diff --git a/composer.json b/composer.json index c08fde0b78a84863699fbcae1601c6f89ffcc10f..47862095fb759ba49299c9161dcee8e6570adc03 100644 --- a/composer.json +++ b/composer.json @@ -27,8 +27,8 @@ }, "require": { "php": ">=5.3", - "simplesamlphp/saml2": "~1.9", - "robrichards/xmlseclibs": "~1.4.1", + "simplesamlphp/saml2": "~2.0", + "robrichards/xmlseclibs": "~2.0", "whitehat101/apr1-md5": "~1.0", "twig/twig": "~1.0" }, diff --git a/composer.lock b/composer.lock index 809b6b3e1780967a98a084f774c508ad7751ec34..844faf59a829007619a061874d2e215b37b080d9 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "18f459d1d127c855734985394410060a", - "content-hash": "b68e79d55659fa15285f350fd386df12", + "hash": "f92f6c305e5d12011c2a06253efd9eee", + "content-hash": "cdb4b970d76fd4ba81cd72c50d3734b7", "packages": [ { "name": "psr/log", @@ -47,20 +47,20 @@ }, { "name": "robrichards/xmlseclibs", - "version": "1.4.1", + "version": "2.0.0", "source": { "type": "git", "url": "https://github.com/robrichards/xmlseclibs.git", - "reference": "465f18a8e1196c279b1298a3b08bcbee71ea4e4e" + "reference": "1b78df099c107279e9069a7b7608be98fd530dfd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/465f18a8e1196c279b1298a3b08bcbee71ea4e4e", - "reference": "465f18a8e1196c279b1298a3b08bcbee71ea4e4e", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/1b78df099c107279e9069a7b7608be98fd530dfd", + "reference": "1b78df099c107279e9069a7b7608be98fd530dfd", "shasum": "" }, "require": { - "php": ">= 5.2" + "php": ">= 5.3" }, "suggest": { "ext/mcrypt": "MCrypt extension", @@ -68,9 +68,9 @@ }, "type": "library", "autoload": { - "classmap": [ - "src/" - ] + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -84,20 +84,20 @@ "xml", "xmldsig" ], - "time": "2015-07-31 12:22:14" + "time": "2015-07-31 15:08:38" }, { "name": "simplesamlphp/saml2", - "version": "v1.9", + "version": "v2.2", "source": { "type": "git", "url": "https://github.com/simplesamlphp/saml2.git", - "reference": "be2b348c46cceb311a743a33fb51035158f6f69a" + "reference": "0d6861bc2966249702e623d325609adb2a782612" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/be2b348c46cceb311a743a33fb51035158f6f69a", - "reference": "be2b348c46cceb311a743a33fb51035158f6f69a", + "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/0d6861bc2966249702e623d325609adb2a782612", + "reference": "0d6861bc2966249702e623d325609adb2a782612", "shasum": "" }, "require": { @@ -105,7 +105,7 @@ "ext-openssl": "*", "php": ">=5.3.3", "psr/log": "~1.0", - "robrichards/xmlseclibs": "^1.3" + "robrichards/xmlseclibs": "^2.0" }, "require-dev": { "mockery/mockery": "~0.9", @@ -119,8 +119,11 @@ "type": "library", "autoload": { "psr-0": { - "SAML2_": "src/" - } + "SAML2\\": "src/" + }, + "files": [ + "src/_autoload.php" + ] }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -133,7 +136,7 @@ } ], "description": "SAML2 PHP library from SimpleSAMLphp", - "time": "2016-03-16 14:11:59" + "time": "2016-03-16 13:39:22" }, { "name": "twig/twig", @@ -335,6 +338,7 @@ "rest", "web service" ], + "abandoned": "guzzlehttp/guzzle", "time": "2015-03-18 18:23:50" }, { diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php index 38fd0641a3903bd20ca0dba511b1a3263bf19df5..09c6365328ec5e06aedf0e7d1aacd136660f9906 100644 --- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php +++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php @@ -75,7 +75,7 @@ class SimpleSAML_Bindings_Shib13_Artifact { assert('is_string($soapResponse)'); try { - $doc = SAML2_DOMDocumentFactory::fromString($soapResponse); + $doc = \SAML2\DOMDocumentFactory::fromString($soapResponse); } catch(\Exception $e) { throw new SimpleSAML_Error_Exception('Error parsing SAML 1 artifact response.'); } @@ -102,7 +102,7 @@ class SimpleSAML_Bindings_Shib13_Artifact { * Save the <saml1p:Response> element. Note that we need to import it * into a new document, in order to preserve namespace declarations. */ - $newDoc = SAML2_DOMDocumentFactory::create(); + $newDoc = \SAML2\DOMDocumentFactory::create(); $newDoc->appendChild($newDoc->importNode($responseElement, TRUE)); $responseXML = $newDoc->saveXML(); diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php index c92e0f1bfb011aab60e8be57ce876fcda6fa09e3..30ddf25ae196ec9c8b5407ef83ae112aa5306829 100644 --- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php @@ -58,7 +58,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost $privatekey = SimpleSAML\Utils\Crypto::loadPrivateKey($idpmd, true); $publickey = SimpleSAML\Utils\Crypto::loadPublicKey($idpmd, true); - $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace("\r", "", $response)); + $responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace("\r", "", $response)); $responseroot = $responsedom->getElementsByTagName('Response')->item(0); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php index 088b662f77352e13126ba0b5fbac9cc33fec61e2..61f5209570c7d1ecfab2bc16d4d9927657ed1cc3 100644 --- a/lib/SimpleSAML/Configuration.php +++ b/lib/SimpleSAML/Configuration.php @@ -1071,11 +1071,11 @@ class SimpleSAML_Configuration case 'saml20-idp-remote:SingleSignOnService': case 'saml20-idp-remote:SingleLogoutService': case 'saml20-sp-remote:SingleLogoutService': - return SAML2_Const::BINDING_HTTP_REDIRECT; + return \SAML2\Constants::BINDING_HTTP_REDIRECT; case 'saml20-sp-remote:AssertionConsumerService': - return SAML2_Const::BINDING_HTTP_POST; + return \SAML2\Constants::BINDING_HTTP_POST; case 'saml20-idp-remote:ArtifactResolutionService': - return SAML2_Const::BINDING_SOAP; + return \SAML2\Constants::BINDING_SOAP; case 'shib13-idp-remote:SingleSignOnService': return 'urn:mace:shibboleth:1.0:profiles:AuthnRequest'; case 'shib13-sp-remote:AssertionConsumerService': diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php index 95b32b5fc3173318b3c8dcee73d568aaed31e326..33e5ef1c891d49abb74953fea2b510dee671ffd4 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php @@ -102,7 +102,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandler if ($set == 'saml20-sp-hosted') { if ($property === 'SingleLogoutServiceBinding') { - return SAML2_Const::BINDING_HTTP_REDIRECT; + return \SAML2\Constants::BINDING_HTTP_REDIRECT; } } elseif ($set == 'saml20-idp-hosted') { switch ($property) { @@ -110,13 +110,13 @@ class SimpleSAML_Metadata_MetaDataStorageHandler return $baseurl.'saml2/idp/SSOService.php'; case 'SingleSignOnServiceBinding': - return SAML2_Const::BINDING_HTTP_REDIRECT; + return \SAML2\Constants::BINDING_HTTP_REDIRECT; case 'SingleLogoutService': return $baseurl.'saml2/idp/SingleLogoutService.php'; case 'SingleLogoutServiceBinding': - return SAML2_Const::BINDING_HTTP_REDIRECT; + return \SAML2\Constants::BINDING_HTTP_REDIRECT; } } elseif ($set == 'shib13-idp-hosted') { if ($property === 'SingleSignOnService') { diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index 0d8f0e65fdcb3524ba7f69a1cf2b08c95128dc3e..35156f7dbe192c5d60ed1841d9e9cfc6c0c8bc87 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -15,7 +15,7 @@ class SimpleSAML_Metadata_SAMLBuilder /** * The EntityDescriptor we are building. * - * @var SAML2_XML_md_EntityDescriptor + * @var \SAML2\XML\md\EntityDescriptor */ private $entityDescriptor; @@ -51,7 +51,7 @@ class SimpleSAML_Metadata_SAMLBuilder $this->maxCache = $maxCache; $this->maxDuration = $maxDuration; - $this->entityDescriptor = new SAML2_XML_md_EntityDescriptor(); + $this->entityDescriptor = new \SAML2\XML\md\EntityDescriptor(); $this->entityDescriptor->entityID = $entityId; } @@ -135,31 +135,31 @@ class SimpleSAML_Metadata_SAMLBuilder * Add extensions to the metadata. * * @param SimpleSAML_Configuration $metadata The metadata to get extensions from. - * @param SAML2_XML_md_RoleDescriptor $e Reference to the element where the Extensions element should be included. + * @param \SAML2\XML\md\RoleDescriptor $e Reference to the element where the Extensions element should be included. */ - private function addExtensions(SimpleSAML_Configuration $metadata, SAML2_XML_md_RoleDescriptor $e) + private function addExtensions(SimpleSAML_Configuration $metadata, \SAML2\XML\md\RoleDescriptor $e) { if ($metadata->hasValue('tags')) { - $a = new SAML2_XML_saml_Attribute(); + $a = new \SAML2\XML\saml\Attribute(); $a->Name = 'tags'; foreach ($metadata->getArray('tags') as $tag) { - $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($tag); + $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($tag); } $e->Extensions[] = $a; } if ($metadata->hasValue('hint.cidr')) { - $a = new SAML2_XML_saml_Attribute(); + $a = new \SAML2\XML\saml\Attribute(); $a->Name = 'hint.cidr'; foreach ($metadata->getArray('hint.cidr') as $hint) { - $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($hint); + $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($hint); } $e->Extensions[] = $a; } if ($metadata->hasValue('scope')) { foreach ($metadata->getArray('scope') as $scopetext) { - $s = new SAML2_XML_shibmd_Scope(); + $s = new \SAML2\XML\shibmd\Scope(); $s->scope = $scopetext; // Check whether $ ^ ( ) * | \ are in a scope -> assume regex. if (1 === preg_match('/[\$\^\)\(\*\|\\\\]/', $scopetext)) { @@ -172,9 +172,9 @@ class SimpleSAML_Metadata_SAMLBuilder } if ($metadata->hasValue('EntityAttributes')) { - $ea = new SAML2_XML_mdattr_EntityAttributes(); + $ea = new \SAML2\XML\mdattr\EntityAttributes(); foreach ($metadata->getArray('EntityAttributes') as $attributeName => $attributeValues) { - $a = new SAML2_XML_saml_Attribute(); + $a = new \SAML2\XML\saml\Attribute(); $a->Name = $attributeName; $a->NameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'; @@ -182,12 +182,12 @@ class SimpleSAML_Metadata_SAMLBuilder if (preg_match('/^\{(.*?)\}(.*)$/', $attributeName, $matches)) { $a->Name = $matches[2]; $nameFormat = $matches[1]; - if ($nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) { + if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) { $a->NameFormat = $nameFormat; } } foreach ($attributeValues as $attributeValue) { - $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($attributeValue); + $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($attributeValue); } $ea->children[] = $a; } @@ -195,14 +195,14 @@ class SimpleSAML_Metadata_SAMLBuilder } if ($metadata->hasValue('RegistrationInfo')) { - $ri = new SAML2_XML_mdrpi_RegistrationInfo(); + $ri = new \SAML2\XML\mdrpi\RegistrationInfo(); foreach ($metadata->getArray('RegistrationInfo') as $riName => $riValues) { switch ($riName) { case 'authority': $ri->registrationAuthority = $riValues; break; case 'instant': - $ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues); + $ri->registrationInstant = \SAML2\Utils::xsDateTimeToTimestamp($riValues); break; case 'policies': $ri->RegistrationPolicy = $riValues; @@ -213,7 +213,7 @@ class SimpleSAML_Metadata_SAMLBuilder } if ($metadata->hasValue('UIInfo')) { - $ui = new SAML2_XML_mdui_UIInfo(); + $ui = new \SAML2\XML\mdui\UIInfo(); foreach ($metadata->getArray('UIInfo') as $uiName => $uiValues) { switch ($uiName) { case 'DisplayName': @@ -230,7 +230,7 @@ class SimpleSAML_Metadata_SAMLBuilder break; case 'Keywords': foreach ($uiValues as $lang => $keywords) { - $uiItem = new SAML2_XML_mdui_Keywords(); + $uiItem = new \SAML2\XML\mdui\Keywords(); $uiItem->lang = $lang; $uiItem->Keywords = $keywords; $ui->Keywords[] = $uiItem; @@ -238,7 +238,7 @@ class SimpleSAML_Metadata_SAMLBuilder break; case 'Logo': foreach ($uiValues as $logo) { - $uiItem = new SAML2_XML_mdui_Logo(); + $uiItem = new \SAML2\XML\mdui\Logo(); $uiItem->url = $logo['url']; $uiItem->width = $logo['width']; $uiItem->height = $logo['height']; @@ -254,7 +254,7 @@ class SimpleSAML_Metadata_SAMLBuilder } if ($metadata->hasValue('DiscoHints')) { - $dh = new SAML2_XML_mdui_DiscoHints(); + $dh = new \SAML2\XML\mdui\DiscoHints(); foreach ($metadata->getArray('DiscoHints') as $dhName => $dhValues) { switch ($dhName) { case 'IPHint': @@ -282,7 +282,7 @@ class SimpleSAML_Metadata_SAMLBuilder */ public function addOrganization(array $orgName, array $orgDisplayName, array $orgURL) { - $org = new SAML2_XML_md_Organization(); + $org = new \SAML2\XML\md\Organization(); $org->OrganizationName = $orgName; $org->OrganizationDisplayName = $orgDisplayName; @@ -322,7 +322,7 @@ class SimpleSAML_Metadata_SAMLBuilder * @param array $endpoints The endpoints. * @param bool $indexed Whether the endpoints should be indexed. * - * @return array An array of endpoint objects, either SAML2_XML_md_EndpointType or SAML2_XML_md_IndexedEndpointType. + * @return array An array of endpoint objects, either \SAML2\XML\md\EndpointType or \SAML2\XML\md\IndexedEndpointType. */ private static function createEndpoints(array $endpoints, $indexed) { @@ -332,9 +332,9 @@ class SimpleSAML_Metadata_SAMLBuilder foreach ($endpoints as &$ep) { if ($indexed) { - $t = new SAML2_XML_md_IndexedEndpointType(); + $t = new \SAML2\XML\md\IndexedEndpointType(); } else { - $t = new SAML2_XML_md_EndpointType(); + $t = new \SAML2\XML\md\EndpointType(); } $t->Binding = $ep['Binding']; @@ -343,7 +343,11 @@ class SimpleSAML_Metadata_SAMLBuilder $t->ResponseLocation = $ep['ResponseLocation']; } if (isset($ep['hoksso:ProtocolBinding'])) { - $t->setAttributeNS(SAML2_Const::NS_HOK, 'hoksso:ProtocolBinding', SAML2_Const::BINDING_HTTP_REDIRECT); + $t->setAttributeNS( + \SAML2\Constants::NS_HOK, + 'hoksso:ProtocolBinding', + \SAML2\Constants::BINDING_HTTP_REDIRECT + ); } if ($indexed) { @@ -376,11 +380,11 @@ class SimpleSAML_Metadata_SAMLBuilder /** * Add an AttributeConsumingService element to the metadata. * - * @param SAML2_XML_md_SPSSODescriptor $spDesc The SPSSODescriptor element. + * @param \SAML2\XML\md\SPSSODescriptor $spDesc The SPSSODescriptor element. * @param SimpleSAML_Configuration $metadata The metadata. */ private function addAttributeConsumingService( - SAML2_XML_md_SPSSODescriptor $spDesc, + \SAML2\XML\md\SPSSODescriptor $spDesc, SimpleSAML_Configuration $metadata ) { $attributes = $metadata->getArray('attributes', array()); @@ -397,21 +401,21 @@ class SimpleSAML_Metadata_SAMLBuilder * Add an AttributeConsumingService element with information as name and description and list * of requested attributes */ - $attributeconsumer = new SAML2_XML_md_AttributeConsumingService(); + $attributeconsumer = new \SAML2\XML\md\AttributeConsumingService(); $attributeconsumer->index = 0; $attributeconsumer->ServiceName = $name; $attributeconsumer->ServiceDescription = $metadata->getLocalizedString('description', array()); - $nameFormat = $metadata->getString('attributes.NameFormat', SAML2_Const::NAMEFORMAT_UNSPECIFIED); + $nameFormat = $metadata->getString('attributes.NameFormat', \SAML2\Constants::NAMEFORMAT_UNSPECIFIED); foreach ($attributes as $friendlyName => $attribute) { - $t = new SAML2_XML_md_RequestedAttribute(); + $t = new \SAML2\XML\md\RequestedAttribute(); $t->Name = $attribute; if (!is_int($friendlyName)) { $t->FriendlyName = $friendlyName; } - if ($nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) { + if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) { $t->NameFormat = $nameFormat; } if (in_array($attribute, $attributesrequired)) { @@ -463,9 +467,9 @@ class SimpleSAML_Metadata_SAMLBuilder * Add SAML 2.0 SP metadata. * * @param array $metadata The metadata. - * @param array $protocols The protocols supported. Defaults to SAML2_Const::NS_SAMLP. + * @param array $protocols The protocols supported. Defaults to \SAML2\Constants::NS_SAMLP. */ - public function addMetadataSP20($metadata, $protocols = array(SAML2_Const::NS_SAMLP)) + public function addMetadataSP20($metadata, $protocols = array(\SAML2\Constants::NS_SAMLP)) { assert('is_array($metadata)'); assert('is_array($protocols)'); @@ -474,7 +478,7 @@ class SimpleSAML_Metadata_SAMLBuilder $metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']); - $e = new SAML2_XML_md_SPSSODescriptor(); + $e = new \SAML2\XML\md\SPSSODescriptor(); $e->protocolSupportEnumeration = $protocols; if ($metadata->hasValue('saml20.sign.assertion')) { @@ -529,7 +533,7 @@ class SimpleSAML_Metadata_SAMLBuilder $metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']); - $e = new SAML2_XML_md_IDPSSODescriptor(); + $e = new \SAML2\XML\md\IDPSSODescriptor(); $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:2.0:protocol'; if ($metadata->hasValue('sign.authnrequest')) { @@ -578,7 +582,7 @@ class SimpleSAML_Metadata_SAMLBuilder $metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']); - $e = new SAML2_XML_md_SPSSODescriptor(); + $e = new \SAML2\XML\md\SPSSODescriptor(); $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:1.1:protocol'; $this->addCertificate($e, $metadata); @@ -613,7 +617,7 @@ class SimpleSAML_Metadata_SAMLBuilder $metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']); - $e = new SAML2_XML_md_IDPSSODescriptor(); + $e = new \SAML2\XML\md\IDPSSODescriptor(); $e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:1.1:protocol'; $e->protocolSupportEnumeration[] = 'urn:mace:shibboleth:1.0'; @@ -641,7 +645,7 @@ class SimpleSAML_Metadata_SAMLBuilder $metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']); - $e = new SAML2_XML_md_AttributeAuthorityDescriptor(); + $e = new \SAML2\XML\md\AttributeAuthorityDescriptor(); $e->protocolSupportEnumeration = $metadata->getArray('protocols', array()); $this->addExtensions($metadata, $e); @@ -681,7 +685,7 @@ class SimpleSAML_Metadata_SAMLBuilder // TODO: remove this check as soon as getContact() is called always before calling this function $details = \SimpleSAML\Utils\Config\Metadata::getContact($details); - $e = new SAML2_XML_md_ContactPerson(); + $e = new \SAML2\XML\md\ContactPerson(); $e->contactType = $type; if (isset($details['company'])) { @@ -721,16 +725,16 @@ class SimpleSAML_Metadata_SAMLBuilder /** * Add a KeyDescriptor with an X509 certificate. * - * @param SAML2_XML_md_RoleDescriptor $rd The RoleDescriptor the certificate should be added to. + * @param \SAML2\XML\md\RoleDescriptor $rd The RoleDescriptor the certificate should be added to. * @param string $use The value of the 'use' attribute. * @param string $x509data The certificate data. */ - private function addX509KeyDescriptor(SAML2_XML_md_RoleDescriptor $rd, $use, $x509data) + private function addX509KeyDescriptor(\SAML2\XML\md\RoleDescriptor $rd, $use, $x509data) { assert('in_array($use, array("encryption", "signing"), TRUE)'); assert('is_string($x509data)'); - $keyDescriptor = SAML2_Utils::createKeyDescriptor($x509data); + $keyDescriptor = \SAML2\Utils::createKeyDescriptor($x509data); $keyDescriptor->use = $use; $rd->KeyDescriptor[] = $keyDescriptor; } @@ -741,10 +745,10 @@ class SimpleSAML_Metadata_SAMLBuilder * * Helper function for adding a certificate to the metadata. * - * @param SAML2_XML_md_RoleDescriptor $rd The RoleDescriptor the certificate should be added to. + * @param \SAML2\XML\md\RoleDescriptor $rd The RoleDescriptor the certificate should be added to. * @param SimpleSAML_Configuration $metadata The metadata of the entity. */ - private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata) + private function addCertificate(\SAML2\XML\md\RoleDescriptor $rd, SimpleSAML_Configuration $metadata) { $keys = $metadata->getPublicKeys(); if ($keys !== null) { diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php index 02e6e91c44ff9ccdca0f9abcca8e23a087b03e36..edb39091ca94b0781b472a4cdc1b0542accdc5ce 100644 --- a/lib/SimpleSAML/Metadata/SAMLParser.php +++ b/lib/SimpleSAML/Metadata/SAMLParser.php @@ -139,7 +139,7 @@ class SimpleSAML_Metadata_SAMLParser /** * This is an array of elements that may be used to validate this element. * - * @var SAML2_SignedElementHelper[] + * @var \SAML2\SignedElementHelper[] */ private $validators = array(); @@ -155,14 +155,14 @@ class SimpleSAML_Metadata_SAMLParser /** * This is the constructor for the SAMLParser class. * - * @param SAML2_XML_md_EntityDescriptor $entityElement The EntityDescriptor. + * @param \SAML2\XML\md\EntityDescriptor $entityElement The EntityDescriptor. * @param int|NULL $maxExpireTime The unix timestamp for when this entity should expire, or * NULL if unknown. * @param array $validators An array of parent elements that may validate this element. * @param array $parentExtensions An optional array of extensions from the parent element. */ private function __construct( - SAML2_XML_md_EntityDescriptor $entityElement, + \SAML2\XML\md\EntityDescriptor $entityElement, $maxExpireTime, array $validators = array(), array $parentExtensions = null @@ -192,11 +192,11 @@ class SimpleSAML_Metadata_SAMLParser // look over the RoleDescriptors foreach ($entityElement->RoleDescriptor as $child) { - if ($child instanceof SAML2_XML_md_SPSSODescriptor) { + if ($child instanceof \SAML2\XML\md\SPSSODescriptor) { $this->processSPSSODescriptor($child, $expireTime); - } elseif ($child instanceof SAML2_XML_md_IDPSSODescriptor) { + } elseif ($child instanceof \SAML2\XML\md\IDPSSODescriptor) { $this->processIDPSSODescriptor($child, $expireTime); - } elseif ($child instanceof SAML2_XML_md_AttributeAuthorityDescriptor) { + } elseif ($child instanceof \SAML2\XML\md\AttributeAuthorityDescriptor) { $this->processAttributeAuthorityDescriptor($child, $expireTime); } } @@ -226,7 +226,7 @@ class SimpleSAML_Metadata_SAMLParser $data = \SimpleSAML\Utils\HTTP::fetch($file); try { - $doc = SAML2_DOMDocumentFactory::fromString($data); + $doc = \SAML2\DOMDocumentFactory::fromString($data); } catch(\Exception $e) { throw new Exception('Failed to read XML from file: '.$file); } @@ -246,7 +246,7 @@ class SimpleSAML_Metadata_SAMLParser public static function parseString($metadata) { try { - $doc = SAML2_DOMDocumentFactory::fromString($metadata); + $doc = \SAML2\DOMDocumentFactory::fromString($metadata); } catch(\Exception $e) { throw new Exception('Failed to parse XML string.'); } @@ -273,16 +273,16 @@ class SimpleSAML_Metadata_SAMLParser /** - * This function parses a SAML2_XML_md_EntityDescriptor object which represents a EntityDescriptor element. + * This function parses a \SAML2\XML\md\EntityDescriptor object which represents a EntityDescriptor element. * - * @param SAML2_XML_md_EntityDescriptor $entityElement A SAML2_XML_md_EntityDescriptor object which represents a + * @param \SAML2\XML\md\EntityDescriptor $entityElement A \SAML2\XML\md\EntityDescriptor object which represents a * EntityDescriptor element. * * @return SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded. */ public static function parseElement($entityElement) { - assert('$entityElement instanceof SAML2_XML_md_EntityDescriptor'); + assert('$entityElement instanceof \SAML2\XML\md\EntityDescriptor'); return new SimpleSAML_Metadata_SAMLParser($entityElement, null); } @@ -309,7 +309,7 @@ class SimpleSAML_Metadata_SAMLParser $data = \SimpleSAML\Utils\HTTP::fetch($file); try { - $doc = SAML2_DOMDocumentFactory::fromString($data); + $doc = \SAML2\DOMDocumentFactory::fromString($data); } catch(\Exception $e) { throw new Exception('Failed to read XML from file: '.$file); } @@ -336,7 +336,7 @@ class SimpleSAML_Metadata_SAMLParser public static function parseDescriptorsString($string) { try { - $doc = SAML2_DOMDocumentFactory::fromString($string); + $doc = \SAML2\DOMDocumentFactory::fromString($string); } catch(\Exception $e) { throw new Exception('Failed to parse XML string.'); } @@ -365,9 +365,9 @@ class SimpleSAML_Metadata_SAMLParser assert('$element instanceof DOMElement'); if (SimpleSAML\Utils\XML::isDOMElementOfType($element, 'EntityDescriptor', '@md') === true) { - return self::processDescriptorsElement(new SAML2_XML_md_EntityDescriptor($element)); + return self::processDescriptorsElement(new \SAML2\XML\md\EntityDescriptor($element)); } elseif (SimpleSAML\Utils\XML::isDOMElementOfType($element, 'EntitiesDescriptor', '@md') === true) { - return self::processDescriptorsElement(new SAML2_XML_md_EntitiesDescriptor($element)); + return self::processDescriptorsElement(new \SAML2\XML\md\EntitiesDescriptor($element)); } else { throw new Exception('Unexpected root node: ['.$element->namespaceURI.']:'.