aaf-mdqt 0.8.9 → 0.8.10

data/CHANGELOG.md

@@ -1,168 +0,0 @@
-# Changelog
-
-## 0.8.0
-
-## Breaking Changes
-
-- MDQT now requires Ruby 3.0 or later, due to updated dependencies and their requirements
-- MDQT now installs XML handling gems automatically - Nokogiri and XMLDSig are no longer optional. Nokogiri seems to be
-  less troublesome to install now and is needed by some useful current and planned features. Please let me know if this
-  causes you any problems.
-
-## Improvements
-
-- New HTTP library means caching should be slightly faster and HTTP2 is now supported
-- MDQ base URLs should end with a slash, so slashless URLs are now normalised to include one.
-
-## Fixes
-
-- URLs for MDQ entity records now properly support paths - previously only MDQ services at the root path would work
-
-## 0.7.0
-
-### Improvements
-
-- `mdqt check` can now (I think) cope with SAML metadata from Microsoft AD/ADFS services full of WS-* extensions.
-- Tested with Ruby 3.2.0: `File.exists?` has been removed from 3.2.0 (it's been deprecated for years and I used it out of habit) 
-  so this has been replaced in MDQT with `File.exist?` - as a result Ruby 3.2.0 onwards will work, but Ruby older than v2.2
-  will no longer work.
-
-### Fixes
-
-- The inline help synopsis for `mdqt check` has been corrected.
-
-### Known issues
-
-- Running mdqt without STDIN available (outside of a normal shell environment) can cause it to freeze unless 
-  `export MDQT_STDIN=off` is set. See [Issue 8](https://github.com/Digital-Identity-Labs/mdqt/issues/8)
-- Checking signatures on very large aggregate XML files can sometimes fail on M1/M2 MacOS and trying to work out why 
-  has made me slightly balder and a lot more puzzled. See [Issue 9](https://github.com/Digital-Identity-Labs/mdqt/issues/9) 
-
-## 0.6.0
-
-### New Features
-
-- STDIN and pipes: Arguments (such as filenames and entity IDs) can now be piped into mdqt. This 
-  enables pipelining, so you can chain commands together.
-- The `rename` command now has a `--link` option that creates a symlink from the original
-  filename to the renamed file.
-- The `get` command now has a `--list` option that works when `--save-to` is used, to list filenames being
-  written to disk. 
-
-### Improvements
-
-- Emacs backup files (so called turd files) ending with ~ and files ending with .bak 
-  are now ignored.
-
-### Removed features
-
-- `link` and `rename` now require files to be specified: you now *cannot* run `mdqt rename`
-  to rename everything in the current directory.
-
-- The `--link_id` option for `get` saved a link to each downloaded file that is almost the same as the 
-  filename - maybe this made sense in mdqt 0.1.0 but it's quite useless now. If anyone can remember what it was
-  actually for I'll put it back.
-
-## 0.5.0
-
-### New Features
-
-- New `entities` command extracts entity IDs and sha1 hashes from metadata files on disk
-- New `ln` command will create symlinks to files using their sha1 hashes
-- New `ls` command will list the entity IDs of metadata files
-- New `list` command lists all entity IDs available from the MDQ service
-- New `services` command shows known MDQ services and aliases
-- New `rename` command renames metadata files to use their sha1 hash as a name 
-- New `url` command shows the full url for an entity at the MDQ service
-
-### Improvements
-
-- Known MDQ services can be specified using simple aliases as well as URLs
-- Caching is now on by default
-- `--refresh` options forces downloads and ignores cached data
-- Cache is cleaned whenever `get` is used, to remove expired files
-- Added default service details for DFN
-- Tidier output when stopped with ctrl-c
-
-### Fixes
-
-- Compatible with Ruby 3
-- Updated dependencies to latest versions
-- Improved test reliability and added more tests
-- Extended timeouts to better handle slow networks
-
-## 0.4.0
-
-### New Features
-- The `check` command will validate XML files against SAML metadata schema and verify signatures
-- A `--validate` switch for `get` forces XML validation, using basic SAML2 metadata schema
-- A `--tls-risky` switch for `get` disables verification of TLS certificates
-
-### Improvements
-- Connection failures now show an explanation (such as TLS problems)
-
-### Fixes
-- "Not Required" was shown when using commands that don't interact with an MDQ server
-
-## 0.3.1
-
-### Fixes
-- A missing xmldsig gem is now handled properly *everywhere*. Hopefully.
-
-## 0.3.0
-
-### New Features
-- Signature verification (at last!) using `--verify-with` option for get command
-- A `reset` command to clear all cached metadata
-- A `transform` command to convert entityID URIs to {sha1} identifiers
-- The `--explain` option for `get` will show header information
-- The `--save-to` option for `get` will write metadata to disk
-- The `--link-id` option for `get --save-to` will create aliases
-
-### Improvements
-- Coloured feedback
-- Improved README documentation
-- Servers' 304 responses for cached files are handled correctly
-- Invalid SHA1 transformed identitifiers can't be sent
-- 500 errors at the server will be shown correctly
-- Verbose mode shows MDQT version
-
-### Fixes
-- Don't show empty identifier in OK message after downloading aggregate
-- Cache status in introduction text is now correct
-
-## 0.2.1
-
-### Fixes
-- Send Accept header rather than Content-Type header 🙄
-
-## 0.2.0
-
-### New Features
-- Option to cache HTTP requests to the MDQ service
-- Supports Gzip compression by default
-- Default MDQ service selection (rather crude, maybe not a good idea at all)
-
-### Improvements
-- Supports redirect responses
-- Helpful error messages and status messages
-- Verbose mode will show successful connection information
-- Warnings about unspecified MDQ service
-- Catch bad URLs for the MDQ service and fail with a better error message
-
-### Fixes
-- Aggregates are now requested with /entities not /entities/, as per spec
-
-### Other
-- First few Cucumber features to define and test the executable
-- Beginning of an RSpec suit to define the API
-- Minimum version of Ruby is now 2.1, but only 2.2+ is tested using CI
-
-## 0.1.1
-
-### Fixes
-- Bug that prevented the mdqt executable from running outside a Bundler environment
-
-## 0.1.0
-
-- Initial release

