From b02c5432cb1ffa3c91f7a38169bbcaf1790324bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez?= <jaime.perez@uninett.no>
Date: Tue, 26 Jul 2016 10:13:13 +0200
Subject: [PATCH] Bump the version of the SAML2 library.
Now we are finally using the 2.x branch of the SAML2 library, which was also migrated to use namespaces. Even though the library provides an autoloader that allows loading the classes with the old names using class aliasing, we need to do the migration in one commit (at least for most part of it). This is due to the way SimpleSAMLphp checks data types, using inheritance to check objects agains abstract or more general classes. Even though class aliasing works, there's no way to replicate those relationships, and type checks that use the old class names will fail because the aliases are virtually new classes that don't inherit from others.
---
composer.json | 4 +-
composer.lock | 42 +++---
lib/SimpleSAML/Bindings/Shib13/Artifact.php | 4 +-
lib/SimpleSAML/Bindings/Shib13/HTTPPost.php | 2 +-
lib/SimpleSAML/Configuration.php | 6 +-
.../Metadata/MetaDataStorageHandler.php | 6 +-
lib/SimpleSAML/Metadata/SAMLBuilder.php | 90 +++++++------
lib/SimpleSAML/Metadata/SAMLParser.php | 124 +++++++++---------
lib/SimpleSAML/Metadata/Signer.php | 2 +-
lib/SimpleSAML/Utilities.php | 4 +-
lib/SimpleSAML/Utils/XML.php | 4 +-
lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 8 +-
modules/adfs/lib/IdP/ADFS.php | 2 +-
.../XML/fed/SecurityTokenServiceType.php | 2 +-
modules/adfs/lib/XMLSecurityDSig.php | 2 +-
modules/adfs/www/idp/metadata.php | 4 +-
modules/cas/lib/Auth/Source/CAS.php | 2 +-
modules/core/lib/Auth/Process/TargetedID.php | 6 +-
modules/core/www/idp/logout-iframe-post.php | 4 +-
.../www/attributeserver.php | 18 +--
modules/metarefresh/lib/MetaLoader.php | 2 +-
modules/saml/docs/sp.md | 4 +-
.../saml/lib/Auth/Process/NameIDAttribute.php | 2 +-
.../lib/Auth/Process/PersistentNameID.php | 2 +-
.../Process/PersistentNameID2TargetedID.php | 8 +-
.../lib/Auth/Process/SQLPersistentNameID.php | 4 +-
.../saml/lib/Auth/Process/TransientNameID.php | 2 +-
modules/saml/lib/Auth/Source/SP.php | 22 ++--
modules/saml/lib/Error.php | 14 +-
modules/saml/lib/IdP/SAML2.php | 86 ++++++------
modules/saml/lib/Message.php | 86 ++++++------
modules/saml/www/sp/metadata.php | 12 +-
modules/saml/www/sp/saml2-acs.php | 10 +-
modules/saml/www/sp/saml2-logout.php | 16 +--
tests/lib/SimpleSAML/ConfigurationTest.php | 48 +++----
.../SimpleSAML/Metadata/SAMLParserTest.php | 4 +-
www/saml2/idp/ArtifactResolutionService.php | 12 +-
www/saml2/idp/SingleLogoutService.php | 2 +-
www/saml2/idp/metadata.php | 32 +++--
39 files changed, 359 insertions(+), 345 deletions(-)
diff --git a/composer.json b/composer.json
index c08fde0b7..47862095f 100644
--- a/composer.json
+++ b/composer.json
@@ -27,8 +27,8 @@
},
"require": {
"php": ">=5.3",
- "simplesamlphp/saml2": "~1.9",
- "robrichards/xmlseclibs": "~1.4.1",
+ "simplesamlphp/saml2": "~2.0",
+ "robrichards/xmlseclibs": "~2.0",
"whitehat101/apr1-md5": "~1.0",
"twig/twig": "~1.0"
},
diff --git a/composer.lock b/composer.lock
index 809b6b3e1..844faf59a 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
- "hash": "18f459d1d127c855734985394410060a",
- "content-hash": "b68e79d55659fa15285f350fd386df12",
+ "hash": "f92f6c305e5d12011c2a06253efd9eee",
+ "content-hash": "cdb4b970d76fd4ba81cd72c50d3734b7",
"packages": [
{
"name": "psr/log",
@@ -47,20 +47,20 @@
},
{
"name": "robrichards/xmlseclibs",
- "version": "1.4.1",
+ "version": "2.0.0",
"source": {
"type": "git",
"url": "https://github.com/robrichards/xmlseclibs.git",
- "reference": "465f18a8e1196c279b1298a3b08bcbee71ea4e4e"
+ "reference": "1b78df099c107279e9069a7b7608be98fd530dfd"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/465f18a8e1196c279b1298a3b08bcbee71ea4e4e",
- "reference": "465f18a8e1196c279b1298a3b08bcbee71ea4e4e",
+ "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/1b78df099c107279e9069a7b7608be98fd530dfd",
+ "reference": "1b78df099c107279e9069a7b7608be98fd530dfd",
"shasum": ""
},
"require": {
- "php": ">= 5.2"
+ "php": ">= 5.3"
},
"suggest": {
"ext/mcrypt": "MCrypt extension",
@@ -68,9 +68,9 @@
},
"type": "library",
"autoload": {
- "classmap": [
- "src/"
- ]
+ "psr-4": {
+ "RobRichards\\XMLSecLibs\\": "src"
+ }
},
"notification-url": "https://packagist.org/downloads/",
"license": [
@@ -84,20 +84,20 @@
"xml",
"xmldsig"
],
- "time": "2015-07-31 12:22:14"
+ "time": "2015-07-31 15:08:38"
},
{
"name": "simplesamlphp/saml2",
- "version": "v1.9",
+ "version": "v2.2",
"source": {
"type": "git",
"url": "https://github.com/simplesamlphp/saml2.git",
- "reference": "be2b348c46cceb311a743a33fb51035158f6f69a"
+ "reference": "0d6861bc2966249702e623d325609adb2a782612"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/be2b348c46cceb311a743a33fb51035158f6f69a",
- "reference": "be2b348c46cceb311a743a33fb51035158f6f69a",
+ "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/0d6861bc2966249702e623d325609adb2a782612",
+ "reference": "0d6861bc2966249702e623d325609adb2a782612",
"shasum": ""
},
"require": {
@@ -105,7 +105,7 @@
"ext-openssl": "*",
"php": ">=5.3.3",
"psr/log": "~1.0",
- "robrichards/xmlseclibs": "^1.3"
+ "robrichards/xmlseclibs": "^2.0"
},
"require-dev": {
"mockery/mockery": "~0.9",
@@ -119,8 +119,11 @@
"type": "library",
"autoload": {
"psr-0": {
- "SAML2_": "src/"
- }
+ "SAML2\\": "src/"
+ },
+ "files": [
+ "src/_autoload.php"
+ ]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
@@ -133,7 +136,7 @@
}
],
"description": "SAML2 PHP library from SimpleSAMLphp",
- "time": "2016-03-16 14:11:59"
+ "time": "2016-03-16 13:39:22"
},
{
"name": "twig/twig",
@@ -335,6 +338,7 @@
"rest",
"web service"
],
+ "abandoned": "guzzlehttp/guzzle",
"time": "2015-03-18 18:23:50"
},
{
diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 38fd0641a..09c636532 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -75,7 +75,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
assert('is_string($soapResponse)');
try {
- $doc = SAML2_DOMDocumentFactory::fromString($soapResponse);
+ $doc = \SAML2\DOMDocumentFactory::fromString($soapResponse);
} catch(\Exception $e) {
throw new SimpleSAML_Error_Exception('Error parsing SAML 1 artifact response.');
}
@@ -102,7 +102,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
* Save the <saml1p:Response> element. Note that we need to import it
* into a new document, in order to preserve namespace declarations.
*/
- $newDoc = SAML2_DOMDocumentFactory::create();
+ $newDoc = \SAML2\DOMDocumentFactory::create();
$newDoc->appendChild($newDoc->importNode($responseElement, TRUE));
$responseXML = $newDoc->saveXML();
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index c92e0f1bf..30ddf25ae 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -58,7 +58,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost
$privatekey = SimpleSAML\Utils\Crypto::loadPrivateKey($idpmd, true);
$publickey = SimpleSAML\Utils\Crypto::loadPublicKey($idpmd, true);
- $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace("\r", "", $response));
+ $responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace("\r", "", $response));
$responseroot = $responsedom->getElementsByTagName('Response')->item(0);
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php
index 088b662f7..61f520957 100644
--- a/lib/SimpleSAML/Configuration.php
+++ b/lib/SimpleSAML/Configuration.php
@@ -1071,11 +1071,11 @@ class SimpleSAML_Configuration
case 'saml20-idp-remote:SingleSignOnService':
case 'saml20-idp-remote:SingleLogoutService':
case 'saml20-sp-remote:SingleLogoutService':
- return SAML2_Const::BINDING_HTTP_REDIRECT;
+ return \SAML2\Constants::BINDING_HTTP_REDIRECT;
case 'saml20-sp-remote:AssertionConsumerService':
- return SAML2_Const::BINDING_HTTP_POST;
+ return \SAML2\Constants::BINDING_HTTP_POST;
case 'saml20-idp-remote:ArtifactResolutionService':
- return SAML2_Const::BINDING_SOAP;
+ return \SAML2\Constants::BINDING_SOAP;
case 'shib13-idp-remote:SingleSignOnService':
return 'urn:mace:shibboleth:1.0:profiles:AuthnRequest';
case 'shib13-sp-remote:AssertionConsumerService':
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
index 95b32b5fc..33e5ef1c8 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
@@ -102,7 +102,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandler
if ($set == 'saml20-sp-hosted') {
if ($property === 'SingleLogoutServiceBinding') {
- return SAML2_Const::BINDING_HTTP_REDIRECT;
+ return \SAML2\Constants::BINDING_HTTP_REDIRECT;
}
} elseif ($set == 'saml20-idp-hosted') {
switch ($property) {
@@ -110,13 +110,13 @@ class SimpleSAML_Metadata_MetaDataStorageHandler
return $baseurl.'saml2/idp/SSOService.php';
case 'SingleSignOnServiceBinding':
- return SAML2_Const::BINDING_HTTP_REDIRECT;
+ return \SAML2\Constants::BINDING_HTTP_REDIRECT;
case 'SingleLogoutService':
return $baseurl.'saml2/idp/SingleLogoutService.php';
case 'SingleLogoutServiceBinding':
- return SAML2_Const::BINDING_HTTP_REDIRECT;
+ return \SAML2\Constants::BINDING_HTTP_REDIRECT;
}
} elseif ($set == 'shib13-idp-hosted') {
if ($property === 'SingleSignOnService') {
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index 0d8f0e65f..35156f7db 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -15,7 +15,7 @@ class SimpleSAML_Metadata_SAMLBuilder
/**
* The EntityDescriptor we are building.
*
- * @var SAML2_XML_md_EntityDescriptor
+ * @var \SAML2\XML\md\EntityDescriptor
*/
private $entityDescriptor;
@@ -51,7 +51,7 @@ class SimpleSAML_Metadata_SAMLBuilder
$this->maxCache = $maxCache;
$this->maxDuration = $maxDuration;
- $this->entityDescriptor = new SAML2_XML_md_EntityDescriptor();
+ $this->entityDescriptor = new \SAML2\XML\md\EntityDescriptor();
$this->entityDescriptor->entityID = $entityId;
}
@@ -135,31 +135,31 @@ class SimpleSAML_Metadata_SAMLBuilder
* Add extensions to the metadata.
*
* @param SimpleSAML_Configuration $metadata The metadata to get extensions from.
- * @param SAML2_XML_md_RoleDescriptor $e Reference to the element where the Extensions element should be included.
+ * @param \SAML2\XML\md\RoleDescriptor $e Reference to the element where the Extensions element should be included.
*/
- private function addExtensions(SimpleSAML_Configuration $metadata, SAML2_XML_md_RoleDescriptor $e)
+ private function addExtensions(SimpleSAML_Configuration $metadata, \SAML2\XML\md\RoleDescriptor $e)
{
if ($metadata->hasValue('tags')) {
- $a = new SAML2_XML_saml_Attribute();
+ $a = new \SAML2\XML\saml\Attribute();
$a->Name = 'tags';
foreach ($metadata->getArray('tags') as $tag) {
- $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($tag);
+ $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($tag);
}
$e->Extensions[] = $a;
}
if ($metadata->hasValue('hint.cidr')) {
- $a = new SAML2_XML_saml_Attribute();
+ $a = new \SAML2\XML\saml\Attribute();
$a->Name = 'hint.cidr';
foreach ($metadata->getArray('hint.cidr') as $hint) {
- $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($hint);
+ $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($hint);
}
$e->Extensions[] = $a;
}
if ($metadata->hasValue('scope')) {
foreach ($metadata->getArray('scope') as $scopetext) {
- $s = new SAML2_XML_shibmd_Scope();
+ $s = new \SAML2\XML\shibmd\Scope();
$s->scope = $scopetext;
// Check whether $ ^ ( ) * | \ are in a scope -> assume regex.
if (1 === preg_match('/[\$\^\)\(\*\|\\\\]/', $scopetext)) {
@@ -172,9 +172,9 @@ class SimpleSAML_Metadata_SAMLBuilder
}
if ($metadata->hasValue('EntityAttributes')) {
- $ea = new SAML2_XML_mdattr_EntityAttributes();
+ $ea = new \SAML2\XML\mdattr\EntityAttributes();
foreach ($metadata->getArray('EntityAttributes') as $attributeName => $attributeValues) {
- $a = new SAML2_XML_saml_Attribute();
+ $a = new \SAML2\XML\saml\Attribute();
$a->Name = $attributeName;
$a->NameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri';
@@ -182,12 +182,12 @@ class SimpleSAML_Metadata_SAMLBuilder
if (preg_match('/^\{(.*?)\}(.*)$/', $attributeName, $matches)) {
$a->Name = $matches[2];
$nameFormat = $matches[1];
- if ($nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
+ if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
$a->NameFormat = $nameFormat;
}
}
foreach ($attributeValues as $attributeValue) {
- $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($attributeValue);
+ $a->AttributeValue[] = new \SAML2\XML\saml\AttributeValue($attributeValue);
}
$ea->children[] = $a;
}
@@ -195,14 +195,14 @@ class SimpleSAML_Metadata_SAMLBuilder
}
if ($metadata->hasValue('RegistrationInfo')) {
- $ri = new SAML2_XML_mdrpi_RegistrationInfo();
+ $ri = new \SAML2\XML\mdrpi\RegistrationInfo();
foreach ($metadata->getArray('RegistrationInfo') as $riName => $riValues) {
switch ($riName) {
case 'authority':
$ri->registrationAuthority = $riValues;
break;
case 'instant':
- $ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues);
+ $ri->registrationInstant = \SAML2\Utils::xsDateTimeToTimestamp($riValues);
break;
case 'policies':
$ri->RegistrationPolicy = $riValues;
@@ -213,7 +213,7 @@ class SimpleSAML_Metadata_SAMLBuilder
}
if ($metadata->hasValue('UIInfo')) {
- $ui = new SAML2_XML_mdui_UIInfo();
+ $ui = new \SAML2\XML\mdui\UIInfo();
foreach ($metadata->getArray('UIInfo') as $uiName => $uiValues) {
switch ($uiName) {
case 'DisplayName':
@@ -230,7 +230,7 @@ class SimpleSAML_Metadata_SAMLBuilder
break;
case 'Keywords':
foreach ($uiValues as $lang => $keywords) {
- $uiItem = new SAML2_XML_mdui_Keywords();
+ $uiItem = new \SAML2\XML\mdui\Keywords();
$uiItem->lang = $lang;
$uiItem->Keywords = $keywords;
$ui->Keywords[] = $uiItem;
@@ -238,7 +238,7 @@ class SimpleSAML_Metadata_SAMLBuilder
break;
case 'Logo':
foreach ($uiValues as $logo) {
- $uiItem = new SAML2_XML_mdui_Logo();
+ $uiItem = new \SAML2\XML\mdui\Logo();
$uiItem->url = $logo['url'];
$uiItem->width = $logo['width'];
$uiItem->height = $logo['height'];
@@ -254,7 +254,7 @@ class SimpleSAML_Metadata_SAMLBuilder
}
if ($metadata->hasValue('DiscoHints')) {
- $dh = new SAML2_XML_mdui_DiscoHints();
+ $dh = new \SAML2\XML\mdui\DiscoHints();
foreach ($metadata->getArray('DiscoHints') as $dhName => $dhValues) {
switch ($dhName) {
case 'IPHint':
@@ -282,7 +282,7 @@ class SimpleSAML_Metadata_SAMLBuilder
*/
public function addOrganization(array $orgName, array $orgDisplayName, array $orgURL)
{
- $org = new SAML2_XML_md_Organization();
+ $org = new \SAML2\XML\md\Organization();
$org->OrganizationName = $orgName;
$org->OrganizationDisplayName = $orgDisplayName;
@@ -322,7 +322,7 @@ class SimpleSAML_Metadata_SAMLBuilder
* @param array $endpoints The endpoints.
* @param bool $indexed Whether the endpoints should be indexed.
*
- * @return array An array of endpoint objects, either SAML2_XML_md_EndpointType or SAML2_XML_md_IndexedEndpointType.
+ * @return array An array of endpoint objects, either \SAML2\XML\md\EndpointType or \SAML2\XML\md\IndexedEndpointType.
*/
private static function createEndpoints(array $endpoints, $indexed)
{
@@ -332,9 +332,9 @@ class SimpleSAML_Metadata_SAMLBuilder
foreach ($endpoints as &$ep) {
if ($indexed) {
- $t = new SAML2_XML_md_IndexedEndpointType();
+ $t = new \SAML2\XML\md\IndexedEndpointType();
} else {
- $t = new SAML2_XML_md_EndpointType();
+ $t = new \SAML2\XML\md\EndpointType();
}
$t->Binding = $ep['Binding'];
@@ -343,7 +343,11 @@ class SimpleSAML_Metadata_SAMLBuilder
$t->ResponseLocation = $ep['ResponseLocation'];
}
if (isset($ep['hoksso:ProtocolBinding'])) {
- $t->setAttributeNS(SAML2_Const::NS_HOK, 'hoksso:ProtocolBinding', SAML2_Const::BINDING_HTTP_REDIRECT);
+ $t->setAttributeNS(
+ \SAML2\Constants::NS_HOK,
+ 'hoksso:ProtocolBinding',
+ \SAML2\Constants::BINDING_HTTP_REDIRECT
+ );
}
if ($indexed) {
@@ -376,11 +380,11 @@ class SimpleSAML_Metadata_SAMLBuilder
/**
* Add an AttributeConsumingService element to the metadata.
*
- * @param SAML2_XML_md_SPSSODescriptor $spDesc The SPSSODescriptor element.
+ * @param \SAML2\XML\md\SPSSODescriptor $spDesc The SPSSODescriptor element.
* @param SimpleSAML_Configuration $metadata The metadata.
*/
private function addAttributeConsumingService(
- SAML2_XML_md_SPSSODescriptor $spDesc,
+ \SAML2\XML\md\SPSSODescriptor $spDesc,
SimpleSAML_Configuration $metadata
) {
$attributes = $metadata->getArray('attributes', array());
@@ -397,21 +401,21 @@ class SimpleSAML_Metadata_SAMLBuilder
* Add an AttributeConsumingService element with information as name and description and list
* of requested attributes
*/
- $attributeconsumer = new SAML2_XML_md_AttributeConsumingService();
+ $attributeconsumer = new \SAML2\XML\md\AttributeConsumingService();
$attributeconsumer->index = 0;
$attributeconsumer->ServiceName = $name;
$attributeconsumer->ServiceDescription = $metadata->getLocalizedString('description', array());
- $nameFormat = $metadata->getString('attributes.NameFormat', SAML2_Const::NAMEFORMAT_UNSPECIFIED);
+ $nameFormat = $metadata->getString('attributes.NameFormat', \SAML2\Constants::NAMEFORMAT_UNSPECIFIED);
foreach ($attributes as $friendlyName => $attribute) {
- $t = new SAML2_XML_md_RequestedAttribute();
+ $t = new \SAML2\XML\md\RequestedAttribute();
$t->Name = $attribute;
if (!is_int($friendlyName)) {
$t->FriendlyName = $friendlyName;
}
- if ($nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
+ if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
$t->NameFormat = $nameFormat;
}
if (in_array($attribute, $attributesrequired)) {
@@ -463,9 +467,9 @@ class SimpleSAML_Metadata_SAMLBuilder
* Add SAML 2.0 SP metadata.
*
* @param array $metadata The metadata.
- * @param array $protocols The protocols supported. Defaults to SAML2_Const::NS_SAMLP.
+ * @param array $protocols The protocols supported. Defaults to \SAML2\Constants::NS_SAMLP.
*/
- public function addMetadataSP20($metadata, $protocols = array(SAML2_Const::NS_SAMLP))
+ public function addMetadataSP20($metadata, $protocols = array(\SAML2\Constants::NS_SAMLP))
{
assert('is_array($metadata)');
assert('is_array($protocols)');
@@ -474,7 +478,7 @@ class SimpleSAML_Metadata_SAMLBuilder
$metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new SAML2_XML_md_SPSSODescriptor();
+ $e = new \SAML2\XML\md\SPSSODescriptor();
$e->protocolSupportEnumeration = $protocols;
if ($metadata->hasValue('saml20.sign.assertion')) {
@@ -529,7 +533,7 @@ class SimpleSAML_Metadata_SAMLBuilder
$metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new SAML2_XML_md_IDPSSODescriptor();
+ $e = new \SAML2\XML\md\IDPSSODescriptor();
$e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:2.0:protocol';
if ($metadata->hasValue('sign.authnrequest')) {
@@ -578,7 +582,7 @@ class SimpleSAML_Metadata_SAMLBuilder
$metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new SAML2_XML_md_SPSSODescriptor();
+ $e = new \SAML2\XML\md\SPSSODescriptor();
$e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:1.1:protocol';
$this->addCertificate($e, $metadata);
@@ -613,7 +617,7 @@ class SimpleSAML_Metadata_SAMLBuilder
$metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new SAML2_XML_md_IDPSSODescriptor();
+ $e = new \SAML2\XML\md\IDPSSODescriptor();
$e->protocolSupportEnumeration[] = 'urn:oasis:names:tc:SAML:1.1:protocol';
$e->protocolSupportEnumeration[] = 'urn:mace:shibboleth:1.0';
@@ -641,7 +645,7 @@ class SimpleSAML_Metadata_SAMLBuilder
$metadata = SimpleSAML_Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new SAML2_XML_md_AttributeAuthorityDescriptor();
+ $e = new \SAML2\XML\md\AttributeAuthorityDescriptor();
$e->protocolSupportEnumeration = $metadata->getArray('protocols', array());
$this->addExtensions($metadata, $e);
@@ -681,7 +685,7 @@ class SimpleSAML_Metadata_SAMLBuilder
// TODO: remove this check as soon as getContact() is called always before calling this function
$details = \SimpleSAML\Utils\Config\Metadata::getContact($details);
- $e = new SAML2_XML_md_ContactPerson();
+ $e = new \SAML2\XML\md\ContactPerson();
$e->contactType = $type;
if (isset($details['company'])) {
@@ -721,16 +725,16 @@ class SimpleSAML_Metadata_SAMLBuilder
/**
* Add a KeyDescriptor with an X509 certificate.
*
- * @param SAML2_XML_md_RoleDescriptor $rd The RoleDescriptor the certificate should be added to.
+ * @param \SAML2\XML\md\RoleDescriptor $rd The RoleDescriptor the certificate should be added to.
* @param string $use The value of the 'use' attribute.
* @param string $x509data The certificate data.
*/
- private function addX509KeyDescriptor(SAML2_XML_md_RoleDescriptor $rd, $use, $x509data)
+ private function addX509KeyDescriptor(\SAML2\XML\md\RoleDescriptor $rd, $use, $x509data)
{
assert('in_array($use, array("encryption", "signing"), TRUE)');
assert('is_string($x509data)');
- $keyDescriptor = SAML2_Utils::createKeyDescriptor($x509data);
+ $keyDescriptor = \SAML2\Utils::createKeyDescriptor($x509data);
$keyDescriptor->use = $use;
$rd->KeyDescriptor[] = $keyDescriptor;
}
@@ -741,10 +745,10 @@ class SimpleSAML_Metadata_SAMLBuilder
*
* Helper function for adding a certificate to the metadata.
*
- * @param SAML2_XML_md_RoleDescriptor $rd The RoleDescriptor the certificate should be added to.
+ * @param \SAML2\XML\md\RoleDescriptor $rd The RoleDescriptor the certificate should be added to.
* @param SimpleSAML_Configuration $metadata The metadata of the entity.
*/
- private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata)
+ private function addCertificate(\SAML2\XML\md\RoleDescriptor $rd, SimpleSAML_Configuration $metadata)
{
$keys = $metadata->getPublicKeys();
if ($keys !== null) {
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 02e6e91c4..edb39091c 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -139,7 +139,7 @@ class SimpleSAML_Metadata_SAMLParser
/**
* This is an array of elements that may be used to validate this element.
*
- * @var SAML2_SignedElementHelper[]
+ * @var \SAML2\SignedElementHelper[]
*/
private $validators = array();
@@ -155,14 +155,14 @@ class SimpleSAML_Metadata_SAMLParser
/**
* This is the constructor for the SAMLParser class.
*
- * @param SAML2_XML_md_EntityDescriptor $entityElement The EntityDescriptor.
+ * @param \SAML2\XML\md\EntityDescriptor $entityElement The EntityDescriptor.
* @param int|NULL $maxExpireTime The unix timestamp for when this entity should expire, or
* NULL if unknown.
* @param array $validators An array of parent elements that may validate this element.
* @param array $parentExtensions An optional array of extensions from the parent element.
*/
private function __construct(
- SAML2_XML_md_EntityDescriptor $entityElement,
+ \SAML2\XML\md\EntityDescriptor $entityElement,
$maxExpireTime,
array $validators = array(),
array $parentExtensions = null
@@ -192,11 +192,11 @@ class SimpleSAML_Metadata_SAMLParser
// look over the RoleDescriptors
foreach ($entityElement->RoleDescriptor as $child) {
- if ($child instanceof SAML2_XML_md_SPSSODescriptor) {
+ if ($child instanceof \SAML2\XML\md\SPSSODescriptor) {
$this->processSPSSODescriptor($child, $expireTime);
- } elseif ($child instanceof SAML2_XML_md_IDPSSODescriptor) {
+ } elseif ($child instanceof \SAML2\XML\md\IDPSSODescriptor) {
$this->processIDPSSODescriptor($child, $expireTime);
- } elseif ($child instanceof SAML2_XML_md_AttributeAuthorityDescriptor) {
+ } elseif ($child instanceof \SAML2\XML\md\AttributeAuthorityDescriptor) {
$this->processAttributeAuthorityDescriptor($child, $expireTime);
}
}
@@ -226,7 +226,7 @@ class SimpleSAML_Metadata_SAMLParser
$data = \SimpleSAML\Utils\HTTP::fetch($file);
try {
- $doc = SAML2_DOMDocumentFactory::fromString($data);
+ $doc = \SAML2\DOMDocumentFactory::fromString($data);
} catch(\Exception $e) {
throw new Exception('Failed to read XML from file: '.$file);
}
@@ -246,7 +246,7 @@ class SimpleSAML_Metadata_SAMLParser
public static function parseString($metadata)
{
try {
- $doc = SAML2_DOMDocumentFactory::fromString($metadata);
+ $doc = \SAML2\DOMDocumentFactory::fromString($metadata);
} catch(\Exception $e) {
throw new Exception('Failed to parse XML string.');
}
@@ -273,16 +273,16 @@ class SimpleSAML_Metadata_SAMLParser
/**
- * This function parses a SAML2_XML_md_EntityDescriptor object which represents a EntityDescriptor element.
