Merge pull request #1 from OS2web/os2web_key

os2web_key

Author: rimi-itk

.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+indent_style = space
+indent_size = 2

.github/workflows/pr.yml

@@ -0,0 +1,126 @@
+on: pull_request
+name: Review
+jobs:
+  changelog:
+    runs-on: ubuntu-latest
+    name: Changelog should be updated
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
+      - name: Git fetch
+        run: git fetch
+
+      - name: Check that changelog has been updated.
+        run: git diff --exit-code origin/${{ github.base_ref }} -- CHANGELOG.md && exit 1 || exit 0
+
+  test-composer-files:
+    name: Validate composer
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: [ '8.1' ]
+        dependency-version: [ prefer-lowest, prefer-stable ]
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: json
+          coverage: none
+          tools: composer:v2
+      # https://github.com/shivammathur/setup-php#cache-composer-dependencies
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+      - name: Validate composer files
+        run: |
+          composer validate --strict composer.json
+          # Check that dependencies resolve.
+          composer update --${{ matrix.dependency-version }} --prefer-dist --no-interaction
+      - name: Check that composer file is normalized
+        run: |
+          composer normalize --dry-run
+
+  php-coding-standards:
+    name: PHP coding standards
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: [ '8.1' ]
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: json
+          coverage: none
+          tools: composer:v2
+      # https://github.com/shivammathur/setup-php#cache-composer-dependencies
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+      - name: Install Dependencies
+        run: |
+          composer install --no-interaction --no-progress
+      - name: PHPCS
+        run: |
+          composer coding-standards-check/phpcs
+
+  php-code-analysis:
+    name: PHP code analysis
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: [ '8.1' ]
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup PHP, with composer and extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: json
+          coverage: none
+          tools: composer:v2
+      # https://github.com/shivammathur/setup-php#cache-composer-dependencies
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+      - name: Code analysis
+        run: |
+          ./scripts/code-analysis
+
+  coding-standards-markdown:
+    name: Markdown coding standards
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@master
+
+      - name: Coding standards
+        run: |
+          docker run --rm --volume $PWD:/md peterdavehello/markdownlint markdownlint --ignore vendor --ignore LICENSE.md '**/*.md'

.gitignore

@@ -0,0 +1,2 @@
+composer.lock
+vendor/

.markdownlint.jsonc

@@ -0,0 +1,13 @@
+{
+  "default": true,
+  // https://github.com/DavidAnson/markdownlint/blob/main/doc/md013.md
+  "line-length": {
+    "line_length": 120,
+    "code_blocks": false,
+    "tables": false
+  },
+  // https://github.com/DavidAnson/markdownlint/blob/main/doc/md024.md
+  "no-duplicate-heading": {
+    "siblings_only": true
+  }
+}

CHANGELOG.md

@@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+[Unreleased]: https://github.com/rimi-itk/os2web_key

README.md

@@ -1,3 +1,134 @@
 # OS2Web key
 
-Key stuff for OS2Web.
+Key types and providers for OS2Web built on the [Key module](https://www.drupal.org/project/key).
+
+## Installation
+
+``` shell
+composer require os2web/os2web_key
+drush pm:install os2web_key
+```
+
+## Key types
+
+### Certificate
+
+This key type handles [PKCS 12](https://en.wikipedia.org/wiki/PKCS_12) or [Privacy-Enhanced Mail
+(PEM)](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail) certificate with an optional password (passphrase).
+
+Use in a form:
+
+``` php
+$form['key'] => [
+ '#type' => 'key_select',
+ '#key_filters' => [
+   'type' => 'os2web_key_certificate',
+ ],
+];
+```
+
+The [`KeyHelper`](https://github.com/OS2web/os2web_key/blob/main/src/KeyHelper.php) can be used to get
+the actual certificates (parts):
+
+``` php
+<?php
+
+use Drupal\os2web_key\KeyHelper;
+use Drupal\key\KeyRepositoryInterface;
+
+// Use dependency injection for this.
+/** @var KeyRepositoryInterface $repository */
+$repository = \Drupal::service('key.repository');
+/** @var KeyHelper $helper */
+$helper = \Drupal::service(KeyHelper::class);
+
+// Use `drush key:list` to list your keys.
+$key = $repository->getKey('my_key');
+[
+  // Passwordless certificate.
+  CertificateKeyType::CERT => $certificate,
+  CertificateKeyType::PKEY => $privateKey,
+] = $helper->getCertificates($key);
+
+```
+
+**Note**: The parsed certificate has no password.
+
+### OpenID Connect (OIDC)
+
+Example use in a form:
+
+``` php
+$form['key'] => [
+ '#type' => 'key_select',
+ '#key_filters' => [
+   'type' => 'os2web_key_oidc,
+ ],
+];
+```
+
+Get the OIDC config:
+
+``` php
+<?php
+
+use Drupal\key\KeyRepositoryInterface;
+use Drupal\os2web_key\Plugin\KeyType\OidcKeyType;
+
+// Use dependency injection for this.
+/** @var KeyRepositoryInterface $repository */
+$repository = \Drupal::service('key.repository');
+
+$key = $repository->getKey('openid_connect_ad');
+[
+  OidcKeyType::DISCOVERY_URL => $discoveryUrl,
+  OidcKeyType::CLIENT_ID => $clientId,
+  OidcKeyType::CLIENT_SECRET => $clientSecret,
+] = $helper->getOidcValues($key);
+```
+
+See [the Key Developer Guide](https://www.drupal.org/docs/contributed-modules/key/developer-guide) for details and more
+examples.
+
+## Providers
+
+### `@todo` Azure Key Vault
+
+<https://azure.microsoft.com/en-us/products/key-vault>
+
+### `@todo` Infisical
+
+<https://infisical.com/>
+
+## Coding standards
+
+Our coding are checked by GitHub Actions (cf. [.github/workflows/pr.yml](.github/workflows/pr.yml)). Use the commands
+below to run the checks locally.
+
+### PHP
+
+```shell
+docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.1-fpm composer install
+# Fix (some) coding standards issues
+docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.1-fpm composer coding-standards-apply
+# Check that code adheres to the coding standards
+docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.1-fpm composer coding-standards-check
+```
+
+### Markdown
+
+```shell
+docker run --rm --volume $PWD:/md peterdavehello/markdownlint markdownlint --ignore vendor --ignore LICENSE.md '**/*.md' --fix
+docker run --rm --volume $PWD:/md peterdavehello/markdownlint markdownlint --ignore vendor --ignore LICENSE.md '**/*.md'
+```
+
+## Code analysis
+
+We use [PHPStan](https://phpstan.org/) for static code analysis.
+
+Running statis code analysis on a standalone Drupal module is a bit tricky, so we use a helper script to run the
+analysis:
+
+```shell
+docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.1-fpm ./scripts/code-analysis
+```

composer.json

@@ -0,0 +1,54 @@
+{
+    "name": "os2web/os2web_key",
+    "description": "OS2Web key",
+    "license": "EUPL-1.2",
+    "type": "drupal-module",
+    "authors": [
+        {
+            "name": "Mikkel Ricky",
+            "email": "[email protected]"
+        }
+    ],
+    "require": {
+        "php": "^8.1",
+        "ext-openssl": "*",
+        "drupal/core": "^9 || ^10",
+        "drupal/key": "^1.17"
+    },
+    "require-dev": {
+        "dealerdirect/phpcodesniffer-composer-installer": "^1.0",
+        "drupal/coder": "^8.3",
+        "ergebnis/composer-normalize": "^2.42",
+        "mglaman/phpstan-drupal": "^1.2",
+        "phpstan/extension-installer": "^1.3",
+        "phpstan/phpstan-deprecation-rules": "^1.1"
+    },
+    "repositories": [
+        {
+            "type": "composer",
+            "url": "https://packages.drupal.org/8"
+        }
+    ],
+    "config": {
+        "allow-plugins": {
+            "dealerdirect/phpcodesniffer-composer-installer": true,
+            "ergebnis/composer-normalize": true,
+            "phpstan/extension-installer": true
+        },
+        "sort-packages": true
+    },
+    "scripts": {
+        "coding-standards-apply": [
+            "@coding-standards-apply/phpcs"
+        ],
+        "coding-standards-apply/phpcs": [
+            "phpcbf --standard=phpcs.xml.dist"
+        ],
+        "coding-standards-check": [
+            "@coding-standards-check/phpcs"
+        ],
+        "coding-standards-check/phpcs": [
+            "phpcs --standard=phpcs.xml.dist"
+        ]
+    }
+}

os2web_key.info.yml

@@ -0,0 +1,5 @@
+name: 'OS2Web key'
+type: module
+description: 'Key stuff for OS2Web'
+package: 'OS2web'
+core_version_requirement: ^9 || ^10

os2web_key.services.yml

@@ -0,0 +1,8 @@
+services:
+  logger.channel.os2web_key:
+    parent: logger.channel_base
+    arguments: [ 'os2web_key' ]
+
+  Drupal\os2web_key\KeyHelper:
+    arguments:
+      - '@logger.channel.os2web_key'

phpcs.xml.dist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ruleset name="PHP_CodeSniffer">
+  <description>PHP Code Sniffer configuration</description>
+
+  <file>.</file>
+  <exclude-pattern>vendor/</exclude-pattern>
+
+  <!-- Show progress of the run -->
+  <arg value="p"/>
+  <arg value="s"/>
+
+  <arg name="extensions" value="php,module,inc,install,test,profile,theme,css,info,txt,yml"/>
+  <config name="drupal_core_version" value="10"/>
+
+  <rule ref="Drupal">
+    <!-- We want to be able to use "package" and "version" in our custom modules -->
+    <exclude name="Drupal.InfoFiles.AutoAddedKeys.Project"/>
+    <exclude name="Drupal.InfoFiles.AutoAddedKeys.Version"/>
+  </rule>
+
+  <rule ref="DrupalPractice"/>
+</ruleset>