From 8cdc186c704d78c36822fa6335e86578aefbc28e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez?= <jaime.perez@uninett.no>
Date: Wed, 31 Aug 2016 12:38:43 +0200
Subject: [PATCH] Model some SAML errors as exceptions in the SAML module.

This makes it easier to identify error conditions and return errors to an SP. More known errors should also be added here.
---
 modules/saml/lib/Error/NoAuthnContext.php     | 28 +++++++++++++++++++
 modules/saml/lib/Error/NoAvailableIDP.php     | 28 +++++++++++++++++++
 modules/saml/lib/Error/NoPassive.php          | 28 +++++++++++++++++++
 modules/saml/lib/Error/NoSupportedIDP.php     | 28 +++++++++++++++++++
 modules/saml/lib/Error/ProxyCountExceeded.php | 28 +++++++++++++++++++
 5 files changed, 140 insertions(+)
 create mode 100644 modules/saml/lib/Error/NoAuthnContext.php
 create mode 100644 modules/saml/lib/Error/NoAvailableIDP.php
 create mode 100644 modules/saml/lib/Error/NoPassive.php
 create mode 100644 modules/saml/lib/Error/NoSupportedIDP.php
 create mode 100644 modules/saml/lib/Error/ProxyCountExceeded.php

diff --git a/modules/saml/lib/Error/NoAuthnContext.php b/modules/saml/lib/Error/NoAuthnContext.php
new file mode 100644
index 000000000..27f5ecf55
--- /dev/null
+++ b/modules/saml/lib/Error/NoAuthnContext.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * A SAML error indicating that none of the requested Authentication Contexts can be used.
+ *
+ * @author Jaime PĂ©rez Crespo, UNINETT AS <jaime.perez@uninett.no>
+ * @package SimpleSAMLphp
+ */
+
+namespace SimpleSAML\Module\saml\Error;
+
+use SAML2\Constants;
+
+class NoAuthnContext extends \sspmod_saml_Error
+{
+    /**
+     * NoAuthnContext error constructor.
+     *
+     * @param string $responsible A string telling who is responsible for this error. Can be one of the following:
+     *   - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder.
+     *   - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester.
+     * @param string|null $message A short message explaining why this error happened.
+     * @param \Exception|null $cause An exception that caused this error.
+     */
+    public function __construct($responsible, $message = null, \Exception $cause = null)
+    {
+        parent::__construct($responsible, Constants::STATUS_NO_AUTHN_CONTEXT, $message, $cause);
+    }
+}
diff --git a/modules/saml/lib/Error/NoAvailableIDP.php b/modules/saml/lib/Error/NoAvailableIDP.php
new file mode 100644
index 000000000..9245ef993
--- /dev/null
+++ b/modules/saml/lib/Error/NoAvailableIDP.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * A SAML error indicating that none of the requested IdPs can be used.
+ *
+ * @author Jaime PĂ©rez Crespo, UNINETT AS <jaime.perez@uninett.no>
+ * @package SimpleSAMLphp
+ */
+
+namespace SimpleSAML\Module\saml\Error;
+
+use SAML2\Constants;
+
+class NoAvailableIDP extends \sspmod_saml_Error
+{
+    /**
+     * NoAvailableIDP error constructor.
+     *
+     * @param string $responsible A string telling who is responsible for this error. Can be one of the following:
+     *   - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder.
+     *   - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester.
+     * @param string|null $message A short message explaining why this error happened.
+     * @param \Exception|null $cause An exception that caused this error.
+     */
+    public function __construct($responsible, $message = null, \Exception $cause = null)
+    {
+        parent::__construct($responsible, Constants::STATUS_NO_AVAILABLE_IDP, $message, $cause);
+    }
+}
diff --git a/modules/saml/lib/Error/NoPassive.php b/modules/saml/lib/Error/NoPassive.php
new file mode 100644
index 000000000..2fa30be6b
--- /dev/null
+++ b/modules/saml/lib/Error/NoPassive.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * A SAML error indicating that passive authentication cannot be used.
+ *
+ * @author Jaime PĂ©rez Crespo, UNINETT AS <jaime.perez@uninett.no>
+ * @package SimpleSAMLphp
+ */
+
+namespace SimpleSAML\Module\saml\Error;
+
+use SAML2\Constants;
+
+class NoPassive extends \sspmod_saml_Error
+{
+    /**
+     * NoPassive error constructor.
+     *
+     * @param string $responsible A string telling who is responsible for this error. Can be one of the following:
+     *   - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder.
+     *   - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester.
+     * @param string|null $message A short message explaining why this error happened.
+     * @param \Exception|null $cause An exception that caused this error.
+     */
+    public function __construct($responsible, $message = null, \Exception $cause = null)
+    {
+        parent::__construct($responsible, Constants::STATUS_NO_PASSIVE, $message, $cause);
+    }
+}
diff --git a/modules/saml/lib/Error/NoSupportedIDP.php b/modules/saml/lib/Error/NoSupportedIDP.php
new file mode 100644
index 000000000..0e1e6d7f7
--- /dev/null
+++ b/modules/saml/lib/Error/NoSupportedIDP.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * A SAML error indicating that none of the IdPs requested are supported.
+ *
+ * @author Jaime PĂ©rez Crespo, UNINETT AS <jaime.perez@uninett.no>
+ * @package SimpleSAMLphp
+ */
+
+namespace SimpleSAML\Module\saml\Error;
+
+use SAML2\Constants;
+
+class NoSupportedIDP extends \sspmod_saml_Error
+{
+    /**
+     * NoSupportedIDP error constructor.
+     *
+     * @param string $responsible A string telling who is responsible for this error. Can be one of the following:
+     *   - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder.
+     *   - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester.
+     * @param string|null $message A short message explaining why this error happened.
+     * @param \Exception|null $cause An exception that caused this error.
+     */
+    public function __construct($responsible, $message = null, \Exception $cause = null)
+    {
+        parent::__construct($responsible, Constants::STATUS_NO_SUPPORTED_IDP, $message, $cause);
+    }
+}
diff --git a/modules/saml/lib/Error/ProxyCountExceeded.php b/modules/saml/lib/Error/ProxyCountExceeded.php
new file mode 100644
index 000000000..7ded7b61b
--- /dev/null
+++ b/modules/saml/lib/Error/ProxyCountExceeded.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * A SAML error indicating that the maximum amount of proxies traversed has been reached.
+ *
+ * @author Jaime PĂ©rez Crespo, UNINETT AS <jaime.perez@uninett.no>
+ * @package SimpleSAMLphp
+ */
+
+namespace SimpleSAML\Module\saml\Error;
+
+use SAML2\Constants;
+
+class ProxyCountExceeded extends \sspmod_saml_Error
+{
+    /**
+     * ProxyCountExceeded error constructor.
+     *
+     * @param string $responsible A string telling who is responsible for this error. Can be one of the following:
+     *   - \SAML2\Constants::STATUS_RESPONDER: in case the error is caused by this SAML responder.
+     *   - \SAML2\Constants::STATUS_REQUESTER: in case the error is caused by the SAML requester.
+     * @param string|null $message A short message explaining why this error happened.
+     * @param \Exception|null $cause An exception that caused this error.
+     */
+    public function __construct($responsible, $message = null, \Exception $cause = null)
+    {
+        parent::__construct($responsible, Constants::STATUS_PROXY_COUNT_EXCEEDED, $message, $cause);
+    }
+}
-- 
GitLab