+ * This function parses a \SAML2\XML\md\EntityDescriptor object which represents a EntityDescriptor element.
*
- * @param SAML2_XML_md_EntityDescriptor $entityElement A SAML2_XML_md_EntityDescriptor object which represents a
+ * @param \SAML2\XML\md\EntityDescriptor $entityElement A \SAML2\XML\md\EntityDescriptor object which represents a
* EntityDescriptor element.
*
* @return SimpleSAML_Metadata_SAMLParser An instance of this class with the metadata loaded.
*/
public static function parseElement($entityElement)
{
- assert('$entityElement instanceof SAML2_XML_md_EntityDescriptor');
+ assert('$entityElement instanceof \SAML2\XML\md\EntityDescriptor');
return new SimpleSAML_Metadata_SAMLParser($entityElement, null);
}
@@ -309,7 +309,7 @@ class SimpleSAML_Metadata_SAMLParser
$data = \SimpleSAML\Utils\HTTP::fetch($file);
try {
- $doc = SAML2_DOMDocumentFactory::fromString($data);
+ $doc = \SAML2\DOMDocumentFactory::fromString($data);
} catch(\Exception $e) {
throw new Exception('Failed to read XML from file: '.$file);
}
@@ -336,7 +336,7 @@ class SimpleSAML_Metadata_SAMLParser
public static function parseDescriptorsString($string)
{
try {
- $doc = SAML2_DOMDocumentFactory::fromString($string);
+ $doc = \SAML2\DOMDocumentFactory::fromString($string);
} catch(\Exception $e) {
throw new Exception('Failed to parse XML string.');
}
@@ -365,9 +365,9 @@ class SimpleSAML_Metadata_SAMLParser
assert('$element instanceof DOMElement');
if (SimpleSAML\Utils\XML::isDOMElementOfType($element, 'EntityDescriptor', '@md') === true) {
- return self::processDescriptorsElement(new SAML2_XML_md_EntityDescriptor($element));
+ return self::processDescriptorsElement(new \SAML2\XML\md\EntityDescriptor($element));
} elseif (SimpleSAML\Utils\XML::isDOMElementOfType($element, 'EntitiesDescriptor', '@md') === true) {
- return self::processDescriptorsElement(new SAML2_XML_md_EntitiesDescriptor($element));
+ return self::processDescriptorsElement(new \SAML2\XML\md\EntitiesDescriptor($element));
} else {
throw new Exception('Unexpected root node: ['.$element->namespaceURI.']:'.$element->localName);
}
@@ -376,7 +376,7 @@ class SimpleSAML_Metadata_SAMLParser
/**
*
- * @param SAML2_XML_md_EntityDescriptor|SAML2_XML_md_EntitiesDescriptor $element The element we should process.
+ * @param \SAML2\XML\md\EntityDescriptor|\SAML2\XML\md\EntitiesDescriptor $element The element we should process.
* @param int|NULL $maxExpireTime The maximum expiration time
* of the entities.
* @param array $validators The parent-elements that may be
@@ -394,14 +394,14 @@ class SimpleSAML_Metadata_SAMLParser
) {
assert('is_null($maxExpireTime) || is_int($maxExpireTime)');
- if ($element instanceof SAML2_XML_md_EntityDescriptor) {
+ if ($element instanceof \SAML2\XML\md\EntityDescriptor) {
$ret = new SimpleSAML_Metadata_SAMLParser($element, $maxExpireTime, $validators, $parentExtensions);
$ret = array($ret->getEntityId() => $ret);
/** @var SimpleSAML_Metadata_SAMLParser[] $ret */
return $ret;
}
- assert('$element instanceof SAML2_XML_md_EntitiesDescriptor');
+ assert('$element instanceof \SAML2\XML\md\EntitiesDescriptor');
$extensions = self::processExtensions($element, $parentExtensions);
$expTime = self::getExpireTime($element, $maxExpireTime);
@@ -836,13 +836,13 @@ class SimpleSAML_Metadata_SAMLParser
* - 'expire': Timestamp for when this descriptor expires.
* - 'keys': Array of associative arrays with the elements from parseKeyDescriptor.
*
- * @param SAML2_XML_md_RoleDescriptor $element The element we should extract metadata from.
+ * @param \SAML2\XML\md\RoleDescriptor $element The element we should extract metadata from.
* @param int|NULL $expireTime The unix timestamp for when this element should expire, or
* NULL if unknown.
*
* @return array An associative array with metadata we have extracted from this element.
*/
- private static function parseRoleDescriptorType(SAML2_XML_md_RoleDescriptor $element, $expireTime)
+ private static function parseRoleDescriptorType(\SAML2\XML\md\RoleDescriptor $element, $expireTime)
{
assert('is_null($expireTime) || is_int($expireTime)');
@@ -887,13 +887,13 @@ class SimpleSAML_Metadata_SAMLParser
* - 'nameIDFormats': The NameIDFormats supported by this SSODescriptor. This may be an empty array.
* - 'keys': Array of associative arrays with the elements from parseKeyDescriptor:
*
- * @param SAML2_XML_md_SSODescriptorType $element The element we should extract metadata from.
+ * @param \SAML2\XML\md\SSODescriptorType $element The element we should extract metadata from.
* @param int|NULL $expireTime The unix timestamp for when this element should expire, or
* NULL if unknown.
*
* @return array An associative array with metadata we have extracted from this element.
*/
- private static function parseSSODescriptor(SAML2_XML_md_SSODescriptorType $element, $expireTime)
+ private static function parseSSODescriptor(\SAML2\XML\md\SSODescriptorType $element, $expireTime)
{
assert('is_null($expireTime) || is_int($expireTime)');
@@ -916,11 +916,11 @@ class SimpleSAML_Metadata_SAMLParser
/**
* This function extracts metadata from a SPSSODescriptor element.
*
- * @param SAML2_XML_md_SPSSODescriptor $element The element which should be parsed.
+ * @param \SAML2\XML\md\SPSSODescriptor $element The element which should be parsed.
* @param int|NULL $expireTime The unix timestamp for when this element should expire, or
* NULL if unknown.
*/
- private function processSPSSODescriptor(SAML2_XML_md_SPSSODescriptor $element, $expireTime)
+ private function processSPSSODescriptor(\SAML2\XML\md\SPSSODescriptor $element, $expireTime)
{
assert('is_null($expireTime) || is_int($expireTime)');
@@ -952,11 +952,11 @@ class SimpleSAML_Metadata_SAMLParser
/**
* This function extracts metadata from a IDPSSODescriptor element.
*
- * @param SAML2_XML_md_IDPSSODescriptor $element The element which should be parsed.
+ * @param \SAML2\XML\md\IDPSSODescriptor $element The element which should be parsed.
* @param int|NULL $expireTime The unix timestamp for when this element should expire, or
* NULL if unknown.
*/
- private function processIDPSSODescriptor(SAML2_XML_md_IDPSSODescriptor $element, $expireTime)
+ private function processIDPSSODescriptor(\SAML2\XML\md\IDPSSODescriptor $element, $expireTime)
{
assert('is_null($expireTime) || is_int($expireTime)');
@@ -978,12 +978,12 @@ class SimpleSAML_Metadata_SAMLParser
/**
* This function extracts metadata from a AttributeAuthorityDescriptor element.
*
- * @param SAML2_XML_md_AttributeAuthorityDescriptor $element The element which should be parsed.
+ * @param \SAML2\XML\md\AttributeAuthorityDescriptor $element The element which should be parsed.
* @param int|NULL $expireTime The unix timestamp for when this element should
* expire, or NULL if unknown.
*/
private function processAttributeAuthorityDescriptor(
- SAML2_XML_md_AttributeAuthorityDescriptor $element,
+ \SAML2\XML\md\AttributeAuthorityDescriptor $element,
$expireTime
) {
assert('is_null($expireTime) || is_int($expireTime)');
@@ -1021,24 +1021,24 @@ class SimpleSAML_Metadata_SAMLParser
);
// Some extensions may get inherited from a parent element
- if (($element instanceof SAML2_XML_md_EntityDescriptor || $element instanceof SAML2_XML_md_EntitiesDescriptor)
+ if (($element instanceof \SAML2\XML\md\EntityDescriptor || $element instanceof \SAML2\XML\md\EntitiesDescriptor)
&& !empty($parentExtensions['RegistrationInfo'])) {
$ret['RegistrationInfo'] = $parentExtensions['RegistrationInfo'];
}
foreach ($element->Extensions as $e) {
- if ($e instanceof SAML2_XML_shibmd_Scope) {
+ if ($e instanceof \SAML2\XML\shibmd\Scope) {
$ret['scope'][] = $e->scope;
continue;
}
// Entity Attributes are only allowed at entity level extensions and not at RoleDescriptor level
- if ($element instanceof SAML2_XML_md_EntityDescriptor ||
- $element instanceof SAML2_XML_md_EntitiesDescriptor) {
+ if ($element instanceof \SAML2\XML\md\EntityDescriptor ||
+ $element instanceof \SAML2\XML\md\EntitiesDescriptor) {
- if ($e instanceof SAML2_XML_mdrpi_RegistrationInfo) {
+ if ($e instanceof \SAML2\XML\mdrpi\RegistrationInfo) {
// Registration Authority cannot be overridden (warn only if override attempts to change the value)
if (isset($ret['RegistrationInfo']['registrationAuthority'])
&& $ret['RegistrationInfo']['registrationAuthority'] !== $e->registrationAuthority) {
@@ -1048,11 +1048,11 @@ class SimpleSAML_Metadata_SAMLParser
$ret['RegistrationInfo']['registrationAuthority'] = $e->registrationAuthority;
}
}
- if ($e instanceof SAML2_XML_mdattr_EntityAttributes && !empty($e->children)) {
+ if ($e instanceof \SAML2\XML\mdattr\EntityAttributes && !empty($e->children)) {
foreach ($e->children as $attr) {
// only saml:Attribute are currently supported here. The specifications also allows
// saml:Assertions, which more complex processing
- if ($attr instanceof SAML2_XML_saml_Attribute) {
+ if ($attr instanceof \SAML2\XML\saml\Attribute) {
if (empty($attr->Name) || empty($attr->AttributeValue)) {
continue;
}
@@ -1060,7 +1060,7 @@ class SimpleSAML_Metadata_SAMLParser
// attribute names that is not URI is prefixed as this: '{nameformat}name'
$name = $attr->Name;
if (empty($attr->NameFormat)) {
- $name = '{'.SAML2_Const::NAMEFORMAT_UNSPECIFIED.'}'.$attr->Name;
+ $name = '{'.\SAML2\Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->Name;
} elseif ($attr->NameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri') {
$name = '{'.$attr->NameFormat.'}'.$attr->Name;
}
@@ -1077,8 +1077,8 @@ class SimpleSAML_Metadata_SAMLParser
}
// UIInfo elements are only allowed at RoleDescriptor level extensions
- if ($element instanceof SAML2_XML_md_RoleDescriptor) {
- if ($e instanceof SAML2_XML_mdui_UIInfo) {
+ if ($element instanceof \SAML2\XML\md\RoleDescriptor) {
+ if ($e instanceof \SAML2\XML\mdui\UIInfo) {
$ret['UIInfo']['DisplayName'] = $e->DisplayName;
$ret['UIInfo']['Description'] = $e->Description;
@@ -1086,7 +1086,7 @@ class SimpleSAML_Metadata_SAMLParser
$ret['UIInfo']['PrivacyStatementURL'] = $e->PrivacyStatementURL;
foreach ($e->Keywords as $uiItem) {
- if (!($uiItem instanceof SAML2_XML_mdui_Keywords)
+ if (!($uiItem instanceof \SAML2\XML\mdui\Keywords)
|| empty($uiItem->Keywords)
|| empty($uiItem->lang)
) {
@@ -1095,7 +1095,7 @@ class SimpleSAML_Metadata_SAMLParser
$ret['UIInfo']['Keywords'][$uiItem->lang] = $uiItem->Keywords;
}
foreach ($e->Logo as $uiItem) {
- if (!($uiItem instanceof SAML2_XML_mdui_Logo)
+ if (!($uiItem instanceof \SAML2\XML\mdui\Logo)
|| empty($uiItem->url)
|| empty($uiItem->height)
|| empty($uiItem->width)
@@ -1116,20 +1116,20 @@ class SimpleSAML_Metadata_SAMLParser
}
// DiscoHints elements are only allowed at IDPSSODescriptor level extensions
- if ($element instanceof SAML2_XML_md_IDPSSODescriptor) {
+ if ($element instanceof \SAML2\XML\md\IDPSSODescriptor) {
- if ($e instanceof SAML2_XML_mdui_DiscoHints) {
+ if ($e instanceof \SAML2\XML\mdui\DiscoHints) {
$ret['DiscoHints']['IPHint'] = $e->IPHint;
$ret['DiscoHints']['DomainHint'] = $e->DomainHint;
$ret['DiscoHints']['GeolocationHint'] = $e->GeolocationHint;
}
}
- if (!($e instanceof SAML2_XML_Chunk)) {
+ if (!($e instanceof \SAML2\XML\Chunk)) {
continue;
}
- if ($e->localName === 'Attribute' && $e->namespaceURI === SAML2_Const::NS_SAML) {
+ if ($e->localName === 'Attribute' && $e->namespaceURI === \SAML2\Constants::NS_SAML) {
$attribute = $e->getXML();
$name = $attribute->getAttribute('Name');
@@ -1154,9 +1154,9 @@ class SimpleSAML_Metadata_SAMLParser
/**
* Parse and process a Organization element.
*
- * @param SAML2_XML_md_Organization $element The Organization element.
+ * @param \SAML2\XML\md\Organization $element The Organization element.
*/
- private function processOrganization(SAML2_XML_md_Organization $element)
+ private function processOrganization(\SAML2\XML\md\Organization $element)
{
$this->organizationName = $element->OrganizationName;
$this->organizationDisplayName = $element->OrganizationDisplayName;
@@ -1167,10 +1167,10 @@ class SimpleSAML_Metadata_SAMLParser
/**
* Parse and process a ContactPerson element.
*
- * @param SAML2_XML_md_ContactPerson $element The ContactPerson element.
+ * @param \SAML2\XML\md\ContactPerson $element The ContactPerson element.
*/
- private function processContactPerson(SAML2_XML_md_ContactPerson $element)
+ private function processContactPerson(\SAML2\XML\md\ContactPerson $element)
{
$contactPerson = array();
if (!empty($element->contactType)) {
@@ -1200,10 +1200,10 @@ class SimpleSAML_Metadata_SAMLParser
/**
* This function parses AttributeConsumerService elements.
*
- * @param SAML2_XML_md_AttributeConsumingService $element The AttributeConsumingService to parse.
+ * @param \SAML2\XML\md\AttributeConsumingService $element The AttributeConsumingService to parse.
* @param array $sp The array with the SP's metadata.
*/
- private static function parseAttributeConsumerService(SAML2_XML_md_AttributeConsumingService $element, &$sp)
+ private static function parseAttributeConsumerService(\SAML2\XML\md\AttributeConsumingService $element, &$sp)
{
assert('is_array($sp)');
@@ -1228,13 +1228,13 @@ class SimpleSAML_Metadata_SAMLParser
if ($child->NameFormat !== null) {
$attrformat = $child->NameFormat;
} else {
- $attrformat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
+ $attrformat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
}
if ($format === null) {
$format = $attrformat;
} elseif ($format !== $attrformat) {
- $format = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
+ $format = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
}
}
@@ -1246,7 +1246,7 @@ class SimpleSAML_Metadata_SAMLParser
unset($sp['attributes.required']);
}
- if ($format !== SAML2_Const::NAMEFORMAT_UNSPECIFIED && $format !== null) {
+ if ($format !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED && $format !== null) {
$sp['attributes.NameFormat'] = $format;
}
}
@@ -1262,11 +1262,11 @@ class SimpleSAML_Metadata_SAMLParser
* - 'index': The index of this endpoint. This attribute is only for indexed endpoints.
* - 'isDefault': Whether this endpoint is the default endpoint for this type. This attribute may not exist.
*
- * @param SAML2_XML_md_EndpointType $element The element which should be parsed.
+ * @param \SAML2\XML\md\EndpointType $element The element which should be parsed.
*
* @return array An associative array with the data we have extracted from the element.
*/
- private static function parseGenericEndpoint(SAML2_XML_md_EndpointType $element)
+ private static function parseGenericEndpoint(\SAML2\XML\md\EndpointType $element)
{
$ep = array();
@@ -1277,7 +1277,7 @@ class SimpleSAML_Metadata_SAMLParser
$ep['ResponseLocation'] = $element->ResponseLocation;
}
- if ($element instanceof SAML2_XML_md_IndexedEndpointType) {
+ if ($element instanceof \SAML2\XML\md\IndexedEndpointType) {
$ep['index'] = $element->index;
if ($element->isDefault !== null) {
@@ -1317,11 +1317,11 @@ class SimpleSAML_Metadata_SAMLParser
* - 'type: The type of the key. 'X509Certificate' is the only key type we support.
* - 'X509Certificate': The contents of the first X509Certificate element (if the type is 'X509Certificate ').
*
- * @param SAML2_XML_md_KeyDescriptor $kd The KeyDescriptor element.
+ * @param \SAML2\XML\md\KeyDescriptor $kd The KeyDescriptor element.
*
* @return array|null An associative array describing the key, or null if this is an unsupported key.
*/
- private static function parseKeyDescriptor(SAML2_XML_md_KeyDescriptor $kd)
+ private static function parseKeyDescriptor(\SAML2\XML\md\KeyDescriptor $kd)
{
$r = array();
@@ -1339,9 +1339,9 @@ class SimpleSAML_Metadata_SAMLParser
$keyInfo = $kd->KeyInfo;
foreach ($keyInfo->info as $i) {
- if ($i instanceof SAML2_XML_ds_X509Data) {
+ if ($i instanceof \SAML2\XML\ds\X509Data) {
foreach ($i->data as $d) {
- if ($d instanceof SAML2_XML_ds_X509Certificate) {
+ if ($d instanceof \SAML2\XML\ds\X509Certificate) {
$r['type'] = 'X509Certificate';
$r['X509Certificate'] = $d->certificate;
return $r;
@@ -1410,7 +1410,7 @@ class SimpleSAML_Metadata_SAMLParser
*
* @param DOMDocument $doc The DOMDocument where we should find the EntityDescriptor node.
*
- * @return SAML2_XML_md_EntityDescriptor The DOMEntity which represents the EntityDescriptor.
+ * @return \SAML2\XML\md\EntityDescriptor The DOMEntity which represents the EntityDescriptor.
* @throws Exception If the document is empty or the first element is not an EntityDescriptor element.
*/
private static function findEntityDescriptor($doc)
@@ -1428,7 +1428,7 @@ class SimpleSAML_Metadata_SAMLParser
throw new Exception('Expected first element in the metadata document to be an EntityDescriptor element.');
}
- return new SAML2_XML_md_EntityDescriptor($ed);
+ return new \SAML2\XML\md\EntityDescriptor($ed);
}
diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index f737b92a6..5e11918b5 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -245,7 +245,7 @@ class SimpleSAML_Metadata_Signer
// convert the metadata to a DOM tree
try {
- $xml = SAML2_DOMDocumentFactory::fromString($metadataString);
+ $xml = \SAML2\DOMDocumentFactory::fromString($metadataString);
} catch(Exception $e) {
throw new Exception('Error parsing self-generated metadata.');
}
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index e0f0754d0..e9cda0ae6 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -128,14 +128,14 @@ class SimpleSAML_Utilities
$currentTime = time();
if (!empty($start)) {
- $startTime = SAML2_Utils::xsDateTimeToTimestamp($start);
+ $startTime = \SAML2\Utils::xsDateTimeToTimestamp($start);
// Allow for a 10 minute difference in Time
if (($startTime < 0) || (($startTime - 600) > $currentTime)) {
return false;
}
}
if (!empty($end)) {
- $endTime = SAML2_Utils::xsDateTimeToTimestamp($end);
+ $endTime = \SAML2\Utils::xsDateTimeToTimestamp($end);
if (($endTime < 0) || ($endTime <= $currentTime)) {
return false;
}
diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php
index 9750634c1..05206ec4e 100644
--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -228,7 +228,7 @@ class XML
}
try {
- $doc = \SAML2_DOMDocumentFactory::fromString($xml);
+ $doc = \SAML2\DOMDocumentFactory::fromString($xml);
} catch (\Exception $e) {
throw new \DOMException('Error parsing XML string.');
}
@@ -402,7 +402,7 @@ class XML
$res = true;
} else {
try {
- $dom = \SAML2_DOMDocumentFactory::fromString($xml);
+ $dom = \SAML2\DOMDocumentFactory::fromString($xml);
$res = true;
} catch (\Exception $e) {
$res = false;
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 6f6dd8a96..ce0dbaa4e 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -57,7 +57,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
assert('is_string($xml)');
try {
- $this->dom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $xml));
+ $this->dom = \SAML2\DOMDocumentFactory::fromString(str_replace ("\r", "", $xml));
} catch(\Exception $e) {
throw new Exception('Unable to parse AuthnResponse XML.');
}
@@ -439,7 +439,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
*
* @return bool True if the current time belongs to the period specified by $start and $end. False otherwise.
*
- * @see \SAML2_Utils::xsDateTimeToTimestamp.
+ * @see \SAML2\Utils::xsDateTimeToTimestamp.
*
* @author Andreas Solberg, UNINETT AS <andreas.solberg@uninett.no>
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
@@ -449,14 +449,14 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
$currentTime = time();
if (!empty($start)) {
- $startTime = \SAML2_Utils::xsDateTimeToTimestamp($start);
+ $startTime = \SAML2\Utils::xsDateTimeToTimestamp($start);
// allow for a 10 minute difference in time
if (($startTime < 0) || (($startTime - 600) > $currentTime)) {
return false;
}
}
if (!empty($end)) {
- $endTime = \SAML2_Utils::xsDateTimeToTimestamp($end);
+ $endTime = \SAML2\Utils::xsDateTimeToTimestamp($end);
if (($endTime < 0) || ($endTime <= $currentTime)) {
return false;
}
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 542a55165..e29432443 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -94,7 +94,7 @@ class sspmod_adfs_IdP_ADFS {
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('AssertionID');
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
- $responsedom = SAML2_DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
+ $responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace ("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
diff --git a/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php b/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
index b793b9462..7e8a89878 100644
--- a/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
+++ b/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
@@ -45,7 +45,7 @@ class sspmod_adfs_SAML2_XML_fed_SecurityTokenServiceType extends SAML2_XML_md_Ro
$e = parent::toXML($parent);
$e->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:fed', sspmod_adfs_SAML2_XML_fed_Const::NS_FED);
- $e->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType');
+ $e->setAttributeNS(\SAML2\Constants::NS_XSI, 'xsi:type', 'fed:SecurityTokenServiceType');
sspmod_adfs_SAML2_XML_fed_TokenTypesOffered::appendXML($e);
sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'SecurityTokenServiceEndpoint', $this->Location);
sspmod_adfs_SAML2_XML_fed_Endpoint::appendXML($e, 'fed:PassiveRequestorEndpoint', $this->Location);
diff --git a/modules/adfs/lib/XMLSecurityDSig.php b/modules/adfs/lib/XMLSecurityDSig.php
index 288812f79..b851a18cd 100644
--- a/modules/adfs/lib/XMLSecurityDSig.php
+++ b/modules/adfs/lib/XMLSecurityDSig.php
@@ -24,7 +24,7 @@ class sspmod_adfs_XMLSecurityDSig extends XMLSecurityDSig {
$template = self::template;
}
- $sigdoc = SAML2_DOMDocumentFactory::fromString($template);
+ $sigdoc = \SAML2\DOMDocumentFactory::fromString($template);
$this->sigNode = $sigdoc->documentElement;
}
}
diff --git a/modules/adfs/www/idp/metadata.php b/modules/adfs/www/idp/metadata.php
index 7296a11fb..df59f5ada 100644
--- a/modules/adfs/www/idp/metadata.php
+++ b/modules/adfs/www/idp/metadata.php
@@ -63,13 +63,13 @@ try {
'entityid' => $idpentityid,
'SingleSignOnService' => array(
0 => array(
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
'Location' => $adfs_service_location
)
),
'SingleLogoutService' => array(
0 => array(
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
'Location' => $adfs_service_location
)
),
diff --git a/modules/cas/lib/Auth/Source/CAS.php b/modules/cas/lib/Auth/Source/CAS.php
index 39b40bd05..1b2f1e0c9 100644
--- a/modules/cas/lib/Auth/Source/CAS.php
+++ b/modules/cas/lib/Auth/Source/CAS.php
@@ -118,7 +118,7 @@ class sspmod_cas_Auth_Source_CAS extends SimpleSAML_Auth_Source {
));
$result = \SimpleSAML\Utils\HTTP::fetch($url);
- $dom = SAML2_DOMDocumentFactory::fromString($result);
+ $dom = \SAML2\DOMDocumentFactory::fromString($result);
$xPath = new DOMXpath($dom);
$xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
$success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index 4c9dea909..4182cee55 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -125,7 +125,7 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
if ($this->generateNameId) {
// Convert the targeted ID to a SAML 2.0 name identifier element
$nameId = array(
- 'Format' => SAML2_Const::NAMEID_PERSISTENT,
+ 'Format' => \SAML2\Constants::NAMEID_PERSISTENT,
'Value' => $uid,
);
@@ -136,11 +136,11 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}
- $doc = SAML2_DOMDocumentFactory::create();
+ $doc = \SAML2\DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
- SAML2_Utils::addNameId($root, $nameId);
+ \SAML2\Utils::addNameId($root, $nameId);
$uid = $doc->saveXML($root->firstChild);
}
diff --git a/modules/core/www/idp/logout-iframe-post.php b/modules/core/www/idp/logout-iframe-post.php
index 061ef9750..5a9c4d879 100644
--- a/modules/core/www/idp/logout-iframe-post.php
+++ b/modules/core/www/idp/logout-iframe-post.php
@@ -49,10 +49,10 @@ SimpleSAML_Stats::log('saml:idp:LogoutRequest:sent', array(
'idpEntityID' => $idpMetadata->getString('entityid'),
));
-$bindings = array(SAML2_Const::BINDING_HTTP_POST);
+$bindings = array(\SAML2\Constants::BINDING_HTTP_POST);
$dst = $spMetadata->getDefaultEndpoint('SingleLogoutService', $bindings);
-$binding = SAML2_Binding::getBinding($dst['Binding']);
+$binding = \SAML2\Binding::getBinding($dst['Binding']);
$lr->setDestination($dst['Location']);
$lr->setRelayState($relayState);
diff --git a/modules/exampleattributeserver/www/attributeserver.php b/modules/exampleattributeserver/www/attributeserver.php
index 072d32c3a..8f257c2a4 100644
--- a/modules/exampleattributeserver/www/attributeserver.php
+++ b/modules/exampleattributeserver/www/attributeserver.php
@@ -2,9 +2,9 @@
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$binding = SAML2_Binding::getCurrentBinding();
+$binding = \SAML2\Binding::getCurrentBinding();
$query = $binding->receive();
-if (!($query instanceof SAML2_AttributeQuery)) {
+if (!($query instanceof \SAML2\AttributeQuery)) {
throw new SimpleSAML_Error_BadRequest('Invalid message received to AttributeQuery endpoint.');
}
@@ -29,7 +29,7 @@ $attributes = array(
);
/* The name format of the attributes. */
-$attributeNameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
+$attributeNameFormat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
/* Determine which attributes we will return. */
@@ -62,7 +62,7 @@ if (count($returnAttributes) === 0) {
/* $returnAttributes contains the attributes we should return. Send them. */
-$assertion = new SAML2_Assertion();
+$assertion = new \SAML2\Assertion();
$assertion->setIssuer($idpEntityId);
$assertion->setNameId($query->getNameId());
$assertion->setNotBefore(time());
@@ -71,9 +71,9 @@ $assertion->setValidAudiences(array($spEntityId));
$assertion->setAttributes($returnAttributes);
$assertion->setAttributeNameFormat($attributeNameFormat);
-$sc = new SAML2_XML_saml_SubjectConfirmation();
-$sc->Method = SAML2_Const::CM_BEARER;
-$sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
+$sc = new \SAML2\XML\saml\SubjectConfirmation();
+$sc->Method = \SAML2\Constants::CM_BEARER;
+$sc->SubjectConfirmationData = new \SAML2\XML\saml\SubjectConfirmationData();
$sc->SubjectConfirmationData->NotOnOrAfter = time() + 5*60;
$sc->SubjectConfirmationData->Recipient = $endpoint;
$sc->SubjectConfirmationData->InResponseTo = $query->getId();
@@ -81,7 +81,7 @@ $assertion->setSubjectConfirmation(array($sc));
sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $assertion);
-$response = new SAML2_Response();
+$response = new \SAML2\Response();
$response->setRelayState($query->getRelayState());
$response->setDestination($endpoint);
$response->setIssuer($idpEntityId);
@@ -89,5 +89,5 @@ $response->setInResponseTo($query->getId());
$response->setAssertions(array($assertion));
sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $response);
-$binding = new SAML2_HTTPPost();
+$binding = new \SAML2\HTTPPost();
$binding->send($response);
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index 9538464e4..a5f0f0096 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -253,7 +253,7 @@ class sspmod_metarefresh_MetaLoader {
private function loadXML($data, $source) {
$entities = array();
try {
- $doc = SAML2_DOMDocumentFactory::fromString($data);
+ $doc = \SAML2\DOMDocumentFactory::fromString($data);
} catch (Exception $e) {
throw new Exception('Failed to read XML from ' . $source['src']);
}
diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md
index 6d4046425..8dbe56ba4 100644
--- a/modules/saml/docs/sp.md
+++ b/modules/saml/docs/sp.md
@@ -459,9 +459,9 @@ Here we will list some examples for this authentication source.
### Using samlp:Extensions
- $dom = SAML2_DOMDocumentFactory::create();
+ $dom = \SAML2\DOMDocumentFactory::create();
$ce = $dom->createElementNS('http://www.example.com/XFoo', 'xfoo:test', 'Test data!');
- $ext[] = new SAML2_XML_Chunk($ce);
+ $ext[] = new \SAML2\XML\Chunk($ce);
$auth = new SimpleSAML_Auth_Simple('default-sp');
$auth->login(array(
diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php
index ecb72bbec..a873540a5 100644
--- a/modules/saml/lib/Auth/Process/NameIDAttribute.php
+++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php
@@ -118,7 +118,7 @@ class sspmod_saml_Auth_Process_NameIDAttribute extends SimpleSAML_Auth_Processin
$rep['%'] = '%';
if (!isset($rep['Format'])) {
- $rep['Format'] = SAML2_Const::NAMEID_UNSPECIFIED;
+ $rep['Format'] = \SAML2\Constants::NAMEID_UNSPECIFIED;
}
if (!isset($rep['NameQualifier'])) {
$rep['NameQualifier'] = $state['Source']['entityid'];
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID.php b/modules/saml/lib/Auth/Process/PersistentNameID.php
index 7c17d8d1a..762b613ed 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID.php
@@ -30,7 +30,7 @@ class sspmod_saml_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGe
parent::__construct($config, $reserved);
assert('is_array($config)');
- $this->format = SAML2_Const::NAMEID_PERSISTENT;
+ $this->format = \SAML2\Constants::NAMEID_PERSISTENT;
if (!isset($config['attribute'])) {
throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'.");
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index 9b94c942a..be61e1099 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -59,20 +59,20 @@ class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Au
{
assert('is_array($state)');
- if (!isset($state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT])) {
+ if (!isset($state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT])) {
SimpleSAML\Logger::warning(
'Unable to generate eduPersonTargetedID because no persistent NameID was available.'
);
return;
}
- $nameID = $state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT];
+ $nameID = $state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT];
if ($this->nameId) {
- $doc = SAML2_DOMDocumentFactory::create();
+ $doc = \SAML2\DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
- SAML2_Utils::addNameId($root, $nameID);
+ \SAML2\Utils::addNameId($root, $nameID);
$value = $doc->saveXML($root->firstChild);
} else {
$value = $nameID['Value'];
diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
index c3e5b4ccd..28d92f83a 100644
--- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
@@ -51,7 +51,7 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI
parent::__construct($config, $reserved);
assert('is_array($config)');
- $this->format = SAML2_Const::NAMEID_PERSISTENT;
+ $this->format = \SAML2\Constants::NAMEID_PERSISTENT;
if (!isset($config['attribute'])) {
throw new SimpleSAML_Error_Exception("PersistentNameID: Missing required option 'attribute'.");
@@ -148,7 +148,7 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI
'SQLPersistentNameID: Did not find persistent NameID for user, and not allowed to create new NameID.'
);
throw new sspmod_saml_Error(
- SAML2_Const::STATUS_RESPONDER,
+ \SAML2\Constants::STATUS_RESPONDER,
'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'
);
}
diff --git a/modules/saml/lib/Auth/Process/TransientNameID.php b/modules/saml/lib/Auth/Process/TransientNameID.php
index d3f5c22ed..f4026421e 100644
--- a/modules/saml/lib/Auth/Process/TransientNameID.php
+++ b/modules/saml/lib/Auth/Process/TransientNameID.php
@@ -20,7 +20,7 @@ class sspmod_saml_Auth_Process_TransientNameID extends sspmod_saml_BaseNameIDGen
parent::__construct($config, $reserved);
assert('is_array($config)');
- $this->format = SAML2_Const::NAMEID_TRANSIENT;
+ $this->format = \SAML2\Constants::NAMEID_TRANSIENT;
}
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 1460940d0..df6058d19 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -261,19 +261,19 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
SimpleSAML\Logger::debug('Sending SAML 2 AuthnRequest to ' . var_export($idpMetadata->getString('entityid'), TRUE));
/* Select appropriate SSO endpoint */
- if ($ar->getProtocolBinding() === SAML2_Const::BINDING_HOK_SSO) {
+ if ($ar->getProtocolBinding() === \SAML2\Constants::BINDING_HOK_SSO) {
$dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(
- SAML2_Const::BINDING_HOK_SSO)
+ \SAML2\Constants::BINDING_HOK_SSO)
);
} else {
$dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HTTP_POST)
+ \SAML2\Constants::BINDING_HTTP_REDIRECT,
+ \SAML2\Constants::BINDING_HTTP_POST)
);
}
$ar->setDestination($dst['Location']);
- $b = SAML2_Binding::getBinding($dst['Binding']);
+ $b = \SAML2\Binding::getBinding($dst['Binding']);
$this->sendSAML2AuthnRequest($state, $b, $ar);
@@ -287,10 +287,10 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
* This function does not return.
*
* @param array &$state The state array.
- * @param SAML2_Binding $binding The binding.
- * @param SAML2_AuthnRequest $ar The authentication request.
+ * @param \SAML2\Binding $binding The binding.
+ * @param \SAML2\AuthnRequest $ar The authentication request.
*/
- public function sendSAML2AuthnRequest(array &$state, SAML2_Binding $binding, SAML2_AuthnRequest $ar) {
+ public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar) {
$binding->send($ar);
assert('FALSE');
}
@@ -468,8 +468,8 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$idpMetadata = $this->getIdPMetadata($idp);
$endpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HTTP_POST), FALSE);
+ \SAML2\Constants::BINDING_HTTP_REDIRECT,
+ \SAML2\Constants::BINDING_HTTP_POST), FALSE);
if ($endpoint === FALSE) {
SimpleSAML\Logger::info('No logout endpoint for IdP ' . var_export($idp, TRUE) . '.');
return;
@@ -489,7 +489,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($idpMetadata));
}
- $b = SAML2_Binding::getBinding($endpoint['Binding']);
+ $b = \SAML2\Binding::getBinding($endpoint['Binding']);
$b->send($lr);
assert('FALSE');
diff --git a/modules/saml/lib/Error.php b/modules/saml/lib/Error.php
index 2b6c9190b..78799a2cd 100644
--- a/modules/saml/lib/Error.php
+++ b/modules/saml/lib/Error.php
@@ -106,22 +106,22 @@ class sspmod_saml_Error extends SimpleSAML_Error_Exception {
} elseif ($exception instanceof SimpleSAML_Error_NoPassive) {
$e = new self(
- SAML2_Const::STATUS_RESPONDER,
- SAML2_Const::STATUS_NO_PASSIVE,
+ \SAML2\Constants::STATUS_RESPONDER,
+ \SAML2\Constants::STATUS_NO_PASSIVE,
$exception->getMessage(),
$exception
);
} elseif ($exception instanceof SimpleSAML_Error_ProxyCountExceeded) {
$e = new self(
- SAML2_Const::STATUS_RESPONDER,
- SAML2_Const::STATUS_PROXY_COUNT_EXCEEDED,
+ \SAML2\Constants::STATUS_RESPONDER,
+ \SAML2\Constants::STATUS_PROXY_COUNT_EXCEEDED,
$exception->getMessage(),
$exception
);
} else {
$e = new self(
- SAML2_Const::STATUS_RESPONDER,
+ \SAML2\Constants::STATUS_RESPONDER,
NULL,
get_class($exception) . ': ' . $exception->getMessage(),
$exception
@@ -154,9 +154,9 @@ class sspmod_saml_Error extends SimpleSAML_Error_Exception {
$e = NULL;
switch ($this->status) {
- case SAML2_Const::STATUS_RESPONDER:
+ case \SAML2\Constants::STATUS_RESPONDER:
switch ($this->subStatus) {
- case SAML2_Const::STATUS_NO_PASSIVE:
+ case \SAML2\Constants::STATUS_NO_PASSIVE:
$e = new SimpleSAML_Error_NoPassive($this->statusMessage, 0, $this);
break;
}
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 7af8d842c..d614a3f95 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -74,7 +74,7 @@ class sspmod_saml_IdP_SAML2 {
SimpleSAML_Stats::log('saml:idp:Response', $statsData);
/* Send the response. */
- $binding = SAML2_Binding::getBinding($protocolBinding);
+ $binding = \SAML2\Binding::getBinding($protocolBinding);
$binding->send($ar);
}
@@ -132,7 +132,7 @@ class sspmod_saml_IdP_SAML2 {
}
SimpleSAML_Stats::log('saml:idp:Response:error', $statsData);
- $binding = SAML2_Binding::getBinding($protocolBinding);
+ $binding = \SAML2\Binding::getBinding($protocolBinding);
$binding->send($ar);
}
@@ -229,12 +229,12 @@ class sspmod_saml_IdP_SAML2 {
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
- $supportedBindings = array(SAML2_Const::BINDING_HTTP_POST);
+ $supportedBindings = array(\SAML2\Constants::BINDING_HTTP_POST);
if ($idpMetadata->getBoolean('saml20.sendartifact', FALSE)) {
- $supportedBindings[] = SAML2_Const::BINDING_HTTP_ARTIFACT;
+ $supportedBindings[] = \SAML2\Constants::BINDING_HTTP_ARTIFACT;
}
if ($idpMetadata->getBoolean('saml20.hok.assertion', FALSE)) {
- $supportedBindings[] = SAML2_Const::BINDING_HOK_SSO;
+ $supportedBindings[] = \SAML2\Constants::BINDING_HOK_SSO;
}
if (isset($_REQUEST['spentityid'])) {
@@ -289,10 +289,10 @@ class sspmod_saml_IdP_SAML2 {
} else {
- $binding = SAML2_Binding::getCurrentBinding();
+ $binding = \SAML2\Binding::getCurrentBinding();
$request = $binding->receive();
- if (!($request instanceof SAML2_AuthnRequest)) {
+ if (!($request instanceof \SAML2\AuthnRequest)) {
throw new SimpleSAML_Error_BadRequest('Message received on authentication request endpoint wasn\'t an authentication request.');
}
@@ -412,10 +412,10 @@ class sspmod_saml_IdP_SAML2 {
));
$dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HTTP_POST)
+ \SAML2\Constants::BINDING_HTTP_REDIRECT,
+ \SAML2\Constants::BINDING_HTTP_POST)
);
- $binding = SAML2_Binding::getBinding($dst['Binding']);
+ $binding = \SAML2\Binding::getBinding($dst['Binding']);
$lr = self::buildLogoutRequest($idpMetadata, $spMetadata, $association, $relayState);
$lr->setDestination($dst['Location']);
@@ -447,8 +447,8 @@ class sspmod_saml_IdP_SAML2 {
if (isset($state['core:Failed']) && $state['core:Failed']) {
$partial = TRUE;
$lr->setStatus(array(
- 'Code' => SAML2_Const::STATUS_SUCCESS,
- 'SubCode' => SAML2_Const::STATUS_PARTIAL_LOGOUT,
+ 'Code' => \SAML2\Constants::STATUS_SUCCESS,
+ 'SubCode' => \SAML2\Constants::STATUS_PARTIAL_LOGOUT,
));
SimpleSAML\Logger::info('Sending logout response for partial logout to SP ' . var_export($spEntityId, TRUE));
} else {
@@ -462,10 +462,10 @@ class sspmod_saml_IdP_SAML2 {
'partial' => $partial
));
$dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HTTP_POST)
+ \SAML2\Constants::BINDING_HTTP_REDIRECT,
+ \SAML2\Constants::BINDING_HTTP_POST)
);
- $binding = SAML2_Binding::getBinding($dst['Binding']);
+ $binding = \SAML2\Binding::getBinding($dst['Binding']);
if (isset($dst['ResponseLocation'])) {
$dst = $dst['ResponseLocation'];
} else {
@@ -484,7 +484,7 @@ class sspmod_saml_IdP_SAML2 {
*/
public static function receiveLogoutMessage(SimpleSAML_IdP $idp) {
- $binding = SAML2_Binding::getCurrentBinding();
+ $binding = \SAML2\Binding::getCurrentBinding();
$message = $binding->receive();
$spEntityId = $message->getIssuer();
@@ -499,7 +499,7 @@ class sspmod_saml_IdP_SAML2 {
sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $message);
- if ($message instanceof SAML2_LogoutResponse) {
+ if ($message instanceof \SAML2\LogoutResponse) {
SimpleSAML\Logger::info('Received SAML 2.0 LogoutResponse from: '. var_export($spEntityId, TRUE));
$statsData = array(
@@ -525,7 +525,7 @@ class sspmod_saml_IdP_SAML2 {
$idp->handleLogoutResponse($assocId, $relayState, $logoutError);
- } elseif ($message instanceof SAML2_LogoutRequest) {
+ } elseif ($message instanceof \SAML2\LogoutRequest) {
SimpleSAML\Logger::info('Received SAML 2.0 LogoutRequest from: '. var_export($spEntityId, TRUE));
SimpleSAML_Stats::log('saml:idp:LogoutRequest:recv', array(
@@ -569,11 +569,11 @@ class sspmod_saml_IdP_SAML2 {
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');
- $bindings = array(SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HTTP_POST);
+ $bindings = array(\SAML2\Constants::BINDING_HTTP_REDIRECT,
+ \SAML2\Constants::BINDING_HTTP_POST);
$dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', $bindings);
- if ($dst['Binding'] === SAML2_Const::BINDING_HTTP_POST) {
+ if ($dst['Binding'] === \SAML2\Constants::BINDING_HTTP_POST) {
$params = array('association' => $association['id'], 'idp' => $idp->getId());
if ($relayState !== NULL) {
$params['RelayState'] = $relayState;
@@ -584,7 +584,7 @@ class sspmod_saml_IdP_SAML2 {
$lr = self::buildLogoutRequest($idpMetadata, $spMetadata, $association, $relayState);
$lr->setDestination($dst['Location']);
- $binding = new SAML2_HTTPRedirect();
+ $binding = new \SAML2\HTTPRedirect();
return $binding->getRedirectURL($lr);
}
@@ -707,7 +707,7 @@ class sspmod_saml_IdP_SAML2 {
break;
case 'raw':
if (is_string($value)) {
- $doc = SAML2_DOMDocumentFactory::fromString('<root>' . $value . '</root>');
+ $doc = \SAML2\DOMDocumentFactory::fromString('<root>' . $value . '</root>');
$value = $doc->firstChild->childNodes;
}
assert('$value instanceof DOMNodeList');
@@ -765,7 +765,7 @@ class sspmod_saml_IdP_SAML2 {
* @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP.
