From 2751566b1705c7def23a188a338b043dbe534cca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Crespo?= <jaime.perez@uninett.no>
Date: Thu, 30 Jan 2014 14:10:54 +0000
Subject: [PATCH] Add support to publish RegistrationInfo (MDRPI) in the
 aggregator2 module.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3345 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/aggregator2/docs/aggregator2.txt | 18 ++++++++++++
 modules/aggregator2/lib/Aggregator.php   | 35 +++++++++++++++++++++++-
 modules/aggregator2/www/get.php          |  8 +++++-
 3 files changed, 59 insertions(+), 2 deletions(-)

diff --git a/modules/aggregator2/docs/aggregator2.txt b/modules/aggregator2/docs/aggregator2.txt
index 43483323d..564f43942 100644
--- a/modules/aggregator2/docs/aggregator2.txt
+++ b/modules/aggregator2/docs/aggregator2.txt
@@ -66,6 +66,24 @@ The aggregator can be configured with the following options:
     This certificate is included in the generated metadata.
     The path to the certificate can be absolute, or it can be relative to the `cert`-directory.
 
+`RegistrationInfo`
+:   Allows to specify information about the registrar of this aggregate. Please refer to the
+    'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
+    for further information on this topic. This option accepts an array with the following
+    options:
+
+:   -   `authority`: The unique identifier of the authority that registered the entity.
+    It is recommended that this be a URL that resolves to a human readable page describing
+    the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
+
+:   -   `instant`: The instant the entity was registered with the authority. Time values 
+    must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
+    is OPTIONAL.
+
+:   -   `policies`: The policy under which the entity was registered. An indexed array with
+    URLs pointing to the localized versions of the policy. Each index will be used as the
+    language identifier. This parameter is OPTIONAL.
+
 
 ### Aggregator source configuration
 
diff --git a/modules/aggregator2/lib/Aggregator.php b/modules/aggregator2/lib/Aggregator.php
index caf283a72..5d0ae2f2e 100644
--- a/modules/aggregator2/lib/Aggregator.php
+++ b/modules/aggregator2/lib/Aggregator.php
@@ -119,6 +119,14 @@ class sspmod_aggregator2_Aggregator {
 	protected $cacheTag;
 
 
+	/**
+	 * The registration information for our generated metadata.
+	 *
+	 * @var array
+	 */
+	protected $regInfo;
+
+
 	/**
 	 * Initialize this aggregator.
 	 *
@@ -172,6 +180,8 @@ class sspmod_aggregator2_Aggregator {
 
 		$this->sslCAFile = $config->getString('ssl.cafile', NULL);
 
+		$this->regInfo = $config->getArray('RegistrationInfo', NULL);
+
 		$this->initSources($config->getConfigList('sources'));
 	}
 
@@ -379,6 +389,29 @@ class sspmod_aggregator2_Aggregator {
 	protected function getEntitiesDescriptor() {
 
 		$ret = new SAML2_XML_md_EntitiesDescriptor();
+
+		$now = time();
+
+		// add RegistrationInfo extension if enabled
+		if ($this->regInfo !== NULL) {
+			$ri = new SAML2_XML_mdrpi_RegistrationInfo();
+			$ri->registrationInstant = $now;
+			foreach ($this->regInfo as $riName => $riValues) {
+				switch ($riName) {
+					case 'authority':
+						$ri->registrationAuthority = $riValues;
+						break;
+					case 'instant':
+						$ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues);
+						break;
+					case 'policies':
+						$ri->RegistrationPolicy = $riValues;
+						break;
+				}
+			}
+			$ret->Extensions[] = $ri;
+		}
+
 		foreach ($this->sources as $source) {
 			$m = $source->getMetadata();
 			if ($m === NULL) {
@@ -387,7 +420,7 @@ class sspmod_aggregator2_Aggregator {
 			$ret->children[] = $m;
 		}
 
-		$ret->validUntil = time() + $this->validLength;
+		$ret->validUntil = $now + $this->validLength;
 
 		return $ret;
 	}
diff --git a/modules/aggregator2/www/get.php b/modules/aggregator2/www/get.php
index bb47f8d69..016eef295 100644
--- a/modules/aggregator2/www/get.php
+++ b/modules/aggregator2/www/get.php
@@ -3,7 +3,6 @@
 if (!isset($_REQUEST['id'])) {
 	throw new SimpleSAML_Error_BadRequest('Missing required id-parameter.');
 }
-
 $id = (string)$_REQUEST['id'];
 
 $aggregator = sspmod_aggregator2_Aggregator::getAggregator($id);
@@ -11,4 +10,11 @@ $xml = $aggregator->getMetadata();
 
 header('Content-Type: application/samlmetadata+xml');
 header('Content-Length: ' . strlen($xml));
+
+/*
+ * At this point, if the ID was forged, getMetadata() would
+ * have failed to find a valid metadata set, so we can trust it.
+ */
+header('Content-Disposition: filename='.$id.'.xml');
+
 echo($xml);
-- 
GitLab