data/CODE_OF_CONDUCT.md

@@ -1,74 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, gender identity and expression, level of experience,
-nationality, personal appearance, race, religion, or sexual identity and
-orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at pete@binary-ape.org. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at [http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -1,9 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in mdq.gemspec
-gemspec
-
-gem 'simplecov', require: false, group: :test
-
-gem 'pry'
-gem 'rake'

data/LICENSE.txt

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2018 Pete Birkinshaw
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

data/Makefile

@@ -1,4 +0,0 @@
-publish-gem:
-	gem build aaf-mdqt.gemspec
-	gem push aaf-mdqt-*.gem
-	rm aaf-mdqt-*.gem

data/README.md

@@ -1,267 +0,0 @@
-# NOTE: forked from <https://github.com/Digital-Identity-Labs/mdqt>
-
-# MDQT - A Metadata Query Tool
-
-[![Gem Version](https://badge.fury.io/rb/aaf-mdqt.svg)](https://badge.fury.io/rb/aaf-mdqt)
-
-MDQT is small library and commandline tool to query MDQ services for SAML metadata.
-You could do this with `curl` and `xmlsec1` but it's a little more convenient to use `mdqt` instead.
-
-MDQT also has features for managing local metadata files, to help when running an MDQ service or a Shibboleth IdP or SP.
-
-MDQ currently provides these features:
-
-- Downloading single entities, lists or aggregates
-- Signature verification
-- Validating metadata against SAML2 schema
-- Saving metadata to disk
-- Extracting entity IDs from both aggregate and individual metadata files
-- Renaming metadata files to their entity ID sha1 hashes (for use with LocalDynamicMetadataProvider)
-- Creating sha1 hash symlinks to metadata files (also for use with Local Dynamic Metadata)
-- Listing the entity IDs of downloaded metadata files
-- Showing the full URL of an entity
-- Caching entity metadata and using Gzip compression
-
-## MDQ?
-
-MDQ is a simple HTTP-based standard for looking up individual SAML entity metadata. Rather than regularly
-downloading large metadata aggregates containing thousands of entity descriptions,
-an IdP or SP can download the metadata for an individual entity whenever it is needed.
-
-The UK Access Management Federation has a
-[useful page explaining MDQ](https://www.ukfederation.org.uk/content/Documents/MDQ)
-
-## Installation
-
-MDQT is tested on recent MacOS and Linux, and should work with
- Ruby 3.0.0 or later and recent JRuby releases.
-
-### As a gem for general use
-
-To install system-wide on your default Ruby, use
-
-    sudo gem install mdqt
-
-If using a per-user Ruby via `rbenv`, `asdf` or similar, you'll need
-
-    gem install mdqt
-
-### As part of a Ruby project
-
-To add MDQT to a Ruby project include this line in your application's `Gemfile`
-
-```ruby
-gem 'mdqt'
-```
-
-and then execute:
-
-    bundle
-
-### As a Docker container
-
-(Experimental)
-See the instructions at [MDQT-Container](https://github.com/Digital-Identity-Labs/mdqt-container)
-
-### Verifying signed metadata, installing Nokogiri
-
-MDQT can check that metadata has not been tampered with by verifying its
-signature. Some MDQ services use unencrypted HTTP connections and rely
- on signed metadata.
-
-MDQT supports signature verification but requires a Ruby library called
-Nokogiri to do the hard work. Nokogiri is fast and useful but can sometimes
-be awkward to install for non-developers (it can sometimes require a C development
-environment and various XML libraries). In most cases Nokogiri will install
-automatically, without problems, when you install MDQT, but if you encounter any
-problems installing Nokogiri the [Installing Nokogiri](http://www.nokogiri.org/tutorials/installing_nokogiri.html) documentation is very helpful.
-
-## Commandline Usage as an MDQ client
-
-You can see a list of commandline options by typing:
-
-    mdqt help
-
-To see more information about a command, use the `--help` option after the command or type `help <command>`:
-
-    mdqt help get
-
-### Selecting an MDQ service to access
-
-You can specify the MDQ service with a commandline option:
-
-    mdqt get --service https://mdq.example.com/mdq  http://entity.ac.uk/shibboleth
-
-It's more convenient to set an environment variable to specify a default MDQ
-service. Set `MDQT_SERVICE` or `MDQ_BASE_URL` to the base URL of your MDQ service.
-
-    export MDQT_SERVICE=https://mdq.example.com/mdq
-    mdqt get http://entity.ac.uk/shibboleth
-    mdqt get http://example.org/service
-
-Finally, if you don't specify an MDQ service with `--service` or `MDQT_SERVICE` then `mdqt` *might* be
-able to guess your local NREN's MDQ service. Do not do this in production!
-
-If an MDQ service is known to MDQT it can be selected using an alias:
-
-    mdqt get --service incommon  http://entity.edu/shibboleth
-
-You can see known services and their aliases using `mdqt services`
-
-### Downloading entity metadata
-
-Downloading entity metadata to STDOUT:
-
-    mdqt get https://test-idp.ukfederation.org.uk/idp/shibboleth
-
-Using the sha1 hashed version of entity IDs requires quotes or escaping in some shells:
-
-    mdqt get "{sha1}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9"
-
-    mdqt get \{sha1\}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
-
-    mdqt get [sha1]52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
-
-Requesting all metadata from an MDQ endpoint is done by specifying `--all`:
-
-    mdqt get --all
-
-### Caching metadata
-
-Caching can be enabled using `--cache`. At the moment the `mdqt` executable
-only supports caching to disk. It will create a cache directory in your temporary
-directory.
-
-    mdqt get --cache --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
-
-Caching is now on by default. To force a single command to *not* use the cache, include `--reset`
-
-    mdqt get --reset --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
-
-You can clear the cache by using the `reset` command:
-
-    mdqt reset
-
-### Verifying metadata
-
-If you have enabled verification by installing `xmldsig` (and have downloaded and checked a suitable
-certificate for your MDQ server) you can require verification by passing
-they `verify-with` flag with the path of your certificate.
-
-    mdqt get --verify-with myfederation.pem https://indiid.net/idp/shibboleth
-
-It's possible to pass more than one certificate by separating them with commas
-
-    mdqt get --verify-with myfederation.pem,previous.pem https://indiid.net/idp/shibboleth
-
-Basic XML correctness and validation against SAML2 Metadata schema can be enabled with the
-`--validate` switch:
-
-    mdqt get --validate https://indiid.net/idp/shibboleth
-
-If you need to check metadata that has already been downloaded then try the `check`
-command:
-
-    mdqt check metadata.xml # Just validate
-    mdqt check --verify-with myfederation.pem metadata.xml # Verify signature too
-
-You shouldn't need to *validate* XML from a trusted MDQ service such as one run by a
-national federation. You should however always *verify* the signature of XML sent over an unencrypyted HTTP connection,
-and probably even over HTTPS. MDQT's validation check is mostly for use when writing
-or debugging your own MDQ service.
-
-### Saving metadata as files
-
-The simplest way to save metadata is to redirect output from the `get` command:
-
-    mdqt get http://entity.ac.uk/shibboleth > metadata.xml
-
-MDQT also offers the `--save-to` option to write all metadata into a directory
-
-    mdqt get http://entity.ac.uk/shibboleth --save-to metadata_directory
-
-The `--save-to` option requires a directory to be specified. All files will be saved
-with a name based on their transformed identifier (sha1 hash) such as
-`77603e0cbda1e00d50373ca8ca20a375f5d1f171.xml`
-
-### Other Features
-
-For more information about current settings, download results, and so on, add
-`--verbose` to commands:
-
-    $mdqt get --verbose http://entity.ac.uk/shibboleth
-
-To convert normal URI entity IDs into MDQ SHA1 hashed transformed identifiers use the `transform` command:
-
-    mdqt transform http://example.org/service
-
-Transforming identifiers that have already been transformed should not re-transform them.
-
-To see more details of what is being sent and received by a `get` command add the `--explain` flag
-
-    mdqt get --explain --service https://mdq.example.com/mdq  http://entity.ac.uk/shibboleth
-
-MDQT will then show a table of sent and received headers which may be useful when debugging servers.
-
-To extract a list of all entity IDs from a file:
-
-    mdqt entities metadata.xml
-
-    mdqt entities --sha1 metadata.xml
-
-To create sha1 symlinks to a metadata file:
-
-    mdqt ln example_idp.xml
-
-To rename a file to its entity ID sha1 has:
-
-    mdqt rename example_idp.xml
-
-To list the entity IDs of files in a directory:
-
-    mdqt ls
-
-To list all entities available at an MDQ service:
-
-    mdqt list
-
-To show the MDQ services known to MDQT, and their aliases:
-
-    mdqt services
-
-To show the full MDQ URL of an entity
-
-    mdqt url http://entity.ac.uk/shibboleth
-
-MDQT can accept input on stdin, allowing composition and pipelining
-
-    cat list_of_ids.txt | mdqt url
-
-    mdqt list | grep cern.ch | mdqt get --save-to cern_metadata/ --list  | mdqt ls
-
-## Alternatives
-
-- [SAML Library](https://github.com/trscavo/saml-library) is a set of scripts to help with metadata-related tasks, written
-by Tom Scavo of Internet2. Some of the scripts provide similar functionality to MDQT, and are designed to be piped together.
-
-## Library Usage
-
-Please don't! We originally had plans to include a usable generic library was part of MDQT but unless there's new demand
-for it that's now unlikely to happen. However, we do now have a set of libraries for the Elixir language, based around
-[Smee](https://github.com/Digital-Identity-Labs/smee) - not very helpful for Ruby projects but possibly of use for new
-projects.
-
-## Development
-
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
-
-To install this gem onto your local machine, run `bundle exec rake install`.
-
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at <https://github.com/Digital-Identity-Labs/mdqt>.
-This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
-
-## License
-
-The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -1,5 +0,0 @@
-require "bundler/gem_tasks"
-
-Dir.glob('lib/tasks/*.rake').each { |r| load r}
-
-task :default => :tests

