Add support to publish RegistrationInfo (MDRPI) in the aggregator2 module.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3345 44740490-163a-0410-bde0-09ae8108e29a

Add support to publish RegistrationInfo (MDRPI) in the aggregator2 module.
29066ee8 · Jaime Pérez Crespo · 1d368901 · 29066ee8 · 29066ee8 · 29066ee8
Commit 29066ee8 authored 11 years ago by Jaime Pérez Crespo
--- a/docs/aggregator2.txt
+++ b/docs/aggregator2.txt
@@ -66,6 +66,24 @@ The aggregator can be configured with the following options:
    This certificate is included in the generated metadata.
    The path to the certificate can be absolute, or it can be relative to the `cert`-directory.
+`RegistrationInfo`
+:   Allows to specify information about the registrar of this aggregate. Please refer to the
+    'SAML V2.0 Metadata Extensions for Registration and Publication Information' document
+    for further information on this topic. This option accepts an array with the following
+    options:
+:   -   `authority`: The unique identifier of the authority that registered the entity.
+    It is recommended that this be a URL that resolves to a human readable page describing
+    the registrar authority (e.g., the registrar's home page). This parameter is REQUIRED.
+:   -   `instant`: The instant the entity was registered with the authority. Time values 
+    must be expressed in the UTC timezone using the 'Z' timezone identifier. This parameter
+    is OPTIONAL.
+:   -   `policies`: The policy under which the entity was registered. An indexed array with
+    URLs pointing to the localized versions of the policy. Each index will be used as the
+    language identifier. This parameter is OPTIONAL.
 ### Aggregator source configuration

--- a/lib/Aggregator.php
+++ b/lib/Aggregator.php
@@ -119,6 +119,14 @@ class sspmod_aggregator2_Aggregator {
 	protected $cacheTag;
+	/**
+	 * The registration information for our generated metadata.
+	 *
+	 * @var array
+	 */
+	protected $regInfo;
 	/**
 	 * Initialize this aggregator.
 	 *
@@ -172,6 +180,8 @@ class sspmod_aggregator2_Aggregator {
 		$this->sslCAFile = $config->getString('ssl.cafile', NULL);
+		$this->regInfo = $config->getArray('RegistrationInfo', NULL);
 		$this->initSources($config->getConfigList('sources'));
 	}
@@ -379,6 +389,29 @@ class sspmod_aggregator2_Aggregator {
 	protected function getEntitiesDescriptor() {
 		$ret = new SAML2_XML_md_EntitiesDescriptor();
+		$now = time();
+		// add RegistrationInfo extension if enabled
+		if ($this->regInfo !== NULL) {
+			$ri = new SAML2_XML_mdrpi_RegistrationInfo();
+			$ri->registrationInstant = $now;
+			foreach ($this->regInfo as $riName => $riValues) {
+				switch ($riName) {
+					case 'authority':
+						$ri->registrationAuthority = $riValues;
+						break;
+					case 'instant':
+						$ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues);
+						break;
+					case 'policies':
+						$ri->RegistrationPolicy = $riValues;
+						break;
+				}
+			}
+			$ret->Extensions[] = $ri;
+		}
 		foreach ($this->sources as $source) {
 			$m = $source->getMetadata();
 			if ($m === NULL) {
@@ -387,7 +420,7 @@ class sspmod_aggregator2_Aggregator {
 			$ret->children[] = $m;
 		}
-		$ret->validUntil = time() + $this->validLength;
+		$ret->validUntil = $now + $this->validLength;
 		return $ret;
 	}

--- a/www/get.php
+++ b/www/get.php
@@ -3,7 +3,6 @@
 if (!isset($_REQUEST['id'])) {
 	throw new SimpleSAML_Error_BadRequest('Missing required id-parameter.');
 }
 $id = (string)$_REQUEST['id'];
 $aggregator = sspmod_aggregator2_Aggregator::getAggregator($id);
@@ -11,4 +10,11 @@ $xml = $aggregator->getMetadata();
 header('Content-Type: application/samlmetadata+xml');
 header('Content-Length: ' . strlen($xml));
+/*
+ * At this point, if the ID was forged, getMetadata() would
+ * have failed to find a valid metadata set, so we can trust it.
+ */
+header('Content-Disposition: filename='.$id.'.xml');
 echo($xml);