mdqt 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/codeql-analysis.yml +70 -0
- data/.github/workflows/ruby.yml +35 -0
- data/.gitignore +7 -0
- data/.ruby-version +1 -1
- data/.tool-versions +1 -0
- data/CHANGELOG.md +28 -0
- data/Gemfile +3 -1
- data/README.md +60 -10
- data/cucumber.yml +2 -0
- data/exe/mdqt +104 -7
- data/lib/mdqt/cli/base.rb +30 -3
- data/lib/mdqt/cli/cache_control.rb +25 -0
- data/lib/mdqt/cli/check.rb +5 -9
- data/lib/mdqt/cli/defaults.rb +33 -12
- data/lib/mdqt/cli/entities.rb +47 -0
- data/lib/mdqt/cli/exists.rb +0 -0
- data/lib/mdqt/cli/get.rb +8 -8
- data/lib/mdqt/cli/list.rb +65 -0
- data/lib/mdqt/cli/ln.rb +74 -0
- data/lib/mdqt/cli/ls.rb +52 -0
- data/lib/mdqt/cli/rename.rb +60 -0
- data/lib/mdqt/cli/services.rb +25 -0
- data/lib/mdqt/cli/url.rb +37 -0
- data/lib/mdqt/cli.rb +8 -1
- data/lib/mdqt/client/metadata_file.rb +55 -6
- data/lib/mdqt/client/metadata_response.rb +42 -3
- data/lib/mdqt/client/metadata_service.rb +38 -17
- data/lib/mdqt/client.rb +5 -0
- data/lib/mdqt/version.rb +1 -1
- data/mdqt.gemspec +17 -16
- metadata +65 -53
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c8731e9b40b397c638c8bb0e11acc9c954a8aaf940cd558683ff0e14df68a668
|
4
|
+
data.tar.gz: a009f1591877bb571ab8d1f967545dbc836b7f3953e267548433352a122bc449
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e802b9620268525cf5b4249c59e604ba5345e45805b15e9c57ed4daee38271712f4d8f9bc8213a2883c9ac39f8a303bbeaec1dd8eacc09f223a61aa4d6ae5b07
|
7
|
+
data.tar.gz: b37ed2ddf5e7a9212e4ab5f722a77b8c2fe0bde7e6e10c74203f7fe2b7c9863f873eb491e5fea0d121b2281e6955122d9f0d21c3d9d201c4c82c8743aa952067
|
@@ -0,0 +1,70 @@
|
|
1
|
+
# For most projects, this workflow file will not need changing; you simply need
|
2
|
+
# to commit it to your repository.
|
3
|
+
#
|
4
|
+
# You may wish to alter this file to override the set of languages analyzed,
|
5
|
+
# or to provide custom queries or build logic.
|
6
|
+
#
|
7
|
+
# ******** NOTE ********
|
8
|
+
# We have attempted to detect the languages in your repository. Please check
|
9
|
+
# the `language` matrix defined below to confirm you have the correct set of
|
10
|
+
# supported CodeQL languages.
|
11
|
+
#
|
12
|
+
name: "CodeQL"
|
13
|
+
|
14
|
+
on:
|
15
|
+
push:
|
16
|
+
branches: [ master ]
|
17
|
+
pull_request:
|
18
|
+
# The branches below must be a subset of the branches above
|
19
|
+
branches: [ master ]
|
20
|
+
schedule:
|
21
|
+
- cron: '17 4 * * 0'
|
22
|
+
|
23
|
+
jobs:
|
24
|
+
analyze:
|
25
|
+
name: Analyze
|
26
|
+
runs-on: ubuntu-latest
|
27
|
+
permissions:
|
28
|
+
actions: read
|
29
|
+
contents: read
|
30
|
+
security-events: write
|
31
|
+
|
32
|
+
strategy:
|
33
|
+
fail-fast: false
|
34
|
+
matrix:
|
35
|
+
language: [ 'ruby' ]
|
36
|
+
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
|
37
|
+
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
38
|
+
|
39
|
+
steps:
|
40
|
+
- name: Checkout repository
|
41
|
+
uses: actions/checkout@v2
|
42
|
+
|
43
|
+
# Initializes the CodeQL tools for scanning.
|
44
|
+
- name: Initialize CodeQL
|
45
|
+
uses: github/codeql-action/init@v1
|
46
|
+
with:
|
47
|
+
languages: ${{ matrix.language }}
|
48
|
+
# If you wish to specify custom queries, you can do so here or in a config file.
|
49
|
+
# By default, queries listed here will override any specified in a config file.
|
50
|
+
# Prefix the list here with "+" to use these queries and those in the config file.
|
51
|
+
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
52
|
+
|
53
|
+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
54
|
+
# If this step fails, then you should remove it and run the build manually (see below)
|
55
|
+
- name: Autobuild
|
56
|
+
uses: github/codeql-action/autobuild@v1
|
57
|
+
|
58
|
+
# ℹ️ Command-line programs to run using the OS shell.
|
59
|
+
# 📚 https://git.io/JvXDl
|
60
|
+
|
61
|
+
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
62
|
+
# and modify them (or add more) to build your code if your project
|
63
|
+
# uses a compiled language
|
64
|
+
|
65
|
+
#- run: |
|
66
|
+
# make bootstrap
|
67
|
+
# make release
|
68
|
+
|
69
|
+
- name: Perform CodeQL Analysis
|
70
|
+
uses: github/codeql-action/analyze@v1
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ master ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ master ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
|
19
|
+
runs-on: ubuntu-latest
|
20
|
+
strategy:
|
21
|
+
matrix:
|
22
|
+
ruby-version: ['2.6', '2.7', '3.0']
|
23
|
+
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
28
|
+
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
29
|
+
# uses: ruby/setup-ruby@v1
|
30
|
+
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
31
|
+
with:
|
32
|
+
ruby-version: ${{ matrix.ruby-version }}
|
33
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
34
|
+
- name: Run tests
|
35
|
+
run: bundle exec rake
|
data/.gitignore
CHANGED
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.6.6
|
data/.tool-versions
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby 3.0.2
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,33 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 0.5.0
|
4
|
+
|
5
|
+
### New Features
|
6
|
+
|
7
|
+
- New `entities` command extracts entity IDs and sha1 hashes from metadata files on disk
|
8
|
+
- New `ln` command will create symlinks to files using their sha1 hashes
|
9
|
+
- New `ls` command will list the entity IDs of metadata files
|
10
|
+
- New `list` command lists all entity IDs available from the MDQ service
|
11
|
+
- New `services` command shows known MDQ services and aliases
|
12
|
+
- New `rename` command renames metadata files to use their sha1 hash as a name
|
13
|
+
- New `url` command shows the full url for an entity at the MDQ service
|
14
|
+
|
15
|
+
### Improvements
|
16
|
+
|
17
|
+
- Known MDQ services can be specified using simple aliases as well as URLs
|
18
|
+
- Caching is now on by default
|
19
|
+
- `--refresh` options forces downloads and ignores cached data
|
20
|
+
- Cache is cleaned whenever `get` is used, to remove expired files
|
21
|
+
- Added default service details for DFN
|
22
|
+
- Tidier output when stopped with ctrl-c
|
23
|
+
|
24
|
+
### Fixes
|
25
|
+
|
26
|
+
- Compatible with Ruby 3
|
27
|
+
- Updated dependencies to latest versions
|
28
|
+
- Improved test reliability and added more tests
|
29
|
+
- Extended timeouts to better handle slow networks
|
30
|
+
|
3
31
|
## 0.4.0
|
4
32
|
|
5
33
|
### New Features
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -5,14 +5,21 @@
|
|
5
5
|
MDQT is small library and commandline tool to query MDQ services for SAML metadata.
|
6
6
|
You could do this with `curl` and `xmlsec1` but it's a little more convenient to use `mdqt` instead.
|
7
7
|
|
8
|
-
MDQ
|
8
|
+
MDQT also has features for managing local metadata files, to help when running an MDQ service or a Shibboleth IdP or SP.
