From 61870d59037d8c7df6fdbf1a6afcfb559e265a92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Fri, 20 Feb 2009 12:06:30 +0000
Subject: [PATCH] Added parsing of attribute list and name and description in
AttributeConsumerService element. improved expire handling...
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1288 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Metadata/SAMLBuilder.php | 21 ++++++------
lib/SimpleSAML/Metadata/SAMLParser.php | 41 +++++++++++++++++++++++
modules/metarefresh/hooks/hook_cron.php | 9 +++---
modules/metarefresh/lib/MetaLoader.php | 43 ++++++++++++++-----------
4 files changed, 83 insertions(+), 31 deletions(-)
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index 8484c595d..735f4d590 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -39,7 +39,9 @@ class SimpleSAML_Metadata_SAMLBuilder {
$this->maxDuration = $maxDuration;
$this->document = new DOMDocument();
+
$this->entityDescriptor = $this->createElement('EntityDescriptor');
+# $this->entityDescriptor->setAttribute('xmlns:xml', 'http://www.w3.org/XML/1998/namespace');
$this->entityDescriptor->setAttribute('entityID', $entityId);
$this->document->appendChild($this->entityDescriptor);
@@ -228,9 +230,9 @@ class SimpleSAML_Metadata_SAMLBuilder {
$e->setAttribute('protocolSupportEnumeration', 'urn:oasis:names:tc:SAML:2.0:protocol');
- $this->addExtensions($metadata);
+# $this->addExtensions($metadata);
- $this->addCertificate($e, $metadata);
+# $this->addCertificate($e, $metadata);
if (array_key_exists('SingleLogoutService', $metadata)) {
$t = $this->createElement('SingleLogoutService');
@@ -258,7 +260,8 @@ class SimpleSAML_Metadata_SAMLBuilder {
$e->appendChild($t);
}
- if (array_key_exists('name', $metadata) || array_key_exists('attributes', $metadata)) {
+
+ if ( array_key_exists('name', $metadata) || array_key_exists('attributes', $metadata)) {
/**
* Add an AttributeConsumingService element with information as name and description and list
* of requested attributes
@@ -308,7 +311,7 @@ class SimpleSAML_Metadata_SAMLBuilder {
$this->entityDescriptor->appendChild($e);
- $this->addOrganizationInfo($metadata);
+# $this->addOrganizationInfo($metadata);
if (array_key_exists('contacts', $metadata) && is_array($metadata['contacts']) ) {
foreach($metadata['contacts'] AS $contact) {
@@ -349,9 +352,9 @@ class SimpleSAML_Metadata_SAMLBuilder {
$e->setAttribute('WantAuthnRequestSigned', 'true');
}
- $this->addExtensions($metadata);
+# $this->addExtensions($metadata);
- $this->addCertificate($e, $metadata);
+# $this->addCertificate($e, $metadata);
if (array_key_exists('SingleLogoutService', $metadata)) {
$t = $this->createElement('SingleLogoutService');
@@ -380,7 +383,7 @@ class SimpleSAML_Metadata_SAMLBuilder {
$this->entityDescriptor->appendChild($e);
- $this->addOrganizationInfo($metadata);
+# $this->addOrganizationInfo($metadata);
if (array_key_exists('contacts', $metadata) && is_array($metadata['contacts']) ) {
foreach($metadata['contacts'] AS $contact) {
@@ -415,7 +418,7 @@ class SimpleSAML_Metadata_SAMLBuilder {
$e = $this->createElement('SPSSODescriptor');
$e->setAttribute('protocolSupportEnumeration', 'urn:oasis:names:tc:SAML:1.1:protocol');
- $this->addCertificate($e, $metadata);
+# $this->addCertificate($e, $metadata);
if (array_key_exists('NameIDFormat', $metadata)) {
$t = $this->createElement('NameIDFormat');
@@ -446,7 +449,7 @@ class SimpleSAML_Metadata_SAMLBuilder {
$e = $this->createElement('IDPSSODescriptor');
$e->setAttribute('protocolSupportEnumeration', 'urn:oasis:names:tc:SAML:1.1:protocol');
- $this->addCertificate($e, $metadata);
+# $this->addCertificate($e, $metadata);
if (array_key_exists('NameIDFormat', $metadata)) {
$t = $this->createElement('NameIDFormat');
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index dfcd11ddd..9f3294f31 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -618,6 +618,9 @@ class SimpleSAML_Metadata_SAMLParser {
$ret['NameIDFormat'] = $spd['nameIDFormats'][0];
}
+ if (array_key_exists('attributes', $spd)) {
+ $ret['attributes'] = $spd['attributes'];
+ }
/* Add certificate data. Only the first valid certificate will be added. */
foreach($spd['keys'] as $key) {
@@ -818,6 +821,13 @@ class SimpleSAML_Metadata_SAMLParser {
$sp['assertionConsumerServices'][] = self::parseAssertionConsumerService($child);
}
+ /* Find all the attributes and SP name... */
+ #$sp['attributes'] = array();
+ $attcs = SimpleSAML_Utilities::getDOMChildren($element, 'AttributeConsumingService', '@md');
+ if (count($attcs) > 0) {
+ self::parseAttributeConsumerService($attcs[0], &$sp);
+ }
+
$this->spDescriptors[] = $sp;
}
@@ -973,6 +983,37 @@ class SimpleSAML_Metadata_SAMLParser {
}
+ /**
+ * This function parses AttributeConsumerService elements.
+ */
+ private static function parseAttributeConsumerService($element, &$sp) {
+ assert('$element instanceof DOMElement');
+ assert('is_array($sp)');
+
+ $elements = SimpleSAML_Utilities::getDOMChildren($element, 'ServiceName', '@md');
+ foreach($elements AS $child) {
+ $language = $child->getAttributeNS('http://www.w3.org/XML/1998/namespace', 'lang');
+ if(empty($language)) $language = 'en';
+ $sp['name'][$language] = SimpleSAML_Utilities::getDOMText($child);
+ }
+
+ $elements = SimpleSAML_Utilities::getDOMChildren($element, 'ServiceDescription', '@md');
+ foreach($elements AS $child) {
+ $language = $child->getAttributeNS('http://www.w3.org/XML/1998/namespace', 'lang');
+ if(empty($language)) $language = 'en';
+ $sp['description'][$language] = SimpleSAML_Utilities::getDOMText($child);
+ }
+
+ $elements = SimpleSAML_Utilities::getDOMChildren($element, 'RequestedAttribute', '@md');
+ foreach($elements AS $child) {
+ $attrname = $child->getAttribute('Name');
+ if (!array_key_exists('attributes', $sp)) $sp['attributes'] = array();
+ $sp['attributes'][] = $attrname;
+ }
+
+ }
+
+
/**
* This function parses SingleLogoutService elements.
*
diff --git a/modules/metarefresh/hooks/hook_cron.php b/modules/metarefresh/hooks/hook_cron.php
index 4065ff43c..a80a5551e 100644
--- a/modules/metarefresh/hooks/hook_cron.php
+++ b/modules/metarefresh/hooks/hook_cron.php
@@ -23,10 +23,11 @@ function metarefresh_hook_cron(&$croninfo) {
if (!in_array($croninfo['tag'], $set['cron'])) continue;
SimpleSAML_Logger::info('cron [metarefresh]: Executing set [' . $setkey . ']');
-
- $maxcache = NULL; if (array_key_exists('maxcache', $set)) $maxcache = $set['maxcache'];
- $maxduration = NULL; if (array_key_exists('maxduration', $set)) $maxcache = $set['maxduration'];
- $metaloader = new sspmod_metarefresh_MetaLoader($maxcache, $maxduration);
+
+ $expire = NULL;
+ if (array_key_exists('expireAfter', $set)) $expire = time() + $set['expireAfter'];
+
+ $metaloader = new sspmod_metarefresh_MetaLoader($expire);
foreach($set['sources'] AS $source) {
SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index f85732434..26067a7d8 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -9,8 +9,7 @@ class sspmod_metarefresh_MetaLoader {
private $metadata;
- private $maxcache;
- private $maxduration;
+ private $expire;
/**
* Constructor
@@ -18,9 +17,8 @@ class sspmod_metarefresh_MetaLoader {
* @param array $sources Sources...
* @param
*/
- public function __construct($maxcache = NULL, $maxduration = NULL) {
- $this->maxcache = $maxcache;
- $this->maxduration = $maxduration;
+ public function __construct($expire = NULL) {
+ $this->expire = $expire;
$this->metadata = array();
}
@@ -41,7 +39,7 @@ class sspmod_metarefresh_MetaLoader {
continue;
}
}
-
+
// TODO: $ca is always null
if($ca !== NULL) {
if(!$entity->validateCA($ca)) {
@@ -52,12 +50,10 @@ class sspmod_metarefresh_MetaLoader {
$template = NULL;
if (array_key_exists('template', $source)) $template = $source['template'];
- $expireDuration = time() + min($this->maxcache, $this->maxduration);
-
- $this->addMetadata($source['src'], $entity->getMetadata1xSP(), 'shib13-sp-remote', $template, $expireDuration);
- $this->addMetadata($source['src'], $entity->getMetadata1xIdP(), 'shib13-idp-remote', $template, $expireDuration);
- $this->addMetadata($source['src'], $entity->getMetadata20SP(), 'saml20-sp-remote', $template, $expireDuration);
- $this->addMetadata($source['src'], $entity->getMetadata20IdP(), 'saml20-idp-remote', $template, $expireDuration);
+ $this->addMetadata($source['src'], $entity->getMetadata1xSP(), 'shib13-sp-remote', $template);
+ $this->addMetadata($source['src'], $entity->getMetadata1xIdP(), 'shib13-idp-remote', $template);
+ $this->addMetadata($source['src'], $entity->getMetadata20SP(), 'saml20-sp-remote', $template);
+ $this->addMetadata($source['src'], $entity->getMetadata20IdP(), 'saml20-idp-remote', $template);
}
}
@@ -100,7 +96,7 @@ class sspmod_metarefresh_MetaLoader {
* @param $metadata The metadata.
* @param $type The metadata type.
*/
- private function addMetadata($filename, $metadata, $type, $template = NULL, $expireDuration) {
+ private function addMetadata($filename, $metadata, $type, $template = NULL) {
if($metadata === NULL) {
return;
@@ -118,12 +114,23 @@ class sspmod_metarefresh_MetaLoader {
$this->metadata[$type] = array();
}
- if (!array_key_exists('expire', $metadata)) {
- $metadata['expire'] = $expireDuration;
- } else {
- if ($expireDuration < $metadata['expire'])
- $metadata['expire'] = $expireDuration;
+ // If expire is defined in constructor...
+ if (!empty($this->expire)) {
+
+ // If expire is already in metadata
+ if (array_key_exists('expire', $metadata)) {
+
+ // Override metadata expire with more restrictive global config-
+ if ($this->expire < $metadata['expire'])
+ $metadata['expire'] = $this->expire;
+
+ // If expire is not already in metadata use global config
+ } else {
+ $metadata['expire'] = $this->expire;
+ }
}
+
+
$this->metadata[$type][] = array('filename' => $filename, 'metadata' => $metadata);
}
--
GitLab