data/aaf-mdqt.gemspec

@@ -1,46 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'mdqt/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "aaf-mdqt"
-  spec.version       = MDQT::VERSION
-  spec.authors       = ["Pete Birkinshaw", "Australian Access Federation"]
-  spec.email         = []
-
-  spec.summary       = %q{Commandline utility for accessing MDQ services}
-  spec.description   = %q{Commandline utility for downloading SAML metadata from MDQ services}
-  spec.homepage      = "https://github.com/Digital-Identity-Labs/mdqt"
-  spec.license       = "MIT"
-
-  spec.required_ruby_version = '>= 3.0.0'
-
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
-  end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency 'commander', "~>4"
-  spec.add_dependency 'faraday', "~>2"
-  spec.add_dependency 'faraday-http-cache', "~>2"
-  spec.add_dependency 'faraday-follow_redirects', "~>0.3"
-  spec.add_dependency 'httpx', "~>1"
-  spec.add_dependency 'activesupport', ">= 7"
-  spec.add_dependency 'dalli', "~>3"
-  spec.add_dependency 'pastel', "~>0.8"
-  spec.add_dependency 'terminal-table', "~>3"
-  spec.add_dependency 'concurrent-ruby-ext', "~>1"
-  spec.add_dependency 'xmldsig', "~>0.7"
-
-  #  spec.add_development_dependency "bundler", "~>2"
-  # spec.add_development_dependency "rake", ">= 13.1.0"
-  spec.add_development_dependency "rspec", "~> 3.10"
-  spec.add_development_dependency "cucumber", "~> 7.1"
-  spec.add_development_dependency "aruba", "~> 2.0"
-  spec.add_development_dependency "vcr", "~>  6.0"
-  spec.add_development_dependency "yard", "~> 0.9"
-  #spec.add_development_dependency "yard-cucumber", "~> 4.0"
-end

data/bin/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "mdqt"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/cucumber.yml

@@ -1,2 +0,0 @@
-default: --publish
-