$element->localName); } @@ -376,7 +376,7 @@ class SimpleSAML_Metadata_SAMLParser /** * - * @param SAML2_XML_md_EntityDescriptor|SAML2_XML_md_EntitiesDescriptor $element The element we should process. + * @param \SAML2\XML\md\EntityDescriptor|\SAML2\XML\md\EntitiesDescriptor $element The element we should process. * @param int|NULL $maxExpireTime The maximum expiration time * of the entities. * @param array $validators The parent-elements that may be @@ -394,14 +394,14 @@ class SimpleSAML_Metadata_SAMLParser ) { assert('is_null($maxExpireTime) || is_int($maxExpireTime)'); - if ($element instanceof SAML2_XML_md_EntityDescriptor) { + if ($element instanceof \SAML2\XML\md\EntityDescriptor) { $ret = new SimpleSAML_Metadata_SAMLParser($element, $maxExpireTime, $validators, $parentExtensions); $ret = array($ret->getEntityId() => $ret); /** @var SimpleSAML_Metadata_SAMLParser[] $ret */ return $ret; } - assert('$element instanceof SAML2_XML_md_EntitiesDescriptor'); + assert('$element instanceof \SAML2\XML\md\EntitiesDescriptor'); $extensions = self::processExtensions($element, $parentExtensions); $expTime = self::getExpireTime($element, $maxExpireTime); @@ -836,13 +836,13 @@ class SimpleSAML_Metadata_SAMLParser * - 'expire': Timestamp for when this descriptor expires. * - 'keys': Array of associative arrays with the elements from parseKeyDescriptor. * - * @param SAML2_XML_md_RoleDescriptor $element The element we should extract metadata from. + * @param \SAML2\XML\md\RoleDescriptor $element The element we should extract metadata from. * @param int|NULL $expireTime The unix timestamp for when this element should expire, or * NULL if unknown. * * @return array An associative array with metadata we have extracted from this element. */ - private static function parseRoleDescriptorType(SAML2_XML_md_RoleDescriptor $element, $expireTime) + private static function parseRoleDescriptorType(\SAML2\XML\md\RoleDescriptor $element, $expireTime) { assert('is_null($expireTime) || is_int($expireTime)'); @@ -887,13 +887,13 @@ class SimpleSAML_Metadata_SAMLParser * - 'nameIDFormats': The NameIDFormats supported by this SSODescriptor. This may be an empty array. * - 'keys': Array of associative arrays with the elements from parseKeyDescriptor: * - * @param SAML2_XML_md_SSODescriptorType $element The element we should extract metadata from. + * @param \SAML2\XML\md\SSODescriptorType $element The element we should extract metadata from. * @param int|NULL $expireTime The unix timestamp for when this element should expire, or * NULL if unknown. * * @return array An associative array with metadata we have extracted from this element. */ - private static function parseSSODescriptor(SAML2_XML_md_SSODescriptorType $element, $expireTime) + private static function parseSSODescriptor(\SAML2\XML\md\SSODescriptorType $element, $expireTime) { assert('is_null($expireTime) || is_int($expireTime)'); @@ -916,11 +916,11 @@ class SimpleSAML_Metadata_SAMLParser /** * This function extracts metadata from a SPSSODescriptor element. * - * @param SAML2_XML_md_SPSSODescriptor $element The element which should be parsed. + * @param \SAML2\XML\md\SPSSODescriptor $element The element which should be parsed. * @param int|NULL $expireTime The unix timestamp for when this element should expire, or * NULL if unknown. */ - private function processSPSSODescriptor(SAML2_XML_md_SPSSODescriptor $element, $expireTime) + private function processSPSSODescriptor(\SAML2\XML\md\SPSSODescriptor $element, $expireTime) { assert('is_null($expireTime) || is_int($expireTime)'); @@ -952,11 +952,11 @@ class SimpleSAML_Metadata_SAMLParser /** * This function extracts metadata from a IDPSSODescriptor element. * - * @param SAML2_XML_md_IDPSSODescriptor $element The element which should be parsed. + * @param \SAML2\XML\md\IDPSSODescriptor $element The element which should be parsed. * @param int|NULL $expireTime The unix timestamp for when this element should expire, or * NULL if unknown. */ - private function processIDPSSODescriptor(SAML2_XML_md_IDPSSODescriptor $element, $expireTime) + private function processIDPSSODescriptor(\SAML2\XML\md\IDPSSODescriptor $element, $expireTime) { assert('is_null($expireTime) || is_int($expireTime)'); @@ -978,12 +978,12 @@ class SimpleSAML_Metadata_SAMLParser /** * This function extracts metadata from a AttributeAuthorityDescriptor element. * - * @param SAML2_XML_md_AttributeAuthorityDescriptor $element The element which should be parsed. + * @param \SAML2\XML\md\AttributeAuthorityDescriptor $element The element which should be parsed. * @param int|NULL $expireTime The unix timestamp for when this element should * expire, or NULL if unknown. */ private function processAttributeAuthorityDescriptor( - SAML2_XML_md_AttributeAuthorityDescriptor $element, + \SAML2\XML\md\AttributeAuthorityDescriptor $element, $expireTime ) { assert('is_null($expireTime) || is_int($expireTime)'); @@ -1021,24 +1021,24 @@ class SimpleSAML_Metadata_SAMLParser ); // Some extensions may get inherited from a parent element - if (($element instanceof SAML2_XML_md_EntityDescriptor || $element instanceof SAML2_XML_md_EntitiesDescriptor) + if (($element instanceof \SAML2\XML\md\EntityDescriptor || $element instanceof \SAML2\XML\md\EntitiesDescriptor) && !empty($parentExtensions['RegistrationInfo'])) { $ret['RegistrationInfo'] = $parentExtensions['RegistrationInfo']; } foreach ($element->Extensions as $e) { - if ($e instanceof SAML2_XML_shibmd_Scope) { + if ($e instanceof \SAML2\XML\shibmd\Scope) { $ret['scope'][] = $e->scope; continue; } // Entity Attributes are only allowed at entity level extensions and not at RoleDescriptor level - if ($element instanceof SAML2_XML_md_EntityDescriptor || - $element instanceof SAML2_XML_md_EntitiesDescriptor) { + if ($element instanceof \SAML2\XML\md\EntityDescriptor || + $element instanceof \SAML2\XML\md\EntitiesDescriptor) { - if ($e instanceof SAML2_XML_mdrpi_RegistrationInfo) { + if ($e instanceof \SAML2\XML\mdrpi\RegistrationInfo) { // Registration Authority cannot be overridden (warn only if override attempts to change the value) if (isset($ret['RegistrationInfo']['registrationAuthority']) && $ret['RegistrationInfo']['registrationAuthority'] !== $e->registrationAuthority) { @@ -1048,11 +1048,11 @@ class SimpleSAML_Metadata_SAMLParser $ret['RegistrationInfo']['registrationAuthority'] = $e->registrationAuthority; } } - if ($e instanceof SAML2_XML_mdattr_EntityAttributes && !empty($e->children)) { + if ($e instanceof \SAML2\XML\mdattr\EntityAttributes && !empty($e->children)) { foreach ($e->children as $attr) { // only saml:Attribute are currently supported here. The specifications also allows // saml:Assertions, which more complex processing - if ($attr instanceof SAML2_XML_saml_Attribute) { + if ($attr instanceof \SAML2\XML\saml\Attribute) { if (empty($attr->Name) || empty($attr->AttributeValue)) { continue; } @@ -1060,7 +1060,7 @@ class SimpleSAML_Metadata_SAMLParser // attribute names that is not URI is prefixed as this: '{nameformat}name' $name = $attr->Name; if (empty($attr->NameFormat)) { - $name = '{'.SAML2_Const::NAMEFORMAT_UNSPECIFIED.'}'.$attr->Name; + $name = '{'.\SAML2\Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->Name; } elseif ($attr->NameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri') { $name = '{'.$attr->NameFormat.'}'.$attr->Name; } @@ -1077,8 +1077,8 @@ class SimpleSAML_Metadata_SAMLParser } // UIInfo elements are only allowed at RoleDescriptor level extensions - if ($element instanceof SAML2_XML_md_RoleDescriptor) { - if ($e instanceof SAML2_XML_mdui_UIInfo) { + if ($element instanceof \SAML2\XML\md\RoleDescriptor) { + if ($e instanceof \SAML2\XML\mdui\UIInfo) { $ret['UIInfo']['DisplayName'] = $e->DisplayName; $ret['UIInfo']['Description'] = $e->Description; @@ -1086,7 +1086,7 @@ class SimpleSAML_Metadata_SAMLParser $ret['UIInfo']['PrivacyStatementURL'] = $e->PrivacyStatementURL; foreach ($e->Keywords as $uiItem) { - if (!($uiItem instanceof SAML2_XML_mdui_Keywords) + if (!($uiItem instanceof \SAML2\XML\mdui\Keywords) || empty($uiItem->Keywords) || empty($uiItem->lang) ) { @@ -1095,7 +1095,7 @@ class SimpleSAML_Metadata_SAMLParser $ret['UIInfo']['Keywords'][$uiItem->lang] = $uiItem->Keywords; } foreach ($e->Logo as $uiItem) { - if (!($uiItem instanceof SAML2_XML_mdui_Logo) + if (!($uiItem instanceof \SAML2\XML\mdui\Logo) || empty($uiItem->url) || empty($uiItem->height) || empty($uiItem->width) @@ -1116,20 +1116,20 @@ class SimpleSAML_Metadata_SAMLParser } // DiscoHints elements are only allowed at IDPSSODescriptor level extensions - if ($element instanceof SAML2_XML_md_IDPSSODescriptor) { + if ($element instanceof \SAML2\XML\md\IDPSSODescriptor) { - if ($e instanceof SAML2_XML_mdui_DiscoHints) { + if ($e instanceof \SAML2\XML\mdui\DiscoHints) { $ret['DiscoHints']['IPHint'] = $e->IPHint; $ret['DiscoHints']['DomainHint'] = $e->DomainHint; $ret['DiscoHints']['GeolocationHint'] = $e->GeolocationHint; } } - if (!($e instanceof SAML2_XML_Chunk)) { + if (!($e instanceof \SAML2\XML\Chunk)) { continue; } - if ($e->localName === 'Attribute' && $e->namespaceURI === SAML2_Const::NS_SAML) { + if ($e->localName === 'Attribute' && $e->namespaceURI === \SAML2\Constants::NS_SAML) { $attribute = $e->getXML(); $name = $attribute->getAttribute('Name'); @@ -1154,9 +1154,9 @@ class SimpleSAML_Metadata_SAMLParser /** * Parse and process a Organization element. * - * @param SAML2_XML_md_Organization $element The Organization element. + * @param \SAML2\XML\md\Organization $element The Organization element. */ - private function processOrganization(SAML2_XML_md_Organization $element) + private function processOrganization(\SAML2\XML\md\Organization $element) { $this->organizationName = $element->OrganizationName; $this->organizationDisplayName = $element->OrganizationDisplayName; @@ -1167,10 +1167,10 @@ class SimpleSAML_Metadata_SAMLParser /** * Parse and process a ContactPerson element. * - * @param SAML2_XML_md_ContactPerson $element The ContactPerson element. + * @param \SAML2\XML\md\ContactPerson $element The ContactPerson element. */ - private function processContactPerson(SAML2_XML_md_ContactPerson $element) + private function processContactPerson(\SAML2\XML\md\ContactPerson $element) { $contactPerson = array(); if (!empty($element->contactType)) { @@ -1200,10 +1200,10 @@ class SimpleSAML_Metadata_SAMLParser /** * This function parses AttributeConsumerService elements. * - * @param SAML2_XML_md_AttributeConsumingService $element The AttributeConsumingService to parse. + * @param \SAML2\XML\md\AttributeConsumingService $element The AttributeConsumingService to parse. * @param array $sp The array with the SP's metadata. */ - private static function parseAttributeConsumerService(SAML2_XML_md_AttributeConsumingService $element, &$sp) + private static function parseAttributeConsumerService(\SAML2\XML\md\AttributeConsumingService $element, &$sp) { assert('is_array($sp)'); @@ -1228,13 +1228,13 @@ class SimpleSAML_Metadata_SAMLParser if ($child->NameFormat !== null) { $attrformat = $child->NameFormat; } else { - $attrformat = SAML2_Const::NAMEFORMAT_UNSPECIFIED; + $attrformat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED; } if ($format === null) { $format = $attrformat; } elseif ($format !== $attrformat) { - $format = SAML2_Const::NAMEFORMAT_UNSPECIFIED; + $format = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED; } } @@ -1246,7 +1246,7 @@ class SimpleSAML_Metadata_SAMLParser unset($sp['attributes.required']); } - if ($format !== SAML2_Const::NAMEFORMAT_UNSPECIFIED && $format !== null) { + if ($format !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED && $format !== null) { $sp['attributes.NameFormat'] = $format; } } @@ -1262,11 +1262,11 @@ class SimpleSAML_Metadata_SAMLParser * - 'index': The index of this endpoint. This attribute is only for indexed endpoints. * - 'isDefault': Whether this endpoint is the default endpoint for this type. This attribute may not exist. * - * @param SAML2_XML_md_EndpointType $element The element which should be parsed. + * @param \SAML2\XML\md\EndpointType $element The element which should be parsed. * * @return array An associative array with the data we have extracted from the element. */ - private static function parseGenericEndpoint(SAML2_XML_md_EndpointType $element) + private static function parseGenericEndpoint(\SAML2\XML\md\EndpointType $element) { $ep = array(); @@ -1277,7 +1277,7 @@ class SimpleSAML_Metadata_SAMLParser $ep['ResponseLocation'] = $element->ResponseLocation; } - if ($element instanceof SAML2_XML_md_IndexedEndpointType) { + if ($element instanceof \SAML2\XML\md\IndexedEndpointType) { $ep['index'] = $element->index; if ($element->isDefault !== null) { @@ -1317,11 +1317,11 @@ class SimpleSAML_Metadata_SAMLParser * - 'type: The type of the key. 'X509Certificate' is the only key type we support. * - 'X509Certificate': The contents of the first X509Certificate element (if the type is 'X509Certificate '). * - * @param SAML2_XML_md_KeyDescriptor $kd The KeyDescriptor element. + * @param \SAML2\XML\md\KeyDescriptor $kd The KeyDescriptor element. * * @return array|null An associative array describing the key, or null if this is an unsupported key. */ - private static function parseKeyDescriptor(SAML2_XML_md_KeyDescriptor $kd) + private static function parseKeyDescriptor(\SAML2\XML\md\KeyDescriptor $kd) { $r = array(); @@ -1339,9 +1339,9 @@ class SimpleSAML_Metadata_SAMLParser $keyInfo = $kd->KeyInfo; foreach ($keyInfo->info as $i) { - if ($i instanceof SAML2_XML_ds_X509Data) { + if ($i instanceof \SAML2\XML\ds\X509Data) { foreach ($i->data as $d) { - if ($d instanceof SAML2_XML_ds_X509Certificate) { + if ($d instanceof \SAML2\XML\ds\X509Certificate) { $r['type'] = 'X509Certificate'; $r['X509Certificate'] = $d->certificate; return $r; @@ -1410,7 +1410,7 @@ class SimpleSAML_Metadata_SAMLParser * * @param DOMDocument $doc The DOMDocument where we should find the EntityDescriptor node. * - * @return SAML2_XML_md_EntityDescriptor The DOMEntity which represents the EntityDescriptor. + * @return \SAML2\XML\md\EntityDescriptor The DOMEntity which represents the EntityDescriptor. * @throws Exception If the document is empty or the first element is not an EntityDescriptor element. */ private static function findEntityDescriptor($doc) @@ -1428,7 +1428,7 @@ class SimpleSAML_Metadata_SAMLParser throw new Exception('Expected first element in the metadata document to be an EntityDescriptor element.'); } - return new SAML2_XML_md_EntityDescriptor($ed); + return new \SAML2\XML\md\EntityDescriptor($ed); } diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php index f737b92a63cff646477b3f2afdd491eee3e5ea1d..5e11918b54e07715c2f8b3054e2cad84d9797ad5 100644 --- a/lib/SimpleSAML/Metadata/Signer.php +++ b/lib/SimpleSAML/Metadata/Signer.php @@ -245,7 +245,7 @@ class SimpleSAML_Metadata_Signer // convert the metadata to a DOM tree try { - $xml = SAML2_DOMDocumentFactory::fromString($metadataString); + $xml = \SAML2\DOMDocumentFactory::fromString($metadataString); } catch(Exception $e) { throw new Exception('Error parsing self-generated metadata.'); } diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php index e0f0754d0c500f98502c4a9af66e9fb910a39cbf..e9cda0ae60db538cb8915ce804badbd53e505ae5 100644 --- a/lib/SimpleSAML/Utilities.php +++ b/lib/SimpleSAML/Utilities.php @@ -128,14 +128,14 @@ class SimpleSAML_Utilities $currentTime = time(); if (!empty($start)) { - $startTime = SAML2_Utils::xsDateTimeToTimestamp($start); + $startTime = \SAML2\Utils::xsDateTimeToTimestamp($start); // Allow for a 10 minute difference in Time if (($startTime < 0) || (($startTime - 600) > $currentTime)) { return false; } } if (!empty($end)) { - $endTime = SAML2_Utils::xsDateTimeToTimestamp($end); + $endTime = \SAML2\Utils::xsDateTimeToTimestamp($end); if (($endTime < 0) || ($endTime <= $currentTime)) { return false; } diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php index 9750634c1714b4bb2c734caaa0eb567e3f758beb..05206ec4e2055811792231d8c22bc13be34de756 100644 --- a/lib/SimpleSAML/Utils/XML.php +++ b/lib/SimpleSAML/Utils/XML.php @@ -228,7 +228,7 @@ class XML } try { - $doc = \SAML2_DOMDocumentFactory::fromString($xml); + $doc = \SAML2\DOMDocumentFactory::fromString($xml); } catch (\Exception $e) { throw new \DOMException('Error parsing XML string.'); } @@ -402,7 +402,7 @@ class XML $res = true; } else { try { - $dom = \SAML2_DOMDocumentFactory::fromString($xml); + $dom = \SAML2\DOMDocumentFactory::fromString($xml); $res = true; } catch (\Exception $e) { $res = false; diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php index 6f6dd8a96c079ffd57a6f59ee9c1ed331d829e8f..ce0dbaa4e9161100f7426bfe5ce45e1959f1a623 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php @@ -57,7 +57,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse { assert('is_string($xml)'); try { - $this->dom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $xml)); + $this->dom = \SAML2\DOMDocumentFactory::fromString(str_replace ("\r", "", $xml)); } catch(\Exception $e) { throw new Exception('Unable to parse AuthnResponse XML.'); } @@ -439,7 +439,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse { * * @return bool True if the current time belongs to the period specified by $start and $end. False otherwise. * - * @see \SAML2_Utils::xsDateTimeToTimestamp. + * @see \SAML2\Utils::xsDateTimeToTimestamp. * * @author Andreas Solberg, UNINETT AS <andreas.solberg@uninett.no> * @author Olav Morken, UNINETT AS <olav.morken@uninett.no> @@ -449,14 +449,14 @@ class SimpleSAML_XML_Shib13_AuthnResponse { $currentTime = time(); if (!empty($start)) { - $startTime = \SAML2_Utils::xsDateTimeToTimestamp($start); + $startTime = \SAML2\Utils::xsDateTimeToTimestamp($start); // allow for a 10 minute difference in time if (($startTime < 0) || (($startTime - 600) > $currentTime)) { return false; } } if (!empty($end)) { - $endTime = \SAML2_Utils::xsDateTimeToTimestamp($end); + $endTime = \SAML2\Utils::xsDateTimeToTimestamp($end); if (($endTime < 0) || ($endTime <= $currentTime)) { return false; } diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php index 542a55165c8ad5704c3e1c9104dbe1c3e914cb5c..e29432443de553542c6d08309296d94a923f887b 100644 --- a/modules/adfs/lib/IdP/ADFS.php +++ b/modules/adfs/lib/IdP/ADFS.php @@ -94,7 +94,7 @@ class sspmod_adfs_IdP_ADFS { $objXMLSecDSig = new XMLSecurityDSig(); $objXMLSecDSig->idKeys = array('AssertionID'); $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); - $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $response)); + $responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace ("\r", "", $response)); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); $objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), diff --git a/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php b/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php index b793b94625233dde0f7497b63d56d0672433f99c..7e8a89878d2588fc580a6b217ce8f939a9897982 100644 --- a/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php +++ b/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php @@ -45,7 +45,7 @@ class sspmod_adfs_SAML2_XML_fed_SecurityTokenServiceType extends SAML2_XML_md_Ro $e = parent::toXML($parent); $e->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:fed', sspmod_adfs_SAML2_XML_fed_Const::NS_FED); - $e->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType'); + $e->setAttributeNS(\SAML2\Constants::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType'); sspmod_adfs_SAML2_XML_fed_TokenTypesOffered::appendXML($e); sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'SecurityTokenServiceEndpoint', $this->Location); sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'fed:PassiveRequestorEndpoint', $this->Location); diff --git a/modules/adfs/lib/XMLSecurityDSig.php b/modules/adfs/lib/XMLSecurityDSig.php index 288812f795805c50828c7c486141f83b1d10ce3c..b851a18cdadaa01dfa1ec4897f0231fe65dd1766 100644 --- a/modules/adfs/lib/XMLSecurityDSig.php +++ b/modules/adfs/lib/XMLSecurityDSig.php @@ -24,7 +24,7 @@ class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig { $template = self::template; } - $sigdoc = SAML2_DOMDocumentFactory::fromString($template); + $sigdoc = \SAML2\DOMDocumentFactory::fromString($template); $this->sigNode = $sigdoc->documentElement; } } diff --git a/modules/adfs/www/idp/metadata.php b/modules/adfs/www/idp/metadata.php index 7296a11fbb057cce80e10106de83caf7f070df3d..df59f5adace63f66108f8fe5fc5e7d9b106873c1 100644 --- a/modules/adfs/www/idp/metadata.php +++ b/modules/adfs/www/idp/metadata.php @@ -63,13 +63,13 @@ try { 'entityid' => $idpentityid, 'SingleSignOnService' => array( 0 => array( - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, 'Location' => $adfs_service_location ) ), 'SingleLogoutService' => array( 0 => array( - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, 'Location' => $adfs_service_location ) ), diff --git a/modules/cas/lib/Auth/Source/CAS.php b/modules/cas/lib/Auth/Source/CAS.php index 39b40bd0588c88816eba5d0ff9745dd28ad38ed3..1b2f1e0c916c989562b229154980d3461fc5073a 100644 --- a/modules/cas/lib/Auth/Source/CAS.php +++ b/modules/cas/lib/Auth/Source/CAS.php @@ -118,7 +118,7 @@ class sspmod_cas_Auth_Source_CAS extends SimpleSAML_Auth_Source { )); $result = \SimpleSAML\Utils\HTTP::fetch($url); - $dom = SAML2_DOMDocumentFactory::fromString($result); + $dom = \SAML2\DOMDocumentFactory::fromString($result); $xPath = new DOMXpath($dom); $xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas'); $success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user"); diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php index 4c9dea90946b4408a3acc5d6444d8865d536def0..4182cee55b25b33721975dd77e9a26939781d0b4 100644 --- a/modules/core/lib/Auth/Process/TargetedID.php +++ b/modules/core/lib/Auth/Process/TargetedID.php @@ -125,7 +125,7 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt if ($this->generateNameId) { // Convert the targeted ID to a SAML 2.0 name identifier element $nameId = array( - 'Format' => SAML2_Const::NAMEID_PERSISTENT, + 'Format' => \SAML2\Constants::NAMEID_PERSISTENT, 'Value' => $uid, ); @@ -136,11 +136,11 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt $nameId['SPNameQualifier'] = $state['Destination']['entityid']; } - $doc = SAML2_DOMDocumentFactory::create(); + $doc = \SAML2\DOMDocumentFactory::create(); $root = $doc->createElement('root'); $doc->appendChild($root); - SAML2_Utils::addNameId($root, $nameId); + \SAML2\Utils::addNameId($root, $nameId); $uid = $doc->saveXML($root->firstChild); } diff --git a/modules/core/www/idp/logout-iframe-post.php b/modules/core/www/idp/logout-iframe-post.php index 061ef97506fe0b79fb34227ac4befb0e0219ed45..5a9c4d879da765db6b13b05c902ac97430c96805 100644 --- a/modules/core/www/idp/logout-iframe-post.php +++ b/modules/core/www/idp/logout-iframe-post.php @@ -49,10 +49,10 @@ SimpleSAML_Stats::log('saml:idp:LogoutRequest:sent', array( 'idpEntityID' => $idpMetadata->getString('entityid'), )); -$bindings = array(SAML2_Const::BINDING_HTTP_POST); +$bindings = array(\SAML2\Constants::BINDING_HTTP_POST); $dst = $spMetadata->getDefaultEndpoint('SingleLogoutService', $bindings); -$binding = SAML2_Binding::getBinding($dst['Binding']); +$binding = \SAML2\Binding::getBinding($dst['Binding']); $lr->setDestination($dst['Location']); $lr->setRelayState($relayState); diff --git a/modules/exampleattributeserver/www/attributeserver.php b/modules/exampleattributeserver/www/attributeserver.php index 072d32c3a48ecf5655e228a048d8430537ae2492..8f257c2a427bf9fb8564cbe8ceeba1a8a744a4ad 100644 --- a/modules/exampleattributeserver/www/attributeserver.php +++ b/modules/exampleattributeserver/www/attributeserver.php @@ -2,9 +2,9 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); -$binding = SAML2_Binding::getCurrentBinding(); +$binding = \SAML2\Binding::getCurrentBinding(); $query = $binding->receive(); -if (!($query instanceof SAML2_AttributeQuery)) { +if (!($query instanceof \SAML2\AttributeQuery)) { throw new SimpleSAML_Error_BadRequest('Invalid message received to AttributeQuery endpoint.'); } @@ -29,7 +29,7 @@ $attributes = array( ); /* The name format of the attributes. */ -$attributeNameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED; +$attributeNameFormat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED; /* Determine which attributes we will return. */ @@ -62,7 +62,7 @@ if (count($returnAttributes) === 0) { /* $returnAttributes contains the attributes we should return. Send them. */ -$assertion = new SAML2_Assertion(); +$assertion = new \SAML2\Assertion(); $assertion->setIssuer($idpEntityId); $assertion->setNameId($query->getNameId()); $assertion->setNotBefore(time()); @@ -71,9 +71,9 @@ $assertion->setValidAudiences(array($spEntityId)); $assertion->setAttributes($returnAttributes); $assertion->setAttributeNameFormat($attributeNameFormat); -$sc = new SAML2_XML_saml_SubjectConfirmation(); -$sc->Method = SAML2_Const::CM_BEARER; -$sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); +$sc = new \SAML2\XML\saml\SubjectConfirmation(); +$sc->Method = \SAML2\Constants::CM_BEARER; +$sc->SubjectConfirmationData = new \SAML2\XML\saml\SubjectConfirmationData(); $sc->SubjectConfirmationData->NotOnOrAfter = time() + 5*60; $sc->SubjectConfirmationData->Recipient = $endpoint; $sc->SubjectConfirmationData->InResponseTo = $query->getId(); @@ -81,7 +81,7 @@ $assertion->setSubjectConfirmation(array($sc)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $assertion); -$response = new SAML2_Response(); +$response = new \SAML2\Response(); $response->setRelayState($query->getRelayState()); $response->setDestination($endpoint); $response->setIssuer($idpEntityId); @@ -89,5 +89,5 @@ $response->setInResponseTo($query->getId()); $response->setAssertions(array($assertion)); sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $response); -$binding = new SAML2_HTTPPost(); +$binding = new \SAML2\HTTPPost(); $binding->send($response); diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php index 9538464e40a9009788142d1ffc0015cc196fce76..a5f0f00968d25adb28629df0327f91d44c46420c 100644 --- a/modules/metarefresh/lib/MetaLoader.php +++ b/modules/metarefresh/lib/MetaLoader.php @@ -253,7 +253,7 @@ class sspmod_metarefresh_MetaLoader { private function loadXML($data, $source) { $entities = array(); try { - $doc = SAML2_DOMDocumentFactory::fromString($data); + $doc = \SAML2\DOMDocumentFactory::fromString($data); } catch (Exception $e) { throw new Exception('Failed to read XML from ' . $source['src']); } diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md index 6d404642519c7a2a24fd9d23dc9462f2ce806490..8dbe56ba4eadfe1be45b39908827cd73419fd449 100644 --- a/modules/saml/docs/sp.md +++ b/modules/saml/docs/sp.md @@ -459,9 +459,9 @@ Here we will list some examples for this authentication source. ### Using samlp:Extensions - $dom = SAML2_DOMDocumentFactory::create(); + $dom = \SAML2\DOMDocumentFactory::create(); $ce = $dom->createElementNS('http://www.example.com/XFoo', 'xfoo:test', 'Test data!'); - $ext[] = new SAML2_XML_Chunk($ce); + $ext[] = new \SAML2\XML\Chunk($ce); $auth = new SimpleSAML_Auth_Simple('default-sp'); $auth->login(array( diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php index ecb72bbec527a497e32254f33be28711703be5bb..a873540a5b608d87fdc291e96004ff90baadcdda 100644 --- a/modules/saml/lib/Auth/Process/NameIDAttribute.php +++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php @@ -118,7 +118,7 @@ class sspmod_saml_Auth_Process_NameIDAttribute extends SimpleSAML_Auth_Processin $rep['%'] = '%'; if (!isset($rep['Format'])) { - $rep['Format'] = SAML2_Const::NAMEID_UNSPECIFIED; + $rep['Format'] = \SAML2\Constants::NAMEID_UNSPECIFIED; } if (!isset($rep['NameQualifier'])) { $rep['NameQualifier'] = $state['Source']['entityid']; diff --git a/modules/saml/lib/Auth/Process/PersistentNameID.php b/modules/saml/lib/Auth/Process/PersistentNameID.php index 7c17d8d1a210504bd61770276b4e4c3e14530327..762b613ed774b6908b65f653e157eac993e14c43 100644 --- a/modules/saml/lib/Auth/Process/PersistentNameID.php +++ b/modules/saml/lib/Auth/Process/PersistentNameID.php @@ -30,7 +30,7 @@ class sspmod_saml_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGe parent::__construct($config, $reserved); assert('is_array($config)'); - $this->format = SAML2_Const::NAMEID_PERSISTENT; + $this->format = \SAML2\Constants::NAMEID_PERSISTENT; if (!isset($config['attribute'])) { throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'."); diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php index 9b94c942ad1fe6eab8e12e677a495a1e263f1d06..be61e1099871de3cdcdefe7abd52a36f52aed92d 100644 --- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php +++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php @@ -59,20 +59,20 @@ class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Au { assert('is_array($state)'); - if (!isset($state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT])) { + if (!isset($state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT])) { SimpleSAML\Logger::warning( 'Unable to generate eduPersonTargetedID because no persistent NameID was available.' ); return; } - $nameID = $state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT]; + $nameID = $state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT]; if ($this->nameId) { - $doc = SAML2_DOMDocumentFactory::create(); + $doc = \SAML2\DOMDocumentFactory::create(); $root = $doc->createElement('root'); $doc->appendChild($root); - SAML2_Utils::addNameId($root, $nameID); + \SAML2\Utils::addNameId($root, $nameID); $value = $doc->saveXML($root->firstChild); } else { $value = $nameID['Value']; diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php index c3e5b4ccd401dfd1bcd99ada10ddb0b002229c5e..28d92f83a707cfb73b971bc5024f6dc3cbd9a696 100644 --- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php +++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php @@ -51,7 +51,7 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI parent::__construct($config, $reserved); assert('is_array($config)'); - $this->format = SAML2_Const::NAMEID_PERSISTENT; + $this->format = \SAML2\Constants::NAMEID_PERSISTENT; if (!isset($config['attribute'])) { throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'."); @@ -148,7 +148,7 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI 'SQLPersistentNameID: Did not find persistent NameID for user, and not allowed to create new NameID.' ); throw new sspmod_saml_Error( - SAML2_Const::STATUS_RESPONDER, + \SAML2\Constants::STATUS_RESPONDER, 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy' ); } diff --git a/modules/saml/lib/Auth/Process/TransientNameID.php b/modules/saml/lib/Auth/Process/TransientNameID.php index d3f5c22ed90cf40fd39bd2fd4358e603b8447b86..f4026421eaf420881b0927fb62f8f86629f24e6e 100644 --- a/modules/saml/lib/Auth/Process/TransientNameID.php +++ b/modules/saml/lib/Auth/Process/TransientNameID.php @@ -20,7 +20,7 @@ class sspmod_saml_Auth_Process_TransientNameID extends sspmod_saml_BaseNameIDGen parent::__construct($config, $reserved); assert('is_array($config)'); - $this->format = SAML2_Const::NAMEID_TRANSIENT; + $this->format = \SAML2\Constants::NAMEID_TRANSIENT; } diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index 1460940d0c7309fe75ad4e96bc795fe8d6d069a1..df6058d1964efb180cda3c8ce8925213362a1823 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -261,19 +261,19 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { SimpleSAML\Logger::debug('Sending SAML 2 AuthnRequest to ' . var_export($idpMetadata->getString('entityid'), TRUE)); /* Select appropriate SSO endpoint */ - if ($ar->getProtocolBinding() === SAML2_Const::BINDING_HOK_SSO) { + if ($ar->getProtocolBinding() === \SAML2\Constants::BINDING_HOK_SSO) { $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array( - SAML2_Const::BINDING_HOK_SSO) + \SAML2\Constants::BINDING_HOK_SSO) ); } else { $dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array( - SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_HTTP_POST) + \SAML2\Constants::BINDING_HTTP_REDIRECT, + \SAML2\Constants::BINDING_HTTP_POST) ); } $ar->setDestination($dst['Location']); - $b = SAML2_Binding::getBinding($dst['Binding']); + $b = \SAML2\Binding::getBinding($dst['Binding']); $this->sendSAML2AuthnRequest($state, $b, $ar); @@ -287,10 +287,10 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { * This function does not return. * * @param array &$state The state array. - * @param SAML2_Binding $binding The binding. - * @param SAML2_AuthnRequest $ar The authentication request. + * @param \SAML2\Binding $binding The binding. + * @param \SAML2\AuthnRequest $ar The authentication request. */ - public function sendSAML2AuthnRequest(array &$state, SAML2_Binding $binding, SAML2_AuthnRequest $ar) { + public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar) { $binding->send($ar); assert('FALSE'); } @@ -468,8 +468,8 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { $idpMetadata = $this->getIdPMetadata($idp); $endpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array( - SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_HTTP_POST), FALSE); + \SAML2\Constants::BINDING_HTTP_REDIRECT, + \SAML2\Constants::BINDING_HTTP_POST), FALSE); if ($endpoint === FALSE) { SimpleSAML\Logger::info('No logout endpoint for IdP ' . var_export($idp, TRUE) . '.'); return; @@ -489,7 +489,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($idpMetadata)); } - $b = SAML2_Binding::getBinding($endpoint['Binding']); + $b = \SAML2\Binding::getBinding($endpoint['Binding']); $b->send($lr); assert('FALSE'); diff --git a/modules/saml/lib/Error.php b/modules/saml/lib/Error.php index 2b6c9190bf1bc59f8c5bdb11e14adaa0bc4acb68..78799a2cd7b41bcb6af2b870f1fadeb844e0e25f 100644 --- a/modules/saml/lib/Error.php +++ b/modules/saml/lib/Error.php @@ -106,22 +106,22 @@ class sspmod_saml_Error extends SimpleSAML_Error_Exception { } elseif ($exception instanceof SimpleSAML_Error_NoPassive) { $e = new self( - SAML2_Const::STATUS_RESPONDER, - SAML2_Const::STATUS_NO_PASSIVE, + \SAML2\Constants::STATUS_RESPONDER, + \SAML2\Constants::STATUS_NO_PASSIVE, $exception->getMessage(), $exception ); } elseif ($exception instanceof SimpleSAML_Error_ProxyCountExceeded) { $e = new self( - SAML2_Const::STATUS_RESPONDER, - SAML2_Const::STATUS_PROXY_COUNT_EXCEEDED, + \SAML2\Constants::STATUS_RESPONDER, + \SAML2\Constants::STATUS_PROXY_COUNT_EXCEEDED, $exception->getMessage(), $exception ); } else { $e = new self( - SAML2_Const::STATUS_RESPONDER, + \SAML2\Constants::STATUS_RESPONDER, NULL, get_class($exception) . ': ' . $exception->getMessage(), $exception @@ -154,9 +154,9 @@ class sspmod_saml_Error extends SimpleSAML_Error_Exception { $e = NULL; switch ($this->status) { - case SAML2_Const::STATUS_RESPONDER: + case \SAML2\Constants::STATUS_RESPONDER: switch ($this->subStatus) { - case SAML2_Const::STATUS_NO_PASSIVE: + case \SAML2\Constants::STATUS_NO_PASSIVE: $e = new SimpleSAML_Error_NoPassive($this->statusMessage, 0, $this); break; } diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php index 7af8d842ce56d4cea5fd4c315b5a3816abc8213a..d614a3f95fe6f9008f5b0a0c157d63d0244fd669 100644 --- a/modules/saml/lib/IdP/SAML2.php +++ b/modules/saml/lib/IdP/SAML2.php @@ -74,7 +74,7 @@ class sspmod_saml_IdP_SAML2 { SimpleSAML_Stats::log('saml:idp:Response', $statsData); /* Send the response. */ - $binding = SAML2_Binding::getBinding($protocolBinding); + $binding = \SAML2\Binding::getBinding($protocolBinding); $binding->send($ar); } @@ -132,7 +132,7 @@ class sspmod_saml_IdP_SAML2 { } SimpleSAML_Stats::log('saml:idp:Response:error', $statsData); - $binding = SAML2_Binding::getBinding($protocolBinding); + $binding = \SAML2\Binding::getBinding($protocolBinding); $binding->send($ar); } @@ -229,12 +229,12 @@ class sspmod_saml_IdP_SAML2 { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); - $supportedBindings = array(SAML2_Const::BINDING_HTTP_POST); + $supportedBindings = array(\SAML2\Constants::BINDING_HTTP_POST); if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) { - $supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT; + $supportedBindings[] = \SAML2\Constants::BINDING_HTTP_ARTIFACT; } if ($idpMetadata->getBoolean('saml20.hok.assertion', FALSE)) { - $supportedBindings[] = SAML2_Const::BINDING_HOK_SSO; + $supportedBindings[] = \SAML2\Constants::BINDING_HOK_SSO; } if (isset($_REQUEST['spentityid'])) { @@ -289,10 +289,10 @@ class sspmod_saml_IdP_SAML2 { } else { - $binding = SAML2_Binding::getCurrentBinding(); + $binding = \SAML2\Binding::getCurrentBinding(); $request = $binding->receive(); - if (!($request instanceof SAML2_AuthnRequest)) { + if (!($request instanceof \SAML2\AuthnRequest)) { throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.'); } @@ -412,10 +412,10 @@ class sspmod_saml_IdP_SAML2 { )); $dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array( - SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_HTTP_POST) + \SAML2\Constants::BINDING_HTTP_REDIRECT, + \SAML2\Constants::BINDING_HTTP_POST) ); - $binding = SAML2_Binding::getBinding($dst['Binding']); + $binding = \SAML2\Binding::getBinding($dst['Binding']); $lr = self::buildLogoutRequest($idpMetadata, $spMetadata, $association, $relayState); $lr->setDestination($dst['Location']); @@ -447,8 +447,8 @@ class sspmod_saml_IdP_SAML2 { if (isset($state['core:Failed']) && $state['core:Failed']) { $partial = TRUE; $lr->setStatus(array( - 'Code' => SAML2_Const::STATUS_SUCCESS, - 'SubCode' => SAML2_Const::STATUS_PARTIAL_LOGOUT, + 'Code' => \SAML2\Constants::STATUS_SUCCESS, + 'SubCode' => \SAML2\Constants::STATUS_PARTIAL_LOGOUT, )); SimpleSAML\Logger::info('Sending logout response for partial logout to SP ' . var_export($spEntityId, TRUE)); } else { @@ -462,10 +462,10 @@ class sspmod_saml_IdP_SAML2 { 'partial' => $partial )); $dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array( - SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_HTTP_POST) + \SAML2\Constants::BINDING_HTTP_REDIRECT, + \SAML2\Constants::BINDING_HTTP_POST) ); - $binding = SAML2_Binding::getBinding($dst['Binding']); + $binding = \SAML2\Binding::getBinding($dst['Binding']); if (isset($dst['ResponseLocation'])) { $dst = $dst['ResponseLocation']; } else { @@ -484,7 +484,7 @@ class sspmod_saml_IdP_SAML2 { */ public static function receiveLogoutMessage(SimpleSAML_IdP $idp) { - $binding = SAML2_Binding::getCurrentBinding(); + $binding = \SAML2\Binding::getCurrentBinding(); $message = $binding->receive(); $spEntityId = $message->getIssuer(); @@ -499,7 +499,7 @@ class sspmod_saml_IdP_SAML2 { sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $message); - if ($message instanceof SAML2_LogoutResponse) { + if ($message instanceof \SAML2\LogoutResponse) { SimpleSAML\Logger::info('Received SAML 2.0 LogoutResponse from: '. var_export($spEntityId, TRUE)); $statsData = array( @@ -525,7 +525,7 @@ class sspmod_saml_IdP_SAML2 { $idp->handleLogoutResponse($assocId, $relayState, $logoutError); - } elseif ($message instanceof SAML2_LogoutRequest) { + } elseif ($message instanceof \SAML2\LogoutRequest) { SimpleSAML\Logger::info('Received SAML 2.0 LogoutRequest from: '. var_export($spEntityId, TRUE)); SimpleSAML_Stats::log('saml:idp:LogoutRequest:recv', array( @@ -569,11 +569,11 @@ class sspmod_saml_IdP_SAML2 { $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote'); - $bindings = array(SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_HTTP_POST); + $bindings = array(\SAML2\Constants::BINDING_HTTP_REDIRECT, + \SAML2\Constants::BINDING_HTTP_POST); $dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', $bindings); - if ($dst['Binding'] === SAML2_Const::BINDING_HTTP_POST) { + if ($dst['Binding'] === \SAML2\Constants::BINDING_HTTP_POST) { $params = array('association' => $association['id'], 'idp' => $idp->getId()); if ($relayState !