From 1694905be213d49d161ff42a571fa35dbc69b716 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 27 Jan 2009 13:57:52 +0000
Subject: [PATCH] Scope parsing in metadata for SAML 2.0 IdPs

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1206 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Metadata/SAMLParser.php | 16 ++++++++++++++--
 modules/metarefresh/lib/MetaLoader.php |  5 +++--
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index bb70d93c7..24a15d1ba 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -681,7 +681,10 @@ class SimpleSAML_Metadata_SAMLParser {
 		if (array_key_exists('expire', $idp)) {
 			$ret['expire'] = $idp['expire'];
 		}
-
+		
+		if (array_key_exists('scopes', $idp))
+			$ret['scopes'] = $idp['scopes'];
+		
 
 		/* Enable redirect.sign if WantAuthnRequestsSigned is enabled. */
 		if ($idp['wantAuthnRequestsSigned']) {
@@ -769,6 +772,7 @@ class SimpleSAML_Metadata_SAMLParser {
 		}
 
 		$sd['protocols'] = self::getSupportedProtocols($element);
+		
 
 		/* Find all SingleLogoutService elements. */
 		$sd['singleLogoutServices'] = array();
@@ -836,6 +840,13 @@ class SimpleSAML_Metadata_SAMLParser {
 		assert('is_null($expireTime) || is_int($expireTime)');
 
 		$idp = self::parseSSODescriptor($element, $expireTime);
+		
+		$extensions = SimpleSAML_Utilities::getDOMChildren($element, 'Extensions', '@md');
+		if (!empty($extensions)) 
+			$this->processExtensions($extensions[0]);
+
+		if (!empty($this->scopes)) $idp['scopes'] = $this->scopes;
+		
 
 		/* Find all SingleSignOnService elements. */
 		$idp['singleSignOnServices'] = array();
@@ -861,7 +872,8 @@ class SimpleSAML_Metadata_SAMLParser {
 	 */
 	private function processExtensions($element) {
 		assert('$element instanceof DOMElement');
-
+		
+		
 		for($i = 0; $i < $element->childNodes->length; $i++) {
 			$child = $element->childNodes->item($i);
 
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index 272d10900..6a189ff5b 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -33,15 +33,16 @@ class sspmod_metarefresh_MetaLoader {
 	public function loadSource($source) {
 
 		$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile($source['src']);
-	
+		$ca = NULL;
 		foreach($entities as $entity) {
-			if($source['validateFingerprint'] !== NULL) {
+			if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) {
 				if(!$entity->validateFingerprint($source['validateFingerprint'])) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n");
 					continue;
 				}
 			}
 	
+			// TODO: $ca is always null
 			if($ca !== NULL) {
 				if(!$entity->validateCA($ca)) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify certificate.' . "\n");
-- 
GitLab