shibkit-meta_meta 0.2.2

data/lib/shibkit/meta_meta/data/dev_sources.yml

@@ -0,0 +1,86 @@
+##
+## Federation Metdata Metadata: Development/test data
+##
+## * ______________________________________________________________________ *
+## * Important: Please Read This Disclaimer Right Now Before It Is Too Late *
+## * ______________________________________________________________________ *
+##
+## The information in this list is provided for convenience during development.
+## It is not, and *cannot*, be guaranteed to be accurate or up-to-date.
+## Do not rely on this information as-is for production services.
+##
+## Some processes should not always be automated.
+##
+## The correct way to validate metadata is to download the federation certificate
+## and verify it 'out of band', by telephone, signed email, or even by post. 
+## DNS and even federation sites can be compromised or intercepted; if you 
+## can't trust the certificate you can't trust the metadata.
+## 
+
+## This file contains metadata about federation metadata and simpler collections
+## of metadata. It can be used to quickly populate your software with data on
+## SAML SPs and IDPs, run tests, or whatever else takes your fancy.
+
+## Please feel free to fork this project on Github, add new federation info,
+## then send a pull request! 
+
+## UK Example Federation For Software Development  
+example:
+  name: UK Example Federation For Software Development
+  display_name: UK Example Federation
+  type: federation
+  countries: [gb]
+  metadata:    example_federation_metadata.xml
+  certificate: ~
+  fingerprint: ~
+  refeds_info: ~
+  homepage:    http://examplefederation.org.uk
+  languages: ['en-gb', en]
+  support_email: service@examplefederation.org.uk
+  description: >
+    An example federation with a few entities, mostly for software testing
+    purposes and idle amusement. Uttlerly rushed and bodged at present and not
+    actually valid, partially defeating the purpose of the exercise.
+  trustiness: 1
+  groups: 
+    - fictional
+  tags:   
+    - example 
+  
+
+## unCommon Federation
+uncommon:
+  name: unCommon Federation
+  display_name: unCommon
+  type: federation
+  countries: [us]
+  metadata:    uncommon_federation_metadata.xml
+  certificate: ~
+  fingerprint: ~
+  refeds_info: ~
+  homepage:    http://www.uncommonfederation.org
+  languages: [en]
+  support_email: admin@uncommonfederation.org
+  description: > 
+    Providing a set of example entities based on unusual and fictional
+    academic organisations.
+
+## Local collection
+local:
+  name: Other Organisations
+  display_name: Other Organisations
+  type: collection
+  countries: [us]
+  metadata:    local_metadata.xml
+  certificate: ~
+  fingerprint: ~
+  refeds_info: ~
+  homepage:    ~
+  languages: [en]
+  support_email: ~
+  description: > 
+    Other organisations that are not members of a federation.
+
+## Want more?  
+## Fork this project on Github, add new federation info and
+## then send a pull request!

data/lib/shibkit/meta_meta/data/real_sources.yml

@@ -0,0 +1,163 @@
+##
+## Federation Metdata Metadata: Real Federations
+##
+## * ______________________________________________________________________ *
+## * Important: Please Read This Disclaimer Right Now Before It Is Too Late *
+## * ______________________________________________________________________ *
+##
+## The information in this list is provided for convenience during development.
+## It is not, and *cannot*, be guaranteed to be accurate or up-to-date.
+## Do not rely on this information as-is for production services.
+##
+## Some processes should not always be automated.
+##
+## The correct way to validate metadata is to download the federation certificate
+## and verify it 'out of band', by telephone, signed email, or even by post. 
+## DNS and even federation sites can be compromised or intercepted; if you 
+## can't trust the certificate you can't trust the metadata.
+## 
+
+## This file contains metadata about federation metadata and simpler collections
+## of metadata. It can be used to quickly populate your software with data on
+## SAML SPs and IDPs, run tests, or whatever else takes your fancy.
+
+## Please feel free to fork this project on Github, add new federation info,
+## then send a pull request! 
+
+## UK Access Management Federation For Education And Research  
+'http://ukfederation.org.uk':
+  name: UK Access Management Federation For Education And Research
+  display_name: UK Access Management Federation
+  type: federation
+  countries: [:gb]
+  metadata:    http://metadata.ukfederation.org.uk/ukfederation-metadata.xml
+  certificate: http://metadata.ukfederation.org.uk/ukfederation.pem
+  fingerprint: ~
+  refeds_info: https://refeds.terena.org/index.php/FederationUkfed
+  homepage:    http://www.ukfederation.org.uk
+  languages: ['en-gb', :en]
+  support_email: service@ukfederation.org.uk
+  tags: 
+    - :refeds
+  groups: 
+    - :spec_set_1
+    - :spec_set_2
+  description: >
+    A single solution for accessing online resources and services for
+    education and research in the UK.
+
+## inCommon Federation
+'urn:mace:incommon':
+  name: inCommon Federation
+  display_name: inCommon
+  type: federation
+  countries: [:us]
+  metadata:    https://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
+  certificate: https://wayf.incommonfederation.org/bridge/certs/incommon.pem
+  fingerprint: ~
+  refeds_info: https://refeds.terena.org/index.php/FederationIncommon
+  homepage:    http://www.incommon.org
+  languages: ['en-us', 'en']
+  support_email: incommon-admin@incommonfederation.org
+  tags: 
+    - refeds
+    - :test_tag1
+  groups: 
+    - spec_set_2
+  description: > 
+    Providing a secure and privacy-preserving trust fabric for research and
+    higher education institutions, and their partners, in the United States.
+
+## Australian Access Federation
+'urn:mace:aaf.edu.au:AAFProduction':
+  name: Australian Access Federation
+  display_name: AAF
+  type: federation
+  countries: ['au']
+  metadata:    http://manager.aaf.edu.au/metadata/metadata.aaf.signed.complete.xml
+  certificate: https://manager.aaf.edu.au/metadata/metadata-cert.pem
+  fingerprint: ~
+  refeds_info: https://refeds.terena.org/index.php/FederationAAF
+  homepage:    http://www.aaf.edu.au/
+  languages: ['en']
+  support_email: enquiries@aaf.edu.au
+  tags: 
+    - refeds
+  groups: 
+    - spec_set_2
+  description: > 
+    The Australian Access Federation.
+
+## Canadian Access Federation
+'https://caf-fcga.ca/entity':
+  name: Canadian Access Federation
+  display_name: CAF
+  type: federation
+  countries: ['ca']
+  metadata:    https://caf-shibops.ca/CoreServices/cafshib_metadata_signed.xml
+  certificate: https://caf-shibops.ca/CoreServices/cafshib_metadata_verify.pem
+  fingerprint: ~
+  refeds_info: 
+  homepage: http://www.cuccio-cdpiuc.ca/en/index.php
+  languages: ['en']
+  support_email: ~
+  tags: 
+    - refeds
+  groups: 
+    - spec_set_2
+  description: >
+    Canadian Access Federation
+
+## Partial sources disabled with comment # until complete
+
+## Swiss Access Federation
+#'urn:mace:switch.ch:SWITCHaai':
+#  name: Swiss Access Federation
+#  display_name: SWITCHaai
+#  type: federation
+#  countries: ['ch']
+#  metadata: http://www.switch.ch/aai/support/metadata/
+#  certificate: ~
+#  fingerprint: ~
+#  refeds_info: ~
+#  homepage: ~
+#  languages: []
+#  support_email: aai@switch.ch
+#  description: >
+#    Swiss Access Federation
+
+##  FederationCARSI 
+#  name: 
+#  display_name: 
+#  type:
+#  countries: []
+#  metadata: ~
+#  certificate:
+#  fingerprint: ~
+#  refeds_info: ~
+#  homepage: ~
+#  languages: ~
+#  support_email: 
+#  description: >
+#     No information listed
+
+## FederationEdulDcz
+#  name:
+#  display_name:
+#  type: 
+#  countries: []
+#  metadata: ~
+#  certificate: ~
+#  fingerprint: ~
+#  refeds_info: ~
+#  homepage: ~
+#  languages: ~
+#  support_email: Linden.mikael@rediris.es
+#  description: >
+#    No information listed
+ 
+
+
+## Want more?  
+## Fork this project on Github, add new federation info and
+## then send a pull request!

data/lib/shibkit/meta_meta/entity.rb

@@ -0,0 +1,219 @@
+## @author    Pete Birkinshaw (<pete@digitalidentitylabs.com>)
+## Copyright: Copyright (c) 2011 Digital Identity Ltd.
+## License:   Apache License, Version 2.0
+
+## Licensed under the Apache License, Version 2.0 (the "License");
+## you may not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+## 
+##     http://www.apache.org/licenses/LICENSE-2.0
+## 
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+
+module Shibkit
+  class MetaMeta
+    
+    ## Class to represent the metadata of a Shibboleth IDP or SP 
+    class Entity < MetadataItem
+      
+      require 'shibkit/meta_meta/metadata_item'
+      require 'shibkit/meta_meta/contact'
+      require 'shibkit/meta_meta/idp'
+      require 'shibkit/meta_meta/sp'
+      require 'shibkit/meta_meta/organisation'
+      
+      ## Element and attribute used to select XML for new objects
+      ROOT_ELEMENT = 'EntityDescriptor'
+      TARGET_ATTR  = 'entityID'
+      REQUIRED_QUACKS = [:entity_uri]
+      
+      LINE_START = "<!--"
+      LINE_END   = "-->"
+      HR_CHAR    = "="
+      
+      ## The URI of the entity
+      attr_accessor :entity_uri
+      alias    :uri :entity_uri
+      
+      ## The URI of the entity's parent federation
+      attr_accessor :primary_federation_uri
+      
+      ## The URI of the entity's parent federation
+      attr_accessor :other_federation_uris
+      alias :secondary_federation_uris :other_federation_uris
+      
+      ## Has this entity object been selected to represent the service?
+      attr_accessor :primary
+      
+      ## The ID of the entity with the metadata file (not globally unique)
+      attr_accessor :metadata_id
+
+      ## Is the entity accountable?
+      attr_accessor :accountable
+      
+      ## Is the entity part of the UK Access Management Federation?
+      attr_accessor :ukfm
+      
+      ## Is the entity using Athens?
+      attr_accessor :athens
+
+      ## Show in normal WAYFs?
+      attr_accessor :hide
+  
+      attr_accessor :scopes
+      
+      ## Organisation object for the owner of the entity 
+      attr_accessor :organisation
+      
+      ## Contact object containing user support contact details
+      attr_accessor :support_contact
+      
+      ## Contact object containing technical contact details
+      attr_accessor :technical_contact
+      
+      ## Contact object containing technical contact details
+      attr_accessor :admin_contact
+      
+      ## Is the entity an IDP?
+      attr_accessor :idp
+      
+      ## Is the entity an SP?
+      attr_accessor :sp
+                    
+      alias :entity_id :entity_uri
+      alias :ukfm? :ukfm
+      alias :hide? :hide
+      alias :accountable? :accountable
+      alias :athens? :athens
+      alias :organization :organisation
+      
+      def to_s
+        
+        return uri
+        
+      end
+      
+      def idp? 
+        
+        return idp.kind_of?(::Shibkit::MetaMeta::IDP)
+        
+      end
+      
+      def sp?
+        
+        return sp.kind_of?(::Shibkit::MetaMeta::SP)
+        
+      end
+      
+      def urn?
+
+        return uri.strip.downcase[0..3] == 'urn:'
+        
+      end
+      
+      ##
+      def primary?
+        
+        return @primary ? true : false
+        
+      end
+      
+      def multi_federated?
+        
+        return other_federation_uris.size > 0 ? true : false
+        
+      end
+      
+      ## All federations that this entity is a member of
+      def federation_uris
+
+        ## All unique federations, making sure we include primary
+        all_fed_uris = [primary_federation_uri].concat other_federation_uris 
+        
+        return all_fed_uris.uniq
+      
+      end
+      
+      def tags=(tags)
+        
+        @tags ||= []
+        
+        if Shibkit::MetaMeta.config.auto_tag?
+          
+          @tags << :idp if idp?
+          @tags << :sp  if sp?
+          
+        end
+        
+        @tags = @tags.concat([tags].flatten).uniq
+       
+      end
+      
+      def tags
+        
+        return @tags.nil? ? [] : @tags.collect { |t| t.to_sym }
+        
+      end
+      
+      def xml_comment
+
+        out = "\n" + LINE_START + (HR_CHAR * 71) + LINE_END + "\n"
+        out << LINE_START + " " + uri + " "  + LINE_END  + "\n"
+        out << LINE_START + (HR_CHAR * 71) + LINE_END + "\n\n"
+        
+        return out
+        
+      end
+      
+      private
+      
+      def parse_xml
+        
+        self.entity_uri     = @noko['entityID'].to_s.strip
+        self.metadata_id    = @noko['ID'].to_s.strip
+         
+        @other_federation_uris        ||= Array.new
+              
+        ## Boolean flags for common/useful info 
+        self.accountable = @noko.xpath('xmlns:Extensions/ukfedlabel:AccountableUsers').size   > 0 ? true : false
+        self.ukfm        = @noko.xpath('xmlns:Extensions/ukfedlabel:UKFederationMember').size > 0 ? true : false
+        self.athens      = @noko.xpath('xmlns:Extensions/elab:AthensPUIDAuthority').size      > 0 ? true : false
+        self.hide        = @noko.xpath('xmlns:Extensions/wayf:HideFromWAYF').size             > 0 ? true : false
+        
+        @scopes = @noko.xpath('xmlns:Extensions/shibmd:Scope').collect do |sx|
+        
+         sx['regexp'] == 'true' ? Regexp.new(sx.text) : sx.text  
+          
+        end
+        
+        ## IDP and SP objects, if available. Based on the same XML as their parent/entity object
+        self.idp         = Shibkit::MetaMeta::IDP.new(@noko).filter
+        self.sp          =  Shibkit::MetaMeta::SP.new(@noko).filter
+        
+        ## Include Contact objects
+        self.support_contact   = Contact.new(@noko.xpath("xmlns:ContactPerson[@contactType='support'][1]")[0]).filter
+        self.technical_contact = Contact.new(@noko.xpath("xmlns:ContactPerson[@contactType='technical'][1]")[0]).filter
+        self.admin_contact     = Contact.new(@noko.xpath("xmlns:ContactPerson[@contactType='administrative'][1]")[0]).filter
+        
+        ## Include an organisation object
+        self.organisation     = Organisation.new(@noko.xpath("xmlns:Organization[1]")[0]).filter
+        self.idp.organisation = self.organisation if idp?
+        self.sp.organisation  = self.organisation if sp?
+        
+        self.tags ||= []
+       
+        log.debug " Derived entity #{self.uri} from XML"
+        
+      end
+      
+    end
+
+
+  end
+end
+