saml-kit-cli 0.3.6 → 0.3.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 59de9eccceb5455e9c5401acc901fff8bf7633510cf5516f92cbeecce0cd2677
-  data.tar.gz: c76817df6dbbf92c25c4e7af6d0d15d20797a6286d3c718eec4db0f06654235a
+  metadata.gz: cdac1443e0096b2397693cdf4e7123a71966d68652ca19526ea4ff3f0a2ed124
+  data.tar.gz: eb10198f4f8a26aa64260f487a6c6c2c8acf7ad86d647a33fbb24175be9b16a6
 SHA512:
-  metadata.gz: 63d5998c035e2a4a81e3b58f41f01801f83904c3984f81ef73e786010eac4191955e5164ff1ee927f97865933646d6737d4bfdaec5e054a6b9d72aac765b0898
-  data.tar.gz: 430fc05192cfefaaa5ed58e8c5ce335dd14007b9049c77b595340a35bb9c5eb0885aac47a09639522cfb695d28b5c14b0ee2a477e5ac4ea2639b26bcf4f28293
+  metadata.gz: 6c929b7db445f1bc2958d87a927fb05835562a516d7d118c4616d7435ab926fc9dc726fba6056f32c92b6771409d52af1ff7164057e81810b8ddaaf4b35d3950
+  data.tar.gz: 460ea4637be3c0af9676b5ad97ef84ec4c0c57ff923671f5eef080fd1787e38743afdd88b9563bc5a33f6eabb1ae9f9e602ebb2ff4dd5e88046852b26f273c39

data/.gitlab-ci.yml

@@ -0,0 +1,15 @@
+image: ruby:2.2
+
+before_script:
+  - apt-get update && apt-get install -y locales
+  - echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
+  - locale-gen
+  - export LC_ALL=en_US.UTF-8
+
+rspec:
+  script:
+    - bin/cibuild
+
+lint:
+  script:
+    - bin/lint

data/.rubocop.yml

@@ -0,0 +1,81 @@
+require:
+  - rubocop/cop/internal_affairs
+  - rubocop-rspec
+
+AllCops:
+  Exclude:
+    - 'coverage/**/*'
+    - 'pkg/**/*'
+    - 'spec/fixtures/**/*'
+    - 'tmp/**/*'
+    - 'vendor/**/*'
+  TargetRubyVersion: 2.2
+
+Layout/ClassStructure:
+  Enabled: true
+  Categories:
+    module_inclusion:
+      - include
+      - prepend
+      - extend
+  ExpectedOrder:
+      - module_inclusion
+      - constants
+      - public_class_methods
+      - initializer
+      - instance_methods
+      - protected_methods
+      - private_methods
+
+Layout/EndOfLine:
+  EnforcedStyle: lf
+
+Layout/IndentArray:
+  EnforcedStyle: consistent
+
+Layout/IndentHeredoc:
+  EnforcedStyle: active_support
+
+Lint/AmbiguousBlockAssociation:
+  Exclude:
+    - 'spec/**/*.rb'
+
+Lint/InterpolationCheck:
+  Exclude:
+    - 'spec/**/*.rb'
+
+Metrics/BlockLength:
+  Exclude:
+    - '**/*.rake'
+    - '*.gemspec'
+    - 'Rakefile'
+    - 'spec/**/*.rb'
+
+Metrics/ModuleLength:
+  Exclude:
+    - 'spec/**/*.rb'
+
+Metrics/LineLength:
+  Exclude:
+    - 'spec/**/*.rb'
+
+Style/Documentation:
+  Enabled: false
+
+Style/EachWithObject:
+  Enabled: false
+
+Style/StringLiterals:
+  EnforcedStyle: 'single_quotes'
+
+Style/TrailingCommaInArrayLiteral:
+  Enabled: false
+
+Style/TrailingCommaInHashLiteral:
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Enabled: false
+
+RSpec/NamedSubject:
+  Enabled: false

data/.travis.yml

@@ -1,5 +1,11 @@
 sudo: false
 language: ruby
+cache: bundler
 rvm:
+  - 2.2.9
+  - 2.3.6
+  - 2.4.3
   - 2.5.0
-before_install: gem install bundler -v 1.16.1
+script:
+  - bin/cibuild
+  - bin/lint

data/Gemfile

@@ -1,6 +1,8 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
 
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
 # Specify your gem's dependencies in saml-kit-cli.gemspec
 gemspec

data/README.md

@@ -1,38 +1,35 @@
 # Saml::Kit::Cli
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/saml/kit/cli`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+[![Build Status](https://travis-ci.org/saml-kit/saml-kit-cli.svg?branch=master)](https://travis-ci.org/saml-kit/saml-kit-cli)
+[![Maintainability](https://api.codeclimate.com/v1/badges/f303b0bfa878d7b81722/maintainability)](https://codeclimate.com/github/saml-kit/saml-kit-cli/maintainability)
+[![Security](https://hakiri.io/github/saml-kit/saml-kit-cli/master.svg)](https://hakiri.io/github/saml-kit/saml-kit-cli/master)
 
 ## Installation
 
-Add this line to your application's Gemfile:
-
 ```ruby
-gem 'saml-kit-cli'
+gem install 'saml-kit-cli'
 ```
 
-And then execute:
-
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install saml-kit-cli
-
 ## Usage
 
-TODO: Write usage instructions here
+```bash
+も saml-kit
+Commands:
+  saml-kit certificate SUBCOMMAND ...ARGS  # Work with SAML Certificates.
+  saml-kit decode SUBCOMMAND ...ARGS       # decode SAMLRequest/SAMLResponse.
+  saml-kit help [COMMAND]                  # Describe available commands or one specific command
+  saml-kit metadata SUBCOMMAND ...ARGS     # Work with SAML Metadata.
+  saml-kit version                         # Display the current version
+  saml-kit xmldsig SUBCOMMAND ...ARGS      # Check XML digital signatures.
+```
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
-
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/saml-kit-cli.
+Bug reports and pull requests are welcome on GitHub at https://github.com/saml-kit/saml-kit-cli.
 
 ## License
 

data/Rakefile

@@ -1,6 +1,13 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+require 'bundler/audit/task'
 
 RSpec::Core::RakeTask.new(:spec)
+RuboCop::RakeTask.new(:rubocop)
+Bundler::Audit::Task.new
 
-task :default => :spec
+task lint: [:rubocop, 'bundle:audit']
+task default: :spec

data/bin/cibuild

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# script/cibuild: Setup environment for CI to run tests. This is primarily
+#                 designed to run on the continuous integration server.
+
+set -e
+
+cd "$(dirname "$0")/.."
+
+echo [$(date "+%H:%M:%S")] "==> Started at…"
+
+# GC customizations
+export RUBY_GC_MALLOC_LIMIT=79000000
+export RUBY_GC_HEAP_INIT_SLOTS=800000
+export RUBY_HEAP_FREE_MIN=100000
+export RUBY_HEAP_SLOTS_INCREMENT=400000
+export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1
+
+ruby -v
+gem install bundler --no-ri --no-rdoc --conservative
+bin/test

data/bin/console

@@ -1,7 +1,8 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "bundler/setup"
-require "saml/kit/cli"
+require 'bundler/setup'
+require 'saml/kit/cli'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +11,5 @@ require "saml/kit/cli"
 # require "pry"
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start(__FILE__)

data/bin/lint

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+[ -z "$DEBUG" ] || set -x
+
+echo [$(date "+%H:%M:%S")] "==> Running setup…"
+bin/setup
+
+echo [$(date "+%H:%M:%S")] "==> Running linters…"
+bundle exec rake lint

data/bin/test

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# script/test: Run test suite for application. Optionally pass in a path to an
+#              individual test file to run a single test.
+
+
+set -e
+
+cd "$(dirname "$0")/.."
+
+[ -z "$DEBUG" ] || set -x
+
+echo [$(date "+%H:%M:%S")] "==> Running setup…"
+bin/setup
+
+echo [$(date "+%H:%M:%S")] "==> Running tests…"
+bundle exec rake spec

data/exe/saml-kit

@@ -1,10 +1,11 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "saml/kit/cli"
+require 'saml/kit/cli'
 
-samlkitrc = ENV.fetch("SAMLKITRC", File.join(Dir.home, ".samlkitrc"))
+samlkitrc = ENV.fetch('SAMLKITRC', File.join(Dir.home, '.samlkitrc'))
 Saml::Kit.configure do |configuration|
-  configuration.entity_id = ENV.fetch('ENTITY_ID', `hostname`.chomp)
+  configuration.entity_id = ENV.fetch('ENTITY_ID', Socket.gethostname.chomp)
   configuration.registry = Saml::Kit::Cli::YamlRegistry.new(samlkitrc)
   configuration.logger.level = Logger::FATAL
 end

data/lib/saml/kit/cli/certificate_report.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Saml
+  module Kit
+    module Cli
+      class CertificateReport
+        HEADER = [
+          'Subject', 'Issuer', 'Serial',
+          'Not Before', 'Not After', 'Fingerprint'
+        ].freeze
+        attr_reader :certificate, :x509
+
+        def initialize(raw)
+          @certificate = ::Xml::Kit::Certificate.new(raw, use: :unknown)
+          @x509 = @certificate.x509
+        end
+
+        def print(shell)
+          shell.print_table([HEADER, body])
+          shell.say(x509.to_text, :green)
+        end
+
+        private
+
+        def fingerprint
+          certificate.fingerprint
+        end
+
+        def body
+          [
+            x509.subject, x509.issuer, x509.serial,
+            x509.not_before, x509.not_after, fingerprint
+          ]
+        end
+      end
+    end
+  end
+end

data/lib/saml/kit/cli/commands/certificate.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Saml
+  module Kit
+    module Cli
+      module Commands
+        class Certificate < Thor
+          desc 'keypair', 'Create a key pair using a self signed certificate.'
+          method_option(
+            :format,
+            default: 'pem',
+            required: false,
+            enum: %w[pem env]
+          )
+          method_option :passphrase, default: nil, required: false
+          def keypair
+            GenerateKeyPair.new(
+              passphrase: options[:passphrase],
+              format: options[:format]
+            ).run(self)
+          end
+
+          desc 'dump', 'Dump the details of a X509 Certificate.'
+          def dump(raw)
+            CertificateReport.new(raw).print(self)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/saml/kit/cli/commands/decode.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Saml
+  module Kit
+    module Cli
+      module Commands
+        class Decode < Thor
+          desc 'redirect uri', 'Decodes the uri using the HTTP Redirect binding'
+          method_option :export, default: nil, required: false
+          def redirect(uri)
+            print_report_for(redirect_binding.deserialize(uri))
+          rescue StandardError => error
+            say error.message, :red
+          end
+
+          desc(
+            'post saml',
+            'Decodes the SAMLRequest/SAMLResponse using the HTTP Post binding'
+          )
+          method_option :export, default: nil, required: false
+          def post(saml)
+            print_report_for(post_binding.deserialize('SAMLRequest' => saml))
+          rescue StandardError => error
+            say error.message, :red
+          end
+
+          desc 'raw <file>', 'Decode the contents of a decoded file'
+          def raw(file)
+            content = IO.read(File.expand_path(file))
+            print_report_for(Document.to_saml_document(content))
+          rescue StandardError => error
+            say error.message, :red
+          end
+
+          private
+
+          def print_report_for(document, export = options[:export])
+            IO.write(export, document.to_xml) if export
+            2.times { say '' }
+            Report.new(document).print(self)
+          end
+
+          def post_binding(location = '')
+            Saml::Kit::Bindings::HttpPost.new(location: location)
+          end
+
+          def redirect_binding(location = '')
+            Saml::Kit::Bindings::HttpRedirect.new(location: location)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/saml/kit/cli/commands/metadata.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Saml
+  module Kit
+    module Cli
+      module Commands
+        class Metadata < Thor
+          desc 'register url', 'Registers the Metadata from the remote url.'
+          def register(url)
+            say registry.register_url(url).to_xml(pretty: true), :green
+          end
+
+          desc 'list', "List each of the registered entityId's"
+          def list
+            if registry.count.zero?
+              say('Register metadata using `saml-kit metadata register <url>`')
+            end
+            registry.each do |x|
+              say x.entity_id, :green
+            end
+          end
+
+          desc 'show entity_id', 'show the metadata associated with an entityId'
+          def show(entity_id)
+            metadata = registry.metadata_for(entity_id)
+            if metadata
+              Report.new(metadata).print(self)
+            else
+              say "`#{entity_id}` is not registered", :red
+            end
+          end
+
+          private
+
+          def registry
+            Saml::Kit.registry
+          end
+        end
+      end
+    end
+  end
+end

data/lib/saml/kit/cli/commands/xml_digital_signature.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Saml
+  module Kit
+    module Cli
+      module Commands
+        class XmlDigitalSignature < Thor
+          desc(
+            'verify file',
+            'Verify if the contents of a file has a valid signature.'
+          )
+          method_option(
+            :format,
+            default: 'short',
+            required: false,
+            enum: %w[short full]
+          )
+          def verify(file)
+            report = SignatureReport.new(file, format: options[:format])
+            report.print(self)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/saml/kit/cli/commands.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+require 'saml/kit/cli/commands/certificate'
+require 'saml/kit/cli/commands/decode'
+require 'saml/kit/cli/commands/metadata'
+require 'saml/kit/cli/commands/xml_digital_signature'

data/lib/saml/kit/cli/generate_key_pair.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Saml
+  module Kit
+    module Cli
+      class GenerateKeyPair
+        attr_reader :passphrase, :format
+
+        def initialize(passphrase:, format:)
+          @passphrase = passphrase
+          @format = format
+        end
+
+        def run(shell)
+          certificate, private_key = generate
+          if pem?
+            shell.say certificate
+            shell.say private_key
+          else
+            shell.say 'X509_CERTIFICATE=' + certificate.inspect
+            shell.say 'PRIVATE_KEY=' + private_key.inspect
+          end
+          shell.say 'Private Key Passphrase:', :green
+          shell.say passphrase.inspect
+        end
+
+        private
+
+        def generate
+          generator = ::Xml::Kit::SelfSignedCertificate.new
+          generator.create(passphrase: passphrase)
+        end
+
+        def pem?
+          format == 'pem'
+        end
+      end
+    end
+  end
+end

data/lib/saml/kit/cli/report.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Saml
   module Kit
     module Cli
@@ -9,102 +11,30 @@ module Saml
         end
 
         def print(shell)
-          shell.say_status :success, "Decoded #{document.send(:name)}"
-          shell.print_table build_table_for(document)
-          shell.say ""
-          if document.signature.present? && document.signature.certificate.present?
-            shell.say(document.signature.certificate.x509.to_text)
-          end
-          shell.say ""
-          shell.say document.to_xml(pretty: true), :green
-          shell.say ""
-          document.errors.full_messages.each do |error|
-            shell.say_status :error, error, :red
-          end
+          shell.say_status status, "Decoded #{document.send(:name)}"
+          shell.print_table document.build_table
+          print_signature(document.signature, shell)
+          print_xml(shell)
+          print_errors(document.errors.full_messages, shell)
         end
 
         private
 
-        def truncate(text, max: 50)
-          if text.length >= max
-            "#{text[0..max]}..."
-          else
-            text
-          end
+        def status
+          document.is_a?(Saml::Kit::InvalidDocument) ? :error : :sucess
+        end
+
+        def print_errors(errors, shell)
+          errors.each { |x| shell.say_status :error, x, :red }
         end
 
