Skip to content
Snippets Groups Projects
Commit 818fa309 authored by Olav Morken's avatar Olav Morken
Browse files

metarefresh: Add support for whitelisting and blacklisting entities. 

Thanks to Dyonisius Visser for implementing this.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2782 44740490-163a-0410-bde0-09ae8108e29a
parent e6359625
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/metarefresh/config-templates/config-metarefresh.php
+ 22
0
View file @ 818fa309
...@@ -2,12 +2,34 @@ ...@@ -2,12 +2,34 @@
$config = array( $config = array(
/*
* Global blacklist: entityIDs that should be excluded from ALL sets.
*/
#'blacklist' = array(
# 'http://my.own.uni/idp'
#),
'sets' => array( 'sets' => array(
'kalmar' => array( 'kalmar' => array(
'cron' => array('hourly'), 'cron' => array('hourly'),
'sources' => array( 'sources' => array(
array( array(
/*
* entityIDs that should be excluded from this set.
*/
#'blacklist' => array(
# 'http://some.other.uni/idp',
#),
/*
* Whitelist: only keep these EntityIDs.
*/
#'whitelist' => array(
# 'http://some.uni/idp',
# 'http://some.other.uni/idp',
#),
'src' => 'https://kalmar.feide.no/simplesaml/module.php/aggregator/?id=kalmarcentral&mimetype=text/plain&exclude=norway', 'src' => 'https://kalmar.feide.no/simplesaml/module.php/aggregator/?id=kalmarcentral&mimetype=text/plain&exclude=norway',
'validateFingerprint' => '591d4b4670463eeda91fcc816dc0af2a092aa801', 'validateFingerprint' => '591d4b4670463eeda91fcc816dc0af2a092aa801',
'template' => array( 'template' => array(
......
modules/metarefresh/hooks/hook_cron.php
+ 19
0
View file @ 818fa309
...@@ -33,7 +33,26 @@ function metarefresh_hook_cron(&$croninfo) { ...@@ -33,7 +33,26 @@ function metarefresh_hook_cron(&$croninfo) {
$metaloader = new sspmod_metarefresh_MetaLoader($expire); $metaloader = new sspmod_metarefresh_MetaLoader($expire);
# Get global blacklist
$blacklist = $mconfig->getArray('blacklist', array());
$whitelist = $mconfig->getArray('whitelist', array());
foreach($set->getArray('sources') AS $source) { foreach($set->getArray('sources') AS $source) {
# Merge global and src specific blacklists
if(isset($source['blacklist'])) {
$source['blacklist'] = array_unique(array_merge($source['blacklist'], $blacklist));
} else {
$source['blacklist'] = $blacklist;
}
# Merge global and src specific whitelists
if(isset($source['whitelist'])) {
$source['whitelist'] = array_unique(array_merge($source['whitelist'], $whitelist));
} else {
$source['whitelist'] = $whitelist;
}
SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']'); SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
$metaloader->loadSource($source); $metaloader->loadSource($source);
} }
......
modules/metarefresh/lib/MetaLoader.php
+ 16
0
View file @ 818fa309
...@@ -34,7 +34,23 @@ class sspmod_metarefresh_MetaLoader { ...@@ -34,7 +34,23 @@ class sspmod_metarefresh_MetaLoader {
} catch(Exception $e) { } catch(Exception $e) {
SimpleSAML_Logger::warning('metarefresh: Failed to retrieve metadata. ' . $e->getMessage()); SimpleSAML_Logger::warning('metarefresh: Failed to retrieve metadata. ' . $e->getMessage());
} }
foreach($entities as $entity) { foreach($entities as $entity) {
if(isset($source['blacklist'])) {
if(!empty($source['blacklist']) && in_array($entity->getEntityID(), $source['blacklist'])) {
SimpleSAML_Logger::info('Skipping "' . $entity->getEntityID() . '" - blacklisted.' . "\n");
continue;
}
}
if(isset($source['whitelist'])) {
if(!empty($source['whitelist']) && !in_array($entity->getEntityID(), $source['whitelist'])) {
SimpleSAML_Logger::info('Skipping "' . $entity->getEntityID() . '" - not in the whitelist.' . "\n");
continue;
}
}
if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) { if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) {
if(!$entity->validateFingerprint($source['validateFingerprint'])) { if(!$entity->validateFingerprint($source['validateFingerprint'])) {
SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n"); SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n");
......
modules/metarefresh/www/fetch.php
+ 19
0
View file @ 818fa309
...@@ -26,7 +26,26 @@ foreach ($sets AS $setkey => $set) { ...@@ -26,7 +26,26 @@ foreach ($sets AS $setkey => $set) {
$metaloader = new sspmod_metarefresh_MetaLoader($expire); $metaloader = new sspmod_metarefresh_MetaLoader($expire);
# Get global black/whitelists
$blacklist = $mconfig->getArray('blacklist', array());
$whitelist = $mconfig->getArray('whitelist', array());
foreach($set->getArray('sources') AS $source) { foreach($set->getArray('sources') AS $source) {
# Merge global and src specific blacklists
if(isset($source['blacklist'])) {
$source['blacklist'] = array_unique(array_merge($source['blacklist'], $blacklist));
} else {
$source['blacklist'] = $blacklist;
}
# Merge global and src specific whitelists
if(isset($source['whitelist'])) {
$source['whitelist'] = array_unique(array_merge($source['whitelist'], $whitelist));
} else {
$source['whitelist'] = $whitelist;
}
SimpleSAML_Logger::debug('[metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']'); SimpleSAML_Logger::debug('[metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
$metaloader->loadSource($source); $metaloader->loadSource($source);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment