method])
table.push([
'Signature Value', truncate(signature.signature_value)
])
table.push(['Signature Method', signature.signature_method])
table.push([
'Canonicalization Method', signature.canonicalization_method
])
table.push(['', signature.certificate.x509.to_text])
end
table
end
end
def build_table_for(document)
build_header_for(document) + build_body_for(document)
end
end
end
end
end
|