-        def build_table_for(document)
-          table = [ ]
-          case document
-          when Saml::Kit::Document
-            table.push(['ID', document.id])
-            table.push(['Issuer', document.issuer])
-            table.push(['Version', document.version])
-            table.push(['Issue Instant', document.issue_instant.iso8601])
-            table.push(['Type', document.send(:name)])
-            table.push(['Valid', document.valid?])
-            table.push(['Signed?', !!document.signed?])
-            table.push(['Trusted?', !!document.trusted?])
-          when Saml::Kit::Metadata
-            table.push(['Entity Id', document.entity_id])
-            table.push(['Type', document.send(:name)])
-            table.push(['Valid', document.valid?])
-            table.push(['Name Id Formats', document.name_id_formats.inspect])
-            table.push(['Organization', document.organization_name])
-            table.push(['Url', document.organization_url])
-            table.push(['Contact', document.contact_person_company])
-            [
-              'SingleSignOnService',
-              'SingleLogoutService',
-              'AssertionConsumerService'
-            ].each do |type|
-              document.services(type).each do |service|
-                table.push([type, [service.location, service.binding]])
-              end
-            end
-            document.certificates.each do |certificate|
-              table.push(['', certificate.x509.to_text])
-            end
-          end
-          if document.signature.present?
-            signature = document.signature
-            table.push(['Digest Value', signature.digest_value])
-            table.push(['Expected Digest Value', signature.expected_digest_value])
-            table.push(['Digest Method', signature.digest_method])
-            table.push(['Signature Value', truncate(signature.signature_value)])
-            table.push(['Signature Method', signature.signature_method])
-            table.push(['Canonicalization Method', signature.canonicalization_method])
-            table.push(['', signature.certificate.x509.to_text])
-          end
-          case document
-          when Saml::Kit::AuthenticationRequest
-            table.push(['ACS', document.assertion_consumer_service_url])
-            table.push(['Name Id Format', document.name_id_format])
-          when Saml::Kit::LogoutRequest
-            table.push(['Name Id', document.name_id])
-          when Saml::Kit::Response
-            table.push(['Assertion Present?', document.assertion.present?])
-            table.push(['Issuer', document.assertion.issuer])
-            table.push(['Name Id', document.assertion.name_id])
-            table.push(['Signed?', !!document.assertion.signed?])
-            table.push(['Attributes', document.assertion.attributes.inspect])
-            table.push(['Not Before', document.assertion.started_at])
-            table.push(['Not After', document.assertion.expired_at])
-            table.push(['Audiences', document.assertion.audiences.inspect])
-            table.push(['Encrypted?', document.assertion.encrypted?])
-            table.push(['Decryptable', document.assertion.decryptable?])
-            if document.assertion.present?
-              signature = document.assertion.signature
-              table.push(['Digest Value', signature.digest_value])
-              table.push(['Expected Digest Value', signature.expected_digest_value])
-              table.push(['Digest Method', signature.digest_method])
-              table.push(['Signature Value', truncate(signature.signature_value)])
-              table.push(['Signature Method', signature.signature_method])
-              table.push(['Canonicalization Method', signature.canonicalization_method])
-              table.push(['', signature.certificate.x509.to_text])
-            end
-          end
-          table
+        def print_signature(signature, shell)
+          return if !signature.present? || !signature.certificate.present?
+          shell.say(signature.certificate.x509.to_text)
+        end
+
+        def print_xml(shell)
+          shell.say document.to_xml(pretty: true), :green
         end
       end
     end