== NULL) { $params['RelayState'] = $relayState; @@ -584,7 +584,7 @@ class sspmod_saml_IdP_SAML2 { $lr = self::buildLogoutRequest($idpMetadata, $spMetadata, $association, $relayState); $lr->setDestination($dst['Location']); - $binding = new SAML2_HTTPRedirect(); + $binding = new \SAML2\HTTPRedirect(); return $binding->getRedirectURL($lr); } @@ -707,7 +707,7 @@ class sspmod_saml_IdP_SAML2 { break; case 'raw': if (is_string($value)) { - $doc = SAML2_DOMDocumentFactory::fromString('<root>' . $value . '</root>'); + $doc = \SAML2\DOMDocumentFactory::fromString('<root>' . $value . '</root>'); $value = $doc->firstChild->childNodes; } assert('$value instanceof DOMNodeList'); @@ -765,7 +765,7 @@ class sspmod_saml_IdP_SAML2 { * @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP. * @param SimpleSAML_Configuration $spMetadata The metadata of the SP. * @param array &$state The state array with information about the request. - * @return SAML2_Assertion The assertion. + * @return \SAML2\Assertion The assertion. */ private static function buildAssertion(SimpleSAML_Configuration $idpMetadata, SimpleSAML_Configuration $spMetadata, array &$state) { @@ -781,7 +781,7 @@ class sspmod_saml_IdP_SAML2 { $config = SimpleSAML_Configuration::getInstance(); - $a = new SAML2_Assertion(); + $a = new \SAML2\Assertion(); if ($signAssertion) { sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $a); } @@ -800,7 +800,7 @@ class sspmod_saml_IdP_SAML2 { if (isset($state['saml:AuthnContextClassRef'])) { $a->setAuthnContext($state['saml:AuthnContextClassRef']); } else { - $a->setAuthnContext(SAML2_Const::AC_PASSWORD); + $a->setAuthnContext(\SAML2\Constants::AC_PASSWORD); } $sessionStart = $now; @@ -814,15 +814,15 @@ class sspmod_saml_IdP_SAML2 { $a->setSessionIndex(SimpleSAML\Utils\Random::generateID()); - $sc = new SAML2_XML_saml_SubjectConfirmation(); - $sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData(); + $sc = new \SAML2\XML\saml\SubjectConfirmation(); + $sc->SubjectConfirmationData = new \SAML2\XML\saml\SubjectConfirmationData(); $sc->SubjectConfirmationData->NotOnOrAfter = $now + $assertionLifetime; $sc->SubjectConfirmationData->Recipient = $state['saml:ConsumerURL']; $sc->SubjectConfirmationData->InResponseTo = $state['saml:RequestId']; /* ProtcolBinding of SP's <AuthnRequest> overwrites IdP hosted metadata configuration. */ $hokAssertion = NULL; - if ($state['saml:Binding'] === SAML2_Const::BINDING_HOK_SSO) { + if ($state['saml:Binding'] === \SAML2\Constants::BINDING_HOK_SSO) { $hokAssertion = TRUE; } if ($hokAssertion === NULL) { @@ -831,7 +831,7 @@ class sspmod_saml_IdP_SAML2 { if ($hokAssertion) { /* Holder-of-Key */ - $sc->Method = SAML2_Const::CM_HOK; + $sc->Method = \SAML2\Constants::CM_HOK; if (\SimpleSAML\Utils\HTTP::isHTTPS()) { if (isset($_SERVER['SSL_CLIENT_CERT']) && !empty($_SERVER['SSL_CLIENT_CERT'])) { /* Extract certificate data (if this is a certificate). */ @@ -839,13 +839,13 @@ class sspmod_saml_IdP_SAML2 { $pattern = '/^-----BEGIN CERTIFICATE-----([^-]*)^-----END CERTIFICATE-----/m'; if (preg_match($pattern, $clientCert, $matches)) { /* We have a client certificate from the browser which we add to the HoK assertion. */ - $x509Certificate = new SAML2_XML_ds_X509Certificate(); + $x509Certificate = new \SAML2\XML\ds\X509Certificate(); $x509Certificate->certificate = str_replace(array("\r", "\n", " "), '', $matches[1]); - $x509Data = new SAML2_XML_ds_X509Data(); + $x509Data = new \SAML2\XML\ds\X509Data(); $x509Data->data[] = $x509Certificate; - $keyInfo = new SAML2_XML_ds_KeyInfo(); + $keyInfo = new \SAML2\XML\ds\KeyInfo(); $keyInfo->info[] = $x509Data; $sc->SubjectConfirmationData->info[] = $keyInfo; @@ -854,7 +854,7 @@ class sspmod_saml_IdP_SAML2 { } else throw new SimpleSAML_Error_Exception('Error creating HoK assertion: No HTTPS connection to IdP, but required for Holder-of-Key SSO'); } else { /* Bearer */ - $sc->Method = SAML2_Const::CM_BEARER; + $sc->Method = \SAML2\Constants::CM_BEARER; } $a->setSubjectConfirmation(array($sc)); @@ -880,7 +880,7 @@ class sspmod_saml_IdP_SAML2 { /* Either not set in request, or not set to a format we supply. Fall back to old generation method. */ $nameIdFormat = $spMetadata->getString('NameIDFormat', NULL); if ($nameIdFormat === NULL) { - $nameIdFormat = $idpMetadata->getString('NameIDFormat', SAML2_Const::NAMEID_TRANSIENT); + $nameIdFormat = $idpMetadata->getString('NameIDFormat', \SAML2\Constants::NAMEID_TRANSIENT); } } @@ -893,7 +893,7 @@ class sspmod_saml_IdP_SAML2 { $spNameQualifier = $spMetadata->getString('entityid'); } - if ($nameIdFormat === SAML2_Const::NAMEID_TRANSIENT) { + if ($nameIdFormat === \SAML2\Constants::NAMEID_TRANSIENT) { /* generate a random id */ $nameIdValue = SimpleSAML\Utils\Random::generateID(); } else { @@ -902,7 +902,7 @@ class sspmod_saml_IdP_SAML2 { $nameIdValue = self::generateNameIdValue($idpMetadata, $spMetadata, $state); if ($nameIdValue === NULL) { SimpleSAML\Logger::warning('Falling back to transient NameID.'); - $nameIdFormat = SAML2_Const::NAMEID_TRANSIENT; + $nameIdFormat = \SAML2\Constants::NAMEID_TRANSIENT; $nameIdValue = SimpleSAML\Utils\Random::generateID(); } } @@ -933,16 +933,16 @@ class sspmod_saml_IdP_SAML2 { /** * Encrypt an assertion. * - * This function takes in a SAML2_Assertion and encrypts it if encryption of + * This function takes in a \SAML2\Assertion and encrypts it if encryption of * assertions are enabled in the metadata. * * @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP. * @param SimpleSAML_Configuration $spMetadata The metadata of the SP. - * @param SAML2_Assertion $assertion The assertion we are encrypting. - * @return SAML2_Assertion|SAML2_EncryptedAssertion The assertion. + * @param \SAML2\Assertion $assertion The assertion we are encrypting. + * @return \SAML2\Assertion|\SAML2\EncryptedAssertion The assertion. */ private static function encryptAssertion(SimpleSAML_Configuration $idpMetadata, - SimpleSAML_Configuration $spMetadata, SAML2_Assertion $assertion) { + SimpleSAML_Configuration $spMetadata, \SAML2\Assertion $assertion) { $encryptAssertion = $spMetadata->getBoolean('assertion.encryption', NULL); if ($encryptAssertion === NULL) { @@ -976,7 +976,7 @@ class sspmod_saml_IdP_SAML2 { $key->loadKey($pemKey); } - $ea = new SAML2_EncryptedAssertion(); + $ea = new \SAML2\EncryptedAssertion(); $ea->setAssertion($assertion, $key); return $ea; } @@ -1031,7 +1031,7 @@ class sspmod_saml_IdP_SAML2 { $signResponse = $idpMetadata->getBoolean('saml20.sign.response', TRUE); } - $r = new SAML2_Response(); + $r = new \SAML2\Response(); $r->setIssuer($idpMetadata->getString('entityid')); $r->setDestination($consumerURL); diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php index 685be4f630df7868702f0770146c6c51d4e1e775..60fea0e342c0ef784b2f15bf0dcb77a5723b0c58 100644 --- a/modules/saml/lib/Message.php +++ b/modules/saml/lib/Message.php @@ -14,9 +14,9 @@ class sspmod_saml_Message { * * @param SimpleSAML_Configuration $srcMetadata The metadata of the sender. * @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient. - * @param SAML2_Message $element The element we should add the data to. + * @param \SAML2\Message $element The element we should add the data to. */ - public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element) { + public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\SignedElement $element) { $dstPrivateKey = $dstMetadata->getString('signature.privatekey', NULL); @@ -70,16 +70,16 @@ class sspmod_saml_Message { * * @param SimpleSAML_Configuration $srcMetadata The metadata of the sender. * @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient. - * @param SAML2_Message $message The message we should add the data to. + * @param \SAML2\Message $message The message we should add the data to. */ - private static function addRedirectSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_message $message) { + private static function addRedirectSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\Message $message) { - if ($message instanceof SAML2_LogoutRequest || $message instanceof SAML2_LogoutResponse) { + if ($message instanceof \SAML2\LogoutRequest || $message instanceof \SAML2\LogoutResponse) { $signingEnabled = $srcMetadata->getBoolean('sign.logout', NULL); if ($signingEnabled === NULL) { $signingEnabled = $dstMetadata->getBoolean('sign.logout', NULL); } - } elseif ($message instanceof SAML2_AuthnRequest) { + } elseif ($message instanceof \SAML2\AuthnRequest) { $signingEnabled = $srcMetadata->getBoolean('sign.authnrequest', NULL); if ($signingEnabled === NULL) { $signingEnabled = $dstMetadata->getBoolean('sign.authnrequest', NULL); @@ -138,9 +138,9 @@ class sspmod_saml_Message { * Check the signature on a SAML2 message or assertion. * * @param SimpleSAML_Configuration $srcMetadata The metadata of the sender. - * @param SAML2_SignedElement $element Either a SAML2_Response or a SAML2_Assertion. + * @param \SAML2\SignedElement $element Either a \SAML2\Response or a \SAML2\Assertion. */ - public static function checkSign(SimpleSAML_Configuration $srcMetadata, SAML2_SignedElement $element) { + public static function checkSign(SimpleSAML_Configuration $srcMetadata, \SAML2\SignedElement $element) { /* Find the public key that should verify signatures by this entity. */ $keys = $srcMetadata->getPublicKeys('signing'); @@ -224,20 +224,20 @@ class sspmod_saml_Message { * * @param SimpleSAML_Configuration $srcMetadata The metadata of the sender. * @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient. - * @param SAML2_Message $message The message we should check the signature on. + * @param \SAML2\Message $message The message we should check the signature on. */ public static function validateMessage( SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, - SAML2_Message $message + \SAML2\Message $message ) { - if ($message instanceof SAML2_LogoutRequest || $message instanceof SAML2_LogoutResponse) { + if ($message instanceof \SAML2\LogoutRequest || $message instanceof \SAML2\LogoutResponse) { $enabled = $srcMetadata->getBoolean('validate.logout', NULL); if ($enabled === NULL) { $enabled = $dstMetadata->getBoolean('validate.logout', NULL); } - } elseif ($message instanceof SAML2_AuthnRequest) { + } elseif ($message instanceof \SAML2\AuthnRequest) { $enabled = $srcMetadata->getBoolean('validate.authnrequest', NULL); if ($enabled === NULL) { $enabled = $dstMetadata->getBoolean('validate.authnrequest', NULL); @@ -331,20 +331,20 @@ class sspmod_saml_Message { /** * Decrypt an assertion. * - * This function takes in a SAML2_Assertion and decrypts it if it is encrypted. + * This function takes in a \SAML2\Assertion and decrypts it if it is encrypted. * If it is unencrypted, and encryption is enabled in the metadata, an exception * will be throws. * * @param SimpleSAML_Configuration $srcMetadata The metadata of the sender (IdP). * @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient (SP). - * @param SAML2_Assertion|SAML2_EncryptedAssertion $assertion The assertion we are decrypting. - * @return SAML2_Assertion The assertion. + * @param \SAML2\Assertion|\SAML2\EncryptedAssertion $assertion The assertion we are decrypting. + * @return \SAML2\Assertion The assertion. */ private static function decryptAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, $assertion) { - assert('$assertion instanceof SAML2_Assertion || $assertion instanceof SAML2_EncryptedAssertion'); + assert('$assertion instanceof \SAML2\Assertion || $assertion instanceof \SAML2\EncryptedAssertion'); - if ($assertion instanceof SAML2_Assertion) { + if ($assertion instanceof \SAML2\Assertion) { $encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', NULL); if ($encryptAssertion === NULL) { $encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', FALSE); @@ -383,10 +383,10 @@ class sspmod_saml_Message { /** * Retrieve the status code of a response as a sspmod_saml_Error. * - * @param SAML2_StatusResponse $response The response. + * @param \SAML2\StatusResponse $response The response. * @return sspmod_saml_Error The error. */ - public static function getResponseError(SAML2_StatusResponse $response) { + public static function getResponseError(\SAML2\StatusResponse $response) { $status = $response->getStatus(); return new sspmod_saml_Error($status['Code'], $status['SubCode'], $status['Message']); @@ -401,7 +401,7 @@ class sspmod_saml_Message { */ public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata) { - $ar = new SAML2_AuthnRequest(); + $ar = new \SAML2\AuthnRequest(); // get the NameIDPolicy to apply. IdP metadata has precedence. $nameIdPolicy = array(); @@ -418,7 +418,7 @@ class sspmod_saml_Message { $nameIdPolicy_cf = SimpleSAML_Configuration::loadFromArray($nameIdPolicy); $policy = array( - 'Format' => $nameIdPolicy_cf->getString('Format', SAML2_Const::NAMEID_TRANSIENT), + 'Format' => $nameIdPolicy_cf->getString('Format', \SAML2\Constants::NAMEID_TRANSIENT), 'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true), ); $spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false); @@ -431,11 +431,11 @@ class sspmod_saml_Message { $ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE)); $protbind = $spMetadata->getValueValidate('ProtocolBinding', array( - SAML2_Const::BINDING_HTTP_POST, - SAML2_Const::BINDING_HOK_SSO, - SAML2_Const::BINDING_HTTP_ARTIFACT, - SAML2_Const::BINDING_HTTP_REDIRECT, - ), SAML2_Const::BINDING_HTTP_POST); + \SAML2\Constants::BINDING_HTTP_POST, + \SAML2\Constants::BINDING_HOK_SSO, + \SAML2\Constants::BINDING_HTTP_ARTIFACT, + \SAML2\Constants::BINDING_HTTP_REDIRECT, + ), \SAML2\Constants::BINDING_HTTP_POST); /* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */ $ar->setProtocolBinding($protbind); @@ -464,7 +464,7 @@ class sspmod_saml_Message { */ public static function buildLogoutRequest(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata) { - $lr = new SAML2_LogoutRequest(); + $lr = new \SAML2\LogoutRequest(); $lr->setIssuer($srcMetadata->getString('entityid')); self::addRedirectSign($srcMetadata, $dstMetadata, $lr); @@ -481,7 +481,7 @@ class sspmod_saml_Message { */ public static function buildLogoutResponse(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata) { - $lr = new SAML2_LogoutResponse(); + $lr = new \SAML2\LogoutResponse(); $lr->setIssuer($srcMetadata->getString('entityid')); self::addRedirectSign($srcMetadata, $dstMetadata, $lr); @@ -498,12 +498,12 @@ class sspmod_saml_Message { * * @param SimpleSAML_Configuration $spMetadata The metadata of the service provider. * @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider. - * @param SAML2_Response $response The response. - * @return array Array with SAML2_Assertion objects, containing valid assertions from the response. + * @param \SAML2\Response $response The response. + * @return array Array with \SAML2\Assertion objects, containing valid assertions from the response. */ public static function processResponse( SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata, - SAML2_Response $response + \SAML2\Response $response ) { if (!$response->isSuccess()) { @@ -546,16 +546,16 @@ class sspmod_saml_Message { * * @param SimpleSAML_Configuration $spMetadata The metadata of the service provider. * @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider. - * @param SAML2_Response $response The response containing the assertion. - * @param SAML2_Assertion|SAML2_EncryptedAssertion $assertion The assertion. + * @param \SAML2\Response $response The response containing the assertion. + * @param \SAML2\Assertion|\SAML2\EncryptedAssertion $assertion The assertion. * @param bool $responseSigned Whether the response is signed. - * @return SAML2_Assertion The assertion, if it is valid. + * @return \SAML2\Assertion The assertion, if it is valid. */ private static function processAssertion( SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata, - SAML2_Response $response, $assertion, $responseSigned + \SAML2\Response $response, $assertion, $responseSigned ) { - assert('$assertion instanceof SAML2_Assertion || $assertion instanceof SAML2_EncryptedAssertion'); + assert('$assertion instanceof \SAML2\Assertion || $assertion instanceof \SAML2\EncryptedAssertion'); assert('is_bool($responseSigned)'); $assertion = self::decryptAssertion($idpMetadata, $spMetadata, $assertion); @@ -598,7 +598,7 @@ class sspmod_saml_Message { $found = FALSE; $lastError = 'No SubjectConfirmation element in Subject.'; - $validSCMethods = array(SAML2_Const::CM_BEARER, SAML2_Const::CM_HOK, SAML2_Const::CM_VOUCHES); + $validSCMethods = array(\SAML2\Constants::CM_BEARER, \SAML2\Constants::CM_HOK, \SAML2\Constants::CM_VOUCHES); foreach ($assertion->getSubjectConfirmation() as $sc) { if (!in_array($sc->Method, $validSCMethods)) { $lastError = 'Invalid Method on SubjectConfirmation: ' . var_export($sc->Method, TRUE); @@ -610,17 +610,17 @@ class sspmod_saml_Message { if ($hok === NULL) { $hok = $spMetadata->getBoolean('saml20.hok.assertion', FALSE); } - if ($sc->Method === SAML2_Const::CM_BEARER && $hok) { + if ($sc->Method === \SAML2\Constants::CM_BEARER && $hok) { $lastError = 'Bearer SubjectConfirmation received, but Holder-of-Key SubjectConfirmation needed'; continue; } - if ($sc->Method === SAML2_Const::CM_HOK && !$hok) { + if ($sc->Method === \SAML2\Constants::CM_HOK && !$hok) { $lastError = 'Holder-of-Key SubjectConfirmation received, but the Holder-of-Key profile is not enabled.'; continue; } $scd = $sc->SubjectConfirmationData; - if ($sc->Method === SAML2_Const::CM_HOK) { + if ($sc->Method === \SAML2\Constants::CM_HOK) { /* Check HoK Assertion */ if (\SimpleSAML\Utils\HTTP::isHTTPS() === FALSE) { $lastError = 'No HTTPS connection, but required for Holder-of-Key SSO'; @@ -642,7 +642,7 @@ class sspmod_saml_Message { $clientCert = str_replace(array("\r", "\n", " "), '', $matches[1]); foreach ($scd->info as $thing) { - if($thing instanceof SAML2_XML_ds_KeyInfo) { + if($thing instanceof \SAML2\XML\ds\KeyInfo) { $keyInfo[]=$thing; } } @@ -652,7 +652,7 @@ class sspmod_saml_Message { } foreach ($keyInfo[0]->info as $thing) { - if($thing instanceof SAML2_XML_ds_X509Data) { + if($thing instanceof \SAML2\XML\ds\X509Data) { $x509data[]=$thing; } } @@ -662,7 +662,7 @@ class sspmod_saml_Message { } foreach ($x509data[0]->data as $thing) { - if($thing instanceof SAML2_XML_ds_X509Certificate) { + if($thing instanceof \SAML2\XML\ds\X509Certificate) { $x509cert[]=$thing; } } diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php index 90a8b7bcbf9b7d31091ff4d4b3f721618af49da3..3adf70df0e3de4932d560740e09a85936932de0e 100644 --- a/modules/saml/www/sp/metadata.php +++ b/modules/saml/www/sp/metadata.php @@ -26,15 +26,15 @@ $store = SimpleSAML_Store::getInstance(); $metaArray20 = array(); $slosvcdefault = array( - SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_SOAP, + \SAML2\Constants::BINDING_HTTP_REDIRECT, + \SAML2\Constants::BINDING_SOAP, ); $slob = $spconfig->getArray('SingleLogoutServiceBinding', $slosvcdefault); $slol = SimpleSAML\Module::getModuleURL('saml/sp/saml2-logout.php/'.$sourceId); foreach ($slob as $binding) { - if ($binding == SAML2_Const::BINDING_SOAP && !($store instanceof SimpleSAML_Store_SQL)) { + if ($binding == \SAML2\Constants::BINDING_SOAP && !($store instanceof SimpleSAML_Store_SQL)) { // we cannot properly support SOAP logout continue; } @@ -64,7 +64,7 @@ foreach ($assertionsconsumerservices as $services) { $acsArray = array('index' => $index); switch ($services) { case 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': - $acsArray['Binding'] = SAML2_Const::BINDING_HTTP_POST; + $acsArray['Binding'] = \SAML2\Constants::BINDING_HTTP_POST; $acsArray['Location'] = SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/'.$sourceId); break; case 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post': @@ -82,7 +82,7 @@ foreach ($assertionsconsumerservices as $services) { case 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser': $acsArray['Binding'] = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser'; $acsArray['Location'] = SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/'.$sourceId); - $acsArray['hoksso:ProtocolBinding'] = SAML2_Const::BINDING_HTTP_REDIRECT; + $acsArray['hoksso:ProtocolBinding'] = \SAML2\Constants::BINDING_HTTP_REDIRECT; break; } $eps[] = $acsArray; @@ -214,7 +214,7 @@ if ($spconfig->hasValue('redirect.sign')) { $metaArray20['validate.authnrequest'] = $spconfig->getBoolean('sign.authnrequest'); } -$supported_protocols = array('urn:oasis:names:tc:SAML:1.1:protocol', SAML2_Const::NS_SAMLP); +$supported_protocols = array('urn:oasis:names:tc:SAML:1.1:protocol', \SAML2\Constants::NS_SAMLP); $metaArray20['metadata-set'] = 'saml20-sp-remote'; $metaArray20['entityid'] = $entityId; diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php index 611ea0b08bde3fa615b4e1976cd4abd9d203bf03..264a5445ff182cbfb6b8942725efb23c8029ede1 100644 --- a/modules/saml/www/sp/saml2-acs.php +++ b/modules/saml/www/sp/saml2-acs.php @@ -13,9 +13,9 @@ $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP $spMetadata = $source->getMetadata(); try { - $b = SAML2_Binding::getCurrentBinding(); + $b = \SAML2\Binding::getCurrentBinding(); } catch (Exception $e) { // TODO: look for a specific exception - // This is dirty. Instead of checking the message of the exception, SAML2_Binding::getCurrentBinding() should throw + // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw // an specific exception when the binding is unknown, and we should capture that here if ($e->getMessage() === 'Unable to find the current binding.') { throw new SimpleSAML_Error_Error('ACSPARAMS', $e, 400); @@ -24,12 +24,12 @@ try { } } -if ($b instanceof SAML2_HTTPArtifact) { +if ($b instanceof \SAML2\HTTPArtifact) { $b->setSPMetadata($spMetadata); } $response = $b->receive(); -if (!($response instanceof SAML2_Response)) { +if (!($response instanceof \SAML2\Response)) { throw new SimpleSAML_Error_BadRequest('Invalid message received to AssertionConsumerService endpoint.'); } @@ -37,7 +37,7 @@ $idp = $response->getIssuer(); if ($idp === null) { // no Issuer in the response. Look for an unencrypted assertion with an issuer foreach ($response->getAssertions() as $a) { - if ($a instanceof SAML2_Assertion) { + if ($a instanceof \SAML2\Assertion) { // we found an unencrypted assertion, there should be an issuer here $idp = $a->getIssuer(); break; diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php index 5b1fb71166e3cc4a17e47935f31221d63dfdb37e..6fa5a0081791bc2d3588095822fc4c9a8eecfe8c 100644 --- a/modules/saml/www/sp/saml2-logout.php +++ b/modules/saml/www/sp/saml2-logout.php @@ -21,9 +21,9 @@ if (!($source instanceof sspmod_saml_Auth_Source_SP)) { } try { - $binding = SAML2_Binding::getCurrentBinding(); + $binding = \SAML2\Binding::getCurrentBinding(); } catch (Exception $e) { // TODO: look for a specific exception - // This is dirty. Instead of checking the message of the exception, SAML2_Binding::getCurrentBinding() should throw + // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw // an specific exception when the binding is unknown, and we should capture that here if ($e->getMessage() === 'Unable to find the current binding.') { throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS', $e, 400); @@ -52,7 +52,7 @@ if ($destination !== NULL && $destination !== \SimpleSAML\Utils\HTTP::getSelfURL throw new SimpleSAML_Error_Exception('Destination in logout message is wrong.'); } -if ($message instanceof SAML2_LogoutResponse) { +if ($message instanceof \SAML2\LogoutResponse) { $relayState = $message->getRelayState(); if ($relayState === NULL) { @@ -68,7 +68,7 @@ if ($message instanceof SAML2_LogoutResponse) { $state['saml:sp:LogoutStatus'] = $message->getStatus(); SimpleSAML_Auth_Source::completeLogout($state); -} elseif ($message instanceof SAML2_LogoutRequest) { +} elseif ($message instanceof \SAML2\LogoutRequest) { SimpleSAML\Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId); SimpleSAML\Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId); @@ -119,12 +119,12 @@ if ($message instanceof SAML2_LogoutResponse) { } $dst = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array( - SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_HTTP_POST) + \SAML2\Constants::BINDING_HTTP_REDIRECT, + \SAML2\Constants::BINDING_HTTP_POST) ); - if (!$binding instanceof SAML2_SOAP) { - $binding = SAML2_Binding::getBinding($dst['Binding']); + if (!