From 818fa3090e5117e3c7c4377c0ba91572cbb588d2 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 18 Mar 2011 11:20:20 +0000
Subject: [PATCH] metarefresh: Add support for whitelisting and blacklisting
 entities.

Thanks to Dyonisius Visser for implementing this.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2782 44740490-163a-0410-bde0-09ae8108e29a
---
 .../config-templates/config-metarefresh.php   | 22 +++++++++++++++++++
 modules/metarefresh/hooks/hook_cron.php       | 19 ++++++++++++++++
 modules/metarefresh/lib/MetaLoader.php        | 16 ++++++++++++++
 modules/metarefresh/www/fetch.php             | 19 ++++++++++++++++
 4 files changed, 76 insertions(+)

diff --git a/modules/metarefresh/config-templates/config-metarefresh.php b/modules/metarefresh/config-templates/config-metarefresh.php
index ec918e522..dc8b2c0b5 100644
--- a/modules/metarefresh/config-templates/config-metarefresh.php
+++ b/modules/metarefresh/config-templates/config-metarefresh.php
@@ -2,12 +2,34 @@
 
 $config = array(
 
+	/*
+	 * Global blacklist: entityIDs that should be excluded from ALL sets.
+	 */
+	#'blacklist' = array(
+	#	'http://my.own.uni/idp'
+	#),
+	
 	'sets' => array(
 
 		'kalmar' => array(
 			'cron'		=> array('hourly'),
 			'sources'	=> array(
 				array(
+					/*
+					 * entityIDs that should be excluded from this set.
+					 */
+					#'blacklist' => array(
+					#	'http://some.other.uni/idp',
+					#),
+
+					/*
+					 * Whitelist: only keep these EntityIDs.
+					 */
+					#'whitelist' => array(
+					#	'http://some.uni/idp',
+					#	'http://some.other.uni/idp',
+					#),
+
 					'src' => 'https://kalmar.feide.no/simplesaml/module.php/aggregator/?id=kalmarcentral&mimetype=text/plain&exclude=norway',
 					'validateFingerprint' => '591d4b4670463eeda91fcc816dc0af2a092aa801',
 					'template' => array(
diff --git a/modules/metarefresh/hooks/hook_cron.php b/modules/metarefresh/hooks/hook_cron.php
index f4a791c83..5cf828fee 100644
--- a/modules/metarefresh/hooks/hook_cron.php
+++ b/modules/metarefresh/hooks/hook_cron.php
@@ -33,7 +33,26 @@ function metarefresh_hook_cron(&$croninfo) {
 
 			$metaloader = new sspmod_metarefresh_MetaLoader($expire);
 
+			# Get global blacklist
+			$blacklist = $mconfig->getArray('blacklist', array());
+			$whitelist = $mconfig->getArray('whitelist', array());
+
 			foreach($set->getArray('sources') AS $source) {
+
+				# Merge global and src specific blacklists
+				if(isset($source['blacklist'])) {
+					$source['blacklist'] = array_unique(array_merge($source['blacklist'], $blacklist));
+				} else {
+					$source['blacklist'] = $blacklist;
+				}
+
+				# Merge global and src specific whitelists
+				if(isset($source['whitelist'])) {
+					$source['whitelist'] = array_unique(array_merge($source['whitelist'], $whitelist));
+				} else {
+					$source['whitelist'] = $whitelist;
+				}
+
 				SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source ['  . $source['src'] . ']');
 				$metaloader->loadSource($source);
 			}
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index e62efd1d4..3d9cec5ff 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -34,7 +34,23 @@ class sspmod_metarefresh_MetaLoader {
 		} catch(Exception $e) {
 			SimpleSAML_Logger::warning('metarefresh: Failed to retrieve metadata. ' . $e->getMessage());
 		}
+
 		foreach($entities as $entity) {
+
+			if(isset($source['blacklist'])) {
+				if(!empty($source['blacklist']) && in_array($entity->getEntityID(), $source['blacklist'])) {
+					SimpleSAML_Logger::info('Skipping "' .  $entity->getEntityID() . '" - blacklisted.' . "\n");
+					continue;
+				}
+			}
+
+			if(isset($source['whitelist'])) {
+				if(!empty($source['whitelist']) && !in_array($entity->getEntityID(), $source['whitelist'])) {
+					SimpleSAML_Logger::info('Skipping "' .  $entity->getEntityID() . '" - not in the whitelist.' . "\n");
+					continue;
+				}
+			}
+
 			if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) {
 				if(!$entity->validateFingerprint($source['validateFingerprint'])) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n");
diff --git a/modules/metarefresh/www/fetch.php b/modules/metarefresh/www/fetch.php
index f268cb9fc..a2739b85d 100644
--- a/modules/metarefresh/www/fetch.php
+++ b/modules/metarefresh/www/fetch.php
@@ -26,7 +26,26 @@ foreach ($sets AS $setkey => $set) {
 
 		$metaloader = new sspmod_metarefresh_MetaLoader($expire);
 
+		# Get global black/whitelists
+		$blacklist = $mconfig->getArray('blacklist', array());
+		$whitelist = $mconfig->getArray('whitelist', array());
+
 		foreach($set->getArray('sources') AS $source) {
+
+			# Merge global and src specific blacklists
+			if(isset($source['blacklist'])) {
+				$source['blacklist'] = array_unique(array_merge($source['blacklist'], $blacklist));
+			} else {
+				$source['blacklist'] = $blacklist;
+			}
+
+			# Merge global and src specific whitelists
+			if(isset($source['whitelist'])) {
+				$source['whitelist'] = array_unique(array_merge($source['whitelist'], $whitelist));
+			} else {
+				$source['whitelist'] = $whitelist;
+			}
+
 			SimpleSAML_Logger::debug('[metarefresh]: In set [' . $setkey . '] loading source ['  . $source['src'] . ']');
 			$metaloader->loadSource($source);
 		}
-- 
GitLab