From 2751566b1705c7def23a188a338b043dbe534cca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Crespo?= <jaime.perez@uninett.no> Date: Thu, 30 Jan 2014 14:10:54 +0000 Subject: [PATCH] Add support to publish RegistrationInfo (MDRPI) in the aggregator2 module. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3345 44740490-163a-0410-bde0-09ae8108e29a --- modules/aggregator2/docs/aggregator2.txt | 18 ++++++++++++ modules/aggregator2/lib/Aggregator.php | 35 +++++++++++++++++++++++- modules/aggregator2/www/get.php | 8 +++++- 3 files changed, 59 insertions(+), 2 deletions(-) diff --git a/modules/aggregator2/docs/aggregator2.txt b/modules/aggregator2/docs/aggregator2.txt index 43483323d..564f43942 100644 --- a/modules/aggregator2/docs/aggregator2.txt +++ b/modules/aggregator2/docs/aggregator2.txt @@ -66,6 +66,24 @@ The aggregator can be configured with the following options: This certificate is included in the generated metadata. The path to the certificate can be absolute, or it can be relative to the `cert`-directory. +`RegistrationInfo` +: Allows to specify information about the registrar of this aggregate. Please refer to the + 'SAML V2.0 Metadata Extensions for Registration and Publication Information' document + for further information on this topic. This option accepts an array with the following + options: + +: - `authority`: The unique identifier of the authority that registered the entity. + It is recommended that this be a URL that resolves to a human readable page describing + the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED. + +: - `instant`: The instant the entity was registered with the authority. Time values + must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter + is OPTIONAL. + +: - `policies`: The policy under which the entity was registered. An indexed array with + URLs pointing to the localized versions of the policy. Each index will be used as the + language identifier. This parameter is OPTIONAL. + ### Aggregator source configuration diff --git a/modules/aggregator2/lib/Aggregator.php b/modules/aggregator2/lib/Aggregator.php index caf283a72..5d0ae2f2e 100644 --- a/modules/aggregator2/lib/Aggregator.php +++ b/modules/aggregator2/lib/Aggregator.php @@ -119,6 +119,14 @@ class sspmod_aggregator2_Aggregator { protected $cacheTag; + /** + * The registration information for our generated metadata. + * + * @var array + */ + protected $regInfo; + + /** * Initialize this aggregator. * @@ -172,6 +180,8 @@ class sspmod_aggregator2_Aggregator { $this->sslCAFile = $config->getString('ssl.cafile', NULL); + $this->regInfo = $config->getArray('RegistrationInfo', NULL); + $this->initSources($config->getConfigList('sources')); } @@ -379,6 +389,29 @@ class sspmod_aggregator2_Aggregator { protected function getEntitiesDescriptor() { $ret = new SAML2_XML_md_EntitiesDescriptor(); + + $now = time(); + + // add RegistrationInfo extension if enabled + if ($this->regInfo !== NULL) { + $ri = new SAML2_XML_mdrpi_RegistrationInfo(); + $ri->registrationInstant = $now; + foreach ($this->regInfo as $riName => $riValues) { + switch ($riName) { + case 'authority': + $ri->registrationAuthority = $riValues; + break; + case 'instant': + $ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues); + break; + case 'policies': + $ri->RegistrationPolicy = $riValues; + break; + } + } + $ret->Extensions[] = $ri; + } + foreach ($this->sources as $source) { $m = $source->getMetadata(); if ($m === NULL) { @@ -387,7 +420,7 @@ class sspmod_aggregator2_Aggregator { $ret->children[] = $m; } - $ret->validUntil = time() + $this->validLength; + $ret->validUntil = $now + $this->validLength; return $ret; } diff --git a/modules/aggregator2/www/get.php b/modules/aggregator2/www/get.php index bb47f8d69..016eef295 100644 --- a/modules/aggregator2/www/get.php +++ b/modules/aggregator2/www/get.php @@ -3,7 +3,6 @@ if (!isset($_REQUEST['id'])) { throw new SimpleSAML_Error_BadRequest('Missing required id-parameter.'); } - $id = (string)$_REQUEST['id']; $aggregator = sspmod_aggregator2_Aggregator::getAggregator($id); @@ -11,4 +10,11 @@ $xml = $aggregator->getMetadata(); header('Content-Type: application/samlmetadata+xml'); header('Content-Length: ' . strlen($xml)); + +/* + * At this point, if the ID was forged, getMetadata() would + * have failed to find a valid metadata set, so we can trust it. + */ +header('Content-Disposition: filename='.$id.'.xml'); + echo($xml); -- GitLab