Class: OmniauthOpenidFederation::Federation::MetadataPolicyMerger

Inherits:

Object

• Object
• OmniauthOpenidFederation::Federation::MetadataPolicyMerger

Defined in:

lib/omniauth_openid_federation/federation/metadata_policy_merger.rb

Overview

Metadata Policy Merger for OpenID Federation 1.0

Merges metadata policies from Subordinate Statements in a Trust Chain and applies them to entity metadata.

Instance Method Summary

• #apply_policies(entity_metadata) ⇒ Hash

  Apply merged policies to entity metadata.

• #initialize(trust_chain:) ⇒ MetadataPolicyMerger constructor

  Initialize merger.

• #merge_and_apply(entity_metadata) ⇒ Hash

  Merge and apply policies in one step.

• #merge_policies ⇒ Hash

  Merge all metadata policies from the trust chain.

Constructor Details

#initialize(trust_chain:) ⇒ MetadataPolicyMerger

Initialize merger

Parameters:

• trust_chain (Array<EntityStatement, Hash>) —

  Array of entity statements in trust chain (from Leaf to Trust Anchor)

# File 'lib/omniauth_openid_federation/federation/metadata_policy_merger.rb', line 25

def initialize(trust_chain:)
  @trust_chain = trust_chain
  @merged_policies = nil
end

Instance Method Details

#apply_policies(entity_metadata) ⇒ Hash

Apply merged policies to entity metadata

Parameters:

• entity_metadata (Hash) —

  Original entity metadata

Returns:

• (Hash) —

  Effective metadata after applying policies

Raises:

• (ValidationError) —

  If metadata does not comply with policies

# File 'lib/omniauth_openid_federation/federation/metadata_policy_merger.rb', line 63

def apply_policies(entity_metadata)
  merged = merge_policies
  effective_metadata = deep_dup(entity_metadata)

  # Apply policies for each entity type
  merged.each do |entity_type, type_policies|
    entity_type_metadata = effective_metadata[entity_type.to_sym] || effective_metadata[entity_type.to_s] || {}

    # Apply policies for each metadata parameter
    type_policies.each do |param_name, param_policy|
      apply_parameter_policy(entity_type_metadata, param_name, param_policy)
    end

    # Store back to effective metadata
    effective_metadata[entity_type.to_sym] = entity_type_metadata
  end

  # Validate final metadata against policies
  validate_metadata_compliance(effective_metadata, merged)

  effective_metadata
end

#merge_and_apply(entity_metadata) ⇒ Hash

Merge and apply policies in one step

Parameters:

• entity_metadata (Hash) —

  Original entity metadata

Returns:

• (Hash) —

  Effective metadata after applying policies

Raises:

• (ValidationError) —

  If merging or application fails

# File 'lib/omniauth_openid_federation/federation/metadata_policy_merger.rb', line 91

def merge_and_apply(entity_metadata)
  apply_policies(entity_metadata)
end

#merge_policies ⇒ Hash

Merge all metadata policies from the trust chain

Returns:

• (Hash) —

  Merged metadata policies by entity type and parameter

Raises:

• (ValidationError) —

  If policy merging fails due to conflicts

# File 'lib/omniauth_openid_federation/federation/metadata_policy_merger.rb', line 34

def merge_policies
  return @merged_policies if @merged_policies

  @merged_policies = {}

  # Extract policies from Subordinate Statements (skip Entity Configurations)
  subordinate_statements = @trust_chain.select do |statement|
    parsed = statement.is_a?(Hash) ? statement : statement.parse
    parsed[:is_subordinate_statement] || parsed["is_subordinate_statement"]
  end

  # Merge policies from Trust Anchor down to immediate issuer
  # (reverse order: Trust Anchor first, then intermediates, then immediate issuer)
  subordinate_statements.reverse_each do |statement|
    parsed = statement.is_a?(Hash) ? statement : statement.parse
    metadata_policy = parsed[:metadata_policy] || parsed["metadata_policy"]
    next unless metadata_policy

    merge_single_policy(metadata_policy)
  end

  @merged_policies
end