Skip to content
Snippets Groups Projects
Commit cf95fc79 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Checking in a module to download metadata from HTTP and storing in local... 

Checking in a module to download metadata from HTTP and storing in local format. Replacing parseMetadata.php. Next step is to implement a cron hook

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1030 44740490-163a-0410-bde0-09ae8108e29a
parent 3a5ad3b8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/metarefresh/bin/metarefresh.php 0 → 100755
+ 166
0
View file @ cf95fc79
#!/usr/bin/env php
<?php
/*
* This script can be used to generate metadata for simpleSAMLphp
* based on an XML metadata file.
*/
/* This is the base directory of the simpleSAMLphp installation. */
$baseDir = dirname(dirname(dirname(dirname(__FILE__))));
/* Add library autoloader. */
require_once($baseDir . '/lib/_autoload.php');
/* Initialize the configuration. */
SimpleSAML_Configuration::init($baseDir . '/config');
/* $outputDir contains the directory we will store the generated metadata in. */
$outputDir = $baseDir . '/metadata-generated';
/* $toStdOut is a boolean telling us wheter we will print the output to stdout instead
* of writing it to files in $outputDir.
*/
$toStdOut = FALSE;
/* $validateFingerprint contains the fingerprint of the certificate which should have been used
* to sign the EntityDescriptor in the metadata, or NULL if fingerprint validation shouldn't be
* done.
*/
$validateFingerprint = NULL;
/* $CA contains a path to a PEM file with certificates which are trusted,
* or NULL if we don't want to verify certificates this way.
*/
$ca = NULL;
/* This variable contains the files we will parse. */
$files = array();
/* Parse arguments. */
$progName = array_shift($argv);
foreach($argv as $a) {
if(strlen($a) === 0) {
continue;
}
if($a[0] !== '-') {
/* Not an option. Assume that it is a file we should parse. */
$files[] = $a;
continue;
}
if(strpos($a, '=') !== FALSE) {
$p = strpos($a, '=');
$v = substr($a, $p + 1);
$a = substr($a, 0, $p);
} else {
$v = NULL;
}
/* Map short options to long options. */
$shortOptMap = array(
'-h' => '--help',
'-o' => '--out-dir',
'-s' => '--stdout',
);
if(array_key_exists($a, $shortOptMap)) {
$a = $shortOptMap[$a];
}
switch($a) {
case '--validate-fingerprint':
if($v === NULL || strlen($v) === 0) {
echo('The --validate-fingerprint option requires an parameter.' . "\n");
echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
exit(1);
}
$validateFingerprint = $v;
break;
case '--ca':
if($v === NULL || strlen($v) === 0) {
echo('The --ca option requires an parameter.' . "\n");
echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
exit(1);
}
$ca = $v;
break;
case '--help':
printHelp();
exit(0);
case '--out-dir':
if($v === NULL || strlen($v) === 0) {
echo('The --out-dir option requires an parameter.' . "\n");
echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
exit(1);
}
$outputDir = $baseDir . $v;
break;
case '--stdout':
$toStdOut = TRUE;
break;
default:
echo('Unknown option: ' . $a . "\n");
echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
exit(1);
}
}
if(count($files) === 0) {
echo($progName . ': Missing input files. Please run `' . $progName . ' --help` for usage information.' . "\n");
exit(1);
}
/* The metadata global variable will be filled with the metadata we extract. */
$metaloader = new sspmod_metarefresh_MetaLoader();
foreach($files as $f) {
$metaloader->loadSource($f);
}
if($toStdOut) {
$metaloader->dumpMetadataStdOut();
} else {
$metaloader->writeMetadataFiles($outputDir);
}
exit(0);
/**
* This function prints the help output.
*/
function printHelp() {
global $progName;
/* '======================================================================' */
echo('Usage: ' . $progName . ' [options] [files]' . "\n");
echo("\n");
echo('This program parses a SAML metadata files and output pieces that can' . "\n");
echo('be added to the metadata files in metadata/.' . "\n");
echo("\n");
echo('Options:' . "\n");
echo(' --validate-fingerprint=<FINGERPRINT>' . "\n");
echo(' Check the signature of the metadata,' . "\n");
echo(' and check the fingerprint of the' . "\n");
echo(' certificate against <FINGERPRINT>.' . "\n");
echo(' --ca=<PEM file> Use the given PEM file as a source of' . "\n");
echo(' trusted root certificates.' . "\n");
echo(' -h, --help Print this help.' . "\n");
echo(' -o=<DIR>, --out-dir=<DIR> Write the output to this directory. The' . "\n");
echo(' default directory is metadata-generated/' . "\n");
echo(' -s, --stdout Write the output to stdout instead of' . "\n");
echo(' seperate files in the output directory.' . "\n");
echo("\n");
}
modules/metarefresh/config-templates/config-metarefresh.php 0 → 100644
+ 23
0
View file @ cf95fc79
<?php
$config = array(
'kalmar' => array(
'cron' => array('hourly'),
'sources' => array(
array(
'src' => 'https://aitta.funet.fi/haka/haka_test_metadata_signed.xml',
'certFingerprint' => '22:1D:EA:E3:2C:EB:A3:2D:78:72:B6:F4:E9:52:F6:23:31:5A:A5:3D',
'template' => array(
'tags' => array('kalmar'),
),
),
),
'maxCache' => 60*60*24*4, // Maximum 4 days cache time.