* @param SimpleSAML_Configuration $spMetadata The metadata of the SP.
* @param array &$state The state array with information about the request.
- * @return SAML2_Assertion The assertion.
+ * @return \SAML2\Assertion The assertion.
*/
private static function buildAssertion(SimpleSAML_Configuration $idpMetadata,
SimpleSAML_Configuration $spMetadata, array &$state) {
@@ -781,7 +781,7 @@ class sspmod_saml_IdP_SAML2 {
$config = SimpleSAML_Configuration::getInstance();
- $a = new SAML2_Assertion();
+ $a = new \SAML2\Assertion();
if ($signAssertion) {
sspmod_saml_Message::addSign($idpMetadata, $spMetadata, $a);
}
@@ -800,7 +800,7 @@ class sspmod_saml_IdP_SAML2 {
if (isset($state['saml:AuthnContextClassRef'])) {
$a->setAuthnContext($state['saml:AuthnContextClassRef']);
} else {
- $a->setAuthnContext(SAML2_Const::AC_PASSWORD);
+ $a->setAuthnContext(\SAML2\Constants::AC_PASSWORD);
}
$sessionStart = $now;
@@ -814,15 +814,15 @@ class sspmod_saml_IdP_SAML2 {
$a->setSessionIndex(SimpleSAML\Utils\Random::generateID());
- $sc = new SAML2_XML_saml_SubjectConfirmation();
- $sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
+ $sc = new \SAML2\XML\saml\SubjectConfirmation();
+ $sc->SubjectConfirmationData = new \SAML2\XML\saml\SubjectConfirmationData();
$sc->SubjectConfirmationData->NotOnOrAfter = $now + $assertionLifetime;
$sc->SubjectConfirmationData->Recipient = $state['saml:ConsumerURL'];
$sc->SubjectConfirmationData->InResponseTo = $state['saml:RequestId'];
/* ProtcolBinding of SP's <AuthnRequest> overwrites IdP hosted metadata configuration. */
$hokAssertion = NULL;
- if ($state['saml:Binding'] === SAML2_Const::BINDING_HOK_SSO) {
+ if ($state['saml:Binding'] === \SAML2\Constants::BINDING_HOK_SSO) {
$hokAssertion = TRUE;
}
if ($hokAssertion === NULL) {
@@ -831,7 +831,7 @@ class sspmod_saml_IdP_SAML2 {
if ($hokAssertion) {
/* Holder-of-Key */
- $sc->Method = SAML2_Const::CM_HOK;
+ $sc->Method = \SAML2\Constants::CM_HOK;
if (\SimpleSAML\Utils\HTTP::isHTTPS()) {
if (isset($_SERVER['SSL_CLIENT_CERT']) && !empty($_SERVER['SSL_CLIENT_CERT'])) {
/* Extract certificate data (if this is a certificate). */
@@ -839,13 +839,13 @@ class sspmod_saml_IdP_SAML2 {
$pattern = '/^-----BEGIN CERTIFICATE-----([^-]*)^-----END CERTIFICATE-----/m';
if (preg_match($pattern, $clientCert, $matches)) {
/* We have a client certificate from the browser which we add to the HoK assertion. */
- $x509Certificate = new SAML2_XML_ds_X509Certificate();
+ $x509Certificate = new \SAML2\XML\ds\X509Certificate();
$x509Certificate->certificate = str_replace(array("\r", "\n", " "), '', $matches[1]);
- $x509Data = new SAML2_XML_ds_X509Data();
+ $x509Data = new \SAML2\XML\ds\X509Data();
$x509Data->data[] = $x509Certificate;
- $keyInfo = new SAML2_XML_ds_KeyInfo();
+ $keyInfo = new \SAML2\XML\ds\KeyInfo();
$keyInfo->info[] = $x509Data;
$sc->SubjectConfirmationData->info[] = $keyInfo;
@@ -854,7 +854,7 @@ class sspmod_saml_IdP_SAML2 {
} else throw new SimpleSAML_Error_Exception('Error creating HoK assertion: No HTTPS connection to IdP, but required for Holder-of-Key SSO');
} else {
/* Bearer */
- $sc->Method = SAML2_Const::CM_BEARER;
+ $sc->Method = \SAML2\Constants::CM_BEARER;
}
$a->setSubjectConfirmation(array($sc));
@@ -880,7 +880,7 @@ class sspmod_saml_IdP_SAML2 {
/* Either not set in request, or not set to a format we supply. Fall back to old generation method. */
$nameIdFormat = $spMetadata->getString('NameIDFormat', NULL);
if ($nameIdFormat === NULL) {
- $nameIdFormat = $idpMetadata->getString('NameIDFormat', SAML2_Const::NAMEID_TRANSIENT);
+ $nameIdFormat = $idpMetadata->getString('NameIDFormat', \SAML2\Constants::NAMEID_TRANSIENT);
}
}
@@ -893,7 +893,7 @@ class sspmod_saml_IdP_SAML2 {
$spNameQualifier = $spMetadata->getString('entityid');
}
- if ($nameIdFormat === SAML2_Const::NAMEID_TRANSIENT) {
+ if ($nameIdFormat === \SAML2\Constants::NAMEID_TRANSIENT) {
/* generate a random id */
$nameIdValue = SimpleSAML\Utils\Random::generateID();
} else {
@@ -902,7 +902,7 @@ class sspmod_saml_IdP_SAML2 {
$nameIdValue = self::generateNameIdValue($idpMetadata, $spMetadata, $state);
if ($nameIdValue === NULL) {
SimpleSAML\Logger::warning('Falling back to transient NameID.');
- $nameIdFormat = SAML2_Const::NAMEID_TRANSIENT;
+ $nameIdFormat = \SAML2\Constants::NAMEID_TRANSIENT;
$nameIdValue = SimpleSAML\Utils\Random::generateID();
}
}
@@ -933,16 +933,16 @@ class sspmod_saml_IdP_SAML2 {
/**
* Encrypt an assertion.
*
- * This function takes in a SAML2_Assertion and encrypts it if encryption of
+ * This function takes in a \SAML2\Assertion and encrypts it if encryption of
* assertions are enabled in the metadata.
*
* @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP.
* @param SimpleSAML_Configuration $spMetadata The metadata of the SP.
- * @param SAML2_Assertion $assertion The assertion we are encrypting.
- * @return SAML2_Assertion|SAML2_EncryptedAssertion The assertion.
+ * @param \SAML2\Assertion $assertion The assertion we are encrypting.
+ * @return \SAML2\Assertion|\SAML2\EncryptedAssertion The assertion.
*/
private static function encryptAssertion(SimpleSAML_Configuration $idpMetadata,
- SimpleSAML_Configuration $spMetadata, SAML2_Assertion $assertion) {
+ SimpleSAML_Configuration $spMetadata, \SAML2\Assertion $assertion) {
$encryptAssertion = $spMetadata->getBoolean('assertion.encryption', NULL);
if ($encryptAssertion === NULL) {
@@ -976,7 +976,7 @@ class sspmod_saml_IdP_SAML2 {
$key->loadKey($pemKey);
}
- $ea = new SAML2_EncryptedAssertion();
+ $ea = new \SAML2\EncryptedAssertion();
$ea->setAssertion($assertion, $key);
return $ea;
}
@@ -1031,7 +1031,7 @@ class sspmod_saml_IdP_SAML2 {
$signResponse = $idpMetadata->getBoolean('saml20.sign.response', TRUE);
}
- $r = new SAML2_Response();
+ $r = new \SAML2\Response();
$r->setIssuer($idpMetadata->getString('entityid'));
$r->setDestination($consumerURL);
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 685be4f63..60fea0e34 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -14,9 +14,9 @@ class sspmod_saml_Message {
*
* @param SimpleSAML_Configuration $srcMetadata The metadata of the sender.
* @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient.
- * @param SAML2_Message $element The element we should add the data to.
+ * @param \SAML2\Message $element The element we should add the data to.
*/
- public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element) {
+ public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\SignedElement $element) {
$dstPrivateKey = $dstMetadata->getString('signature.privatekey', NULL);
@@ -70,16 +70,16 @@ class sspmod_saml_Message {
*
* @param SimpleSAML_Configuration $srcMetadata The metadata of the sender.
* @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient.
- * @param SAML2_Message $message The message we should add the data to.
+ * @param \SAML2\Message $message The message we should add the data to.
*/
- private static function addRedirectSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_message $message) {
+ private static function addRedirectSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\Message $message) {
- if ($message instanceof SAML2_LogoutRequest || $message instanceof SAML2_LogoutResponse) {
+ if ($message instanceof \SAML2\LogoutRequest || $message instanceof \SAML2\LogoutResponse) {
$signingEnabled = $srcMetadata->getBoolean('sign.logout', NULL);
if ($signingEnabled === NULL) {
$signingEnabled = $dstMetadata->getBoolean('sign.logout', NULL);
}
- } elseif ($message instanceof SAML2_AuthnRequest) {
+ } elseif ($message instanceof \SAML2\AuthnRequest) {
$signingEnabled = $srcMetadata->getBoolean('sign.authnrequest', NULL);
if ($signingEnabled === NULL) {
$signingEnabled = $dstMetadata->getBoolean('sign.authnrequest', NULL);
@@ -138,9 +138,9 @@ class sspmod_saml_Message {
* Check the signature on a SAML2 message or assertion.
*
* @param SimpleSAML_Configuration $srcMetadata The metadata of the sender.
- * @param SAML2_SignedElement $element Either a SAML2_Response or a SAML2_Assertion.
+ * @param \SAML2\SignedElement $element Either a \SAML2\Response or a \SAML2\Assertion.
*/
- public static function checkSign(SimpleSAML_Configuration $srcMetadata, SAML2_SignedElement $element) {
+ public static function checkSign(SimpleSAML_Configuration $srcMetadata, \SAML2\SignedElement $element) {
/* Find the public key that should verify signatures by this entity. */
$keys = $srcMetadata->getPublicKeys('signing');
@@ -224,20 +224,20 @@ class sspmod_saml_Message {
*
* @param SimpleSAML_Configuration $srcMetadata The metadata of the sender.
* @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient.
- * @param SAML2_Message $message The message we should check the signature on.
+ * @param \SAML2\Message $message The message we should check the signature on.