|
9
|
+
|
10
|
+
MDQ currently provides these features:
|
9
11
|
|
10
12
|
- Downloading single entities, lists or aggregates
|
11
13
|
- Signature verification
|
12
14
|
- Validating metadata against SAML2 schema
|
13
15
|
- Saving metadata to disk
|
14
|
-
-
|
15
|
-
-
|
16
|
+
- Extracting entity IDs from both aggregate and individual metadata files
|
17
|
+
- Renaming metadata files to their entity ID sha1 hashes
|
18
|
+
- Creating sha1 hash symlinks to metadata files
|
19
|
+
- Listing the entity IDs of downloaded metadata files
|
20
|
+
- Showing the full URL of an entity
|
21
|
+
- Caching entity metadata and using Gzip compression
|
22
|
+
|
16
23
|
|
17
24
|
## MDQ?
|
18
25
|
|
@@ -34,7 +41,7 @@ To install system-wide on your default Ruby, use
|
|
34
41
|
|
35
42
|
$ sudo gem install mdqt
|
36
43
|
|
37
|
-
If using a per-user Ruby via `rbenv` or similar, you'll need
|
44
|
+
If using a per-user Ruby via `rbenv`, `asdf` or similar, you'll need
|
38
45
|
|
39
46
|
$ gem install mdqt
|
40
47
|
|
@@ -63,7 +70,7 @@ signature. Some MDQ services use unencrypted HTTP connections and rely
|
|
63
70
|
|
64
71
|
MDQT supports signature verification but requires a Ruby library called
|
65
72
|
Nokogiri to do the hard work. Nokogiri is fast and useful but can sometimes
|
66
|
-
be awkward to install for non-developers (it
|
73
|
+
be awkward to install for non-developers (it can sometimes require a C development
|
67
74
|
environment and various XML libraries). To make it easier to install a basic MDQT we've made
|
68
75
|
XML signature verification an optional feature.
|
69
76
|
|
@@ -102,6 +109,12 @@ service. Set `MDQT_SERVICE` or `MDQ_BASE_URL` to the base URL of your MDQ servic
|
|
102
109
|
Finally, if you don't specify an MDQ service with `--service` or `MDQT_SERVICE` then `mdqt` *might* be
|
103
110
|
able to guess your local NREN's MDQ service. Do not do this in production!
|
104
111
|
|
112
|
+
If an MDQ service is known to MDQT it can be selected using an alias:
|
113
|
+
|
114
|
+
$ mdqt get --service incommon http://entity.edu/shibboleth
|
115
|
+
|
116
|
+
You can see known services and their aliases using `mdqt services`
|
117
|
+
|
105
118
|
### Downloading entity metadata
|
106
119
|
|
107
120
|
Downloading entity metadata to STDOUT:
|
@@ -114,6 +127,8 @@ Using the sha1 hashed version of entity IDs requires quotes or escaping in some
|
|
114
127
|
|
115
128
|
$ mdqt get \{sha1\}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
|
116
129
|
|
130
|
+
$ mdqt get [sha1]52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
|
131
|
+
|
117
132
|
Requesting all metadata from an MDQ endpoint is done by specifying `--all`:
|
118
133
|
|
119
134
|
$ mdqt get --all
|
@@ -127,6 +142,10 @@ directory.
|
|
127
142
|
|
128
143
|
$ mdqt get --cache --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
129
144
|
|
145
|
+
Caching is now on by default. To force a single command to *not* use the cache, include `--reset`
|
146
|
+
|
147
|
+
$ mdqt get --reset --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
148
|
+
|
130
149
|
You can clear the cache by using the `reset` command:
|
131
150
|
|
132
151
|
$ mdqt reset
|
@@ -170,7 +189,7 @@ MDQT also offers the `--save-to` option to write all metadata into a directory
|
|
170
189
|
|
171
190
|
$ mdqt get http://entity.ac.uk/shibboleth --save-to metadata_directory
|
172
191
|
|
173
|
-
The
|
192
|
+
The `--save-to` option requires a directory to be specified. All files will be saved
|
174
193
|
with a name based on their transformed identifier (sha1 hash) such as
|
175
194
|
`77603e0cbda1e00d50373ca8ca20a375f5d1f171.xml`
|
176
195
|
|
@@ -178,10 +197,10 @@ By adding the `--link-id' flag alternative filenames will be linked to the
|
|
178
197
|
original file (this is currently a little experimental) to make it easier
|
179
198
|
to look up the correct file using other identifiers.