$binding instanceof \SAML2\SOAP) { + $binding = \SAML2\Binding::getBinding($dst['Binding']); if (isset($dst['ResponseLocation'])) { $dst = $dst['ResponseLocation']; } else { diff --git a/tests/lib/SimpleSAML/ConfigurationTest.php b/tests/lib/SimpleSAML/ConfigurationTest.php index eba2fdebf2c7494bd7459b0e9034b3f36b709be9..129f658cf01d9272b552998a5d9073fbe20bc952 100644 --- a/tests/lib/SimpleSAML/ConfigurationTest.php +++ b/tests/lib/SimpleSAML/ConfigurationTest.php @@ -566,14 +566,14 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase array( array( 'Location' => 'https://example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, ), ), // define the ResponseLocation too array( array( 'Location' => 'https://example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, 'ResponseLocation' => 'https://example.com/endpoint.php', ), ), @@ -582,12 +582,12 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase array( 'index' => 1, 'Location' => 'https://www1.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, ), array( 'index' => 2, 'Location' => 'https://www2.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, ), ), // make sure isDefault has priority over indexes @@ -595,13 +595,13 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase array( 'index' => 1, 'Location' => 'https://www2.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, ), array( 'index' => 2, 'isDefault' => true, 'Location' => 'https://www1.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, ), ), // make sure endpoints with invalid bindings are ignored and those marked as NOT default are still used @@ -615,7 +615,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase 'index' => 2, 'isDefault' => false, 'Location' => 'https://www2.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, ), ), ); @@ -623,34 +623,34 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase // output should be completed with the default binding (HTTP-POST for ACS) array( 'Location' => 'https://example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, ), // we should just get the first endpoint with the default binding array( 'Location' => 'https://www1.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, ), // if we specify the binding, we should get it back array( 'Location' => 'https://example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST ), // if we specify ResponseLocation, we should get it back too array( 'Location' => 'https://example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, 'ResponseLocation' => 'https://example.com/endpoint.php', ), // indexes must NOT be taken into account, order is the only thing that matters here array( 'Location' => 'https://www1.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, 'index' => 1, ), // isDefault must have higher priority than indexes array( 'Location' => 'https://www1.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, 'isDefault' => true, 'index' => 2, ), @@ -659,7 +659,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase 'index' => 2, 'isDefault' => false, 'Location' => 'https://www2.example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_POST, + 'Binding' => \SAML2\Constants::BINDING_HTTP_POST, ) ); @@ -674,11 +674,11 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase ); $valid_bindings = array( - SAML2_Const::BINDING_HTTP_POST, - SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_HOK_SSO, - SAML2_Const::BINDING_HTTP_ARTIFACT. - SAML2_Const::BINDING_SOAP, + \SAML2\Constants::BINDING_HTTP_POST, + \SAML2\Constants::BINDING_HTTP_REDIRECT, + \SAML2\Constants::BINDING_HOK_SSO, + \SAML2\Constants::BINDING_HTTP_ARTIFACT. + \SAML2\Constants::BINDING_SOAP, ); // run all general tests with AssertionConsumerService endpoint type @@ -706,14 +706,14 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase $this->assertEquals( array( 'Location' => 'https://example.com/ars', - 'Binding' => SAML2_Const::BINDING_SOAP, + 'Binding' => \SAML2\Constants::BINDING_SOAP, ), $c->getDefaultEndpoint('ArtifactResolutionService') ); $this->assertEquals( array( 'Location' => 'https://example.com/slo', - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, ), $c->getDefaultEndpoint('SingleLogoutService') ); @@ -773,7 +773,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase $e = array( array( 'Location' => 'https://example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, 'ResponseLocation' => 'https://example.com/response.php', ) ); @@ -824,7 +824,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase array( array( 'Location' => 'https://example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, 'ResponseLocation' => 1234, ), ), @@ -832,7 +832,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase array( array( 'Location' => 'https://example.com/endpoint.php', - 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, + 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT, 'index' => 'string', ), ), diff --git a/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php b/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php index 7239f7971e23ba77297b3f0ec3b8557d0f586243..af14bd13db4927769ae3849b1c4a25c9b66a3594 100644 --- a/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php +++ b/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php @@ -16,7 +16,7 @@ class SAMLParserTest extends \PHPUnit_Framework_TestCase 'registrationAuthority' => 'https://incommon.org', ); - $document = \SAML2_DOMDocumentFactory::fromString( + $document = \SAML2\DOMDocumentFactory::fromString( <<<XML <EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"> <EntityDescriptor entityID="theEntityID"> @@ -48,7 +48,7 @@ XML 'registrationAuthority' => 'https://incommon.org', ); - $document = \SAML2_DOMDocumentFactory::fromString( + $document = \SAML2\DOMDocumentFactory::fromString( <<<XML <EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"> <Extensions> diff --git a/www/saml2/idp/ArtifactResolutionService.php b/www/saml2/idp/ArtifactResolutionService.php index 3571b3bfb9290eaac029b6391f078b14e95cc8bc..1bdf8110dd1d3d51599231af5ccc2b4cf217e94c 100644 --- a/www/saml2/idp/ArtifactResolutionService.php +++ b/www/saml2/idp/ArtifactResolutionService.php @@ -2,7 +2,7 @@ /** * The ArtifactResolutionService receives the samlart from the sp. - * And when the artifact is found, it sends a SAML2_ArtifactResponse. + * And when the artifact is found, it sends a \SAML2\ArtifactResponse. * * @author Danny Bollaert, UGent AS. <danny.bollaert@ugent.be> * @package SimpleSAMLphp @@ -28,11 +28,11 @@ if ($store === false) { throw new Exception('Unable to send artifact without a datastore configured.'); } -$binding = new SAML2_SOAP(); +$binding = new \SAML2\SOAP(); try { $request = $binding->receive(); } catch (Exception $e) { // TODO: look for a specific exception - // This is dirty. Instead of checking the message of the exception, SAML2_Binding::getCurrentBinding() should throw + // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw // an specific exception when the binding is unknown, and we should capture that here. Also note that the exception // message here is bogus! if ($e->getMessage() === 'Invalid message received to AssertionConsumerService endpoint.') { @@ -41,7 +41,7 @@ try { throw $e; // do not ignore other exceptions! } } -if (!($request instanceof SAML2_ArtifactResolve)) { +if (!($request instanceof \SAML2\ArtifactResolve)) { throw new Exception('Message received on ArtifactResolutionService wasn\'t a ArtifactResolve request.'); } @@ -54,13 +54,13 @@ $responseData = $store->get('artifact', $artifact); $store->delete('artifact', $artifact); if ($responseData !== null) { - $document = SAML2_DOMDocumentFactory::fromString($responseData); + $document = \SAML2\DOMDocumentFactory::fromString($responseData); $responseXML = $document->firstChild; } else { $responseXML = null; } -$artifactResponse = new SAML2_ArtifactResponse(); +$artifactResponse = new \SAML2\ArtifactResponse(); $artifactResponse->setIssuer($idpEntityId); $artifactResponse->setInResponseTo($request->getId()); $artifactResponse->setAny($responseXML); diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php index 3105eea7f399f1686219a4804d8a0c7e205b0bcd..f5ba8be26bc4deba0f458f9379b5dc26a8758615 100644 --- a/www/saml2/idp/SingleLogoutService.php +++ b/www/saml2/idp/SingleLogoutService.php @@ -23,7 +23,7 @@ if (isset($_REQUEST['ReturnTo'])) { sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp); } catch (Exception $e) { // TODO: look for a specific exception /* - * This is dirty. Instead of checking the message of the exception, SAML2_Binding::getCurrentBinding() should + * This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should * throw an specific exception when the binding is unknown, and we should capture that here */ if ($e->getMessage() === 'Unable to find the current binding.') { diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php index 33197996eec462b8a3b0ccfaf41dc1ad71da0c9f..2697640187408bc8b1a2888208827cb207e86b11 100644 --- a/www/saml2/idp/metadata.php +++ b/www/saml2/idp/metadata.php @@ -2,6 +2,12 @@ require_once('../../_include.php'); +use SAML2\Constants; +use SimpleSAML\Utils\Auth as Auth; +use SimpleSAML\Utils\Crypto as Crypto; +use SimpleSAML\Utils\HTTP as HTTP; +use SimpleSAML\Utils\Config\Metadata as Metadata; + // load SimpleSAMLphp, configuration and metadata $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); @@ -12,7 +18,7 @@ if (!$config->getBoolean('enable.saml20-idp', false)) { // check if valid local session exists if ($config->getBoolean('admin.protectmetadata', false)) { - SimpleSAML\Utils\Auth::requireAdmin(); + Auth::requireAdmin(); } try { @@ -24,7 +30,7 @@ try { $availableCerts = array(); $keys = array(); - $certInfo = SimpleSAML\Utils\Crypto::loadPublicKey($idpmeta, false, 'new_'); + $certInfo = Crypto::loadPublicKey($idpmeta, false, 'new_'); if ($certInfo !== null) { $availableCerts['new_idp.crt'] = $certInfo; $keys[] = array( @@ -38,7 +44,7 @@ try { $hasNewCert = false; } - $certInfo = SimpleSAML\Utils\Crypto::loadPublicKey($idpmeta, true); + $certInfo = Crypto::loadPublicKey($idpmeta, true); $availableCerts['idp.crt'] = $certInfo; $keys[] = array( 'type' => 'X509Certificate', @@ -48,7 +54,7 @@ try { ); if ($idpmeta->hasValue('https.certificate')) { - $httpsCert = SimpleSAML\Utils\Crypto::loadPublicKey($idpmeta, true, 'https.'); + $httpsCert = Crypto::loadPublicKey($idpmeta, true, 'https.'); assert('isset($httpsCert["certData"])'); $availableCerts['https.crt'] = $httpsCert; $keys[] = array( @@ -107,17 +113,17 @@ try { // Artifact sending enabled $metaArray['ArtifactResolutionService'][] = array( 'index' => 0, - 'Location' => \SimpleSAML\Utils\HTTP::getBaseURL().'saml2/idp/ArtifactResolutionService.php', - 'Binding' => SAML2_Const::BINDING_SOAP, + 'Location' => HTTP::getBaseURL().'saml2/idp/ArtifactResolutionService.php', + 'Binding' => Constants::BINDING_SOAP, ); } if ($idpmeta->getBoolean('saml20.hok.assertion', false)) { // Prepend HoK SSO Service endpoint. array_unshift($metaArray['SingleSignOnService'], array( - 'hoksso:ProtocolBinding' => SAML2_Const::BINDING_HTTP_REDIRECT, - 'Binding' => SAML2_Const::BINDING_HOK_SSO, - 'Location' => \SimpleSAML\Utils\HTTP::getBaseURL().'saml2/idp/SSOService.php' + 'hoksso:ProtocolBinding' => Constants::BINDING_HTTP_REDIRECT, + 'Binding' => Constants::BINDING_HOK_SSO, + 'Location' => HTTP::getBaseURL().'saml2/idp/SSOService.php' )); } @@ -147,7 +153,7 @@ try { $metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes'); // check for entity categories - if (SimpleSAML\Utils\Config\Metadata::isHiddenFromDiscovery($metaArray)) { + if (Metadata::isHiddenFromDiscovery($metaArray)) { $metaArray['hide.from.discovery'] = true; } } @@ -175,7 +181,7 @@ try { if ($idpmeta->hasValue('contacts')) { $contacts = $idpmeta->getArray('contacts'); foreach ($contacts as $contact) { - $metaArray['contacts'][] = \SimpleSAML\Utils\Config\Metadata::getContact($contact); + $metaArray['contacts'][] = Metadata::getContact($contact); } } @@ -184,7 +190,7 @@ try { $techcontact['emailAddress'] = $technicalContactEmail; $techcontact['name'] = $config->getString('technicalcontact_name', null); $techcontact['contactType'] = 'technical'; - $metaArray['contacts'][] = \SimpleSAML\Utils\Config\Metadata::getContact($techcontact); + $metaArray['contacts'][] = Metadata::getContact($techcontact); } $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid); @@ -206,7 +212,7 @@ try { $t->data['clipboard.js'] = true; $t->data['available_certs'] = $availableCerts; $t->data['header'] = 'saml20-idp'; - $t->data['metaurl'] = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(); + $t->data['metaurl'] = HTTP::getSelfURLNoQuery(); $t->data['metadata'] = htmlspecialchars($metaxml); $t->data['metadataflat'] = htmlspecialchars($metaflat); $t->data['defaultidp'] = $defaultidp;