mdqt 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/codeql-analysis.yml +70 -0
- data/.github/workflows/ruby.yml +35 -0
- data/.gitignore +7 -0
- data/.ruby-version +1 -1
- data/.tool-versions +1 -0
- data/CHANGELOG.md +28 -0
- data/Gemfile +3 -1
- data/README.md +60 -10
- data/cucumber.yml +2 -0
- data/exe/mdqt +104 -7
- data/lib/mdqt/cli/base.rb +30 -3
- data/lib/mdqt/cli/cache_control.rb +25 -0
- data/lib/mdqt/cli/check.rb +5 -9
- data/lib/mdqt/cli/defaults.rb +33 -12
- data/lib/mdqt/cli/entities.rb +47 -0
- data/lib/mdqt/cli/exists.rb +0 -0
- data/lib/mdqt/cli/get.rb +8 -8
- data/lib/mdqt/cli/list.rb +65 -0
- data/lib/mdqt/cli/ln.rb +74 -0
- data/lib/mdqt/cli/ls.rb +52 -0
- data/lib/mdqt/cli/rename.rb +60 -0
- data/lib/mdqt/cli/services.rb +25 -0
- data/lib/mdqt/cli/url.rb +37 -0
- data/lib/mdqt/cli.rb +8 -1
- data/lib/mdqt/client/metadata_file.rb +55 -6
- data/lib/mdqt/client/metadata_response.rb +42 -3
- data/lib/mdqt/client/metadata_service.rb +38 -17
- data/lib/mdqt/client.rb +5 -0
- data/lib/mdqt/version.rb +1 -1
- data/mdqt.gemspec +17 -16
- metadata +65 -53
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c8731e9b40b397c638c8bb0e11acc9c954a8aaf940cd558683ff0e14df68a668
|
4
|
+
data.tar.gz: a009f1591877bb571ab8d1f967545dbc836b7f3953e267548433352a122bc449
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e802b9620268525cf5b4249c59e604ba5345e45805b15e9c57ed4daee38271712f4d8f9bc8213a2883c9ac39f8a303bbeaec1dd8eacc09f223a61aa4d6ae5b07
|
7
|
+
data.tar.gz: b37ed2ddf5e7a9212e4ab5f722a77b8c2fe0bde7e6e10c74203f7fe2b7c9863f873eb491e5fea0d121b2281e6955122d9f0d21c3d9d201c4c82c8743aa952067
|
@@ -0,0 +1,70 @@
|
|
1
|
+
# For most projects, this workflow file will not need changing; you simply need
|
2
|
+
# to commit it to your repository.
|
3
|
+
#
|
4
|
+
# You may wish to alter this file to override the set of languages analyzed,
|
5
|
+
# or to provide custom queries or build logic.
|
6
|
+
#
|
7
|
+
# ******** NOTE ********
|
8
|
+
# We have attempted to detect the languages in your repository. Please check
|
9
|
+
# the `language` matrix defined below to confirm you have the correct set of
|
10
|
+
# supported CodeQL languages.
|
11
|
+
#
|
12
|
+
name: "CodeQL"
|
13
|
+
|
14
|
+
on:
|
15
|
+
push:
|
16
|
+
branches: [ master ]
|
17
|
+
pull_request:
|
18
|
+
# The branches below must be a subset of the branches above
|
19
|
+
branches: [ master ]
|
20
|
+
schedule:
|
21
|
+
- cron: '17 4 * * 0'
|
22
|
+
|
23
|
+
jobs:
|
24
|
+
analyze:
|
25
|
+
name: Analyze
|
26
|
+
runs-on: ubuntu-latest
|
27
|
+
permissions:
|
28
|
+
actions: read
|
29
|
+
contents: read
|
30
|
+
security-events: write
|
31
|
+
|
32
|
+
strategy:
|
33
|
+
fail-fast: false
|
34
|
+
matrix:
|
35
|
+
language: [ 'ruby' ]
|
36
|
+
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
|
37
|
+
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
38
|
+
|
39
|
+
steps:
|
40
|
+
- name: Checkout repository
|
41
|
+
uses: actions/checkout@v2
|
42
|
+
|
43
|
+
# Initializes the CodeQL tools for scanning.
|
44
|
+
- name: Initialize CodeQL
|
45
|
+
uses: github/codeql-action/init@v1
|
46
|
+
with:
