spid 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a115dcdaeda82006ef3ffa4203bf6d4635d0a15e8b435f39429516f7cc931e7
-  data.tar.gz: bcb065ec6ea653a8745680ef8805bb756deef2410d56aa91ce9b24a51673b851
+  metadata.gz: 2f0ea1fc4ad96eb6348fdeec0d727966d6ed6c10673805c00753c14e07c8a32e
+  data.tar.gz: 272888b9072bfd42f7cc714d26c27f0548210d62ddf452797d6b25c8ebc81108
 SHA512:
-  metadata.gz: c731db6ddea64286e5543a07aee532eedaad1d0df79ca9b7b03555ba5e34864a17fa6ed9f81dc35ed21e7526acf41b6847e2476164edd147468008935f136772
-  data.tar.gz: 813bd1abdc555ce0d54c9376d06d7b3e31e0908296ec343691e4ef8f7a08c4fa8d04fc0fdec8d7f1d6ecd4b6b8918c7ac6c890291ace8adec4348b099d6090ad
+  metadata.gz: 7d0c70aa33cd6c31bee3f306394c6f3c22d1b939bd60d694c701d561e02977305ed931bee5aa815ebc9d00ab1b54ed290f4fb901337b232ebdb79948d95aaa83
+  data.tar.gz: b732ec284055e6f602601285cbb51f9db450f8b294217b57f491dcf0e5f8d5cc9037a3fcd5fc3ce80aa98856286db76ab71ecfb4328593b6ce003b5b007f184d

data/.rubocop.yml

@@ -14,8 +14,16 @@ Metrics/BlockLength:
 Metrics/LineLength:
   Exclude:
     - spid.gemspec
+RSpec/DescribeClass:
+  Exclude:
+    - spec/integration/**/*.rb
+RSpec/FilePath:
+  Exclude:
+    - spec/integration/**/*.rb
 RSpec/NestedGroups:
   Enabled: false
+RSpec/SubjectStub:
+  Enabled: false
 Style/EmptyMethod:
   EnforcedStyle: expanded
 Style/StringLiterals:

data/CHANGELOG.md

@@ -2,6 +2,15 @@
 
 ## [Unreleased]
 
+## [0.8.0]
+### Added
+- Spid configuration singleton class
+
+### Changed
+- Slo prefixed classes moved to Slo:: Namespace
+- Sso prefixed classes moved to Sso:: Namespace
+- Request and Response classes generate themselves setting objects
+
 ## [0.7.0] - 2018-07-18
 ### Added
 - SloResponse class in order to validate saml response
@@ -56,7 +65,8 @@
 - Coveralls Integration
 - Rubygems version badge in README
 
-[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.7.0...HEAD
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.8.0...HEAD
+[0.8.0]: https://github.com/italia/spid-ruby/compare/v0.7.0...v0.8.0
 [0.7.0]: https://github.com/italia/spid-ruby/compare/v0.6.0...v0.7.0
 [0.6.0]: https://github.com/italia/spid-ruby/compare/v0.5.0...v0.6.0
 [0.5.0]: https://github.com/italia/spid-ruby/compare/v0.4.0...v0.5.0

data/README.md

@@ -6,7 +6,7 @@ Ruby library for SPID authentication
 | Project                | Spid Ruby |
 | ---------------------- | ------------ |
 | Gem name               | spid |
-| License                | [MIT](https://github.com/italia/spid-ruby/blob/master/LICENSE) |
+| License                | [BSD 3](https://github.com/italia/spid-ruby/blob/master/LICENSE) |
 | Version                | [![Gem Version](https://badge.fury.io/rb/spid.svg)](http://badge.fury.io/rb/spid) |
 | Continuous integration | [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg?branch=master)](https://travis-ci.org/italia/spid-ruby) |
 | Test coverate          | [![Coverage Status](https://coveralls.io/repos/github/italia/spid-ruby/badge.svg?branch=master)](https://coveralls.io/github/italia/spid-ruby?branch=master) |

data/lib/spid.rb

@@ -2,18 +2,14 @@
 
 require "spid/authn_request"
 require "spid/logout_request"
-require "spid/sso_request"
-require "spid/sso_response"
-require "spid/slo_request"
-require "spid/slo_response"
-require "spid/identity_providers"
+require "spid/sso"
+require "spid/slo"
 require "spid/metadata"
-require "spid/idp_metadata"
 require "spid/version"
-require "spid/identity_provider_configuration"
-require "spid/service_provider_configuration"
-require "spid/sso_settings"
-require "spid/slo_settings"
+require "spid/configuration"
+require "spid/identity_provider"
+require "spid/service_provider"
+require "spid/identity_provider_manager"
 
 module Spid # :nodoc:
   class UnknownAuthnComparisonMethodError < StandardError; end
@@ -22,13 +18,13 @@ module Spid # :nodoc:
   class UnknownSignatureMethodError < StandardError; end
 
   EXACT_COMPARISON = :exact
-  MININUM_COMPARISON = :minumum
+  MINIMUM_COMPARISON = :minumum
   BETTER_COMPARISON = :better
   MAXIMUM_COMPARISON = :maximum
 
   COMPARISON_METHODS = [
     EXACT_COMPARISON,
-    MININUM_COMPARISON,
+    MINIMUM_COMPARISON,
     BETTER_COMPARISON,
     MAXIMUM_COMPARISON
   ].freeze
@@ -62,4 +58,20 @@ module Spid # :nodoc:
     L2,
     L3
   ].freeze
+
+  class << self
+    attr_writer :configuration
+  end
+
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.reset_configuration!
+    @configuration = Configuration.new
+  end
+
+  def self.configure
+    yield configuration
+  end
 end

data/lib/spid/configuration.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Spid
+  class Configuration # :nodoc:
+    attr_accessor :idp_metadata_dir_path
+    attr_accessor :hostname
+    attr_accessor :metadata_path
+    attr_accessor :start_sso_path
+    attr_accessor :start_slo_path
+    attr_accessor :acs_path
+    attr_accessor :slo_path
+    attr_accessor :digest_method
+    attr_accessor :signature_method
+    attr_accessor :private_key
+    attr_accessor :certificate
+    attr_accessor :attribute_service_name
+
+    # rubocop:disable Metrics/MethodLength
+    def initialize
+      @idp_metadata_dir_path  = "idp_metadata"
+      @metadata_path          = "/spid/metadata"
+      @start_sso_path         = "/spid/login"
+      @start_slo_path         = "/spid/logout"
+      @acs_path               = "/spid/sso"
+      @slo_path               = "/spid/slo"
+      @digest_method          = Spid::SHA256
+      @signature_method       = Spid::RSA_SHA256
+      @attribute_service_name = attribute_service_name
+      @hostname               = nil
+      @private_key            = nil
+      @certificate            = nil
+    end
+    # rubocop:enable Metrics/MethodLength
+
+    # rubocop:disable Metrics/MethodLength
+    def service_provider
+      @service_provider ||=
+        begin
+          Spid::ServiceProvider.new(
+            host: hostname,
+            acs_path: acs_path,
+            slo_path: slo_path,
+            metadata_path: metadata_path,
+            private_key: private_key,
+            certificate: certificate,
+            digest_method: digest_method,
+            signature_method: signature_method,
+            attribute_service_name: attribute_service_name
+          )
+        end
+    end
+    # rubocop:enable Metrics/MethodLength
+  end
+end

data/lib/spid/identity_provider.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require "onelogin/ruby-saml/idp_metadata_parser"
+
+module Spid
+  class IdentityProvider # :nodoc:
+    attr_reader :name,
+                :entity_id,
+                :sso_target_url,
+                :slo_target_url,
+                :cert_fingerprint
+
+    def initialize(
+          name:,
+          entity_id:,
+          sso_target_url:,
+          slo_target_url:,
+          cert_fingerprint:
+        )
+      @name = name
+      @entity_id = entity_id
+      @sso_target_url = sso_target_url
+      @slo_target_url = slo_target_url
+      @cert_fingerprint = cert_fingerprint
+    end
+
+    def sso_attributes
+      @sso_attributes ||=
+        begin
+          {
+            idp_sso_target_url: sso_target_url,
+            idp_cert_fingerprint: cert_fingerprint
+          }
+        end
+    end
+
+    def slo_attributes
+      @slo_attributes ||=
+        begin
+          {
+            idp_slo_target_url: slo_target_url,
+            idp_name_qualifier: entity_id,
+            idp_cert_fingerprint: cert_fingerprint
+          }
+        end
+    end
+
+    def self.parse_from_xml(name:, metadata:)
+      idp_metadata_parser = ::OneLogin::RubySaml::IdpMetadataParser.new
+      idp_settings = idp_metadata_parser.parse_to_hash(metadata)
+      new(
+        name: name,
+        entity_id: idp_settings[:idp_entity_id],
+        sso_target_url: idp_settings[:idp_sso_target_url],
+        slo_target_url: idp_settings[:idp_slo_target_url],
+        cert_fingerprint: idp_settings[:idp_cert_fingerprint]
+      )
+    end
+  end
+end

data/lib/spid/identity_provider_manager.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Spid
+  class IdentityProviderManager # :nodoc:
+    include Singleton
+
+    def identity_providers
+      @identity_providers ||=
+        begin
+          Dir.chdir(Spid.configuration.idp_metadata_dir_path) do
+            Dir.glob("*.xml").map do |metadata_filepath|
+              generate_identity_provider_from_file(
+                File.expand_path(metadata_filepath)
+              )
+            end
+          end
+        end
+    end
+
+    def self.find_by_name(idp_name)
+      instance.identity_providers.find do |idp|
+        idp.name == idp_name
+      end
+    end
+
+    def self.find_by_entity(entity_id)
+      instance.identity_providers.find do |idp|
+        idp.entity_id == entity_id
+      end
+    end
+
+    private
+
+    def generate_identity_provider_from_file(metadata_filepath)
+      idp_name = File.basename(metadata_filepath, "-metadata.xml")
+      metadata = File.read(metadata_filepath)
+      IdentityProvider.parse_from_xml(
+        metadata: metadata,
+        name: idp_name
+      )
+    end
+  end
+end

data/lib/spid/metadata.rb

@@ -5,19 +5,13 @@ require "onelogin/ruby-saml/settings"
 
 module Spid
   class Metadata # :nodoc:
-    attr_reader :metadata_attributes,
-                :service_provider_configuration,
-                :attribute_service_name
+    attr_reader :metadata_attributes
 
     # rubocop:disable Metrics/MethodLength
     def initialize(
-          service_provider_configuration:,
-          attribute_service_name:,
           digest_method: Spid::SHA256,
           signature_method: Spid::RSA_SHA256
         )
-      @service_provider_configuration = service_provider_configuration
-      @attribute_service_name = attribute_service_name
       @metadata_attributes = {
         issuer: issuer,
         private_key: private_key_content,
@@ -45,23 +39,31 @@ module Spid
     end
 
     def issuer
-      service_provider_configuration.host
+      service_provider.host
     end
 
     def private_key_content
-      service_provider_configuration.private_key
+      service_provider.private_key
     end
 
     def certificate_content
-      service_provider_configuration.certificate
+      service_provider.certificate
     end
 
     def assertion_consumer_service_url
-      service_provider_configuration.sso_url
+      service_provider.acs_url
     end
 
     def single_logout_service_url
-      service_provider_configuration.slo_url
+      service_provider.slo_url
+    end
+
+    def attribute_service_name
+      service_provider.attribute_service_name
+    end
+
+    def service_provider
+      @service_provider ||= Spid.configuration.service_provider
     end
 
     private

data/lib/spid/service_provider.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require "uri"
+
+module Spid
+  class ServiceProvider # :nodoc:
+    attr_reader :host,
+                :acs_path,
+                :slo_path,
+                :metadata_path,
+                :private_key,
+                :certificate,
+                :digest_method,
+                :signature_method,
+                :attribute_service_name
+
+    # rubocop:disable Metrics/ParameterLists
+    def initialize(
+          host:,
+          acs_path:,
+          slo_path:,
+          metadata_path:,
+          private_key:,
+          certificate:,
+          digest_method:,
+          signature_method:,
+          attribute_service_name:
+        )
+      @host = host
+      @acs_path               = acs_path
+      @slo_path               = slo_path
+      @metadata_path          = metadata_path
+      @private_key            = private_key
+      @certificate            = certificate
+      @digest_method          = digest_method
+      @signature_method       = signature_method
+      @attribute_service_name = attribute_service_name
+      validate_attributes
+    end
+    # rubocop:enable Metrics/ParameterLists
+
+    def acs_url
+      @acs_url ||= URI.join(host, acs_path).to_s
+    end
+
+    def slo_url
+      @slo_url ||= URI.join(host, slo_path).to_s
+    end
+
+    def metadata_url
+      @metadata_url ||= URI.join(host, metadata_path).to_s
+    end
+
+    # rubocop:disable Metrics/MethodLength
+    def sso_attributes
+      @sso_attributes ||=
+        begin
+          {
+            assertion_consumer_service_url: acs_url,
+            issuer: host,
+            private_key: private_key,
+            certificate: certificate,
+            security: {
+              authn_requests_signed: true,
+              embed_sign: true,
+              digest_method: digest_method,
+              signature_method: signature_method
+            }
+          }
+        end
+    end
+    # rubocop:enable Metrics/MethodLength
+
+    # rubocop:disable Metrics/MethodLength
+    def slo_attributes
+      @slo_attributes ||=
+        begin
+          {
+            issuer: host,
+            private_key: private_key,
+            certificate: certificate,
+            security: {
+              logout_requests_signed: true,
+              embed_sign: true,
+              digest_method: digest_method,
+              signature_method: signature_method
+            }
+          }
+        end
+    end
+    # rubocop:enable Metrics/MethodLength
+
+    private
+
+    def validate_attributes
+      if !DIGEST_METHODS.include?(digest_method)
+        raise UnknownDigestMethodError,
+              "Provided digest method is not valid:" \
+              " use one of #{DIGEST_METHODS.join(', ')}"
+      elsif !SIGNATURE_METHODS.include?(signature_method)
+        raise UnknownSignatureMethodError,
+              "Provided digest method is not valid:" \
+              " use one of #{SIGNATURE_METHODS.join(', ')}"
+      end
+    end
+  end
+end