*/
public static function validateMessage(
SimpleSAML_Configuration $srcMetadata,
SimpleSAML_Configuration $dstMetadata,
- SAML2_Message $message
+ \SAML2\Message $message
) {
- if ($message instanceof SAML2_LogoutRequest || $message instanceof SAML2_LogoutResponse) {
+ if ($message instanceof \SAML2\LogoutRequest || $message instanceof \SAML2\LogoutResponse) {
$enabled = $srcMetadata->getBoolean('validate.logout', NULL);
if ($enabled === NULL) {
$enabled = $dstMetadata->getBoolean('validate.logout', NULL);
}
- } elseif ($message instanceof SAML2_AuthnRequest) {
+ } elseif ($message instanceof \SAML2\AuthnRequest) {
$enabled = $srcMetadata->getBoolean('validate.authnrequest', NULL);
if ($enabled === NULL) {
$enabled = $dstMetadata->getBoolean('validate.authnrequest', NULL);
@@ -331,20 +331,20 @@ class sspmod_saml_Message {
/**
* Decrypt an assertion.
*
- * This function takes in a SAML2_Assertion and decrypts it if it is encrypted.
+ * This function takes in a \SAML2\Assertion and decrypts it if it is encrypted.
* If it is unencrypted, and encryption is enabled in the metadata, an exception
* will be throws.
*
* @param SimpleSAML_Configuration $srcMetadata The metadata of the sender (IdP).
* @param SimpleSAML_Configuration $dstMetadata The metadata of the recipient (SP).
- * @param SAML2_Assertion|SAML2_EncryptedAssertion $assertion The assertion we are decrypting.
- * @return SAML2_Assertion The assertion.
+ * @param \SAML2\Assertion|\SAML2\EncryptedAssertion $assertion The assertion we are decrypting.
+ * @return \SAML2\Assertion The assertion.
*/
private static function decryptAssertion(SimpleSAML_Configuration $srcMetadata,
SimpleSAML_Configuration $dstMetadata, $assertion) {
- assert('$assertion instanceof SAML2_Assertion || $assertion instanceof SAML2_EncryptedAssertion');
+ assert('$assertion instanceof \SAML2\Assertion || $assertion instanceof \SAML2\EncryptedAssertion');
- if ($assertion instanceof SAML2_Assertion) {
+ if ($assertion instanceof \SAML2\Assertion) {
$encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', NULL);
if ($encryptAssertion === NULL) {
$encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', FALSE);
@@ -383,10 +383,10 @@ class sspmod_saml_Message {
/**
* Retrieve the status code of a response as a sspmod_saml_Error.
*
- * @param SAML2_StatusResponse $response The response.
+ * @param \SAML2\StatusResponse $response The response.
* @return sspmod_saml_Error The error.
*/
- public static function getResponseError(SAML2_StatusResponse $response) {
+ public static function getResponseError(\SAML2\StatusResponse $response) {
$status = $response->getStatus();
return new sspmod_saml_Error($status['Code'], $status['SubCode'], $status['Message']);
@@ -401,7 +401,7 @@ class sspmod_saml_Message {
*/
public static function buildAuthnRequest(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata) {
- $ar = new SAML2_AuthnRequest();
+ $ar = new \SAML2\AuthnRequest();
// get the NameIDPolicy to apply. IdP metadata has precedence.
$nameIdPolicy = array();
@@ -418,7 +418,7 @@ class sspmod_saml_Message {
$nameIdPolicy_cf = SimpleSAML_Configuration::loadFromArray($nameIdPolicy);
$policy = array(
- 'Format' => $nameIdPolicy_cf->getString('Format', SAML2_Const::NAMEID_TRANSIENT),
+ 'Format' => $nameIdPolicy_cf->getString('Format', \SAML2\Constants::NAMEID_TRANSIENT),
'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true),
);
$spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false);
@@ -431,11 +431,11 @@ class sspmod_saml_Message {
$ar->setIsPassive($spMetadata->getBoolean('IsPassive', FALSE));
$protbind = $spMetadata->getValueValidate('ProtocolBinding', array(
- SAML2_Const::BINDING_HTTP_POST,
- SAML2_Const::BINDING_HOK_SSO,
- SAML2_Const::BINDING_HTTP_ARTIFACT,
- SAML2_Const::BINDING_HTTP_REDIRECT,
- ), SAML2_Const::BINDING_HTTP_POST);
+ \SAML2\Constants::BINDING_HTTP_POST,
+ \SAML2\Constants::BINDING_HOK_SSO,
+ \SAML2\Constants::BINDING_HTTP_ARTIFACT,
+ \SAML2\Constants::BINDING_HTTP_REDIRECT,
+ ), \SAML2\Constants::BINDING_HTTP_POST);
/* Shoaib - setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST */
$ar->setProtocolBinding($protbind);
@@ -464,7 +464,7 @@ class sspmod_saml_Message {
*/
public static function buildLogoutRequest(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata) {
- $lr = new SAML2_LogoutRequest();
+ $lr = new \SAML2\LogoutRequest();
$lr->setIssuer($srcMetadata->getString('entityid'));
self::addRedirectSign($srcMetadata, $dstMetadata, $lr);
@@ -481,7 +481,7 @@ class sspmod_saml_Message {
*/
public static function buildLogoutResponse(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata) {
- $lr = new SAML2_LogoutResponse();
+ $lr = new \SAML2\LogoutResponse();
$lr->setIssuer($srcMetadata->getString('entityid'));
self::addRedirectSign($srcMetadata, $dstMetadata, $lr);
@@ -498,12 +498,12 @@ class sspmod_saml_Message {
*
* @param SimpleSAML_Configuration $spMetadata The metadata of the service provider.
* @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider.
- * @param SAML2_Response $response The response.
- * @return array Array with SAML2_Assertion objects, containing valid assertions from the response.
+ * @param \SAML2\Response $response The response.
+ * @return array Array with \SAML2\Assertion objects, containing valid assertions from the response.
*/
public static function processResponse(
SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata,
- SAML2_Response $response
+ \SAML2\Response $response
) {
if (!$response->isSuccess()) {
@@ -546,16 +546,16 @@ class sspmod_saml_Message {
*
* @param SimpleSAML_Configuration $spMetadata The metadata of the service provider.
* @param SimpleSAML_Configuration $idpMetadata The metadata of the identity provider.
- * @param SAML2_Response $response The response containing the assertion.
- * @param SAML2_Assertion|SAML2_EncryptedAssertion $assertion The assertion.
+ * @param \SAML2\Response $response The response containing the assertion.
+ * @param \SAML2\Assertion|\SAML2\EncryptedAssertion $assertion The assertion.
* @param bool $responseSigned Whether the response is signed.
- * @return SAML2_Assertion The assertion, if it is valid.
+ * @return \SAML2\Assertion The assertion, if it is valid.
*/
private static function processAssertion(
SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata,
- SAML2_Response $response, $assertion, $responseSigned
+ \SAML2\Response $response, $assertion, $responseSigned
) {
- assert('$assertion instanceof SAML2_Assertion || $assertion instanceof SAML2_EncryptedAssertion');
+ assert('$assertion instanceof \SAML2\Assertion || $assertion instanceof \SAML2\EncryptedAssertion');
assert('is_bool($responseSigned)');
$assertion = self::decryptAssertion($idpMetadata, $spMetadata, $assertion);
@@ -598,7 +598,7 @@ class sspmod_saml_Message {
$found = FALSE;
$lastError = 'No SubjectConfirmation element in Subject.';
- $validSCMethods = array(SAML2_Const::CM_BEARER, SAML2_Const::CM_HOK, SAML2_Const::CM_VOUCHES);
+ $validSCMethods = array(\SAML2\Constants::CM_BEARER, \SAML2\Constants::CM_HOK, \SAML2\Constants::CM_VOUCHES);
foreach ($assertion->getSubjectConfirmation() as $sc) {
if (!in_array($sc->Method, $validSCMethods)) {
$lastError = 'Invalid Method on SubjectConfirmation: ' . var_export($sc->Method, TRUE);
@@ -610,17 +610,17 @@ class sspmod_saml_Message {
if ($hok === NULL) {
$hok = $spMetadata->getBoolean('saml20.hok.assertion', FALSE);
}
- if ($sc->Method === SAML2_Const::CM_BEARER && $hok) {
+ if ($sc->Method === \SAML2\Constants::CM_BEARER && $hok) {
$lastError = 'Bearer SubjectConfirmation received, but Holder-of-Key SubjectConfirmation needed';
continue;
}
- if ($sc->Method === SAML2_Const::CM_HOK && !$hok) {
+ if ($sc->Method === \SAML2\Constants::CM_HOK && !$hok) {
$lastError = 'Holder-of-Key SubjectConfirmation received, but the Holder-of-Key profile is not enabled.';
continue;
}
$scd = $sc->SubjectConfirmationData;
- if ($sc->Method === SAML2_Const::CM_HOK) {
+ if ($sc->Method === \SAML2\Constants::CM_HOK) {
/* Check HoK Assertion */
if (\SimpleSAML\Utils\HTTP::isHTTPS() === FALSE) {
$lastError = 'No HTTPS connection, but required for Holder-of-Key SSO';
@@ -642,7 +642,7 @@ class sspmod_saml_Message {
$clientCert = str_replace(array("\r", "\n", " "), '', $matches[1]);
foreach ($scd->info as $thing) {
- if($thing instanceof SAML2_XML_ds_KeyInfo) {
+ if($thing instanceof \SAML2\XML\ds\KeyInfo) {
$keyInfo[]=$thing;
}
}
@@ -652,7 +652,7 @@ class sspmod_saml_Message {
}
foreach ($keyInfo[0]->info as $thing) {
- if($thing instanceof SAML2_XML_ds_X509Data) {
+ if($thing instanceof \SAML2\XML\ds\X509Data) {
$x509data[]=$thing;
}
}
@@ -662,7 +662,7 @@ class sspmod_saml_Message {
}
foreach ($x509data[0]->data as $thing) {
- if($thing instanceof SAML2_XML_ds_X509Certificate) {
+ if($thing instanceof \SAML2\XML\ds\X509Certificate) {
$x509cert[]=$thing;
}
}
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 90a8b7bcb..3adf70df0 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -26,15 +26,15 @@ $store = SimpleSAML_Store::getInstance();
$metaArray20 = array();
$slosvcdefault = array(
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_SOAP,
+ \SAML2\Constants::BINDING_HTTP_REDIRECT,
+ \SAML2\Constants::BINDING_SOAP,
);
$slob = $spconfig->getArray('SingleLogoutServiceBinding', $slosvcdefault);
$slol = SimpleSAML\Module::getModuleURL('saml/sp/saml2-logout.php/'.$sourceId);
foreach ($slob as $binding) {
- if ($binding == SAML2_Const::BINDING_SOAP && !($store instanceof SimpleSAML_Store_SQL)) {
+ if ($binding == \SAML2\Constants::BINDING_SOAP && !($store instanceof SimpleSAML_Store_SQL)) {
// we cannot properly support SOAP logout
continue;
}
@@ -64,7 +64,7 @@ foreach ($assertionsconsumerservices as $services) {
$acsArray = array('index' => $index);
switch ($services) {
case 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':
- $acsArray['Binding'] = SAML2_Const::BINDING_HTTP_POST;
+ $acsArray['Binding'] = \SAML2\Constants::BINDING_HTTP_POST;
$acsArray['Location'] = SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/'.$sourceId);
break;
case 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post':
@@ -82,7 +82,7 @@ foreach ($assertionsconsumerservices as $services) {
case 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser':
$acsArray['Binding'] = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
$acsArray['Location'] = SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/'.$sourceId);
- $acsArray['hoksso:ProtocolBinding'] = SAML2_Const::BINDING_HTTP_REDIRECT;
+ $acsArray['hoksso:ProtocolBinding'] = \SAML2\Constants::BINDING_HTTP_REDIRECT;
break;
}
$eps[] = $acsArray;
@@ -214,7 +214,7 @@ if ($spconfig->hasValue('redirect.sign')) {
$metaArray20['validate.authnrequest'] = $spconfig->getBoolean('sign.authnrequest');
}
-$supported_protocols = array('urn:oasis:names:tc:SAML:1.1:protocol', SAML2_Const::NS_SAMLP);
+$supported_protocols = array('urn:oasis:names:tc:SAML:1.1:protocol', \SAML2\Constants::NS_SAMLP);
$metaArray20['metadata-set'] = 'saml20-sp-remote';
$metaArray20['entityid'] = $entityId;
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 611ea0b08..264a5445f 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -13,9 +13,9 @@ $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP
$spMetadata = $source->getMetadata();
try {
- $b = SAML2_Binding::getCurrentBinding();
+ $b = \SAML2\Binding::getCurrentBinding();
} catch (Exception $e) { // TODO: look for a specific exception
- // This is dirty. Instead of checking the message of the exception, SAML2_Binding::getCurrentBinding() should throw
+ // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw
// an specific exception when the binding is unknown, and we should capture that here
if ($e->getMessage() === 'Unable to find the current binding.') {
throw new SimpleSAML_Error_Error('ACSPARAMS', $e, 400);
@@ -24,12 +24,12 @@ try {
}
}
-if ($b instanceof SAML2_HTTPArtifact) {
+if ($b instanceof \SAML2\HTTPArtifact) {
$b->setSPMetadata($spMetadata);
}
$response = $b->receive();
-if (!($response instanceof SAML2_Response)) {
+if (!($response instanceof \SAML2\Response)) {
throw new SimpleSAML_Error_BadRequest('Invalid message received to AssertionConsumerService endpoint.');
}
@@ -37,7 +37,7 @@ $idp = $response->getIssuer();
if ($idp === null) {
// no Issuer in the response. Look for an unencrypted assertion with an issuer
foreach ($response->getAssertions() as $a) {
- if ($a instanceof SAML2_Assertion) {
+ if ($a instanceof \SAML2\Assertion) {
// we found an unencrypted assertion, there should be an issuer here
$idp = $a->getIssuer();
break;
diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index 5b1fb7116..6fa5a0081 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -21,9 +21,9 @@ if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
}
try {
- $binding = SAML2_Binding::getCurrentBinding();
+ $binding = \SAML2\Binding::getCurrentBinding();
} catch (Exception $e) { // TODO: look for a specific exception
- // This is dirty. Instead of checking the message of the exception, SAML2_Binding::getCurrentBinding() should throw
+ // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw
// an specific exception when the binding is unknown, and we should capture that here
if ($e->getMessage() === 'Unable to find the current binding.') {
throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS', $e, 400);
@@ -52,7 +52,7 @@ if ($destination !== NULL && $destination !== \SimpleSAML\Utils\HTTP::getSelfURL
throw new SimpleSAML_Error_Exception('Destination in logout message is wrong.');
}
-if ($message instanceof SAML2_LogoutResponse) {
+if ($message instanceof \SAML2\LogoutResponse) {
$relayState = $message->getRelayState();
if ($relayState === NULL) {
@@ -68,7 +68,7 @@ if ($message instanceof SAML2_LogoutResponse) {
$state['saml:sp:LogoutStatus'] = $message->getStatus();
SimpleSAML_Auth_Source::completeLogout($state);
-} elseif ($message instanceof SAML2_LogoutRequest) {
+} elseif ($message instanceof \SAML2\LogoutRequest) {
SimpleSAML\Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId);
SimpleSAML\Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId);
@@ -119,12 +119,12 @@ if ($message instanceof SAML2_LogoutResponse) {
}
$dst = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HTTP_POST)
+ \SAML2\Constants::BINDING_HTTP_REDIRECT,
+ \SAML2\Constants::BINDING_HTTP_POST)
);
- if (!$binding instanceof SAML2_SOAP) {
- $binding = SAML2_Binding::getBinding($dst['Binding']);
+ if (!$binding instanceof \SAML2\SOAP) {
+ $binding = \SAML2\Binding::getBinding($dst['Binding']);
if (isset($dst['ResponseLocation'])) {
$dst = $dst['ResponseLocation'];
} else {
diff --git a/tests/lib/SimpleSAML/ConfigurationTest.php b/tests/lib/SimpleSAML/ConfigurationTest.php
index eba2fdebf..129f658cf 100644
--- a/tests/lib/SimpleSAML/ConfigurationTest.php
+++ b/tests/lib/SimpleSAML/ConfigurationTest.php
@@ -566,14 +566,14 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
array(
array(
'Location' => 'https://example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
),
),
// define the ResponseLocation too
array(
array(
'Location' => 'https://example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
'ResponseLocation' => 'https://example.com/endpoint.php',
),
),
@@ -582,12 +582,12 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
array(
'index' => 1,
'Location' => 'https://www1.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
),
array(
'index' => 2,
'Location' => 'https://www2.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
),
),
// make sure isDefault has priority over indexes
@@ -595,13 +595,13 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
array(
'index' => 1,
'Location' => 'https://www2.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
),
array(
'index' => 2,
'isDefault' => true,
'Location' => 'https://www1.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
),
),
// make sure endpoints with invalid bindings are ignored and those marked as NOT default are still used
@@ -615,7 +615,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
'index' => 2,
'isDefault' => false,
'Location' => 'https://www2.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
),
),
);
@@ -623,34 +623,34 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
// output should be completed with the default binding (HTTP-POST for ACS)
array(
'Location' => 'https://example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
),
// we should just get the first endpoint with the default binding
array(
'Location' => 'https://www1.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
),
// if we specify the binding, we should get it back
array(
'Location' => 'https://example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST
),
// if we specify ResponseLocation, we should get it back too
array(
'Location' => 'https://example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
'ResponseLocation' => 'https://example.com/endpoint.php',
),
// indexes must NOT be taken into account, order is the only thing that matters here
array(
'Location' => 'https://www1.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
'index' => 1,
),
// isDefault must have higher priority than indexes
array(
'Location' => 'https://www1.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
'isDefault' => true,
'index' => 2,
),
@@ -659,7 +659,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
'index' => 2,
'isDefault' => false,
'Location' => 'https://www2.example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_POST,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_POST,
)
);
@@ -674,11 +674,11 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
);
$valid_bindings = array(
- SAML2_Const::BINDING_HTTP_POST,
- SAML2_Const::BINDING_HTTP_REDIRECT,
- SAML2_Const::BINDING_HOK_SSO,
- SAML2_Const::BINDING_HTTP_ARTIFACT.
- SAML2_Const::BINDING_SOAP,
+ \SAML2\Constants::BINDING_HTTP_POST,
+ \SAML2\Constants::BINDING_HTTP_REDIRECT,
+ \SAML2\Constants::BINDING_HOK_SSO,
+ \SAML2\Constants::BINDING_HTTP_ARTIFACT.
+ \SAML2\Constants::BINDING_SOAP,
);
// run all general tests with AssertionConsumerService endpoint type
@@ -706,14 +706,14 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
$this->assertEquals(
array(
'Location' => 'https://example.com/ars',
- 'Binding' => SAML2_Const::BINDING_SOAP,
+ 'Binding' => \SAML2\Constants::BINDING_SOAP,
),
$c->getDefaultEndpoint('ArtifactResolutionService')
);
$this->assertEquals(
array(
'Location' => 'https://example.com/slo',
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
),
$c->getDefaultEndpoint('SingleLogoutService')
);
@@ -773,7 +773,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
$e = array(
array(
'Location' => 'https://example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
'ResponseLocation' => 'https://example.com/response.php',
)
);
@@ -824,7 +824,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
array(
array(
'Location' => 'https://example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
'ResponseLocation' => 1234,
),
),
@@ -832,7 +832,7 @@ class Test_SimpleSAML_Configuration extends PHPUnit_Framework_TestCase
array(
array(
'Location' => 'https://example.com/endpoint.php',
- 'Binding' => SAML2_Const::BINDING_HTTP_REDIRECT,
+ 'Binding' => \SAML2\Constants::BINDING_HTTP_REDIRECT,
'index' => 'string',
),
),
diff --git a/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php b/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php
index 7239f7971..af14bd13d 100644
--- a/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php
+++ b/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php
@@ -16,7 +16,7 @@ class SAMLParserTest extends \PHPUnit_Framework_TestCase
'registrationAuthority' => 'https://incommon.org',
);
- $document = \SAML2_DOMDocumentFactory::fromString(
+ $document = \SAML2\DOMDocumentFactory::fromString(
<<<XML
<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi">
<EntityDescriptor entityID="theEntityID">
@@ -48,7 +48,7 @@ XML
'registrationAuthority' => 'https://incommon.org',
);
- $document = \SAML2_DOMDocumentFactory::fromString(
+ $document = \SAML2\DOMDocumentFactory::fromString(
<<<XML
<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi">
<Extensions>
diff --git a/www/saml2/idp/ArtifactResolutionService.php b/www/saml2/idp/ArtifactResolutionService.php
index 3571b3bfb..1bdf8110d 100644
--- a/www/saml2/idp/ArtifactResolutionService.php
+++ b/www/saml2/idp/ArtifactResolutionService.php
@@ -2,7 +2,7 @@
/**
* The ArtifactResolutionService receives the samlart from the sp.
- * And when the artifact is found, it sends a SAML2_ArtifactResponse.
+ * And when the artifact is found, it sends a \SAML2\ArtifactResponse.
*
* @author Danny Bollaert, UGent AS. <danny.bollaert@ugent.be>
* @package SimpleSAMLphp
@@ -28,11 +28,11 @@ if ($store === false) {
throw new Exception('Unable to send artifact without a datastore configured.');
}
-$binding = new SAML2_SOAP();
+$binding = new \SAML2\SOAP();
try {
$request = $binding->receive();
} catch (Exception $e) { // TODO: look for a specific exception
- // This is dirty. Instead of checking the message of the exception, SAML2_Binding::getCurrentBinding() should throw
+ // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw
// an specific exception when the binding is unknown, and we should capture that here. Also note that the exception
// message here is bogus!
if ($e->getMessage() === 'Invalid message received to AssertionConsumerService endpoint.') {
@@ -41,7 +41,7 @@ try {
throw $e; // do not ignore other exceptions!
}
}
-if (!($request instanceof SAML2_ArtifactResolve)) {
+if (!($request instanceof \SAML2\ArtifactResolve)) {
throw new Exception('Message received on ArtifactResolutionService wasn\'t a ArtifactResolve request.');
}
@@ -54,13 +54,13 @@ $responseData = $store->get('artifact', $artifact);
$store->delete('artifact', $artifact);
if ($responseData !== null) {
- $document = SAML2_DOMDocumentFactory::fromString($responseData);
+ $document = \SAML2\DOMDocumentFactory::fromString($responseData);
$responseXML = $document->firstChild;
} else {
$responseXML = null;
}
-$artifactResponse = new SAML2_ArtifactResponse();
+$artifactResponse = new \SAML2\ArtifactResponse();
$artifactResponse->setIssuer($idpEntityId);
$artifactResponse->setInResponseTo($request->getId());
$artifactResponse->setAny($responseXML);
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 3105eea7f..f5ba8be26 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -23,7 +23,7 @@ if (isset($_REQUEST['ReturnTo'])) {
sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp);
} catch (Exception $e) { // TODO: look for a specific exception
/*
- * This is dirty. Instead of checking the message of the exception, SAML2_Binding::getCurrentBinding() should
+ * This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should
* throw an specific exception when the binding is unknown, and we should capture that here
*/
if ($e->getMessage() === 'Unable to find the current binding.') {
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 33197996e..269764018 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -2,6 +2,12 @@
require_once('../../_include.php');
+use SAML2\Constants;
+use SimpleSAML\Utils\Auth as Auth;
+use SimpleSAML\Utils\Crypto as Crypto;
+use SimpleSAML\Utils\HTTP as HTTP;
+use SimpleSAML\Utils\Config\Metadata as Metadata;
+
// load SimpleSAMLphp, configuration and metadata
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
@@ -12,7 +18,7 @@ if (!$config->getBoolean('enable.saml20-idp', false)) {
// check if valid local session exists
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML\Utils\Auth::requireAdmin();
+ Auth::requireAdmin();
}
try {
@@ -24,7 +30,7 @@ try {
$availableCerts = array();
$keys = array();
- $certInfo = SimpleSAML\Utils\Crypto::loadPublicKey($idpmeta, false, 'new_');
+ $certInfo = Crypto::loadPublicKey($idpmeta, false, 'new_');
if ($certInfo !== null) {
$availableCerts['new_idp.crt'] = $certInfo;
$keys[] = array(
@@ -38,7 +44,7 @@ try {
$hasNewCert = false;
}
- $certInfo = SimpleSAML\Utils\Crypto::loadPublicKey($idpmeta, true);
+ $certInfo = Crypto::loadPublicKey($idpmeta, true);
$availableCerts['idp.crt'] = $certInfo;
$keys[] = array(
'type' => 'X509Certificate',
@@ -48,7 +54,7 @@ try {
);
if ($idpmeta->hasValue('https.certificate')) {
- $httpsCert = SimpleSAML\Utils\Crypto::loadPublicKey($idpmeta, true, 'https.');
+ $httpsCert = Crypto::loadPublicKey($idpmeta, true, 'https.');
assert('isset($httpsCert["certData"])');
$availableCerts['https.crt'] = $httpsCert;
$keys[] = array(
@@ -107,17 +113,17 @@ try {
// Artifact sending enabled
$metaArray['ArtifactResolutionService'][] = array(
'index' => 0,
- 'Location' => \SimpleSAML\Utils\HTTP::getBaseURL().'saml2/idp/ArtifactResolutionService.php',
- 'Binding' => SAML2_Const::BINDING_SOAP,
+ 'Location' => HTTP::getBaseURL().'saml2/idp/ArtifactResolutionService.php',
+ 'Binding' => Constants::BINDING_SOAP,
);
}
if ($idpmeta->getBoolean('saml20.hok.assertion', false)) {
// Prepend HoK SSO Service endpoint.
array_unshift($metaArray['SingleSignOnService'], array(
- 'hoksso:ProtocolBinding' => SAML2_Const::BINDING_HTTP_REDIRECT,
- 'Binding' => SAML2_Const::BINDING_HOK_SSO,
- 'Location' => \SimpleSAML\Utils\HTTP::getBaseURL().'saml2/idp/SSOService.php'
+ 'hoksso:ProtocolBinding' => Constants::BINDING_HTTP_REDIRECT,
+ 'Binding' => Constants::BINDING_HOK_SSO,
+ 'Location' => HTTP::getBaseURL().'saml2/idp/SSOService.php'
));
}
@@ -147,7 +153,7 @@ try {
$metaArray['EntityAttributes'] = $idpmeta->getArray('EntityAttributes');
// check for entity categories
- if (SimpleSAML\Utils\Config\Metadata::isHiddenFromDiscovery($metaArray)) {
+ if (Metadata::isHiddenFromDiscovery($metaArray)) {
$metaArray['hide.from.discovery'] = true;
}
}
@@ -175,7 +181,7 @@ try {
if ($idpmeta->hasValue('contacts')) {
$contacts = $idpmeta->getArray('contacts');
foreach ($contacts as $contact) {
- $metaArray['contacts'][] = \SimpleSAML\Utils\Config\Metadata::getContact($contact);
+ $metaArray['contacts'][] = Metadata::getContact($contact);
}
}
@@ -184,7 +190,7 @@ try {
$techcontact['emailAddress'] = $technicalContactEmail;
$techcontact['name'] = $config->getString('technicalcontact_name', null);
$techcontact['contactType'] = 'technical';
- $metaArray['contacts'][] = \SimpleSAML\Utils\Config\Metadata::getContact($techcontact);
+ $metaArray['contacts'][] = Metadata::getContact($techcontact);
}
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
@@ -206,7 +212,7 @@ try {
$t->data['clipboard.js'] = true;
$t->data['available_certs'] = $availableCerts;
$t->data['header'] = 'saml20-idp';
- $t->data['metaurl'] = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery();
+ $t->data['metaurl'] = HTTP::getSelfURLNoQuery();
$t->data['metadata'] = htmlspecialchars($metaxml);
$t->data['metadataflat'] = htmlspecialchars($metaflat);
$t->data['defaultidp'] = $defaultidp;
--
GitLab