aaf-mdqt 0.8.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3cf456b06ec7f076025cb43c27569907435711aadda8b8ff09a9afb23d825a04
+  data.tar.gz: e203f5f736f4384c6d4928ae5462dedfb8b417a0b7c54fa75926f1611d75dc50
+SHA512:
+  metadata.gz: a5564af50ba3917ac2847709eb9af32e8993a472607b17ab1b56b0a85deebd0f8be67aa1b1ea59f37e91a0dcb51b0f43ae0da4a8b7a9f26be6436b76e85bad87
+  data.tar.gz: 33218e40ae25b87b7020d639e46d3e95bf594299c7436917e327cd77ed96ba086f6c70bf3a02aa66c63ccbba41519dd3c3971d5c9848aa7c39404ea6c55da73c

data/.github/workflows/codeql-analysis.yml

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '17 4 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'ruby' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

data/.github/workflows/ruby.yml

@@ -0,0 +1,41 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+env:
+  LANG: "en_GB.UTF-8"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['3.0']
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run tests
+      run: bundle exec rake features

data/.gitignore

@@ -0,0 +1,25 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/out.xml
+/out.txt
+/mdqt_cache.log
+*.gem
+/ukfederation-mdq.pem
+/mdq-beta-cert.pem
+/out
+/xout
+out*.xml
+/.idea
+/*.xml
+/bt
+*.html
+/t/aggregate.xml
+/t/indiid.xml
+/t/uom.xml

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.rubocop.yml

@@ -0,0 +1 @@
+inherit_from: .rubocop_todo.yml

data/.rubocop_todo.yml

@@ -0,0 +1,296 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2018-05-03 07:42:59 +0100 using RuboCop version 0.55.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: Include, TreatCommentsAsGroupSeparators.
+# Include: **/*.gemspec
+Gemspec/OrderedDependencies:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+
+# Offense count: 1
+# Configuration parameters: Include.
+# Include: **/*.gemspec
+Gemspec/RequiredRubyVersion:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Layout/CommentIndentation:
+  Exclude:
+    - 'lib/mdqt/cli/base.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: AllowBorderComment, AllowMarginComment.
+Layout/EmptyComment:
+  Exclude:
+    - 'lib/mdqt/cli/base.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Layout/EmptyLineAfterMagicComment:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+
+# Offense count: 3
+# Cop supports --auto-correct.
+Layout/EmptyLines:
+  Exclude:
+    - 'lib/mdqt/cli.rb'
+    - 'aaf-mdqt.gemspec'
+    - 'spec/client/client_spec.rb'
+
+# Offense count: 3
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: empty_lines, no_empty_lines
+Layout/EmptyLinesAroundBlockBody:
+  Exclude:
+    - 'exe/mdqt'
+    - 'spec/client/client_spec.rb'
+
+# Offense count: 22
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: empty_lines, empty_lines_except_namespace, empty_lines_special, no_empty_lines, beginning_only, ending_only
+Layout/EmptyLinesAroundClassBody:
+  Exclude:
+    - 'lib/mdqt/cli.rb'
+    - 'lib/mdqt/cli/base.rb'
+    - 'lib/mdqt/cli/defaults.rb'
+    - 'lib/mdqt/cli/get.rb'
+    - 'lib/mdqt/client.rb'
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 11
+# Cop supports --auto-correct.
+Layout/EmptyLinesAroundMethodBody:
+  Exclude:
+    - 'lib/mdqt/cli/base.rb'
+    - 'lib/mdqt/cli/get.rb'
+    - 'lib/mdqt/client.rb'
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 7
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: empty_lines, empty_lines_except_namespace, empty_lines_special, no_empty_lines
+Layout/EmptyLinesAroundModuleBody:
+  Exclude:
+    - 'lib/mdqt.rb'
+    - 'lib/mdqt/cli.rb'
+    - 'lib/mdqt/cli/base.rb'
+    - 'lib/mdqt/cli/get.rb'
+    - 'lib/mdqt/client.rb'
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: AllowForAlignment, ForceEqualSignAlignment.
+Layout/ExtraSpacing:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+
+# Offense count: 3
+# Cop supports --auto-correct.
+Layout/LeadingCommentSpace:
+  Exclude:
+    - 'exe/mdqt'
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Layout/SpaceAfterComma:
+  Exclude:
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: .
+# SupportedStyles: space, no_space
+Layout/SpaceAroundEqualsInParameterDefault:
+  EnforcedStyle: no_space
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: AllowForAlignment.
+Layout/SpaceAroundOperators:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: AllowForAlignment.
+Layout/SpaceBeforeFirstArg:
+  Exclude:
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces, SpaceBeforeBlockParameters.
+# SupportedStyles: space, no_space
+# SupportedStylesForEmptyBraces: space, no_space
+Layout/SpaceInsideBlockBraces:
+  Exclude:
+    - 'lib/mdqt/cli/get.rb'
+
+# Offense count: 7
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: final_newline, final_blank_line
+Layout/TrailingBlankLines:
+  Exclude:
+    - 'exe/mdqt'
+    - 'lib/mdqt/cli.rb'
+    - 'lib/mdqt/cli/base.rb'
+    - 'lib/mdqt/cli/defaults.rb'
+    - 'lib/mdqt/client.rb'
+    - 'lib/mdqt/client/metadata_service.rb'
+    - 'spec/client/client_spec.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
+Lint/UnusedBlockArgument:
+  Exclude:
+    - 'exe/mdqt'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: AllowUnusedKeywordArguments, IgnoreEmptyMethods.
+Lint/UnusedMethodArgument:
+  Exclude:
+    - 'lib/mdqt/cli/base.rb'
+
+# Offense count: 1
+Lint/UselessAssignment:
+  Exclude:
+    - 'lib/mdqt/client.rb'
+
+# Offense count: 1
+# Configuration parameters: CountComments.
+Metrics/MethodLength:
+  Max: 13
+
+# Offense count: 8
+Style/Documentation:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+    - 'lib/mdqt.rb'
+    - 'lib/mdqt/cli.rb'
+    - 'lib/mdqt/cli/base.rb'
+    - 'lib/mdqt/cli/defaults.rb'
+    - 'lib/mdqt/cli/get.rb'
+    - 'lib/mdqt/client.rb'
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/Encoding:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+Style/ExpandPathArguments:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+    - 'spec/spec_helper.rb'
+
+# Offense count: 16
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: when_needed, always, never
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
+# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
+Style/HashSyntax:
+  Exclude:
+    - 'Rakefile'
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/MutableConstant:
+  Exclude:
+    - 'lib/mdqt/version.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: Whitelist.
+# Whitelist: be, be_a, be_an, be_between, be_falsey, be_kind_of, be_instance_of, be_truthy, be_within, eq, eql, end_with, include, match, raise_error, respond_to, start_with
+Style/NestedParenthesizedCalls:
+  Exclude:
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: PreferredDelimiters.
+Style/PercentLiteralDelimiters:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/RedundantSelf:
+  Exclude:
+    - 'lib/mdqt/cli/base.rb'
+
+# Offense count: 37
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
+# SupportedStyles: single_quotes, double_quotes
+Style/StringLiterals:
+  Exclude:
+    - 'Rakefile'
+    - 'bin/console'
+    - 'lib/mdqt.rb'
+    - 'lib/mdqt/cli/base.rb'
+    - 'lib/mdqt/cli/get.rb'
+    - 'lib/mdqt/client/metadata_service.rb'
+    - 'lib/mdqt/version.rb'
+    - 'aaf-mdqt.gemspec'
+    - 'spec/mdqt_spec.rb'
+    - 'spec/spec_helper.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInHashLiteral:
+  Exclude:
+    - 'lib/mdqt/cli/defaults.rb'
+
+# Offense count: 3
+# Cop supports --auto-correct.
+# Configuration parameters: ExactNameMatch, AllowPredicates, AllowDSLWriters, IgnoreClassMethods, Whitelist.
+# Whitelist: to_ary, to_a, to_c, to_enum, to_h, to_hash, to_i, to_int, to_io, to_open, to_path, to_proc, to_r, to_regexp, to_str, to_s, to_sym
+Style/TrivialAccessors:
+  Exclude:
+    - 'lib/mdqt/client.rb'
+    - 'lib/mdqt/client/metadata_service.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+Style/UnneededPercentQ:
+  Exclude:
+    - 'aaf-mdqt.gemspec'
+
+# Offense count: 7
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# URISchemes: http, https
+Metrics/LineLength:
+  Max: 130

data/.ruby-version

@@ -0,0 +1 @@
+3.3.5

data/.tool-versions

@@ -0,0 +1 @@
+ruby 3.2.0

data/.travis.yml

@@ -0,0 +1,7 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.2.2
+  - 2.5.0
+  - jruby
+before_install: gem install bundler -v 1.16.1

