File Coverage

blib/lib/Authen/NZRealMe.pm

Criterion	Covered	Total	%
statement	11	79	13.9
branch	1	42	2.3
condition	0	2	0.0
subroutine	3	15	20.0
pod	4	4	100.0
total	19	142	13.3

line	stmt	bran	cond	sub	pod	time	code
1							package Authen::NZRealMe;
2							{
3							$Authen::NZRealMe::VERSION = '1.15';
4							}
5
6	2			2		26524	use warnings;
	2					5
	2					79
7	2			2		13	use strict;
	2					3
	2					2795
8
9
10							=head1 NAME
11
12							Authen::NZRealMe - Integrate with RealMe login and identity services (formerly "igovt logon")
13
14							=head1 DESCRIPTION
15
16							Provides an API for integrating your application with the New Zealand RealMe
17							login service and the RealMe assertion service (for verified identity and
18							address details) using SAML 2.0 messaging.
19
20							Note: This distribution was renamed from Authen::NZigovt following the
21							rebranding of the service from "igovt" to "RealMe". When migrating systems to
22							use the new module, it will be necessary to rename some of the config files to
23							the new names listed under L below.
24
25							The distribution also includes a command-line tool called C which can
26							be used for:
27
28							=over 4
29
30							=item *
31
32							generating certificate/key pairs for signing and SSL encryption
33
34							=item *
35
36							creating/editing the Service Provider metadata file
37
38							=item *
39
40							creating a bundle (zip file) containing metadata and certs for upload to the
41							IdP
42
43							=item *
44
45							generating AuthnRequest URLs
46
47							=item *
48
49							decoding/dumping AuthnRequest URLs
50
51							=item *
52
53							resolving SAMLart artifact responses and validating the response
54
55							=back
56
57							Run C<< nzrealme --help >> for more information about using the command-line
58							tool.
59
60							=cut
61
62
63							my %class_map = (
64							service_provider => 'Authen::NZRealMe::ServiceProvider',
65							identity_provider => 'Authen::NZRealMe::IdentityProvider',
66							token_generator => 'Authen::NZRealMe::TokenGenerator',
67							xml_signer => 'Authen::NZRealMe::XMLSig',
68							sp_builder => 'Authen::NZRealMe::ServiceProvider::Builder',
69							sp_cert_factory => 'Authen::NZRealMe::ServiceProvider::CertFactory',
70							resolution_request => 'Authen::NZRealMe::ResolutionRequest',
71							icms_resolution_request => 'Authen::NZRealMe::ICMSResolutionRequest',
72							resolution_response => 'Authen::NZRealMe::ResolutionResponse',
73							authen_request => 'Authen::NZRealMe::AuthenRequest',
74							logon_strength => 'Authen::NZRealMe::LogonStrength',
75							);
76
77
78							sub service_provider {
79	0			0	1	0	my $class = shift;
80
81	0					0	return $class->class_for('service_provider')->new(@_);
82							}
83
84
85							sub _sp_from_opt {
86	0			0		0	my $class = shift;
87	0					0	my $opt = shift;
88
89	0		0			0	my $service_type = $opt->{type} \|\| "login";
90	0					0	my %sp_options = (
91							conf_dir => _conf_dir($opt),
92							type => $service_type,
93							);
94	0	0				0	$sp_options{disable_ssl_verify} = $opt->{disable_ssl_verify} if $opt->{disable_ssl_verify};
95	0					0	return $class->service_provider(%sp_options);
96							}
97
98
99							sub class_for {
100	2			2	1	1168	my($class, $key) = @_;
101	2	50				12	my $module = $class_map{$key} or die "No class defined for '$key'";
102	2					10	$module =~ s{::}{/}g;
103	2					1851	require $module . '.pm';
104	1					6	return $class_map{$key};
105							}
106
107
108							sub register_class {
109	0			0	1		my($class, $key, $package) = @_;
110	0						$class_map{$key} = $package;
111							}
112
113
114							sub run_command {
115	0			0	1		my $class = shift;
116	0						my $opt = shift;
117	0	0					my $command = shift or die "no command specified\n";
118
119	0						my $method = '_dispatch_' . $command;
120	0						$method =~ s{[^a-z0-9]+}{_}g;
121	0	0					die "unrecognised command: '$command'\n" unless $class->can($method);
122
123	0						$class->$method($opt, @_);
124							}
125
126
127							sub _dispatch_make_certs {
128	0			0			my($class, $opt) = @_;
129
130	0						my %args;
131	0	0					$args{env} = $opt->{env} if $opt->{env};
132	0	0					$args{org} = $opt->{org} if $opt->{org};
133	0	0					$args{org_unit} = $opt->{org_unit} if $opt->{org_unit};
134	0	0					$args{domain} = $opt->{domain} if $opt->{domain};
135	0						$class->class_for('service_provider')->generate_certs(
136							_conf_dir($opt), %args
137							);
138							}
139
140
141							sub _dispatch_make_meta {
142	0			0			my($class, $opt) = @_;
143
144	0						$class->class_for('service_provider')->build_meta(
145							conf_dir => _conf_dir($opt)
146							);
147							}
148
149
150							sub _dispatch_make_bundle {
151	0			0			my($class, $opt) = @_;
152
153	0						my $file = $class->class_for('service_provider')->make_bundle(
154							conf_dir => _conf_dir($opt),
155							);
156	0						print "Created metadata bundle for IDP at: $file\n";
157							}
158
159
160							sub _dispatch_make_req {
161	0			0			my($class, $opt) = @_;
162
163	0						my $sp = $class->_sp_from_opt($opt);
164	0						my @req_options;
165	0	0					if($sp->type eq 'login') {
166	0	0					my $allow_create = $opt->{allow_create} ? 1 : 0;
167	0						push @req_options, allow_create => $allow_create;
168							}
169	0						my $req = $sp->new_request( @req_options );
170
171	0	0					print "Request ID: ", $req->request_id, "\n" if -t 1;
172	0						print $req->as_url, "\n";
173							}
174
175
176							sub _dispatch_dump_req {
177	0			0			my $class = shift;
178	0						my $opt = shift;
179
180	0						$class->class_for('authen_request')->dump_request(@_);
181							}
182
183
184							sub _dispatch_resolve {
185	0			0			my $class = shift;
186	0						my $opt = shift;
187	0	0					my $artifact = shift or die "Must provide artifact or URL\n";
188	0	0					my $request_id = shift or die "Must provide ID from original request\n";
189
190	0						my $sp = $class->_sp_from_opt($opt);
191	0						my %args = (
192							artifact => $artifact,
193							request_id => $request_id,
194							);
195	0	0					$args{resolve_flt} = 1 if $opt->{resolve_flt};
196	0	0					$args{logon_strength} = shift if @_;
197	0	0					$args{strength_match} = shift if @_;
198	0	0					$args{_to_file_} = $opt->{to_file} if $opt->{to_file};
199	0	0					$args{_from_file_} = $opt->{from_file} if $opt->{from_file};
200	0						my $response = eval {
201	0						$sp->resolve_artifact(%args);
202							};
203	0	0					if($@) {
204	0						print "Failed to resolve artifact:\n$@";
205	0						exit 1;
206							}
207	0						print $response->as_string();
208							}
209
210
211							sub _dispatch_version {
212	0			0			print $Authen::NZRealMe::VERSION, "\n";
213							}
214
215
216							sub _conf_dir {
217	0			0			my($opt) = @_;
218
219	0	0					if($opt->{conf_dir}) {
220	0						$opt->{conf_dir} =~ s{/\z}{};
221	0	0					return $opt->{conf_dir} if -d $opt->{conf_dir};
222	0						die "Directory does not exist: $opt->{conf_dir}";
223							}
224	0						my $cmnd = (caller(1))[3];
225	0						$cmnd =~ s/^.*::_dispatch_//;
226	0						$cmnd =~ s/_/-/g;
227	0						die "$cmnd command needs --conf-dir option\n";
228							}
229
230							1;
231
232
233							__END__