Implemented SAML 2.0 XML parsing of SAML 2.0 IdP Remote (yet untested)

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@149 44740490-163a-0410-bde0-09ae8108e29a

Implemented SAML 2.0 XML parsing of SAML 2.0 IdP Remote (yet untested)
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@149 44740490-163a-0410-bde0-09ae8108e29a
bd7d09a3 · Andreas Åkre Solberg · fed2016b · bd7d09a3 · bd7d09a3 · bd7d09a3
Commit bd7d09a3 authored 17 years ago by Andreas Åkre Solberg
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php
@@ -20,13 +20,14 @@ require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
 class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Metadata_MetaDataStorageHandler {


-	static var $cachedfiles = array();
+	private static $cachedfiles;

 	/* This constructor is included in case it is needed in the the
 	 * future. Including it now allows us to write parent::__construct() in
 	 * the subclasses of this class.
 	 */
 	protected function __construct() {
+		if (!isset($this->cachedfiles)) $this->cachedfiles = array();
 	}


@@ -57,16 +58,17 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
 		$metadatasetfile = $config->getBaseDir() . '' . 
 			$config->getValue('metadatadir') . 'xml/' . $settofile[$set] . '.xml';
 		
-		if (array_key_exists($metadatasetfile, $cachedfiles)) {
-			$metadata = self::$cachedfiles[$metadatasetfile];
+		if (array_key_exists($metadatasetfile, $this->cachedfiles)) {
+			$metadataxml = self::$cachedfiles[$metadatasetfile];
 		} else {
 			if (!file_exists($metadatasetfile)) throw new Exception('Could not find SAML 2.0 Metadata file :'. $metadatasetfile);
 		
 			// for now testing with the shib aai metadata...
 			//$metadataxml = file_get_contents("http://www.switch.ch/aai/federation/SWITCHaai/metadata.switchaai_signed.xml");
-			$metadata = file_get_contents($metadatasetfile);
+			$metadataxml = file_get_contents($metadatasetfile);
+			self::$cachedfiles[$metadatasetfile] = $metadataxml;
 		}
-
+		
 		$metadata = null;
 		switch ($set) {
 			case 'saml20-idp-remote' : $metadata = $this->getmetadata_saml20idpremote($metadataxml); break;
@@ -78,11 +80,16 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
 			case 'shib13-sp-remote' : throw new Exception('Meta data parsing for Shib 1.3 SP Remote not yet implemented.');
 			case 'shib13-sp-hosted' : throw new Exception('Meta data parsing for Shib 1.3 SP Hosted not yet implemented.');
 		}
-
 		
 		if (!is_array($metadata)) {
 			throw new Exception('Could not load metadata set [' . $set . '] from file: ' . $metadatasetfile);
 		}
+		
+		echo '<pre>';
+		print_r($metadata);
+		echo '</pre>';
+		exit();
+		
 		foreach ($metadata AS $key => $entry) { 
 			$this->metadata[$set][$key] = $entry;
 			$this->metadata[$set][$key]['entityid'] = $key;
@@ -90,7 +97,6 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
 			if (isset($entry['host'])) {
 				$this->hostmap[$set][$entry['host']] = $key;
 			}
-			
 		}

 	}
@@ -116,7 +122,24 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
 				$metadata[$entityid] = array('entityid' => $entityid);				
 				$metadata_entry = SimpleSAML_XML_Parser::fromSimpleXMLElement($idpentity);
 				
-				$metadata[$entityid]['SingleSignOnService'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:SingleSignOnService[@Binding='urn:mace:shibboleth:1.0:profiles:AuthnRequest']/@Location", true);
+				$metadata[$entityid]['SingleSignOnService'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:SingleSignOnService[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']/@Location", true);
+
+				$metadata[$entityid]['SingleLogoutService'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:SingleLogoutService[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']/@Location", true);
+				
+				$metadata[$entityid]['certFingerprint'] = SimpleSAML_Utilities::cert_fingerprint($metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate", true));
+				
+				$seek_base64 = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:base64encode']/saml2:AttributeValue");
+				$metadata[$entityid]['base64encode'] = (isset($seek_base64) ? ($seek_base64 === 'true') : false);
+				
+
+				
+				$metadata[$entityid]['name'] = $metadata_entry->getValueAlternatives(
+					array("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:name']/saml2:AttributeValue",
+					"/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:Organization/saml2meta:OrganizationDisplayName"
+					));
+					
+				$metadata[$entityid]['description'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:Extensions/saml2:Attribute[@Name='urn:mace:feide.no:simplesamlphp:description']/saml2:AttributeValue");
+												

