module Saml
  module Kit
    # The default metadata registry is used to fetch the metadata associated with an issuer or entity id.
    # The metadata associated with an issuer is used to verify trust for any SAML documents that are received.
    #
    # You can replace the default registry with your own at startup.
    #
    # Example:
    #
    #   class OnDemandRegistry
    #    def initialize(original)
    #      @original = original
    #    end
    #
    #    def metadata_for(entity_id)
    #      found = @original.metadata_for(entity_id)
    #      return found if found
    #
    #      @original.register_url(entity_id, verify_ssl: Rails.env.production?)
    #      @original.metadata_for(entity_id)
    #    end
    #   end
    #
    #   Saml::Kit.configure do |configuration|
    #     configuration.issuer = ENV['ISSUER']
    #     configuration.registry = OnDemandRegistry.new(configuration.registry)
    #     configuration.logger = Rails.logger
    #   end
    #
    # {include:file:spec/saml/default_registry_spec.rb}
    class DefaultRegistry
      include Enumerable

      def initialize(items = {})
        @items = items
      end

      # Register a metadata document
      #
      # @param metadata [Saml::Kit::Metadata] the metadata to register.
      def register(metadata)
        Saml::Kit.logger.debug(metadata.to_xml(pretty: true))
        @items[metadata.entity_id] = metadata
      end

      # Register metadata via a remote URL.
      # This will attempt to connect to the remove URL to download the metadata and register it in the registry.
      #
      # @param url [String] the url to download the metadata from.
      # @param verify_ssl [Boolean] enable/disable SSL peer verification.
      def register_url(url, verify_ssl: true)
        content = HttpApi.new(url, verify_ssl: verify_ssl).get
        register(Saml::Kit::Metadata.from(content))
      end

      # Returns the metadata document associated with an issuer or entityID.
      #
      # @param entity_id [String] the unique entityID/Issuer associated with metadata.
      def metadata_for(entity_id)
        @items[entity_id]
      end

      # Yields each registered [Saml::Kit::Metadata] to the block.
      def each
        @items.each do |key, value|
          yield value
        end
      end

      class HttpApi # :nodoc:
        def initialize(url, verify_ssl: true)
          @uri = URI.parse(url)
          @verify_ssl = verify_ssl
        end

        def get
          execute(Net::HTTP::Get.new(uri.request_uri)).body
        end

        def execute(request)
          http.request(request)
        end

        private

        attr_reader :uri, :verify_ssl

        def http
          http = Net::HTTP.new(uri.host, uri.port)
          http.read_timeout = 30
          http.use_ssl = uri.is_a?(URI::HTTPS)
          http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless verify_ssl
          http
        end
      end
    end
  end
end