|
47
|
+
languages: ${{ matrix.language }}
|
48
|
+
# If you wish to specify custom queries, you can do so here or in a config file.
|
49
|
+
# By default, queries listed here will override any specified in a config file.
|
50
|
+
# Prefix the list here with "+" to use these queries and those in the config file.
|
51
|
+
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
52
|
+
|
53
|
+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
54
|
+
# If this step fails, then you should remove it and run the build manually (see below)
|
55
|
+
- name: Autobuild
|
56
|
+
uses: github/codeql-action/autobuild@v1
|
57
|
+
|
58
|
+
# ℹ️ Command-line programs to run using the OS shell.
|
59
|
+
# 📚 https://git.io/JvXDl
|
60
|
+
|
61
|
+
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
62
|
+
# and modify them (or add more) to build your code if your project
|
63
|
+
# uses a compiled language
|
64
|
+
|
65
|
+
#- run: |
|
66
|
+
# make bootstrap
|
67
|
+
# make release
|
68
|
+
|
69
|
+
- name: Perform CodeQL Analysis
|
70
|
+
uses: github/codeql-action/analyze@v1
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# This workflow uses actions that are not certified by GitHub.
|
2
|
+
# They are provided by a third-party and are governed by
|
3
|
+
# separate terms of service, privacy policy, and support
|
4
|
+
# documentation.
|
5
|
+
# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
|
6
|
+
# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
|
7
|
+
|
8
|
+
name: Ruby
|
9
|
+
|
10
|
+
on:
|
11
|
+
push:
|
12
|
+
branches: [ master ]
|
13
|
+
pull_request:
|
14
|
+
branches: [ master ]
|
15
|
+
|
16
|
+
jobs:
|
17
|
+
test:
|
18
|
+
|
19
|
+
runs-on: ubuntu-latest
|
20
|
+
strategy:
|
21
|
+
matrix:
|
22
|
+
ruby-version: ['2.6', '2.7', '3.0']
|
23
|
+
|
24
|
+
steps:
|
25
|
+
- uses: actions/checkout@v2
|
26
|
+
- name: Set up Ruby
|
27
|
+
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
28
|
+
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
29
|
+
# uses: ruby/setup-ruby@v1
|
30
|
+
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
31
|
+
with:
|
32
|
+
ruby-version: ${{ matrix.ruby-version }}
|
33
|
+
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
34
|
+
- name: Run tests
|
35
|
+
run: bundle exec rake
|
data/.gitignore
CHANGED
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.6.6
|
data/.tool-versions
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby 3.0.2
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,33 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## 0.5.0
|
4
|
+
|
5
|
+
### New Features
|
6
|
+
|
7
|
+
- New `entities` command extracts entity IDs and sha1 hashes from metadata files on disk
|
8
|
+
- New `ln` command will create symlinks to files using their sha1 hashes
|
9
|
+
- New `ls` command will list the entity IDs of metadata files
|
10
|
+
- New `list` command lists all entity IDs available from the MDQ service
|
11
|
+
- New `services` command shows known MDQ services and aliases
|
12
|
+
- New `rename` command renames metadata files to use their sha1 hash as a name
|
13
|
+
- New `url` command shows the full url for an entity at the MDQ service
|
14
|
+
|
15
|
+
### Improvements
|
16
|
+
|
17
|
+
- Known MDQ services can be specified using simple aliases as well as URLs
|
18
|
+
- Caching is now on by default
|
19
|
+
- `--refresh` options forces downloads and ignores cached data
|
20
|
+
- Cache is cleaned whenever `get` is used, to remove expired files
|
21
|
+
- Added default service details for DFN
|
22
|
+
- Tidier output when stopped with ctrl-c
|
23
|
+
|
24
|
+
### Fixes
|
25
|
+
|
26
|
+
- Compatible with Ruby 3
|
27
|
+
- Updated dependencies to latest versions
|
28
|
+
- Improved test reliability and added more tests
|
29
|
+
- Extended timeouts to better handle slow networks
|
30
|
+
|
3
31
|
## 0.4.0
|
4
32
|
|
5
33
|
### New Features
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -5,14 +5,21 @@
|
|
5
5
|
MDQT is small library and commandline tool to query MDQ services for SAML metadata.
|
6
6
|
You could do this with `curl` and `xmlsec1` but it's a little more convenient to use `mdqt` instead.
|
7
7
|
|
8
|
-
MDQ
|
8
|
+
MDQT also has features for managing local metadata files, to help when running an MDQ service or a Shibboleth IdP or SP.
|
9
|
+
|
10
|
+
MDQ currently provides these features:
|
9
11
|
|
10
12
|
- Downloading single entities, lists or aggregates
|
11
13
|
- Signature verification
|
12
14
|
- Validating metadata against SAML2 schema
|
13
15
|
- Saving metadata to disk
|
14
|
-
-
|
15
|
-
-
|
16
|
+
- Extracting entity IDs from both aggregate and individual metadata files
|
17
|
+
- Renaming metadata files to their entity ID sha1 hashes
|
18
|
+
- Creating sha1 hash symlinks to metadata files
|
19
|
+
- Listing the entity IDs of downloaded metadata files
|
20
|
+
- Showing the full URL of an entity
|
21
|
+
- Caching entity metadata and using Gzip compression
|
22
|
+
|
16
23
|
|
17
24
|
## MDQ?
|
18
25
|
|
@@ -34,7 +41,7 @@ To install system-wide on your default Ruby, use
|
|
34
41
|
|
35
42
|
$ sudo gem install mdqt
|
36
43
|
|
37
|
-
If using a per-user Ruby via `rbenv` or similar, you'll need
|
44
|
+
If using a per-user Ruby via `rbenv`, `asdf` or similar, you'll need
|
38
45
|
|
39
46
|
$ gem install mdqt
|
40
47
|
|
@@ -63,7 +70,7 @@ signature. Some MDQ services use unencrypted HTTP connections and rely
|
|
63
70
|
|
64
71
|
MDQT supports signature verification but requires a Ruby library called
|
65
72
|
Nokogiri to do the hard work. Nokogiri is fast and useful but can sometimes
|
66
|
-
be awkward to install for non-developers (it
|
73
|
+
be awkward to install for non-developers (it can sometimes require a C development
|
67
74
|
environment and various XML libraries). To make it easier to install a basic MDQT we've made
|
68
75
|
XML signature verification an optional feature.
|
69
76
|
|
@@ -102,6 +109,12 @@ service. Set `MDQT_SERVICE` or `MDQ_BASE_URL` to the base URL of your MDQ servic
|
|
102
109
|
Finally, if you don't specify an MDQ service with `--service` or `MDQT_SERVICE` then `mdqt` *might* be
|
103
110
|
able to guess your local NREN's MDQ service. Do not do this in production!
|
104
111
|
|
112
|
+
If an MDQ service is known to MDQT it can be selected using an alias:
|
113
|
+
|
114
|
+
$ mdqt get --service incommon http://entity.edu/shibboleth
|
115
|
+
|
116
|
+
You can see known services and their aliases using `mdqt services`
|
117
|
+
|
105
118
|
### Downloading entity metadata
|
106
119
|
|
107
120
|
Downloading entity metadata to STDOUT:
|
@@ -114,6 +127,8 @@ Using the sha1 hashed version of entity IDs requires quotes or escaping in some
|
|
114
127
|
|
115
128
|
$ mdqt get \{sha1\}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
|
116
129
|
|
130
|
+
$ mdqt get [sha1]52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
|
131
|
+
|
117
132
|
Requesting all metadata from an MDQ endpoint is done by specifying `--all`:
|
118
133
|
|
119
134
|
$ mdqt get --all
|
@@ -127,6 +142,10 @@ directory.
|
|
127
142
|
|
128
143
|
$ mdqt get --cache --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
129
144
|
|
145
|
+
Caching is now on by default. To force a single command to *not* use the cache, include `--reset`
|
146
|
+
|
147
|
+
$ mdqt get --reset --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
148
|
+
|
130
149
|
You can clear the cache by using the `reset` command:
|
131
150
|
|
132
151
|
$ mdqt reset
|
@@ -170,7 +189,7 @@ MDQT also offers the `--save-to` option to write all metadata into a directory
|
|
170
189
|
|
171
190
|
$ mdqt get http://entity.ac.uk/shibboleth --save-to metadata_directory
|
172
191
|
|
173
|
-
The
|
192
|
+
The `--save-to` option requires a directory to be specified. All files will be saved
|
174
193
|
with a name based on their transformed identifier (sha1 hash) such as
|
175
194
|
`77603e0cbda1e00d50373ca8ca20a375f5d1f171.xml`
|
176
195
|
|
@@ -178,10 +197,10 @@ By adding the `--link-id' flag alternative filenames will be linked to the
|
|
178
197
|
original file (this is currently a little experimental) to make it easier
|
179
198
|
to look up the correct file using other identifiers.