 			} catch (Exception $e) {
 				echo 'Error reading one metadata entry: ' . $e;
@@ -125,6 +148,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
 		}
 		return $metadata;
 	}
+
 	
 	private function getmetadata_shib13idpremote($metadataxml) {
 		// Create a parser for the metadata document.

--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -101,6 +101,11 @@ class SimpleSAML_Utilities {
 		return TRUE;
 	}
 	
+	public static function cert_fingerprint($pem) {
+		$x509data = base64_decode( $pem );
+		return strtolower( sha1( $x509data ) );
+	}
+	
 	public static function generateID() {
 	
 		$length = 42;

--- a/lib/SimpleSAML/XML/Parser.php
+++ b/lib/SimpleSAML/XML/Parser.php
@@ -21,7 +21,11 @@ class SimpleSAML_XML_Parser  {
 	function __construct($xml) {
 		#parent::construct($xml);
 		$this->simplexml = new SimpleXMLElement($xml);
+		
+		$this->simplexml->registerXPathNamespace('saml2',     'urn:oasis:names:tc:SAML:2.0:assertion');
 		$this->simplexml->registerXPathNamespace('saml2meta', 'urn:oasis:names:tc:SAML:2.0:metadata');
+		$this->simplexml->registerXPathNamespace('ds',        'http://www.w3.org/2000/09/xmldsig#');
+		
 	}
 	
 	public static function fromSimpleXMLElement(SimpleXMLElement $element) {
@@ -50,6 +54,15 @@ class SimpleSAML_XML_Parser  {
 		return (string) $result[0];
 	}
 	
+	public function getValueAlternatives(array $xpath, $required = false) {
+		foreach ($xpath AS $x) {
+			$seek = $this->getValue($x);
+			if ($seek) return $seek;
+		}
+		if ($required) throw new Exception('Could not get value from XML document using multiple alternative XPath expressions.');
+			else return null;
+	}
+	
 }

 ?>
\ No newline at end of file
--- a/www/admin/metadata.php
+++ b/www/admin/metadata.php
@@ -29,6 +29,7 @@ try {
 		$metalist = $metadata->getList('saml20-sp-hosted');
 		foreach ($metalist AS $entityid => $mentry) {
 			$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
+				// TODO: UPDATE Required and optional parameter list
 				array('entityid', 'host', 'spNameQualifier', 'NameIDFormat', 'ForceAuthn'),
 				array('name', 'description')
 			);
@@ -38,6 +39,7 @@ try {
 		$metalist = $metadata->getList('saml20-idp-remote');
 		foreach ($metalist AS $entityid => $mentry) {
 			$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
+				// TODO: UPDATE Required and optional parameter list
 				array('entityid', 'host', 'spNameQualifier', 'NameIDFormat', 'ForceAuthn'),
 				array('name', 'description')
 			);
@@ -51,6 +53,7 @@ try {
 		$metalist = $metadata->getList('saml20-idp-hosted');
 		foreach ($metalist AS $entityid => $mentry) {
 			$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
+				// TODO: UPDATE Required and optional parameter list
 				array('entityid', 'host', 'spNameQualifier', 'NameIDFormat', 'ForceAuthn'),
 				array('name', 'description')
 			);
@@ -60,6 +63,7 @@ try {
 		$metalist = $metadata->getList('saml20-sp-remote');
 		foreach ($metalist AS $entityid => $mentry) {
 			$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
+				// TODO: UPDATE Required and optional parameter list
 				array('entityid', 'host', 'spNameQualifier', 'NameIDFormat', 'ForceAuthn'),
 				array('name', 'description')
 			);