SAML1.1: Use configuration class for metadata.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2283 44740490-163a-0410-bde0-09ae8108e29a

SAML1.1: Use configuration class for metadata.
06616651 · Olav Morken · 242138de · 06616651 · 06616651 · 06616651
Commit 06616651 authored 15 years ago by Olav Morken
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -21,17 +21,17 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 	 * Send an authenticationResponse using HTTP-POST.
 	 *
 	 * @param string $response  The response which should be sent.
-	 * @param array $idpmd  The metadata of the IdP which is sending the response.
+	 * @param SimpleSAML_Configuration $idpmd  The metadata of the IdP which is sending the response.
-	 * @param array $spmd  The metadata of the SP which is receiving the response.
+	 * @param SimpleSAML_Configuration $spmd  The metadata of the SP which is receiving the response.
 	 * @param string|NULL $relayState  The relaystate for the SP.
 	 * @param string $shire  The shire which should receive the response.
 	 */
-	public function sendResponse($response, $idpmd, $spmd, $relayState, $shire) {
+	public function sendResponse($response, SimpleSAML_Configuration $idpmd, SimpleSAML_Configuration $spmd, $relayState, $shire) {
 		SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
-		$privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd, TRUE);
+		$privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd->toArray(), TRUE);
-		$publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE);
+		$publickey = SimpleSAML_Utilities::loadPublicKey($idpmd->toArray(), TRUE);
 		$responsedom = new DOMDocument();
 		$responsedom->loadXML(str_replace ("\r", "", $response));
@@ -44,12 +44,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		 * SP metadata or 'saml20.signresponse' in the global configuration.
 		 */
 		$signResponse = FALSE;
-		if (array_key_exists('signresponse', $spmd) && $spmd['signresponse'] !== NULL) {
+		if ($spmd->hasValue('signresponse')) {
-			$signResponse = $spmd['signresponse'];
+			$signResponse = $spmd->getBoolean['signresponse'];
-			if(!is_bool($signResponse)) {
-				throw new Exception('Expected the \'signresponse\' option in the metadata of the' .
-					' SP \'' . $spmd['entityid'] . '\' to be a boolean value.');
-			}
 		} else {
 			$signResponse = $this->configuration->getBoolean('shib13.signresponse', TRUE);
 		}
@@ -65,8 +61,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 			'id' => ($signResponse ? 'ResponseID' : 'AssertionID') ,
 			));
-		if (array_key_exists('certificatechain', $idpmd)) {
+		if ($idpmd->hasValue('certificatechain')) {
-			$signer->addCertificate($idpmd['certificatechain']);
+			$signer->addCertificate($idpmd->getString('certificatechain'));
 		}
 		if ($signResponse) {

--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -284,31 +284,17 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
 	 * @param array|NULL $attributes  The attributes which should be included in the response.
 	 * @return string  The response.
 	 */
-	public function generate($idp, $sp, $shire, $attributes) {
+	public function generate(SimpleSAML_Configuration $idp, SimpleSAML_Configuration $sp, $shire, $attributes) {
-		assert('is_array($idp)');
-		assert('is_array($sp)');
 		assert('is_string($shire)');
 		assert('$attributes === NULL || is_array($attributes)');
-		if (array_key_exists('scopedattributes', $sp)) {
+		if ($sp->hasValue('scopedattributes')) {
-			$scopedAttributes = $sp['scopedattributes'];
+			$scopedAttributes = $sp->getArray('scopedattributes');
-			$scopedAttributesSource = 'the shib13-sp-remote sp \'' . $sp['entityid'] . '\'';
+		} elseif ($idp->hasValue('scopedattributes')) {
-		} elseif (array_key_exists('scopedattributes', $idp)) {
+			$scopedAttributes = $idp->getArray('scopedattributes');
-			$scopedAttributes = $idp['scopedattributes'];
-			$scopedAttributesSource = 'the shib13-idp-hosted idp \'' . $idp['entityid'] . '\'';
 		} else {
 			$scopedAttributes = array();
 		}
-		if (!is_array($scopedAttributes)) {
-			throw new Exception('The \'scopedattributes\' option in ' . $scopedAttributesSource .
-				' should be an array of attribute names.');
-		}
-		foreach ($scopedAttributes as $an) {
-			if (!is_string($an)) {
-				throw new Exception('Invalid attribute name in the \'scopedattributes\' option in ' .
-					$scopedAttributesSource . ': ' . var_export($an, TRUE));
-			}
-		}
 		$id = SimpleSAML_Utilities::generateID();
@@ -321,10 +307,12 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
 		$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);# 5 minutes
 		$assertionid = SimpleSAML_Utilities::generateID();
-		$audience = isset($sp['audience']) ? $sp['audience'] : $sp['entityid'];
+		$spEntityId = $sp->getString('entityid');
-		$base64 = isset($sp['base64attributes']) ? $sp['base64attributes'] : false;
+		$audience = $sp->getString('audience', $spEntityId);
+		$base64 = $sp->getBoolean('base64attributes', FALSE);
-		$namequalifier = isset($sp['NameQualifier']) ? $sp['NameQualifier'] : $sp['entityid'];
+		$namequalifier = $sp->getString('NameQualifier', $spEntityId);
 		$nameid = SimpleSAML_Utilities::generateID();
 		$subjectNode =
 			'<Subject>' .
@@ -369,7 +357,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
    </Status>
    <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
        AssertionID="' . $assertionid . '" IssueInstant="' . $issueInstant. '"
-        Issuer="' . htmlspecialchars($idp['entityid']) . '" MajorVersion="1" MinorVersion="1">
+        Issuer="' . htmlspecialchars($idp->getString('entityid')) . '" MajorVersion="1" MinorVersion="1">
        <Conditions NotBefore="' . $notBefore. '" NotOnOrAfter="'. $assertionExpire . '">
            <AudienceRestrictionCondition>
                <Audience>' . htmlspecialchars($audience) . '</Audience>

--- a/modules/saml/lib/IdP/SAML1.php
+++ b/modules/saml/lib/IdP/SAML1.php
@@ -21,6 +21,8 @@ class sspmod_saml_IdP_SAML1 {
 		$spMetadata = $state["SPMetadata"];
 		$spEntityId = $spMetadata['entityid'];
+		$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata,
+			'$metadata[' . var_export($spEntityId, TRUE) . ']');
 		SimpleSAML_Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));
@@ -30,7 +32,7 @@ class sspmod_saml_IdP_SAML1 {
 		$idp = SimpleSAML_IdP::getByState($state);
-		$idpMetadata = $idp->getConfig()->toArray();
+		$idpMetadata = $idp->getConfig();
 		$config = SimpleSAML_Configuration::getInstance();
 		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();