From 940b8ca4154f5c43c9fe4dadfcfd0f6c29b113c0 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 12 Aug 2009 08:25:20 +0000
Subject: [PATCH] AttributeQuery test/example.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1651 44740490-163a-0410-bde0-09ae8108e29a
---
 .../exampleattributeserver/default-disable    |   0
 .../www/attributeserver.php                   |  87 +++++++++
 www/example-simple/attributequery.php         | 169 ++++++++++++++++++
 3 files changed, 256 insertions(+)
 create mode 100644 modules/exampleattributeserver/default-disable
 create mode 100644 modules/exampleattributeserver/www/attributeserver.php
 create mode 100644 www/example-simple/attributequery.php

diff --git a/modules/exampleattributeserver/default-disable b/modules/exampleattributeserver/default-disable
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/exampleattributeserver/www/attributeserver.php b/modules/exampleattributeserver/www/attributeserver.php
new file mode 100644
index 000000000..4fcfa9805
--- /dev/null
+++ b/modules/exampleattributeserver/www/attributeserver.php
@@ -0,0 +1,87 @@
+<?php
+
+$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+
+$binding = SAML2_Binding::getCurrentBinding();
+$query = $binding->receive();
+if (!($query instanceof SAML2_AttributeQuery)) {
+	throw new SimpleSAML_Error_BadRequest('Invalid message received to AttributeQuery endpoint.');
+}
+
+$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+
+
+$spEntityId = $query->getIssuer();
+if ($spEntityId === NULL) {
+	throw new SimpleSAML_Errro_BadRequest('Missing <saml:Issuer> in <samlp:AttributeQuery>.');
+}
+
+$idpMetadata = $metadata->getMetadataConfig($idpEntityId, 'saml20-idp-hosted');
+$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
+
+/* The endpoint we should deliver the message to. */
+$endpoint = $spMetadata->getString('testAttributeEndpoint');
+
+/* The attributes we will return. */
+$attributes = array(
+	'name' => array('value1', 'value2', 'value3'),
+	'test' => array('test'),
+);
+
+/* The name format of the attributes. */
+$attributeNameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
+
+
+/* Determine which attributes we will return. */
+$returnAttributes = array_keys($query->getAttributes());
+if (count($returnAttributes) === 0) {
+	SimpleSAML_Logger::debug('No attributes requested - return all attributes.');
+	$returnAttributes = $attributes;
+
+} elseif ($query->getAttributeNameFormat() !== $attributeNameFormat) {
+	SimpleSAML_Logger::debug('Requested attributes with wrong NameFormat - no attributes returned.');
+	$returnAttributes = array();
+} else {
+	foreach ($returnAttributes as $name => $values) {
+		if (!array_key_exists($name, $attributes)) {
+			/* We don't have this attribute. */
+			unset($returnAttributes[$name]);
+			continue;
+		}
+
+		if (count($values) === 0) {
+			/* Return all attributes. */
+			$returnAttributes[$name] = $attributes[$name];
+			continue;
+		}
+
+		/* Filter which attribute values we should return. */
+		$returnAttributes[$name] = array_intersect($values, $attributes[$name]);
+	}
+}
+
+
+/* $returnAttributes contains the attributes we should return. Send them. */
+$assertion = new SAML2_Assertion();
+$assertion->setDestination($endpoint);
+$assertion->setIssuer($idpEntityId);
+$assertion->setNameId($query->getNameId());
+$assertion->setNotBefore(time());
+$assertion->setNotOnOrAfter(time() + 5*60);
+$assertion->setInResponseTo($query->getId());
+$assertion->setValidAudiences(array($spEntityId));
+$assertion->setAttributes($returnAttributes);
+$assertion->setAttributeNameFormat($attributeNameFormat);
+sspmod_saml2_Message::addSign($idpMetadata, $spMetadata, $assertion);
+
+$response = new SAML2_Response();
+$response->setRelayState($query->getRelayState());
+$response->setDestination($endpoint);
+$response->setIssuer($idpEntityId);
+$response->setInResponseTo($query->getId());
+$response->setAssertions(array($assertion));
+sspmod_saml2_Message::addSign($idpMetadata, $spMetadata, $response);
+
+$binding = new SAML2_HTTPPost();
+$binding->setDestination(sspmod_saml2_Message::getDebugDestination());
+$binding->send($response);
diff --git a/www/example-simple/attributequery.php b/www/example-simple/attributequery.php
new file mode 100644
index 000000000..5e5315894
--- /dev/null
+++ b/www/example-simple/attributequery.php
@@ -0,0 +1,169 @@
+<?php
+
+require_once('../_include.php');
+
+$session = SimpleSAML_Session::getInstance();
+$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+
+$spEntityId = $metadata->getMetaDataCurrentEntityID('saml20-sp-hosted');
+
+function sendQuery($dataId, $url, $nameId) {
+	assert('is_string($dataId)');
+	assert('is_string($url)');
+	assert('is_array($nameId)');
+
+	SimpleSAML_Logger::debug('attributequery - sending request');
+
+	$query = new SAML2_AttributeQuery();
+	$query->setRelayState($dataId);