|
180
199
|
|
181
|
-
### Other
|
200
|
+
### Other Features
|
182
201
|
|
183
202
|
For more information about current settings, download results, and so on, add
|
184
|
-
`--verbose` to commands
|
203
|
+
`--verbose` to commands:
|
185
204
|
|
186
205
|
$mdqt get --verbose http://entity.ac.uk/shibboleth
|
187
206
|
|
@@ -195,11 +214,42 @@ To see more details of what is being sent and received by a `get` command add th
|
|
195
214
|
|
196
215
|
$ mdqt get --explain --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
197
216
|
|
198
|
-
MDQT will then show a table of sent and
|
217
|
+
MDQT will then show a table of sent and received headers which may be useful when debugging servers.
|
218
|
+
|
219
|
+
To extract a list of all entity IDs from a file:
|
220
|
+
|
221
|
+
$ mdqt entities metadata.xml
|
222
|
+
|
223
|
+
$ mdqt entities --sha1 metadata.xml
|
224
|
+
|
225
|
+
To create sha1 symlinks to a metadata file:
|
226
|
+
|
227
|
+
$ mdqt ln example_idp.xml
|
228
|
+
|
229
|
+
To rename a file to its entity ID sha1 has:
|
230
|
+
|
231
|
+
$ mdqt rename example_idp.xml
|
232
|
+
|
233
|
+
To list the entity IDs of files in a directory:
|
234
|
+
|
235
|
+
$ mdqt ls
|
236
|
+
|
237
|
+
To list all entities available at an MDQ service:
|
238
|
+
|
239
|
+
$ mdqt list
|
240
|
+
|
241
|
+
To show the MDQ services known to MDQT, and their aliases:
|
242
|
+
|
243
|
+
$ mdqt services
|
244
|
+
|
245
|
+
To show the full MDQ URL of an entity
|
246
|
+
|
247
|
+
$ mdqt url http://entity.ac.uk/shibboleth
|
248
|
+
|
199
249
|
|
200
250
|
## Library Usage
|
201
251
|
|
202
|
-
Please don't! This gem is
|
252
|
+
Please don't! This gem is early in development and the API is not stable. Later
|
203
253
|
releases of this gem will provide a simple library to use in other Ruby applications.
|
204
254
|
|
205
255
|
## Development
|
data/cucumber.yml
ADDED
data/exe/mdqt
CHANGED
@@ -5,12 +5,17 @@ require 'mdqt/version'
|
|
5
5
|
|
6
6
|
require 'commander'
|
7
7
|
|
8
|
+
Signal.trap('SIGINT') do
|
9
|
+
puts 'Received signal, halting'
|
10
|
+
exit 1
|
11
|
+
end
|
12
|
+
|
8
13
|
Commander.configure do
|
9
14
|
program :name, 'mdqt'
|
10
15
|
program :version, MDQT::VERSION
|
11
16
|
program :description, 'MDQ SAML metadata client'
|
12
17
|
|
13
|
-
global_option '--verbose'
|
18
|
+
#global_option '--verbose'
|
14
19
|
|
15
20
|
default_command :help
|
16
21
|
|
@@ -19,7 +24,7 @@ Commander.configure do
|
|
19
24
|
c.description = 'Show version of MDQT'
|
20
25
|
c.action do |args, options|
|
21
26
|
options.default MDQT::CLI::Defaults.cli_defaults
|
22
|
-
options.default({service: :not_required })
|
27
|
+
options.default({ service: :not_required })
|
23
28
|
MDQT::CLI::Version.run(args, options)
|
24
29
|
end
|
25
30
|
end
|
@@ -28,7 +33,8 @@ Commander.configure do
|
|
28
33
|
c.syntax = 'mdqt get [options] entityidentifier '
|
29
34
|
c.description = 'Download one entity record or an aggregate of entity records'
|
30
35
|
c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
|
31
|
-
c.option '--cache', "Cache downloads and try to fetch from cache where appropriate"
|
36
|
+
c.option '--cache', "Cache downloads and try to fetch from cache where appropriate (deprecated)"
|
37
|
+
c.option '--refresh', "Never cache (will prevent --cache)"
|
32
38
|
c.option '--verify-with PATHS', Array, 'Validate downloads using specified certificates'
|
33
39
|
c.option '--validate', 'Validate downloaded metadata against SAML2 schema (not normally needed)'
|
34
40
|
#c.option '--stdin', 'accept one or more entity ids from STDIN'
|
@@ -37,9 +43,10 @@ Commander.configure do
|
|
37
43
|
c.option '--tls-risky', "Don't check certificate used for TLS (usually a bad idea)"
|
38
44
|
c.option '--save-to PATH', String, 'Write all data to files in the specified directory'
|
39
45
|
c.option '--link-id', 'If saving files, save files with aliases (requires `--save-to`)'
|
46
|
+
c.option '--verbose', 'Display extra information on stderr'
|
40
47
|
c.action do |args, options|
|
41
48
|
options.default MDQT::CLI::Defaults.cli_defaults
|
42
|
-
options.default({service: MDQT::CLI::Defaults.base_url }) if options.service.
|
49
|
+
options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
|
43
50
|
MDQT::CLI::Get.run(args, options)
|
44
51
|
end
|
45
52
|
end
|
@@ -47,9 +54,10 @@ Commander.configure do
|
|
47
54
|
command :reset do |c|
|
48
55
|
c.syntax = 'mdqt reset'
|
49
56
|
c.description = 'Delete all cached data'
|
57
|
+
c.option '--verbose', 'Display extra information on stderr'
|
50
58
|
c.action do |args, options|
|
51
59
|
options.default MDQT::CLI::Defaults.cli_defaults
|
52
|
-
options.default({service: :not_required })
|
60
|
+
options.default({ service: :not_required })
|
53
61
|
MDQT::CLI::Reset.run(args, options)
|
54
62
|
end
|
55
63
|
end
|
@@ -57,9 +65,10 @@ Commander.configure do
|
|
57
65
|
command :transform do |c|
|
58
66
|
c.syntax = 'mdqt transform ENTITYIDS'
|
59
67
|
c.description = 'Show transformed entity IDs'
|
68
|
+
c.option '--verbose', 'Display extra information on stderr'
|
60
69
|
c.action do |args, options|
|
61
70
|
options.default MDQT::CLI::Defaults.cli_defaults
|
62
|
-
options.default({service: :not_required })
|
71
|
+
options.default({ service: :not_required })
|
63
72
|
MDQT::CLI::Transform.run(args, options)
|
64
73
|
end
|
65
74
|
end
|
@@ -67,13 +76,101 @@ Commander.configure do
|
|
67
76
|
command :check do |c|
|
68
77
|
c.syntax = 'mdqt check XML_FILENAME CERTIFICATE_FILENAME'
|
69
78
|
c.description = 'Validate XML and check signatures'
|
79
|
+
c.option '--verbose', 'Display extra information on stderr'
|
70
80
|
c.option '--verify-with PATHS', Array, 'Validate file using specified certificates'
|
71
81
|
c.action do |args, options|
|
72
82
|
options.default MDQT::CLI::Defaults.cli_defaults
|
73
|
-
options.default({service: :not_required, validate: true })
|
83
|
+
options.default({ service: :not_required, validate: true })
|
74
84
|
MDQT::CLI::Check.run(args, options)
|
75
85
|
end
|
76
86
|
end
|
77
87
|
|
88
|
+
command :entities do |c|
|
89
|
+
c.syntax = 'mdqt entities XML_FILENAME'
|
90
|
+
c.description = 'Extract entity IDs from a metadata file'
|
91
|
+
c.option '--sha1', 'include the sha1 hash for each entity ID'
|
92
|
+
c.action do |args, options|
|
93
|
+
args = Dir.glob("*.xml") unless args && !args.empty?
|
94
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
95
|
+
options.default({ service: :not_required })
|
96
|
+
MDQT::CLI::Entities.run(args, options)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
command :ln do |c|
|
101
|
+
c.syntax = 'mdqt ln XML_FILENAME'
|
102
|
+
c.description = 'Create a soft link to the file using an sha1 hash of the entityID'
|
103
|
+
c.option '--force', 'Overwrite any existing links'
|
104
|
+
c.option '--verbose', 'Display extra information on stderr'
|
105
|
+
c.action do |args, options|
|
106
|
+
args = Dir.glob("*.xml") unless args && !args.empty?
|
107
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
108
|
+
options.default({ service: :not_required })
|
109
|
+
MDQT::CLI::Ln.run(args, options)
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
command :ls do |c|
|
114
|
+
c.syntax = 'mdqt ls XML_FILENAME/DIRECTORY'
|
115
|
+
c.description = 'List valid metadata files in directory'
|
116
|
+
c.option '--verbose', 'Display extra information on stderr'
|
117
|
+
c.action do |args, options|
|
118
|
+
args = Dir.glob("*.xml") unless args && !args.empty?
|
119
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
120
|
+
options.default({ service: :not_required })
|
121
|
+
MDQT::CLI::Ls.run(args, options)
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
command :list do |c|
|
126
|
+
c.syntax = 'mdqt list [options]'
|
127
|
+
c.description = 'List entities available at the MDQ service'
|
128
|
+
c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
|
129
|
+
c.option '--cache', "Cache downloads and try to fetch from cache where appropriate (deprecated)"
|
130
|
+
c.option '--refresh', "Never cache (will prevent --cache)"
|
131
|
+
#c.option '--stdin', 'accept one or more entity ids from STDIN'
|
132
|
+
c.option '--verbose', 'Display extra information on stderr'
|
133
|
+
c.action do |args, options|
|
134
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
135
|
+
options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
|
136
|
+
MDQT::CLI::List.run(args, options)
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
command :services do |c|
|
141
|
+
c.syntax = 'mdqt services'
|
142
|
+
c.description = 'List URLs and aliases for known MDQ services'
|
143
|
+
c.action do |args, options|
|
144
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
145
|
+
options.default({ service: :not_required })
|
146
|
+
MDQT::CLI::Services.run(args, options)
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
command :rename do |c|
|
151
|
+
c.syntax = 'mdqt rename XML_FILENAME'
|
152
|
+
c.description = 'Rename a file using the sha1 hash of its entityID'
|
153
|
+
c.option '--force', 'Overwrite any existing files with that name'
|
154
|
+
c.option '--verbose', 'Display extra information on stderr'
|
155
|
+
c.action do |args, options|
|
156
|
+
args = Dir.glob("*.xml") unless args && !args.empty?
|
157
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
158
|
+
options.default({ service: :not_required })
|
159
|
+
MDQT::CLI::Rename.run(args, options)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
command :url do |c|
|
164
|
+
c.syntax = 'mdqt url ENTITYIDS'
|
165
|
+
c.description = 'List URLs for each entity ID at the MDQ service'
|
166
|
+
c.option '--verbose', 'Display extra information on stderr'
|
167
|
+
c.option '--service URL', String, 'MDQ service to search for entities. Defaults to MDQT_SERVICE or MDQ_BASE_URL env variables'
|
168
|
+
c.action do |args, options|
|
169
|
+
options.default MDQT::CLI::Defaults.cli_defaults
|
170
|
+
options.default({ service: MDQT::CLI::Defaults.base_url }) if options.service.to_s == ''
|
171
|
+
MDQT::CLI::URL.run(args, options)
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
78
175
|
end
|
79
176
|
|
data/lib/mdqt/cli/base.rb
CHANGED
@@ -18,7 +18,11 @@ module MDQT
|
|
18
18
|
end
|
19
19
|
|
20
20
|
def self.check_requirements(args, options)
|
21
|
-
|
21
|
+
|
22
|
+
unless options.service == :not_required
|
23
|
+
abort "No MDQ service URL has been specified. Please use --service, MDQT_SERVICE or MDQ_BASE_URL" unless service_url(options).to_s.start_with?("http")
|
24
|
+
end
|
25
|
+
|
22
26
|
if options.save_to
|
23
27
|
dir = options.save_to
|
24
28
|
begin
|
@@ -35,8 +39,8 @@ module MDQT
|
|
35
39
|
def self.introduce(args, options)
|
36
40
|
if options.verbose
|
37
41
|
STDERR.puts "MDQT version #{MDQT::VERSION}"
|
38
|
-
STDERR.puts "Using #{options
|
39
|
-
STDERR.puts "Caching is #{options
|
42
|
+
STDERR.puts "Using #{service_url(options)}" unless options.service == :not_required
|
43
|
+
STDERR.puts "Caching is #{MDQT::CLI::CacheControl.caching_on?(options) ? 'on' : 'off'}"
|
40
44
|
STDERR.print "XML validation is #{MDQT::Client.verification_available? ? 'available' : 'not available'}"
|
41
45
|
STDERR.puts " #{options.validate ? "and active" : "but inactive"} for this request" if MDQT::Client.verification_available?