|
180
199
|
|
181
|
-
### Other
|
200
|
+
### Other Features
|
182
201
|
|
183
202
|
For more information about current settings, download results, and so on, add
|
184
|
-
`--verbose` to commands
|
203
|
+
`--verbose` to commands:
|
185
204
|
|
186
205
|
$mdqt get --verbose http://entity.ac.uk/shibboleth
|
187
206
|
|
@@ -195,11 +214,42 @@ To see more details of what is being sent and received by a `get` command add th
|
|
195
214
|
|
196
215
|
$ mdqt get --explain --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
197
216
|
|
198
|
-
MDQT will then show a table of sent and
|
217
|
+
MDQT will then show a table of sent and received headers which may be useful when debugging servers.
|
218
|
+
|
219
|
+
To extract a list of all entity IDs from a file:
|
220
|
+
|
221
|
+
$ mdqt entities metadata.xml
|
222
|
+
|
223
|
+
$ mdqt entities --sha1 metadata.xml
|
224
|
+
|
225
|
+
To create sha1 symlinks to a metadata file:
|
226
|
+
|
227
|
+
$ mdqt ln example_idp.xml
|
228
|
+
|
229
|
+
To rename a file to its entity ID sha1 has:
|
230
|
+
|
231
|
+
$ mdqt rename example_idp.xml
|
232
|
+
|
233
|
+
To list the entity IDs of files in a directory:
|
234
|
+
|
235
|
+
$ mdqt ls
|
236
|
+
|
237
|
+
To list all entities available at an MDQ service:
|
238
|
+
|
239
|
+
$ mdqt list
|
240
|
+
|
241
|
+
To show the MDQ services known to MDQT, and their aliases:
|
242
|
+
|
243
|
+
$ mdqt services
|
244
|
+
|
245
|
+
To show the full MDQ URL of an entity
|
246
|
+
|
247
|
+
$ mdqt url http://entity.ac.uk/shibboleth
|
248
|
+
|
199
249
|
|
200
250
|
## Library Usage
|
201
251
|
|
202
|
-
Please don't! This gem is
|
252
|
+
Please don't! This gem is early in development and the API is not stable. Later
|
203
253
|
releases of this gem will provide a simple library to use in other Ruby applications.
|
204
254
|
|
205
255
|
## Development
|
data/cucumber.yml
ADDED
data/exe/mdqt
CHANGED
@@ -5,12 +5,17 @@ require 'mdqt/version'
|
|
5
5
|
|
6
6
|
require 'commander'
|
7
7
|
|
8
|
+
Signal.trap('SIGINT') do
|
9
|
+
puts 'Received signal, halting'
|
10
|
+
exit 1
|
11
|
+
end
|
12
|
+
|
8
13
|
Commander.configure do
|
9
14
|
program :name, 'mdqt'
|
10
15
|
program :version, MDQT::VERSION
|
11
16
|
program :description, 'MDQ SAML metadata client'
|
12
17
|
|
13
|
-
global_option '--verbose'
|
18
|
+
#global_option '--verbose'
|
14
19
|
|
15
20
|
default_command :help
|
16
21
|
|
@@ -19,7 +24,7 @@ Commander.configure do
|
|
19
24
|
c.description = 'Show version of MDQT'
|
20
25
|
c.action do |args, options|
|
21
26
|
options.default MDQT::CLI::Defaults.cli_defaults
|
22
|
-
options.default({service: :not_required })
|
27
|
+
options.default({ service: :not_required })
|
23
28
|
MDQT::CLI::Version.run(args, options)
|
24
29
|
end
|
25
30
|
end
|
@@ -28,7 +33,8 @@ Commander.configure do
|
|
28
33
|
c.syntax = 'mdqt get [options] entityidentifier '
|
29
34
|
c.description = 'Download one entity record or an aggregate of entity records'
|
30
35
|
c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
|
31
|
-
c.option '--cache', "Cache downloads and try to fetch from cache where appropriate"
|
36
|
+
c.option '--cache', "Cache downloads and try to fetch from cache where appropriate (deprecated)"
|
37
|
+
c.option '--refresh', "Never cache (will prevent --cache)"
|
32
38
|
c.option '--verify-with PATHS', Array, 'Validate downloads using specified certificates'
|
33
39
|
c.option '--validate', 'Validate downloaded metadata against SAML2 schema (not normally needed)'
|
34
40
|
#c.option '--stdin', 'accept one or more entity ids from STDIN'
|
@@ -37,9 +43,10 @@ Commander.configure do
|
|
37
43
|
c.option '--tls-risky', "Don't check certificate used for TLS (usually a bad idea)"
|
38
44
|
c.option '--save-to PATH', String, 'Write all data to files in the specified directory'
|
39
45
|
c.option '--link-id', 'If saving files, save files with aliases (requires `--save-to`)'
|
46
|
+
c.option '--verbose', 'Display extra information on stderr'
|
40
47
|
c.action do |args, options|
|
41
48
|
options.default MDQT::CLI::Defaults.cli_defaults
|
42
|
-
options.default({service: MDQT::CLI::Defaults.base_url }) if options.service.
|
49
|
+
options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
|
43
50
|
MDQT::CLI::Get.run(args, options)
|
44
51
|
end
|
45
52
|
end
|
@@ -47,9 +54,10 @@ Commander.configure do
|
|
47
54
|
command :reset do |c|
|
48
55
|
c.syntax = 'mdqt reset'
|
49
56
|
c.description = 'Delete all cached data'
|
57
|
+
c.option '--verbose', 'Display extra information on stderr'
|
50
58
|
c.action do |args, options|
|
51
59
|
options.default MDQT::CLI::Defaults.cli_defaults
|
52
|
-
options.default({service: :not_required })
|
60
|
+
options.default({ service: :not_required })
|
53
61
|
MDQT::CLI::Reset.run(args, options)
|
54
62
|
end
|
55
63
|
end
|
@@ -57,9 +65,10 @@ Commander.configure do
|
|
57
65
|
command :transform do |c|
|
58
66
|
c.syntax = 'mdqt transform ENTITYIDS'
|
59
67
|
c.description = 'Show transformed entity IDs'
|
68
|
+
c.option '--verbose', 'Display extra information on stderr'
|
60
69
|
c.action do |args, options|
|
61
70
|
options.default MDQT::CLI::Defaults.cli_defaults
|
62
|
-
options.default({service: :not_required })
|
71
|
+
options.default({ service: :not_required })
|
63
72
|
MDQT::CLI::Transform.run(args, options)
|
64
73
|
end
|
65
74
|
end
|
@@ -67,13 +76,101 @@ Commander.configure do
|
|
67
76
|
command :check do |c|
|
68
77
|
c.syntax = 'mdqt check XML_FILENAME CERTIFICATE_FILENAME'
|
69
78
|
c.description = 'Validate XML and check signatures'
|
79
|
+
c.option '--verbose', 'Display extra information on stderr'
|
70
80
|
c.option '--verify-with PATHS', Array, 'Validate file using specified certificates'
|
71
81
|
c.action do |args, options|
|
72
82
|
options.default MDQT::CLI::Defaults.cli_defaults
|
73
|
-
options.default({service: :not_required, validate: true })
|
83
|
+
options.default({ service: :not_required, validate: true })
|
74
84
|
MDQT::CLI::Check.run(args, options)
|
75
85
|
end
|
76
86
|
end
|
77
87
|
|
88
|
+
command :entities do |c|
|
89
|
+
c.syntax = 'mdqt entities XML_FILENAME'
|
90
|
+
c.description = 'Extract entity IDs from a metadata file'
|
91
|
+
c.option '--sha1', 'include the sha1 hash for each entity ID'
|
92
|
+
c.action do |args, options|
|
93
|
+
args = Dir.glob("*.xml") unless args && !args.empty?
|
94
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
95
|
+
options.default({ service: :not_required })
|
96
|
+
MDQT::CLI::Entities.run(args, options)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
command :ln do |c|
|
101
|
+
c.syntax = 'mdqt ln XML_FILENAME'
|
102
|
+
c.description = 'Create a soft link to the file using an sha1 hash of the entityID'
|
103
|
+
c.option '--force', 'Overwrite any existing links'
|
104
|
+
c.option '--verbose', 'Display extra information on stderr'
|
105
|
+
c.action do |args, options|
|
106
|
+
args = Dir.glob("*.xml") unless args && !args.empty?