+	$query->setDestination($url);
+	$query->setIssuer($GLOBALS['spEntityId']);
+	$query->setNameId($nameId);
+
+	$xml = $query->toUnsignedXML();
+	SimpleSAML_Utilities::formatDOMElement($xml);
+	$xml = $xml->ownerDocument->saveXML($xml);
+	error_log($xml);
+
+	$binding = new SAML2_HTTPRedirect();
+	$binding->send($query);
+}
+
+function handleResponse() {
+	try {
+		$binding = SAML2_Binding::getCurrentBinding();
+		$response = $binding->receive();
+	} catch (Exception $e) {
+		return;
+	}
+
+	SimpleSAML_Logger::debug('attributequery - received message.');
+
+	if (!($response instanceof SAML2_Response)) {
+		throw new SimpleSAML_Error_Exception('Unexpected message received to attribute query example.');
+	}
+
+	$idpEntityId = $response->getIssuer();
+	if ($idpEntityId === NULL) {
+		throw new SimpleSAML_Error_Exception('Missing issuer in response.');
+	}
+
+	$idpMetadata = $GLOBALS['metadata']->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
+	$spMetadata =  $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted');
+
+	$assertion = sspmod_saml2_Message::processResponse($spMetadata, $idpMetadata, $response);
+
+	$dataId = $response->getRelayState();
+	if ($dataId === NULL) {
+		throw new SimpleSAML_Error_Exception('RelayState was lost during request.');
+	}
+
+	$data = $GLOBALS['session']->getData('attributequeryexample:data', $dataId);
+	$data['attributes'] = $assertion->getAttributes();
+	$GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600);
+
+	SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(),
+		array('dataId' => $dataId));
+}
+
+handleResponse();
+
+$defNameId = $session->getNameId();
+if (empty($defNameId)) {
+	$defNameId = array();
+}
+if (!array_key_exists('Value', $defNameId)) {
+	if (array_key_exists('value', $defNameId)) {
+		/* For backwards compatibility. */
+		$defNameId['Value'] = $defNameId['value'];
+	} else {
+		$defNameId['Value'] = SimpleSAML_Utilities::generateID();
+	}
+}
+if (!array_key_exists('Format', $defNameId)) {
+	$defNameId['Format'] = SAML2_Const::NAMEID_TRANSIENT;
+}
+if (!array_key_exists('NameQualifier', $defNameId) || $defNameId['NameQualifier'] === NULL) {
+	$defNameId['NameQualifier'] = '';
+}
+if (!array_key_exists('SPNameQualifier', $defNameId) || $defNameId['SPNameQualifier'] === NULL) {
+	$defNameId['SPNameQualifier'] = '';
+}
+
+
+if (array_key_exists('dataId', $_REQUEST)) {
+	$dataId = (string)$_REQUEST['dataId'];
+	$data = $session->getData('attributequeryexample:data', $dataId);
+	if ($data == NULL) {
+		$data = array();
+	}
+} else {
+	$dataId = SimpleSAML_Utilities::generateID();
+	$data = array();
+}
+
+if (array_key_exists('nameIdFormat', $_REQUEST)) {
+	$data['nameIdFormat'] = (string)$_REQUEST['nameIdFormat'];
+} elseif (!array_key_exists('nameIdFormat', $data)) {
+	$data['nameIdFormat'] = $defNameId['Format'];
+}
+
+if (array_key_exists('nameIdValue', $_REQUEST)) {
+	$data['nameIdValue'] = (string)$_REQUEST['nameIdValue'];
+} elseif (!array_key_exists('nameIdValue', $data)) {
+	$data['nameIdValue'] = $defNameId['Value'];
+}
+
+if (array_key_exists('nameIdQualifier', $_REQUEST)) {
+	$data['nameIdQualifier'] = (string)$_REQUEST['nameIdQualifier'];
+} elseif (!array_key_exists('nameIdQualifier', $data)) {
+	$data['nameIdQualifier'] = $defNameId['NameQualifier'];
+}
+
+if (array_key_exists('nameIdSPQualifier', $_REQUEST)) {
+	$data['nameIdSPQualifier'] = (string)$_REQUEST['nameIdSPQualifier'];
+} elseif (!array_key_exists('nameIdSPQualifier', $data)) {
+	$data['nameIdSPQualifier'] = $defNameId['SPNameQualifier'];
+}
+
+
+if (array_key_exists('url', $_REQUEST)) {
+	$data['url'] = (string)$_REQUEST['url'];
+} elseif (!array_key_exists('url', $data)) {
+	$data['url'] = SimpleSAML_Module::getModuleURL('exampleattributeserver/attributeserver.php');
+}
+
+if (!array_key_exists('attributes', $data)) {
+	$data['attributes'] = NULL;
+}
+
+$session->setData('attributequeryexample:data', $dataId, $data, 3600);
+
+if (array_key_exists('send', $_REQUEST)) {
+
+	$nameId = array(
+		'Format' => $data['nameIdFormat'],
+		'Value' => $data['nameIdValue'],
+		'NameQualifier' => $data['nameIdQualifier'],
+		'SPNameQualifier' => $data['nameIdSPQualifier'],
+	);
+	if (empty($nameId['NameQualifier'])) {
+		$nameId['NameQualifier'] = NULL;
+	}
+	if (empty($nameId['SPNameQualifier'])) {
+		$nameId['SPNameQualifier'] = NULL;
+	}
+
+	sendQuery($dataId, $data['url'], $nameId);
+}
+
+$t = new SimpleSAML_XHTML_Template(SimpleSAML_Configuration::getInstance(), 'attributequery.php');
+$t->data['dataId'] = $dataId;
+$t->data['url'] = $data['url'];
+$t->data['nameIdFormat'] = $data['nameIdFormat'];
+$t->data['nameIdValue'] = $data['nameIdValue'];
+$t->data['nameIdQualifier'] = $data['nameIdQualifier'];
+$t->data['nameIdSPQualifier'] = $data['nameIdSPQualifier'];
+$t->data['attributes'] = $data['attributes'];
+
+$t->show();
-- 
GitLab