|
42
46
|
STDERR.print "Signature verification is #{MDQT::Client.verification_available? ? 'available' : 'not available'}"
|
@@ -81,6 +85,24 @@ module MDQT
|
|
81
85
|
@options
|
82
86
|
end
|
83
87
|
|
88
|
+
def self.service_url(options)
|
89
|
+
|
90
|
+
return nil if options.service == :not_required
|
91
|
+
|
92
|
+
choice = options.service.to_s.strip
|
93
|
+
|
94
|
+
if choice.downcase.start_with? "http"
|
95
|
+
choice
|
96
|
+
else
|
97
|
+
Defaults.lookup_service_alias(choice)
|
98
|
+
end
|
99
|
+
|
100
|
+
end
|
101
|
+
|
102
|
+
def service_url(options)
|
103
|
+
self.class.service_url(options)
|
104
|
+
end
|
105
|
+
|
84
106
|
def output(response)
|
85
107
|
if response.ok?
|
86
108
|
yay response.message
|
@@ -131,6 +153,10 @@ module MDQT
|
|
131
153
|
@pastel ||= Pastel.new
|
132
154
|
end
|
133
155
|
|
156
|
+
def say(text)
|
157
|
+
STDOUT.puts(text)
|
158
|
+
end
|
159
|
+
|
134
160
|
def hey(comment)
|
135
161
|
STDERR.puts(comment)
|
136
162
|
end
|
@@ -146,6 +172,7 @@ module MDQT
|
|
146
172
|
def halt!(comment)
|
147
173
|
abort pastel.red("Error: #{comment}")
|
148
174
|
end
|
175
|
+
|
149
176
|
def run
|
150
177
|
halt! "No action has been defined for this command!"
|
151
178
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module MDQT
|
2
|
+
class CLI
|
3
|
+
|
4
|
+
class CacheControl
|
5
|
+
|
6
|
+
class << self
|
7
|
+
|
8
|
+
def caching_on?(options)
|
9
|
+
return false if cache_type(options) == :none
|
10
|
+
true
|
11
|
+
end
|
12
|
+
|
13
|
+
def cache_type(options)
|
14
|
+
return :none if options.refresh
|
15
|
+
return :memcache if options.cache && options.memcache
|
16
|
+
return :file if options.cache
|
17
|
+
:none
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
data/lib/mdqt/cli/check.rb
CHANGED
@@ -14,10 +14,10 @@ module MDQT
|
|
14
14
|
halt!("Cannot check a metadata file without XML support: please install additional gems") unless MDQT::Client.verification_available?
|
15
15
|
|
16
16
|
client = MDQT::Client.new(
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
17
|
+
service_url(options),
|
18
|
+
verbose: options.verbose,
|
19
|
+
explain: options.explain ? true : false,
|
20
|
+
)
|
21
21
|
|
22
22
|
cert_paths = options.verify_with ? extract_certificate_paths(options.verify_with) : []
|
23
23
|
|
@@ -29,8 +29,7 @@ module MDQT
|
|
29
29
|
halt!("Cannot access file #{filename}") unless file.readable?
|
30
30
|
|
31
31
|
halt!("XML validation failed for #{filename}:\n#{file.validation_error}") unless file.valid?
|
32
|
-
btw"File #{filename} is valid SAML Metadata XML"
|
33
|
-
|
32
|
+
btw "File #{filename} is valid SAML Metadata XML"
|
34
33
|
|
35
34
|
if options.verify_with
|
36
35
|
halt! "XML in #{filename} is not signed, cannot verify!" unless file.signed?
|
@@ -41,10 +40,8 @@ module MDQT
|
|
41
40
|
yay "#{filename} OK"
|
42
41
|
end
|
43
42
|
|
44
|
-
|
45
43
|
end
|
46
44
|
|
47
|
-
|
48
45
|
def verify_results(results)
|
49
46
|
|
50
47
|
# if options.validate
|
@@ -74,7 +71,6 @@ module MDQT
|
|
74
71
|
|
75
72
|
private
|
76
73
|
|
77
|
-
|
78
74
|
end
|
79
75
|
|
80
76
|
end
|