|
107
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
108
|
+
options.default({ service: :not_required })
|
109
|
+
MDQT::CLI::Ln.run(args, options)
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
command :ls do |c|
|
114
|
+
c.syntax = 'mdqt ls XML_FILENAME/DIRECTORY'
|
115
|
+
c.description = 'List valid metadata files in directory'
|
116
|
+
c.option '--verbose', 'Display extra information on stderr'
|
117
|
+
c.action do |args, options|
|
118
|
+
args = Dir.glob("*.xml") unless args && !args.empty?
|
119
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
120
|
+
options.default({ service: :not_required })
|
121
|
+
MDQT::CLI::Ls.run(args, options)
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
command :list do |c|
|
126
|
+
c.syntax = 'mdqt list [options]'
|
127
|
+
c.description = 'List entities available at the MDQ service'
|
128
|
+
c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
|
129
|
+
c.option '--cache', "Cache downloads and try to fetch from cache where appropriate (deprecated)"
|
130
|
+
c.option '--refresh', "Never cache (will prevent --cache)"
|
131
|
+
#c.option '--stdin', 'accept one or more entity ids from STDIN'
|
132
|
+
c.option '--verbose', 'Display extra information on stderr'
|
133
|
+
c.action do |args, options|
|
134
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
135
|
+
options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
|
136
|
+
MDQT::CLI::List.run(args, options)
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
command :services do |c|
|
141
|
+
c.syntax = 'mdqt services'
|
142
|
+
c.description = 'List URLs and aliases for known MDQ services'
|
143
|
+
c.action do |args, options|
|
144
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
145
|
+
options.default({ service: :not_required })
|
146
|
+
MDQT::CLI::Services.run(args, options)
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
command :rename do |c|
|
151
|
+
c.syntax = 'mdqt rename XML_FILENAME'
|
152
|
+
c.description = 'Rename a file using the sha1 hash of its entityID'
|
153
|
+
c.option '--force', 'Overwrite any existing files with that name'
|
154
|
+
c.option '--verbose', 'Display extra information on stderr'
|
155
|
+
c.action do |args, options|
|
156
|
+
args = Dir.glob("*.xml") unless args && !args.empty?
|
157
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
158
|
+
options.default({ service: :not_required })
|
159
|
+
MDQT::CLI::Rename.run(args, options)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
command :url do |c|
|
164
|
+
c.syntax = 'mdqt url ENTITYIDS'
|
165
|
+
c.description = 'List URLs for each entity ID at the MDQ service'
|
166
|
+
c.option '--verbose', 'Display extra information on stderr'
|
167
|
+
c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
|
168
|
+
c.action do |args, options|
|
169
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
170
|
+
options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
|
171
|
+
MDQT::CLI::URL.run(args, options)
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
78
175
|
end
|
79
176
|
|
data/lib/mdqt/cli/base.rb
CHANGED
@@ -18,7 +18,11 @@ module MDQT
|
|
18
18
|
end
|
19
19
|
|
20
20
|
def self.check_requirements(args, options)
|
21
|
-
|
21
|
+
|
22
|
+
unless options.service == :not_required
|
23
|
+
abort "No MDQ service URL has been specified. Please use --service, MDQT_SERVICE or MDQ_BASE_URL" unless service_url(options).to_s.start_with?("http")
|
24
|
+
end
|
25
|
+
|
22
26
|
if options.save_to
|
23
27
|
dir = options.save_to
|
24
28
|
begin
|
@@ -35,8 +39,8 @@ module MDQT
|
|
35
39
|
def self.introduce(args, options)
|
36
40
|
if options.verbose
|
37
41
|
STDERR.puts "MDQT version #{MDQT::VERSION}"
|
38
|
-
STDERR.puts "Using #{options
|
39
|
-
STDERR.puts "Caching is #{options
|
42
|
+
STDERR.puts "Using #{service_url(options)}" unless options.service == :not_required
|
43
|
+
STDERR.puts "Caching is #{MDQT::CLI::CacheControl.caching_on?(options) ? 'on' : 'off'}"
|
40
44
|
STDERR.print "XML validation is #{MDQT::Client.verification_available? ? 'available' : 'not available'}"
|
41
45
|
STDERR.puts " #{options.validate ? "and active" : "but inactive"} for this request" if MDQT::Client.verification_available?
|
42
46
|
STDERR.print "Signature verification is #{MDQT::Client.verification_available? ? 'available' : 'not available'}"
|
@@ -81,6 +85,24 @@ module MDQT
|
|
81
85
|
@options
|
82
86
|
end
|
83
87
|
|
88
|
+
def self.service_url(options)
|
89
|
+
|
90
|
+
return nil if options.service == :not_required
|
91
|
+
|
92
|
+
choice = options.service.to_s.strip
|
93
|
+
|
94
|
+
if choice.downcase.start_with? "http"
|
95
|
+
choice
|
96
|
+
else
|
97
|
+
Defaults.lookup_service_alias(choice)
|
98
|
+
end
|
99
|
+
|
100
|
+
end
|
101
|
+
|
102
|
+
def service_url(options)
|
103
|
+
self.class.service_url(options)
|
104
|
+
end
|
105
|
+
|
84
106
|
def output(response)
|
85
107
|
if response.ok?
|
86
108
|
yay response.message
|
@@ -131,6 +153,10 @@ module MDQT
|
|
131
153
|
@pastel ||= Pastel.new
|
132
154
|
end
|
133
155
|
|
156
|
+
def say(text)
|
157
|
+
STDOUT.puts(text)
|
158
|
+
end
|
159
|
+
|
134
160
|
def hey(comment)
|
135
161
|
STDERR.puts(comment)
|
136
162
|
end
|
@@ -146,6 +172,7 @@ module MDQT
|
|
146
172
|
def halt!(comment)
|
147
173
|
abort pastel.red("Error: #{comment}")
|
148
174
|
end
|
175
|
+
|
149
176
|
def run
|
150
177
|
halt! "No action has been defined for this command!"
|
151
178
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module MDQT
|
2
|
+
class CLI
|
3
|
+
|
4
|
+
class CacheControl
|
5
|
+
|
6
|
+
class << self
|
7
|
+
|
8
|
+
def caching_on?(options)
|
9
|
+
return false if cache_type(options) == :none
|
10
|
+
true
|
11
|
+
end
|
12
|
+
|
13
|
+
def cache_type(options)
|
14
|
+
return :none if options.refresh
|
15
|
+
return :memcache if options.cache && options.memcache
|
16
|
+
return :file if options.cache
|
17
|
+
:none
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
data/lib/mdqt/cli/check.rb
CHANGED
@@ -14,10 +14,10 @@ module MDQT
|
|
14
14
|
halt!("Cannot check a metadata file without XML support: please install additional gems") unless MDQT::Client.verification_available?
|
15
15
|
|
16
16
|
client = MDQT::Client.new(
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
17
|
+
service_url(options),
|
18
|
+
verbose: options.verbose,
|
19
|
+
explain: options.explain ? true : false,
|
20
|
+
)
|
21
21
|
|
22
22
|
cert_paths = options.verify_with ? extract_certificate_paths(options.verify_with) : []
|
23
23
|
|
@@ -29,8 +29,7 @@ module MDQT
|
|
29
29
|
halt!("Cannot access file #{filename}") unless file.readable?
|
30
30
|
|
31
31
|
halt!("XML validation failed for #{filename}:\n#{file.validation_error}") unless file.valid?
|
32
|
-
btw"File #{filename} is valid SAML Metadata XML"
|
33
|
-
|
32
|
+
btw "File #{filename} is valid SAML Metadata XML"
|
34
33
|
|
35
34
|
if options.verify_with
|
36
35
|
halt! "XML in #{filename} is not signed, cannot verify!" unless file.signed?
|
@@ -41,10 +40,8 @@ module MDQT
|
|
41
40
|
yay "#{filename} OK"
|
42
41
|
end
|
43
42
|
|
44
|
-
|
45
43
|
end
|
46
44
|
|
47
|
-
|
48
45
|
def verify_results(results)
|
49
46
|
|
50
47
|
# if options.validate
|
@@ -74,7 +71,6 @@ module MDQT
|
|
74
71
|
|
75
72
|
private
|
76
73
|
|
77
|
-
|
78
74
|
end
|
79
75
|
|
80
76
|
end
|