diff --git a/modules/metarefresh/bin/metarefresh.php b/modules/metarefresh/bin/metarefresh.php
new file mode 100755
index 0000000000000000000000000000000000000000..1967c912c9e14c4513e743d4b5d0cb57d9562fa8
--- /dev/null
+++ b/modules/metarefresh/bin/metarefresh.php
@@ -0,0 +1,166 @@
+#!/usr/bin/env php
+<?php
+
+/*
+ * This script can be used to generate metadata for simpleSAMLphp
+ * based on an XML metadata file.
+ */
+
+
+/* This is the base directory of the simpleSAMLphp installation. */
+$baseDir = dirname(dirname(dirname(dirname(__FILE__))));
+
+/* Add library autoloader. */
+require_once($baseDir . '/lib/_autoload.php');
+
+/* Initialize the configuration. */
+SimpleSAML_Configuration::init($baseDir . '/config');
+
+/* $outputDir contains the directory we will store the generated metadata in. */
+$outputDir = $baseDir . '/metadata-generated';
+
+
+/* $toStdOut is a boolean telling us wheter we will print the output to stdout instead
+ * of writing it to files in $outputDir.
+ */
+$toStdOut = FALSE;
+
+/* $validateFingerprint contains the fingerprint of the certificate which should have been used
+ * to sign the EntityDescriptor in the metadata, or NULL if fingerprint validation shouldn't be
+ * done.
+ */
+$validateFingerprint = NULL;
+
+/* $CA contains a path to a PEM file with certificates which are trusted,
+ * or NULL if we don't want to verify certificates this way.
+ */
+$ca = NULL;
+
+/* This variable contains the files we will parse. */
+$files = array();
+
+/* Parse arguments. */
+
+$progName = array_shift($argv);
+
+foreach($argv as $a) {
+ if(strlen($a) === 0) {
+ continue;
+ }
+
+ if($a[0] !== '-') {
+ /* Not an option. Assume that it is a file we should parse. */
+ $files[] = $a;
+ continue;
+ }
+
+ if(strpos($a, '=') !== FALSE) {
+ $p = strpos($a, '=');
+ $v = substr($a, $p + 1);
+ $a = substr($a, 0, $p);
+ } else {
+ $v = NULL;
+ }
+
+ /* Map short options to long options. */
+ $shortOptMap = array(
+ '-h' => '--help',
+ '-o' => '--out-dir',
+ '-s' => '--stdout',
+ );
+ if(array_key_exists($a, $shortOptMap)) {
+ $a = $shortOptMap[$a];
+ }
+
+ switch($a) {
+ case '--validate-fingerprint':
+ if($v === NULL || strlen($v) === 0) {
+ echo('The --validate-fingerprint option requires an parameter.' . "\n");
+ echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
+ exit(1);
+ }
+ $validateFingerprint = $v;
+ break;
+ case '--ca':
+ if($v === NULL || strlen($v) === 0) {
+ echo('The --ca option requires an parameter.' . "\n");
+ echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
+ exit(1);
+ }
+ $ca = $v;
+ break;
+ case '--help':
+ printHelp();
+ exit(0);
+ case '--out-dir':
+ if($v === NULL || strlen($v) === 0) {
+ echo('The --out-dir option requires an parameter.' . "\n");
+ echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
+ exit(1);
+ }
+ $outputDir = $baseDir . $v;
+ break;
+ case '--stdout':
+ $toStdOut = TRUE;
+ break;
+ default:
+ echo('Unknown option: ' . $a . "\n");
+ echo('Please run `' . $progName . ' --help` for usage information.' . "\n");
+ exit(1);
+ }
+}
+
+if(count($files) === 0) {
+ echo($progName . ': Missing input files. Please run `' . $progName . ' --help` for usage information.' . "\n");
+ exit(1);
+}
+
+
+
+
+/* The metadata global variable will be filled with the metadata we extract. */
+$metaloader = new sspmod_metarefresh_MetaLoader();
+
+foreach($files as $f) {
+ $metaloader->loadSource($f);
+}
+
+if($toStdOut) {
+ $metaloader->dumpMetadataStdOut();
+} else {
+ $metaloader->writeMetadataFiles($outputDir);
+}
+
+exit(0);
+
+/**
+ * This function prints the help output.
+ */
+function printHelp() {
+ global $progName;
+
+ /* '======================================================================' */
+ echo('Usage: ' . $progName . ' [options] [files]' . "\n");
+ echo("\n");
+ echo('This program parses a SAML metadata files and output pieces that can' . "\n");
+ echo('be added to the metadata files in metadata/.' . "\n");
+ echo("\n");
+ echo('Options:' . "\n");
+ echo(' --validate-fingerprint=<FINGERPRINT>' . "\n");
+ echo(' Check the signature of the metadata,' . "\n");
+ echo(' and check the fingerprint of the' . "\n");
+ echo(' certificate against <FINGERPRINT>.' . "\n");
+ echo(' --ca=<PEM file> Use the given PEM file as a source of' . "\n");
+ echo(' trusted root certificates.' . "\n");
+ echo(' -h, --help Print this help.' . "\n");
+ echo(' -o=<DIR>, --out-dir=<DIR> Write the output to this directory. The' . "\n");
+ echo(' default directory is metadata-generated/' . "\n");
+ echo(' -s, --stdout Write the output to stdout instead of' . "\n");
+ echo(' seperate files in the output directory.' . "\n");
+ echo("\n");
+}
+
+
+
+
+
diff --git a/modules/metarefresh/config-templates/config-metarefresh.php b/modules/metarefresh/config-templates/config-metarefresh.php
new file mode 100644
index 0000000000000000000000000000000000000000..a7d8869e77a4225b56fdfa35f9155ab4519146e8
--- /dev/null
+++ b/modules/metarefresh/config-templates/config-metarefresh.php
@@ -0,0 +1,23 @@
+<?php
+
+$config = array(
+
+ 'kalmar' => array(
+ 'cron' => array('hourly'),
+ 'sources' => array(
+ array(
+ 'src' => 'https://aitta.funet.fi/haka/haka_test_metadata_signed.xml',
+ 'certFingerprint' => '22:1D:EA:E3:2C:EB:A3:2D:78:72:B6:F4:E9:52:F6:23:31:5A:A5:3D',
+ 'template' => array(
+ 'tags' => array('kalmar'),
+ ),
+ ),
+ ),
+ 'maxCache' => 60*60*24*4, // Maximum 4 days cache time.
+ 'maxDuration' => 60*60*24*10, // Maximum 10 days duration on ValidUntil.
+ 'outputDir' => 'metadata/metadata-kalmar-consuming/',
+ ),
+
+);
+
+?>
\ No newline at end of file
diff --git a/modules/metarefresh/default-disable b/modules/metarefresh/default-disable
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
new file mode 100644
index 0000000000000000000000000000000000000000..8d7b67df79b9a6111c56c2627c55941922d59ce4
--- /dev/null
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -0,0 +1,169 @@
+<?php
+/*
+ * @author Andreas Ă…kre Solberg <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_metarefresh_MetaLoader {
+
+
+ private $metadata;
+
+ private $maxcache;
+ private $maxduration;
+
+ /**
+ * Constructor
+ *
+ * @param array $sources Sources...
+ * @param
+ */
+ public function __construct($maxcache = NULL, $maxduration = NULL) {
+ $this->maxcache = $maxcache;
+ $this->maxduration = $maxduration;
+
+ $this->metadata = array();
+ }
+
+ /**
+ * This function processes a SAML metadata file.
+ *
+ * @param $src Filename of the metadata file.
+ */
+ public function loadSource($src, $validateFingerprint = NULL, $template = NULL) {
+
+ $entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile($src);
+
+ foreach($entities as $entity) {
+ if($validateFingerprint !== NULL) {
+ if(!$entity->validateFingerprint($validateFingerprint)) {
+ echo('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n");
+ continue;
+ }
+ }
+
+ if($ca !== NULL) {
+ if(!$entity->validateCA($ca)) {
+ echo('Skipping "' . $entity->getEntityId() . '" - could not verify certificate.' . "\n");
+ continue;
+ }
+ }
+
+ $this->addMetadata($src, $entity->getMetadata1xSP(), 'shib13-sp-remote');
+ $this->addMetadata($src, $entity->getMetadata1xIdP(), 'shib13-idp-remote');
+ $this->addMetadata($src, $entity->getMetadata20SP(), 'saml20-sp-remote');
+ $this->addMetadata($src, $entity->getMetadata20IdP(), 'saml20-idp-remote');
+ }
+ }
+
+
+
+ /**
+ * This function writes the metadata to stdout.
+ */
+ public function dumpMetadataStdOut() {
+
+ foreach($this->metadata as $category => $elements) {
+
+ echo('/* The following data should be added to metadata/' . $category . '.php. */' . "\n");
+
+
+ foreach($elements as $m) {
+ $filename = $m['filename'];
+ $entityID = $m['metadata']['entityid'];
+
+ echo("\n");
+ echo('/* The following metadata was generated from ' . $filename . ' on ' . $this->getTime() . '. */' . "\n");
+ echo('$metadata[\'' . addslashes($entityID) . '\'] = ' . var_export($m['metadata'], TRUE) . ';' . "\n");
+ }
+
+
+ echo("\n");
+ echo('/* End of data which should be added to metadata/' . $category . '.php. */' . "\n");
+ echo("\n");
+ }
+ }
+
+
+
+
+ /**
+ * This function adds metadata from the specified file to the list of metadata.
+ * This function will return without making any changes if $metadata is NULL.
+ *
+ * @param $filename The filename the metadata comes from.
+ * @param $metadata The metadata.
+ * @param $type The metadata type.
+ */
+ private function addMetadata($filename, $metadata, $type) {
+
+ if($metadata === NULL) {
+ return;
+ }
+
+ if(!array_key_exists($type, $this->metadata)) {
+ $this->metadata[$type] = array();
+ }
+
+ $this->metadata[$type][] = array('filename' => $filename, 'metadata' => $metadata);
+ }
+
+
+
+
+
+ /**
+ * This function writes the metadata to to separate files in the output directory.
+ */
+ function writeMetadataFiles($outputDir) {
+
+ while(strlen($outputDir) > 0 && $outputDir[strlen($outputDir) - 1] === '/') {
+ $outputDir = substr($outputDir, 0, strlen($outputDir) - 1);
+ }
+
+ if(!file_exists($outputDir)) {
+ echo('Creating directory: ' . $outputDir . "\n");
+ mkdir($outputDir, 0777, TRUE);
+ }
+
+ foreach($this->metadata as $category => $elements) {
+
+ $filename = $outputDir . '/' . $category . '.php';
+
+ echo('Writing: ' . $filename . "\n");
+
+ $fh = fopen($filename, 'w');
+ if($fh === FALSE) {
+ echo('Failed to open file for writing: ' . $filename . "\n");
+ exit(1);
+ }
+
+ fwrite($fh, '<?php' . "\n");
+
+ foreach($elements as $m) {
+ $filename = $m['filename'];
+ $entityID = $m['metadata']['entityid'];
+
+ fwrite($fh, "\n");
+ fwrite($fh, '/* The following metadata was generated from ' . $filename . ' on ' . $this->getTime() . '. */' . "\n");
+ fwrite($fh, '$metadata[\'' . addslashes($entityID) . '\'] = ' . var_export($m['metadata'], TRUE) . ';' . "\n");
+ }
+
+
+ fwrite($fh, "\n");
+ fwrite($fh, '?>');
+
+ fclose($fh);
+ }
+ }
+
+ private function getTime() {
+ /* The current date, as a string. */
+ date_default_timezone_set('UTC');
+ $when = date('Y-m-d\\TH:i:s\\Z');
+ return $when;
+ }
+
+}
+
+?>
\ No newline at end of file