'maxDuration' => 60*60*24*10, // Maximum 10 days duration on ValidUntil.
'outputDir' => 'metadata/metadata-kalmar-consuming/',
),
);
?>
\ No newline at end of file
modules/metarefresh/default-disable 0 → 100644
+ 0
0
View file @ cf95fc79
modules/metarefresh/lib/MetaLoader.php 0 → 100644
+ 169
0
View file @ cf95fc79
<?php
/*
* @author Andreas Åkre Solberg <andreas.solberg@uninett.no>
* @package simpleSAMLphp
* @version $Id$
*/
class sspmod_metarefresh_MetaLoader {
private $metadata;
private $maxcache;
private $maxduration;
/**
* Constructor
*
* @param array $sources Sources...
* @param
*/
public function __construct($maxcache = NULL, $maxduration = NULL) {
$this->maxcache = $maxcache;
$this->maxduration = $maxduration;
$this->metadata = array();
}
/**
* This function processes a SAML metadata file.
*
* @param $src Filename of the metadata file.
*/
public function loadSource($src, $validateFingerprint = NULL, $template = NULL) {
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile($src);
foreach($entities as $entity) {
if($validateFingerprint !== NULL) {
if(!$entity->validateFingerprint($validateFingerprint)) {
echo('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n");
continue;
}
}
if($ca !== NULL) {
if(!$entity->validateCA($ca)) {
echo('Skipping "' . $entity->getEntityId() . '" - could not verify certificate.' . "\n");
continue;
}
}
$this->addMetadata($src, $entity->getMetadata1xSP(), 'shib13-sp-remote');
$this->addMetadata($src, $entity->getMetadata1xIdP(), 'shib13-idp-remote');
$this->addMetadata($src, $entity->getMetadata20SP(), 'saml20-sp-remote');
$this->addMetadata($src, $entity->getMetadata20IdP(), 'saml20-idp-remote');
}
}
/**
* This function writes the metadata to stdout.
*/
public function dumpMetadataStdOut() {
foreach($this->metadata as $category => $elements) {
echo('/* The following data should be added to metadata/' . $category . '.php. */' . "\n");
foreach($elements as $m) {
$filename = $m['filename'];
$entityID = $m['metadata']['entityid'];
echo("\n");
echo('/* The following metadata was generated from ' . $filename . ' on ' . $this->getTime() . '. */' . "\n");
echo('$metadata[\'' . addslashes($entityID) . '\'] = ' . var_export($m['metadata'], TRUE) . ';' . "\n");
}
echo("\n");
echo('/* End of data which should be added to metadata/' . $category . '.php. */' . "\n");
echo("\n");
}
}
/**
* This function adds metadata from the specified file to the list of metadata.
* This function will return without making any changes if $metadata is NULL.
*
* @param $filename The filename the metadata comes from.
* @param $metadata The metadata.
* @param $type The metadata type.
*/
private function addMetadata($filename, $metadata, $type) {
if($metadata === NULL) {
return;
}
if(!array_key_exists($type, $this->metadata)) {
$this->metadata[$type] = array();
}
$this->metadata[$type][] = array('filename' => $filename, 'metadata' => $metadata);
}
/**
* This function writes the metadata to to separate files in the output directory.
*/
function writeMetadataFiles($outputDir) {
while(strlen($outputDir) > 0 && $outputDir[strlen($outputDir) - 1] === '/') {
$outputDir = substr($outputDir, 0, strlen($outputDir) - 1);
}
if(!file_exists($outputDir)) {
echo('Creating directory: ' . $outputDir . "\n");
mkdir($outputDir, 0777, TRUE);
}
foreach($this->metadata as $category => $elements) {
$filename = $outputDir . '/' . $category . '.php';
echo('Writing: ' . $filename . "\n");
$fh = fopen($filename, 'w');
if($fh === FALSE) {
echo('Failed to open file for writing: ' . $filename . "\n");
exit(1);
}
fwrite($fh, '<?php' . "\n");
foreach($elements as $m) {
$filename = $m['filename'];
$entityID = $m['metadata']['entityid'];
fwrite($fh, "\n");
fwrite($fh, '/* The following metadata was generated from ' . $filename . ' on ' . $this->getTime() . '. */' . "\n");
fwrite($fh, '$metadata[\'' . addslashes($entityID) . '\'] = ' . var_export($m['metadata'], TRUE) . ';' . "\n");
}
fwrite($fh, "\n");
fwrite($fh, '?>');
fclose($fh);
}
}
private function getTime() {
/* The current date, as a string. */
date_default_timezone_set('UTC');
$when = date('Y-m-d\\TH:i:s\\Z');
return $when;
}
}
?>
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment