#global git 9cccb0683f3187b18933f8a3c7bab0a6a0069ad7

Name:           php-saml-sp
Version:        0.5.7
Release:        1%{?dist}
Summary:        Secure SAML Service Provider

License:        MIT
URL:            https://git.tuxed.net/fkooman/php-saml-sp/about/
%if %{defined git}
Source0:        https://git.tuxed.net/fkooman/php-saml-sp/snapshot/php-saml-sp-%{git}.tar.xz
%else
Source0:        https://src.tuxed.net/php-saml-sp/php-saml-sp-%{version}.tar.xz
Source1:        https://src.tuxed.net/php-saml-sp/php-saml-sp-%{version}.tar.xz.minisig
Source2:        minisign-8466FFE127BCDC82.pub
%endif
Source3:        %{name}-httpd.conf
Source4:        %{name}-systemd.service
Source5:        %{name}-systemd.timer
Source6:        %{name}-README.md

Patch0:         %{name}-autoload.patch

BuildArch:      noarch

%if 0%{?fedora} >= 30
BuildRequires:  systemd-rpm-macros
%else
BuildRequires:  systemd
%endif
BuildRequires:  minisign
BuildRequires:  php-fedora-autoloader-devel
BuildRequires:  %{_bindir}/phpab
#    "require-dev": {
#        "phpunit/phpunit": "^4|^5|^6|^7",
#    },
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
BuildRequires:  phpunit7
%global phpunit %{_bindir}/phpunit7
%else
BuildRequires:  phpunit
%global phpunit %{_bindir}/phpunit
%endif
#    "require": {
#        "ext-curl": "*",
#        "ext-date": "*",
#        "ext-dom": "*",
#        "ext-filter": "*",
#        "ext-hash": "*",
#        "ext-libxml": "*",
#        "ext-openssl": "*",
#        "ext-pcre": "*",
#        "ext-spl": "*",
#        "ext-zlib": "*",
#        "fkooman/secookie": "^5",
#        "paragonie/random_compat": ">=1",
#        "paragonie/constant_time_encoding": "^1|^2",
#        "php": ">=5.4.8",
#        "symfony/polyfill-php56": "^1"
#    },
BuildRequires:  php(language) >= 5.4.8
BuildRequires:  php-curl
BuildRequires:  php-date
BuildRequires:  php-dom
BuildRequires:  php-filter
BuildRequires:  php-hash
BuildRequires:  php-libxml
BuildRequires:  php-openssl
BuildRequires:  php-pcre
BuildRequires:  php-spl
BuildRequires:  php-zlib
BuildRequires:  php-composer(fkooman/secookie) >= 5
BuildRequires:  php-composer(fkooman/secookie) < 6
BuildRequires:  php-composer(paragonie/constant_time_encoding)
%if 0%{?fedora} < 28 && 0%{?rhel} < 8
BuildRequires:  php-composer(paragonie/random_compat)
BuildRequires:  php-composer(symfony/polyfill-php56)
%endif

#    "require": {
#        "ext-curl": "*",
#        "ext-date": "*",
#        "ext-dom": "*",
#        "ext-filter": "*",
#        "ext-hash": "*",
#        "ext-libxml": "*",
#        "ext-openssl": "*",
#        "ext-pcre": "*",
#        "ext-spl": "*",
#        "ext-zlib": "*",
#        "fkooman/secookie": "^5",
#        "paragonie/random_compat": ">=1",
#        "paragonie/constant_time_encoding": "^1|^2",
#        "php": ">=5.4.8",
#        "symfony/polyfill-php56": "^1"
#    },
Requires:       php(language) >= 5.4.8
Requires:       php-curl
Requires:       php-date
Requires:       php-dom
Requires:       php-filter
Requires:       php-hash
Requires:       php-libxml
Requires:       php-openssl
Requires:       php-pcre
Requires:       php-spl
Requires:       php-zlib
Requires:       php-composer(fkooman/secookie) >= 5
Requires:       php-composer(fkooman/secookie) < 6
Requires:       php-composer(paragonie/constant_time_encoding)

%if 0%{?fedora} < 28 && 0%{?rhel} < 8
Requires:       php-composer(paragonie/random_compat)
Requires:       php-composer(symfony/polyfill-php56)
%endif

%if 0%{?fedora} >= 24
Requires:       httpd-filesystem
%else
# EL7 does not have httpd-filesystem
Requires:       httpd
%endif

Provides:       php-composer(fkooman/saml-sp) = %{version}
Obsoletes:      php-fkooman-saml-sp <= %{version}

Requires(post):   /usr/sbin/semanage
Requires(post):   /usr/bin/openssl
Requires(postun): /usr/sbin/semanage

%description
Secure SAML Service Provider with a focus on saml2int compatibility and 
easy integration in PHP applications.

%prep
%if %{defined git}
%setup -qn php-saml-sp-%{git}
%else
/usr/bin/minisign -V -m %{SOURCE0} -x %{SOURCE1} -p %{SOURCE2}
%setup -qn php-saml-sp-%{version}
%endif
%patch0 -p1

%build
%{_bindir}/phpab -t fedora -o src/autoload.php src
cat <<'AUTOLOAD' | tee -a src/autoload.php
require_once '%{_datadir}/php/fkooman/SeCookie/autoload.php';
require_once '%{_datadir}/php/ParagonIE/ConstantTime/autoload.php';
AUTOLOAD
%if 0%{?fedora} < 28 && 0%{?rhel} < 8
cat <<'AUTOLOAD' | tee -a src/autoload.php
require_once '%{_datadir}/php/random_compat/autoload.php';
require_once '%{_datadir}/php/Symfony/Polyfill/autoload.php';
AUTOLOAD
%endif

%install
mkdir -p %{buildroot}%{_datadir}/php/fkooman/SAML/SP
cp -pr src/* %{buildroot}%{_datadir}/php/fkooman/SAML/SP

mkdir -p %{buildroot}%{_datadir}/%{name}
cp -pr views locale web %{buildroot}%{_datadir}/%{name}

for i in update-metadata validate-metadata
do
    install -m 0755 -D -p bin/${i}.php %{buildroot}%{_bindir}/%{name}-${i}
    sed -i '1s/^/#!\/usr\/bin\/php\n/' %{buildroot}%{_bindir}/%{name}-${i}
done

mkdir -p %{buildroot}%{_sysconfdir}/%{name}
cp -pr config/config.php.example %{buildroot}%{_sysconfdir}/%{name}/config.php
ln -s ../../../etc/%{name} %{buildroot}%{_datadir}/%{name}/config

ln -s ../../../etc/pki/%{name} %{buildroot}%{_datadir}/%{name}/keys

mkdir -p %{buildroot}%{_sysconfdir}/pki/%{name}/private

mkdir -p %{buildroot}%{_localstatedir}/lib/%{name}
ln -s ../../../var/lib/%{name} %{buildroot}%{_datadir}/%{name}/data

# httpd
install -m 0644 -D -p %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/conf.d/%{name}.conf

# timer	
install -Dm 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service
install -Dm 0644 %{SOURCE5} %{buildroot}%{_unitdir}/%{name}.timer

mv %{SOURCE6} README.rpm.md

%check
%{_bindir}/phpab -o tests/autoload.php tests
cat <<'AUTOLOAD' | tee -a tests/autoload.php
require_once 'src/autoload.php';
AUTOLOAD

%{phpunit} tests --verbose --bootstrap=tests/autoload.php

%post
%systemd_post %{name}.timer
for TYPE in encryption signing
do
    if [ ! -f "%{_sysconfdir}/pki/%{name}/private/${TYPE}.key" ]
    then
        # generate the key
        /usr/bin/openssl \
            req \
            -nodes \
            -subj "/CN=SAML SP (${TYPE})" \
            -set_serial 1 \
            -x509 \
            -sha256 \
            -newkey rsa:3072 \
            -keyout "%{_sysconfdir}/pki/%{name}/private/${TYPE}.key" \
            -out "%{_sysconfdir}/pki/%{name}/${TYPE}.crt" \
            -days 1825 \
            2>/dev/null
        # fix the permissions
        chmod 0640 %{_sysconfdir}/pki/%{name}/private/${TYPE}.key %{_sysconfdir}/pki/%{name}/${TYPE}.crt
        chgrp apache %{_sysconfdir}/pki/%{name}/private/${TYPE}.key %{_sysconfdir}/pki/%{name}/${TYPE}.crt
    fi
done

# SELinux
semanage fcontext -a -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}(/.*)?' 2>/dev/null || :
restorecon -R %{_localstatedir}/lib/%{name} || :

%preun
%systemd_preun %{name}.timer

%postun
%systemd_postun %{name}.timer
# SELinux
if [ $1 -eq 0 ] ; then
    semanage fcontext -d -t httpd_sys_rw_content_t '%{_localstatedir}/lib/%{name}(/.*)?' 2>/dev/null || :
fi

%files
%config(noreplace) %attr(0750, root, apache) %{_sysconfdir}/pki/%{name}
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
%dir %attr(0750,root,apache) %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/config.php
%{_datadir}/%{name}
%dir %{_datadir}/php/fkooman
%dir %{_datadir}/php/fkooman/SAML
%dir %attr(0700,apache,apache) %{_localstatedir}/lib/%{name}
%{_datadir}/php/fkooman/SAML/SP
%{_bindir}/*
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}.timer
%license LICENSE
%doc composer.json CHANGES.md README.md README.rpm.md METADATA.md

%changelog
* Mon Aug 31 2020 François Kooman <fkooman@tuxed.net> - 0.5.7-1
- update to 0.5.7

* Wed Aug 26 2020 François Kooman <fkooman@tuxed.net> - 0.5.6-1
- update to 0.5.6

* Wed Aug 19 2020 François Kooman <fkooman@tuxed.net> - 0.5.5-1
- update to 0.5.5

* Wed Aug 12 2020 François Kooman <fkooman@tuxed.net> - 0.5.4-1
- update to 0.5.4

* Sun Aug 09 2020 François Kooman <fkooman@tuxed.net> - 0.5.3-1
- update to 0.5.3
- release files moved to src.tuxed.net

* Tue Jul 28 2020 François Kooman <fkooman@tuxed.net> - 0.5.2-1
- update to 0.5.2

* Wed Jul 22 2020 François Kooman <fkooman@tuxed.net> - 0.5.1-1
- update to 0.5.1

* Fri Jul 17 2020 François Kooman <fkooman@tuxed.net> - 0.5.0-1
- update to 0.5.0

* Mon Jul 06 2020 François Kooman <fkooman@tuxed.net> - 0.4.2-1
- update to 0.4.2

* Mon Jun 29 2020 François Kooman <fkooman@tuxed.net> - 0.4.1-1
- update to 0.4.1

* Tue May 26 2020 François Kooman <fkooman@tuxed.net> - 0.4.0-2
- Obsoletes php-fkooman-saml-sp

* Mon May 25 2020 François Kooman <fkooman@tuxed.net> - 0.4.0-1
- update to 0.4.0

* Sat May 23 2020 François Kooman <fkooman@tuxed.net> - 0.3.3-1
- update to 0.3.3

* Sat May 23 2020 François Kooman <fkooman@tuxed.net> - 0.3.2-1
- update to 0.3.2

* Sun Feb 23 2020 François Kooman <fkooman@tuxed.net> - 0.3.1-1
- update to 0.3.1

* Mon Feb 17 2020 François Kooman <fkooman@tuxed.net> - 0.3.0-2
- explicity set serial number to 1 for generated certificates

* Wed Feb 12 2020 François Kooman <fkooman@tuxed.net> - 0.3.0-1
- update to 0.3.0

* Tue Aug 06 2019 François Kooman <fkooman@tuxed.net> - 0.2.2-1
- update to 0.2.2

* Mon Aug 05 2019 François Kooman <fkooman@tuxed.net> - 0.2.1-1
- update to 0.2.1
- switch to minisign signature verification for release builds

* Wed Jul 31 2019 François Kooman <fkooman@tuxed.net> - 0.2.0-1
- update to 0.2.0

* Tue Apr 23 2019 François Kooman <fkooman@tuxed.net> - 0.1.1-1
- update to 0.1.1

* Fri Mar 15 2019 François Kooman <fkooman@tuxed.net> - 0.1.0-1
- initial package