File Coverage

blib/lib/Authen/NZRealMe.pm

Criterion	Covered	Total	%
statement	11	77	14.2
branch	1	36	2.7
condition	0	2	0.0
subroutine	3	15	20.0
pod	4	4	100.0
total	19	134	14.1

line	stmt	bran	cond	sub	pod	time	code
1							package Authen::NZRealMe;
2							{
3							$Authen::NZRealMe::VERSION = '1.16';
4							}
5
6	2			2		94471	use warnings;
	2					2
	2					61
7	2			2		6	use strict;
	2					4
	2					1622
8
9
10							=head1 NAME
11
12							Authen::NZRealMe - Integrate with RealMe login and identity services (formerly "igovt logon")
13
14							=head1 DESCRIPTION
15
16							Provides an API for integrating your application with the New Zealand RealMe
17							login service and the RealMe assertion service (for verified identity and
18							address details) using SAML 2.0 messaging.
19
20							Note: This distribution was renamed from Authen::NZigovt following the
21							rebranding of the service from "igovt" to "RealMe". When migrating systems to
22							use the new module, it will be necessary to rename some of the config files to
23							the new names listed under L below.
24
25							The distribution also includes a command-line tool called C which can
26							be used for:
27
28							=over 4
29
30							=item *
31
32							generating certificate/key pairs for signing and SSL encryption
33
34							=item *
35
36							creating/editing the Service Provider metadata file
37
38							=item *
39
40							creating a bundle (zip file) containing metadata and certs for upload to the
41							IdP
42
43							=item *
44
45							generating AuthnRequest URLs
46
47							=item *
48
49							decoding/dumping AuthnRequest URLs
50
51							=item *
52
53							resolving SAMLart artifact responses and validating the response
54
55							=back
56
57							Run C<< nzrealme --help >> for more information about using the command-line
58							tool.
59
60							=cut
61
62
63							my %class_map = (
64							service_provider => 'Authen::NZRealMe::ServiceProvider',
65							identity_provider => 'Authen::NZRealMe::IdentityProvider',
66							token_generator => 'Authen::NZRealMe::TokenGenerator',
67							xml_signer => 'Authen::NZRealMe::XMLSig',
68							sp_builder => 'Authen::NZRealMe::ServiceProvider::Builder',
69							sp_cert_factory => 'Authen::NZRealMe::ServiceProvider::CertFactory',
70							resolution_request => 'Authen::NZRealMe::ResolutionRequest',
71							icms_resolution_request => 'Authen::NZRealMe::ICMSResolutionRequest',
72							resolution_response => 'Authen::NZRealMe::ResolutionResponse',
73							authen_request => 'Authen::NZRealMe::AuthenRequest',
74							logon_strength => 'Authen::NZRealMe::LogonStrength',
75							);
76
77
78							sub service_provider {
79	0			0	1	0	my $class = shift;
80
81	0					0	return $class->class_for('service_provider')->new(@_);
82							}
83
84
85							sub _sp_from_opt {
86	0			0		0	my $class = shift;
87	0					0	my $opt = shift;
88
89	0		0			0	my $service_type = $opt->{type} \|\| "login";
90	0					0	my %sp_options = (
91							conf_dir => _conf_dir($opt),
92							type => $service_type,
93							);
94	0	0				0	$sp_options{disable_ssl_verify} = $opt->{disable_ssl_verify} if $opt->{disable_ssl_verify};
95	0					0	return $class->service_provider(%sp_options);
96							}
97
98
99							sub class_for {
100	2			2	1	70481	my($class, $key) = @_;
101	2	50				9	my $module = $class_map{$key} or die "No class defined for '$key'";
102	2					8	$module =~ s{::}{/}g;
103	2					899	require $module . '.pm';
104	1					3	return $class_map{$key};
105							}
106
107
108							sub register_class {
109	0			0	1		my($class, $key, $package) = @_;
110	0						$class_map{$key} = $package;
111							}
112
113
114							sub run_command {
115	0			0	1		my $class = shift;
116	0						my $opt = shift;
117	0	0					my $command = shift or die "no command specified\n";
118
119	0						my $method = '_dispatch_' . $command;
120	0						$method =~ s{[^a-z0-9]+}{_}g;
121	0	0					die "unrecognised command: '$command'\n" unless $class->can($method);
122
123	0						$class->$method($opt, @_);
124							}
125
126
127							sub _dispatch_make_certs {
128	0			0			my($class, $opt) = @_;
129
130	0						my %args;
131	0						foreach my $key (qw(env org org_unit domain subject_suffix self_signed)) {
132	0	0					$args{$key} = $opt->{$key} if defined $opt->{$key};
133							}
134	0						$class->class_for('service_provider')->generate_certs(
135							_conf_dir($opt), %args
136							);
137							}
138
139
140							sub _dispatch_make_meta {
141	0			0			my($class, $opt) = @_;
142
143	0						$class->class_for('service_provider')->build_meta(
144							conf_dir => _conf_dir($opt)
145							);
146							}
147
148
149							sub _dispatch_make_bundle {
150	0			0			my($class, $opt) = @_;
151
152	0						my $file = $class->class_for('service_provider')->make_bundle(
153							conf_dir => _conf_dir($opt),
154							);
155	0						print "Created metadata bundle for IDP at: $file\n";
156							}
157
158
159							sub _dispatch_make_req {
160	0			0			my($class, $opt) = @_;
161
162	0						my $sp = $class->_sp_from_opt($opt);
163	0						my @req_options;
164	0	0					if($sp->type eq 'login') {
165	0	0					my $allow_create = $opt->{allow_create} ? 1 : 0;
166	0						push @req_options, allow_create => $allow_create;
167							}
168	0						my $req = $sp->new_request( @req_options );
169
170	0	0					print "Request ID: ", $req->request_id, "\n" if -t 1;
171	0						print $req->as_url, "\n";
172							}
173
174
175							sub _dispatch_dump_req {
176	0			0			my $class = shift;
177	0						my $opt = shift;
178
179	0						$class->class_for('authen_request')->dump_request(@_);
180							}
181
182
183							sub _dispatch_resolve {
184	0			0			my $class = shift;
185	0						my $opt = shift;
186	0	0					my $artifact = shift or die "Must provide artifact or URL\n";
187	0	0					my $request_id = shift or die "Must provide ID from original request\n";
188
189	0						my $sp = $class->_sp_from_opt($opt);
190	0						my %args = (
191							artifact => $artifact,
192							request_id => $request_id,
193							);
194	0	0					$args{resolve_flt} = 1 if $opt->{resolve_flt};
195	0	0					$args{logon_strength} = shift if @_;
196	0	0					$args{strength_match} = shift if @_;
197	0	0					$args{_to_file_} = $opt->{to_file} if $opt->{to_file};
198	0	0					$args{_from_file_} = $opt->{from_file} if $opt->{from_file};
199	0						my $response = eval {
200	0						$sp->resolve_artifact(%args);
201							};
202	0	0					if($@) {
203	0						print "Failed to resolve artifact:\n$@";
204	0						exit 1;
205							}
206	0						print $response->as_string();
207							}
208
209
210							sub _dispatch_version {
211	0			0			print $Authen::NZRealMe::VERSION, "\n";
212							}
213
214
215							sub _conf_dir {
216	0			0			my($opt) = @_;
217
218	0	0					if($opt->{conf_dir}) {
219	0						$opt->{conf_dir} =~ s{/\z}{};
220	0	0					return $opt->{conf_dir} if -d $opt->{conf_dir};
221	0						die "Directory does not exist: $opt->{conf_dir}";
222							}
223	0						my $cmnd = (caller(1))[3];
224	0						$cmnd =~ s/^.*::_dispatch_//;
225	0						$cmnd =~ s/_/-/g;
226	0						die "$cmnd command needs --conf-dir option\n";
227							}
228
229							1;
230
231
232							__END__