data/CHANGELOG.md

@@ -0,0 +1,168 @@
+# Changelog
+
+## 0.8.0
+
+## Breaking Changes
+
+- MDQT now requires Ruby 3.0 or later, due to updated dependencies and their requirements
+- MDQT now installs XML handling gems automatically - Nokogiri and XMLDSig are no longer optional. Nokogiri seems to be
+  less troublesome to install now and is needed by some useful current and planned features. Please let me know if this
+  causes you any problems.
+
+## Improvements
+
+- New HTTP library means caching should be slightly faster and HTTP2 is now supported
+- MDQ base URLs should end with a slash, so slashless URLs are now normalised to include one.
+
+## Fixes
+
+- URLs for MDQ entity records now properly support paths - previously only MDQ services at the root path would work
+
+## 0.7.0
+
+### Improvements
+
+- `mdqt check` can now (I think) cope with SAML metadata from Microsoft AD/ADFS services full of WS-* extensions.
+- Tested with Ruby 3.2.0: `File.exists?` has been removed from 3.2.0 (it's been deprecated for years and I used it out of habit) 
+  so this has been replaced in MDQT with `File.exist?` - as a result Ruby 3.2.0 onwards will work, but Ruby older than v2.2
+  will no longer work.
+
+### Fixes
+
+- The inline help synopsis for `mdqt check` has been corrected.
+
+### Known issues
+
+- Running mdqt without STDIN available (outside of a normal shell environment) can cause it to freeze unless 
+  `export MDQT_STDIN=off` is set. See [Issue 8](https://github.com/Digital-Identity-Labs/mdqt/issues/8)
+- Checking signatures on very large aggregate XML files can sometimes fail on M1/M2 MacOS and trying to work out why 
+  has made me slightly balder and a lot more puzzled. See [Issue 9](https://github.com/Digital-Identity-Labs/mdqt/issues/9) 
+
+## 0.6.0
+
+### New Features
+
+- STDIN and pipes: Arguments (such as filenames and entity IDs) can now be piped into mdqt. This 
+  enables pipelining, so you can chain commands together.
+- The `rename` command now has a `--link` option that creates a symlink from the original
+  filename to the renamed file.
+- The `get` command now has a `--list` option that works when `--save-to` is used, to list filenames being
+  written to disk. 
+
+### Improvements
+
+- Emacs backup files (so called turd files) ending with ~ and files ending with .bak 
+  are now ignored.
+
+### Removed features
+
+- `link` and `rename` now require files to be specified: you now *cannot* run `mdqt rename`
+  to rename everything in the current directory.
+
+- The `--link_id` option for `get` saved a link to each downloaded file that is almost the same as the 
+  filename - maybe this made sense in mdqt 0.1.0 but it's quite useless now. If anyone can remember what it was
+  actually for I'll put it back.
+
+## 0.5.0
+
+### New Features
+
+- New `entities` command extracts entity IDs and sha1 hashes from metadata files on disk
+- New `ln` command will create symlinks to files using their sha1 hashes
+- New `ls` command will list the entity IDs of metadata files
+- New `list` command lists all entity IDs available from the MDQ service
+- New `services` command shows known MDQ services and aliases
+- New `rename` command renames metadata files to use their sha1 hash as a name 
+- New `url` command shows the full url for an entity at the MDQ service
+
+### Improvements
+
+- Known MDQ services can be specified using simple aliases as well as URLs
+- Caching is now on by default
+- `--refresh` options forces downloads and ignores cached data
+- Cache is cleaned whenever `get` is used, to remove expired files
+- Added default service details for DFN
+- Tidier output when stopped with ctrl-c
+
+### Fixes
+
+- Compatible with Ruby 3
+- Updated dependencies to latest versions
+- Improved test reliability and added more tests
+- Extended timeouts to better handle slow networks
+
+## 0.4.0
+
+### New Features
+- The `check` command will validate XML files against SAML metadata schema and verify signatures
+- A `--validate` switch for `get` forces XML validation, using basic SAML2 metadata schema
+- A `--tls-risky` switch for `get` disables verification of TLS certificates
+
+### Improvements
+- Connection failures now show an explanation (such as TLS problems)
+
+### Fixes
+- "Not Required" was shown when using commands that don't interact with an MDQ server
+
+## 0.3.1
+
+### Fixes
+- A missing xmldsig gem is now handled properly *everywhere*. Hopefully.
+
+## 0.3.0
+
+### New Features
+- Signature verification (at last!) using `--verify-with` option for get command
+- A `reset` command to clear all cached metadata
+- A `transform` command to convert entityID URIs to {sha1} identifiers
+- The `--explain` option for `get` will show header information
+- The `--save-to` option for `get` will write metadata to disk
+- The `--link-id` option for `get --save-to` will create aliases
+
+### Improvements
+- Coloured feedback
+- Improved README documentation
+- Servers' 304 responses for cached files are handled correctly
+- Invalid SHA1 transformed identitifiers can't be sent
+- 500 errors at the server will be shown correctly
+- Verbose mode shows MDQT version
+
+### Fixes
+- Don't show empty identifier in OK message after downloading aggregate
+- Cache status in introduction text is now correct
+
+## 0.2.1
+
+### Fixes
+- Send Accept header rather than Content-Type header 🙄
+
+## 0.2.0
+
+### New Features
+- Option to cache HTTP requests to the MDQ service
+- Supports Gzip compression by default
+- Default MDQ service selection (rather crude, maybe not a good idea at all)
+
+### Improvements
+- Supports redirect responses
+- Helpful error messages and status messages
+- Verbose mode will show successful connection information
+- Warnings about unspecified MDQ service
+- Catch bad URLs for the MDQ service and fail with a better error message
+
+### Fixes
+- Aggregates are now requested with /entities not /entities/, as per spec
+
+### Other
+- First few Cucumber features to define and test the executable
+- Beginning of an RSpec suit to define the API
+- Minimum version of Ruby is now 2.1, but only 2.2+ is tested using CI
+
+## 0.1.1
+
+### Fixes
+- Bug that prevented the mdqt executable from running outside a Bundler environment
+
+## 0.1.0
+
+- Initial release