saml_camel 1.0.0 → 1.0.1

data/lib/tasks/saml_camel_tasks.rake

@@ -1,18 +1,19 @@
-namespace :saml_camel do
-  desc "Generate Files for Saml"
-  task :generate_saml  do
+# frozen_string_literal: true
+
+namespace :saml_camel do # rubocop:disable Metrics/BlockLength
+  desc 'Generate Files for Saml'
+  task :generate_saml  do # rubocop:disable Metrics/BlockLength
     dir = "#{Rails.root}/config/saml/"
-    FileUtils.mkdir(dir) unless Dir.exists?(dir)
+    FileUtils.mkdir(dir) unless Dir.exist?(dir)
 
     specified_env = ENV['environment']
-    default_envs = ["production","test","development"]
+    default_envs = %w[production test development]
     key = generate_key
     cert = generate_cert(key)
     settings = generate_saml_settings.to_json
 
-
-    #TODO pull in specified idp certificate
-  idp_cert = """MIIEWjCCA0KgAwIBAgIJAP1rB/FjRgy6MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
+    # TODO: pull in specified idp certificate
+    idp_cert = "MIIEWjCCA0KgAwIBAgIJAP1rB/FjRgy6MA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
 BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEPMA0GA1UEBxMGRHVyaGFt
 MRgwFgYDVQQKEw9EdWtlIFVuaXZlcnNpdHkxDDAKBgNVBAsTA09JVDEaMBgGA1UE
 AxMRc2hpYi5vaXQuZHVrZS5lZHUwHhcNMTAwOTA5MTI0NDU1WhcNMjgwOTA0MTI0
@@ -35,103 +36,104 @@ Ifvsa0jf4FRsEOwH/x8354/0wyv4RwuavX25kjpmoFn3O+eKokyzsc7/Q2gsm0mv
 V8XQo+5b+4we8AFYlAVp26nLeIqAiJM8xZJ9yHuzVL1O4yxIWIKECWHLqY5+1nas
 XNiLURrHhsK5pZUPLuhzJFgZuJT62TtnrjJXlrRhJ389VSkh6R64C6ncjNkg6/Cu
 tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
-9TEfyQ5QpfRYAUFWXBc=
-  """
+9TEfyQ5QpfRYAUFWXBc="
 
-    unless specified_env
+    if specified_env
+      dir = "#{Rails.root}/config/saml/#{specified_env}"
+      FileUtils.mkdir(dir) unless Dir.exist?(dir)
+      File.open("#{Rails.root}/config/saml/#{specified_env}/saml_certificate.crt", 'w+') { |f| f.write(cert) } # rubocop:disable Metrics/LineLength
+      File.open("#{Rails.root}/config/saml/#{specified_env}/saml_key.key", 'w+') { |f| f.write(key) } # rubocop:disable Metrics/LineLength
+      File.open("#{Rails.root}/config/saml/#{specified_env}/idp_certificate.crt", 'w+') { |f| f.write(idp_cert) } # rubocop:disable Metrics/LineLength
+      File.open("#{Rails.root}/config/saml/#{specified_env}/settings.json", 'w+') { |f| f.write(settings) } # rubocop:disable Metrics/LineLength
+      File.open('.gitignore', 'a') { |f| f.write("config/saml/#{specified_env}/saml_key.key") }
+    else
       default_envs.each do |e|
         dir = "#{Rails.root}/config/saml/#{e}"
-        FileUtils.mkdir(dir) unless Dir.exists?(dir)
-        File.open("#{Rails.root}/config/saml/#{e}/saml_certificate.crt","w+") {|f| f.write(cert) }
-        File.open("#{Rails.root}/config/saml/#{e}/saml_key.key","w+") {|f| f.write(key) }
-        File.open("#{Rails.root}/config/saml/#{e}/idp_certificate.crt","w+") {|f| f.write(idp_cert) }
-        File.open("#{Rails.root}/config/saml/#{e}/settings.json","w+") {|f| f.write(settings) }
-        File.open('.gitignore', 'a') { |f| f.write("config/saml/#{e}/saml_key.key\n") }
+        FileUtils.mkdir(dir) unless Dir.exist?(dir)
+        File.open("#{Rails.root}/config/saml/#{e}/saml_certificate.crt", 'w+') { |f| f.write(cert) } # rubocop:disable Metrics/LineLength
+        File.open("#{Rails.root}/config/saml/#{e}/saml_key.key", 'w+') { |f| f.write(key) } # rubocop:disable Metrics/LineLength
+        File.open("#{Rails.root}/config/saml/#{e}/idp_certificate.crt", 'w+') { |f| f.write(idp_cert) } # rubocop:disable Metrics/LineLength
+        File.open("#{Rails.root}/config/saml/#{e}/settings.json", 'w+') { |f| f.write(settings) } # rubocop:disable Metrics/LineLength
+        File.open('.gitignore', 'a') { |f| f.write("config/saml/#{e}/saml_key.key\n") } # rubocop:disable Metrics/LineLength
       end
-    else
-      dir = "#{Rails.root}/config/saml/#{specified_env}"
-      FileUtils.mkdir(dir) unless Dir.exists?(dir)
-      File.open("#{Rails.root}/config/saml/#{specified_env}/saml_certificate.crt","w+") {|f| f.write(cert) }
-      File.open("#{Rails.root}/config/saml/#{specified_env}/saml_key.key","w+") {|f| f.write(key) }
-      File.open("#{Rails.root}/config/saml/#{specified_env}/idp_certificate.crt","w+") {|f| f.write(idp_cert) }
-      File.open("#{Rails.root}/config/saml/#{specified_env}/settings.json","w+") {|f| f.write(settings) }
-      File.open('.gitignore', 'a') { |f| f.write("config/saml/#{specified_env}/saml_key.key") }
     end
   end
 
-
-  def generate_saml_settings
+  def generate_saml_settings # rubocop:disable Metrics/MethodLength
     {
-      _comment: "note you will need to restart the application when you make changes to this file",
+      _comment: 'note you will need to restart the application when you make changes to this file',
       settings: {
-        acs: "http://localhost:3000/saml/consumeSaml" ,
-        entity_id: "https://your-entity-id.com",
-        sso_url: "https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO",
-        logout_url: "https://shib.oit.duke.edu/cgi-bin/logout.pl",
-        primary_id: "eduPersonPrincipalName",
+        acs: 'http://localhost:3000/saml/consumeSaml',
+        raw_response_acs: 'http://localhost:3000/saml/consumeSaml/rawResponse',
+        entity_id: 'https://your-entity-id.com',
+        sso_url: 'https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO',
+        logout_url: 'https://shib.oit.duke.edu/cgi-bin/logout.pl',
+        primary_id: 'eduPersonPrincipalName',
         sp_session_timeout: 1,
         sp_session_lifetime: 8,
-        saml_logging: true
+        test_auth_path: true,
+        saml_logging: true,
+        debug: false
       },
-      "attribute_map": {
-        "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation",
-        "urn:oid:1.3.6.1.4.1.5923.1.1.1.6": "eduPersonPrincipalName",
-        "urn:oid:2.5.4.3": "cn",
-        "urn:oid:0.9.2342.19200300.100.1.1": "uid",
-        "urn:oid:0.9.2342.19200300.100.1.3": "mail",
-        "urn:oid:1.3.6.1.4.1.5923.1.1.1.5": "eduPersonPrimaryAffiliation",
-        "urn:oid:2.16.840.1.113730.3.1.241": "displayName",
-        "urn:mace:duke.edu:idms:unique-id": "duDukeID",
-        "urn:mace:duke.edu:idms:dku-id": "dku-id",
-        "urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "isMemberOf",
-        "urn:oid:2.5.4.42": "givenName",
-        "urn:oid:2.5.4.4": "sn",
-        "urn:oid:2.5.4.11": "ou",
-        "urn:oid:1.3.6.1.4.1.5923.1.1.1.1": "eduPersonAffiliation",
-        "urn:oid:2.5.4.20": "telephoneNumber",
-        "urn:oid:2.5.4.12": "title",
-        "urn:mace:duke.edu:idms:middle-name1": "duMiddleName1",
-        "urn:mace:duke.edu:idms:proxy-token": "duProxyToken"
+      'attribute_map': {
+        'urn:oid:1.3.6.1.4.1.5923.1.1.1.9': 'eduPersonScopedAffiliation',
+        'urn:oid:1.3.6.1.4.1.5923.1.1.1.6': 'eduPersonPrincipalName',
+        'urn:oid:2.5.4.3': 'cn',
+        'urn:oid:0.9.2342.19200300.100.1.1': 'uid',
+        'urn:oid:0.9.2342.19200300.100.1.3': 'mail',
+        'urn:oid:1.3.6.1.4.1.5923.1.1.1.5': 'eduPersonPrimaryAffiliation',
+        'urn:oid:2.16.840.1.113730.3.1.241': 'displayName',
+        'urn:mace:duke.edu:idms:unique-id': 'duDukeID',
+        'urn:mace:duke.edu:idms:dku-id': 'dku-id',
+        'urn:oid:1.3.6.1.4.1.5923.1.5.1.1': 'isMemberOf',
+        'urn:oid:2.5.4.42': 'givenName',
+        'urn:oid:2.5.4.4': 'sn',
+        'urn:oid:2.5.4.11': 'ou',
+        'urn:oid:1.3.6.1.4.1.5923.1.1.1.1': 'eduPersonAffiliation',
+        'urn:oid:2.5.4.20': 'telephoneNumber',
+        'urn:oid:2.5.4.12': 'title',
+        'urn:mace:duke.edu:idms:middle-name1': 'duMiddleName1',
+        'urn:mace:duke.edu:idms:proxy-token': 'duProxyToken'
       }
     }
   end
 
-
   def generate_key
     OpenSSL::PKey::RSA.new(2048)
   end
 
-  def generate_cert(key)
-    puts "\n\nPlease provide the following details to generate your saml key and certificate:"
-    STDOUT.puts "Country Name (2 letter code) [AU]:"
+  def generate_cert(key) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
+    puts '\n\nPlease provide the following details to generate your saml key and certificate:'
+    STDOUT.puts 'Country Name (2 letter code) [AU]:'
     country = STDIN.gets.strip
 
-    STDOUT.puts "State or Province Name (full name) [Some-State]:"
+    STDOUT.puts 'State or Province Name (full name) [Some-State]:'
     state = STDIN.gets.strip
 
-    STDOUT.puts "Locality Name (eg, city):"
+    STDOUT.puts 'Locality Name (eg, city):'
     city = STDIN.gets.strip
 
-    STDOUT.puts "Organization Name (eg, company):"
+    STDOUT.puts 'Organization Name (eg, company):'
     org = STDIN.gets.strip
 
-    STDOUT.puts "Organizational Unit Name (eg, section):"
+    STDOUT.puts 'Organizational Unit Name (eg, section):'
     unit = STDIN.gets.strip
 
-    STDOUT.puts "Common Name (non url name, remember this is not a server cert):"
+    STDOUT.puts 'Common Name (non url name, remember this is not a server cert):'
     cn = STDIN.gets.strip
 
-    STDOUT.puts "Email Address:"
+    STDOUT.puts 'Email Address:'
     email = STDIN.gets.strip
 
-
     public_key = key.public_key
 
-    #generate subject line of cert
-    subject = "/C=#{country}/ST=#{state}/L=#{city}/O=#{org}/OU=#{unit}/CN=#{cn}/emailAddress=#{email}"
+    # generate subject line of cert
+    subject = "/C=#{country}/ST=#{state}/L=#{city}/O=#{org}/OU=#{unit}/CN=#{cn}/emailAddress=#{email}" # rubocop:disable Metrics/LineLength
 
     cert = OpenSSL::X509::Certificate.new
-    cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject) #TODO this line breaks when https:// is added for CN
+
+    # TODO: this line breaks when https:// is added for CN
+    cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
     cert.not_before = Time.now
     cert.not_after = Time.now + 365 * 24 * 60 * 60
     cert.public_key = public_key
@@ -142,15 +144,13 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
     ef.subject_certificate = cert
     ef.issuer_certificate = cert
     cert.extensions = [
-      ef.create_extension("basicConstraints","CA:TRUE", true),
-      ef.create_extension("subjectKeyIdentifier", "hash"),
+      ef.create_extension('basicConstraints', 'CA:TRUE', true),
+      ef.create_extension('subjectKeyIdentifier', 'hash'),
       # ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
     ]
-    cert.add_extension ef.create_extension("authorityKeyIdentifier",
-                                           "keyid:always,issuer:always")
+    cert.add_extension ef.create_extension('authorityKeyIdentifier',
+                                           'keyid:always,issuer:always')
 
     cert.sign key, OpenSSL::Digest::SHA256.new
   end
-
-
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml_camel
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - 'Danai Adkisson '
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-16 00:00:00.000000000 Z
+date: 2018-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -39,21 +39,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.7.2
 - !ruby/object:Gem::Dependency
-  name: ruby-saml
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.7.2
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.7.2
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -66,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.2
 description: SAML tool wrapping onelogin/rubysaml
 email:
 - da129@duke.edu
@@ -86,6 +100,18 @@ files:
 - app/views/saml_camel/saml/attr_check.html.erb
 - app/views/saml_camel/saml/failure.html.erb
 - config/routes.rb
+- config/saml/development/idp_certificate.crt
+- config/saml/development/saml_certificate.crt
+- config/saml/development/saml_key.key
+- config/saml/development/settings.json
+- config/saml/production/idp_certificate.crt
+- config/saml/production/saml_certificate.crt
+- config/saml/production/saml_key.key
+- config/saml/production/settings.json
+- config/saml/test/idp_certificate.crt
+- config/saml/test/saml_certificate.crt
+- config/saml/test/saml_key.key
+- config/saml/test/settings.json
 - lib/saml_camel.rb
 - lib/saml_camel/engine.rb
 - lib/saml_camel/transaction.rb
@@ -114,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: SAML tool wrapping onelogin/rubysaml