SAML2_AuthnRequest: Support for RequestedAuthnContext.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1983 44740490-163a-0410-bde0-09ae8108e29a

lib/SAML2/AuthnRequest.php

@@ -53,6 +53,18 @@ class SAML2_AuthnRequest extends SAML2_Request {
 	private $protocolBinding;
 
 
+	/**
+	 * What authentication context was requested.
+	 *
+	 * Array with the following elements.
+	 * - AuthnContextClassRef (required)
+	 * - Comparison (optinal)
+	 *
+	 * @var array
+	 */
+	private $requestedAuthnContext;
+
+
 	/**
 	 * Constructor for SAML 2 authentication request messages.
 	 *
@@ -94,7 +106,28 @@ class SAML2_AuthnRequest extends SAML2_Request {
 				$this->nameIdPolicy['AllowCreate'] = SAML2_Utils::parseBoolean($nameIdPolicy, 'AllowCreate', FALSE);
 			}
 		}
-		
+
+		$requestedAuthnContext = SAML2_Utils::xpQuery($xml, './saml_protocol:RequestedAuthnContext');
+		if (!empty($requestedAuthnContext)) {
+			$requestedAuthnContext = $requestedAuthnContext[0];
+
+			$rac = array(
+				'AuthnContextClassRef' => array(),
+				'Comparison' => 'exact',
+			);
+
+			$accr = SAML2_Utils::xpQuery($requestedAuthnContext, './saml_assertion:AuthnContextClassRef');
+			foreach ($accr as $i) {
+				$rac['AuthnContextClassRef'][] = trim($i->textContent);
+			}
+
+			if ($requestedAuthnContext->hasAttribute('Comparison')) {
+				$rac['Comparison'] = $requestedAuthnContext->getAttribute('Comparison');
+			}
+
+			$this->requestedAuthnContext = $rac;
+		}
+
 		$idpEntries = SAML2_Utils::xpQuery($xml, './saml_protocol:Scoping/saml_protocol:IDPList/saml_protocol:IDPEntry');
 
 		foreach($idpEntries as $idpEntry) {
@@ -246,6 +279,28 @@ class SAML2_AuthnRequest extends SAML2_Request {
 	}
 
 
+	/**
+	 * Retrieve the RequestedAuthnContext.
+	 *
+	 * @return array|NULL  The RequestedAuthnContext.
+	 */
+	public function getRequestedAuthnContext() {
+		return $this->requestedAuthnContext;
+	}
+
+
+	/**
+	 * Set the RequestedAuthnContext.
+	 *
+	 * @param array|NULL $requestedAuthnContext  The RequestedAuthnContext.
+	 */
+	public function setRequestedAuthnContext($requestedAuthnContext) {
+		assert('is_array($requestedAuthnContext) || is_null($requestedAuthnContext)');
+
+		$this->requestedAuthnContext = $requestedAuthnContext;
+	}
+
+
 	/**
 	 * Convert this authentication request to an XML element.
 	 *
@@ -285,6 +340,20 @@ class SAML2_AuthnRequest extends SAML2_Request {
 			$root->appendChild($nameIdPolicy);
 		}
 
+		$rac = $this->requestedAuthnContext;
+		if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
+			$e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext');
+			$root->appendChild($e);
+			if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') {
+				$e->setAttribute('Comparison', $rac['Comparison']);
+			}
+			foreach ($rac['AuthnContextClassRef'] as $accr) {
+				$i = $this->document->createElementNS(SAML2_Const::NS_SAML, 'AuthnContextClassRef');
+				$i->appendChild($this->document->createTextNode($accr));
+				$e->appendChild($i);
+			}
+		}
+
 		if (count($this->IDPList) > 0) {
 			$scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping');
 			$idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList');