Merge pull request #509 from tdiscuit/master

Add ability to define additional attributes on ContactPerson element

docs/simplesamlphp-reference-idp-hosted.md

@@ -123,6 +123,37 @@ Common options
     any value in the SP-remote metadata overrides the one configured
     in the IdP metadata.
 
+`contacts`
+:	Specify contacts in addition to the technical contact configured through config/config.php.
+	For example, specifying a support contact:
+
+		'contacts' => array(
+		    array(
+		        'contactType'       => 'support',
+		        'emailAddress'      => 'support@example.org',
+		        'givenName'         => 'John',
+		        'surName'           => 'Doe',
+		        'telephoneNumber'   => '+31(0)12345678',
+		        'company'           => 'Example Inc.',
+		    ),
+		),
+
+:	If you have support for a trust framework that requires extra attributes on the contact person element in your IdP metadata (for example, SIRTFI), you can specify an array of attributes on a contact.
+
+		'contacts' => array(
+		    array(
+		        'contactType'       => 'other',
+		        'emailAddress'      => 'mailto:abuse@example.org',
+		        'givenName'         => 'John',
+		        'surName'           => 'Doe',
+		        'telephoneNumber'   => '+31(0)12345678',
+		        'company'           => 'Example Inc.',
+		        'attributes'        => array(
+		            'xmlns:remd'        => 'http://refeds.org/metadata',
+		            'remd:contactType'  => 'http://refeds.org/metadata/contactType/security',
+		        ),
+		    ),
+		), 
 
 SAML 2.0 options
 ----------------

lib/SimpleSAML/Metadata/SAMLBuilder.php

@@ -688,6 +688,10 @@ class SimpleSAML_Metadata_SAMLBuilder
         $e = new \SAML2\XML\md\ContactPerson();
         $e->contactType = $type;
 
+        if (!empty($details['attributes'])) {
+            $e->ContactPersonAttributes = $details['attributes'];
+        }
+
         if (isset($details['company'])) {
             $e->Company = $details['company'];
         }

lib/SimpleSAML/Utils/Config/Metadata.php

@@ -27,6 +27,12 @@ class Metadata
 
 
     /**
+     * Valid options for the ContactPerson element
+     *
+     * The 'attributes' option isn't defined in section 2.3.2.2 of the OASIS document, but
+     * it is required to allow additons to the main contact person element for trust
+     * frameworks.
+     *
      * @var array The valid configuration options for a contact configuration array.
      * @see "Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0", section 2.3.2.2.
      */
@@ -37,6 +43,7 @@ class Metadata
         'surName',
         'telephoneNumber',
         'company',
+        'attributes',
     );
 
 
@@ -108,6 +115,16 @@ class Metadata
             throw new \InvalidArgumentException('"contactType" is mandatory and must be one of '.$types.".");
         }
 
+        // check attributes is an associative array
+        if (isset($contact['attributes'])) {
+            if (empty($contact['attributes']) 
+                || !is_array($contact['attributes']) 
+                || count(array_filter(array_keys($contact['attributes']), 'is_string')) === 0
+            ) {
+                throw new \InvalidArgumentException('"attributes" must be an array and cannot be empty.');
+            }
+        }
+
         // try to fill in givenName and surName from name
         if (isset($contact['name']) && !isset($contact['givenName']) && !isset($contact['surName'])) {
             // first check if it's comma separated

tests/lib/SimpleSAML/Utils/Config/MetadataTest.php

@@ -215,6 +215,7 @@ class MetadataTest extends \PHPUnit_Framework_TestCase
         }
         $contact['contactType'] = 'technical';
         $contact['name'] = 'to_be_removed';
+        $contact['attributes'] = array('test' => 'testval');
         $parsed = Metadata::getContact($contact);
         foreach (array_keys($parsed) as $key) {
             $this->assertEquals($parsed[$key], $contact[$key]);