diff --git a/lib/SimpleSAML/Auth/AuthenticationFactory.php b/lib/SimpleSAML/Auth/AuthenticationFactory.php
index 7335bc2d5643ba76e6d76c5a524ce9af444fe53c..25dc18307d22f0494d4bf7b527e88aafab6eb34e 100644
--- a/lib/SimpleSAML/Auth/AuthenticationFactory.php
+++ b/lib/SimpleSAML/Auth/AuthenticationFactory.php
@@ -2,12 +2,14 @@
namespace SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\Session;
+
/**
* Factory class to get instances of \SimpleSAML\Auth\Simple for a given authentication source.
*/
class AuthenticationFactory
{
-
/** @var \SimpleSAML\Configuration */
protected $config;
@@ -15,7 +17,7 @@ class AuthenticationFactory
protected $session;
- public function __construct(\SimpleSAML\Configuration $config, \SimpleSAML\Session $session)
+ public function __construct(Configuration $config, Session $session)
{
$this->config = $config;
$this->session = $session;
@@ -34,4 +36,4 @@ class AuthenticationFactory
{
return new Simple($as, $this->config, $this->session);
}
-}
\ No newline at end of file
+}
diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php
index eb6ef0479d051bd68b9a34c14a789112c46e7ec6..7379c3d99312eca58403828cb2629ebbba2207f3 100644
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Auth;
+use SimpleSAML\Module\saml\Auth\Source\SP;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+
/**
* Implements the default behaviour for authentication.
*
@@ -70,7 +74,7 @@ class DefaultAuth
assert(is_string($returnURL));
assert(is_string($authority));
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$state = $session->getAuthData($authority, 'LogoutState');
$session->doLogout($authority);
@@ -101,7 +105,7 @@ class DefaultAuth
self::initLogoutReturn($returnURL, $authority);
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($returnURL);
+ Utils\HTTP::redirectTrustedURL($returnURL);
}
@@ -115,7 +119,7 @@ class DefaultAuth
assert(is_array($state));
assert(array_key_exists('\SimpleSAML\Auth\DefaultAuth.ReturnURL', $state));
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($state['\SimpleSAML\Auth\DefaultAuth.ReturnURL']);
+ Utils\HTTP::redirectTrustedURL($state['\SimpleSAML\Auth\DefaultAuth.ReturnURL']);
}
@@ -140,7 +144,7 @@ class DefaultAuth
*/
public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
{
- \SimpleSAML\Module\saml\Auth\Source\SP::handleUnsolicitedAuth($authId, $state, $redirectTo);
+ SP::handleUnsolicitedAuth($authId, $state, $redirectTo);
}
diff --git a/lib/SimpleSAML/Auth/ProcessingChain.php b/lib/SimpleSAML/Auth/ProcessingChain.php
index e2ba6aa07cdff4af663eeb45628669919f1d1988..e07fc25349caf30bd9bab665305bf2db8a54985a 100644
--- a/lib/SimpleSAML/Auth/ProcessingChain.php
+++ b/lib/SimpleSAML/Auth/ProcessingChain.php
@@ -2,6 +2,12 @@
namespace SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
+
/**
* Class for implementing authentication processing chains for IdPs.
*
@@ -55,7 +61,7 @@ class ProcessingChain
$this->filters = [];
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$configauthproc = $config->getArray('authproc.'.$mode, null);
if (!empty($configauthproc)) {
@@ -73,7 +79,7 @@ class ProcessingChain
self::addFilters($this->filters, $spFilters);
}
- \SimpleSAML\Logger::debug('Filter config for '.$idpMetadata['entityid'].'->'.
+ Logger::debug('Filter config for '.$idpMetadata['entityid'].'->'.
$spMetadata['entityid'].': '.str_replace("\n", '', var_export($this->filters, true)));
}
@@ -153,7 +159,7 @@ class ProcessingChain
throw new \Exception('Authentication processing filter without name given.');
}
- $className = \SimpleSAML\Module::resolveClass(
+ $className = Module::resolveClass(
$config['class'],
'Auth\Process',
'\SimpleSAML\Auth\ProcessingFilter'
@@ -206,7 +212,7 @@ class ProcessingChain
$filter = array_shift($state[self::FILTERS_INDEX]);
$filter->process($state);
}
- } catch (\SimpleSAML\Error\Exception $e) {
+ } catch (Error\Exception $e) {
// No need to convert the exception
throw $e;
} catch (\Exception $e) {
@@ -214,7 +220,7 @@ class ProcessingChain
* To be consistent with the exception we return after an redirect,
* we convert this exception before returning it.
*/
- throw new \SimpleSAML\Error\UnserializableException($e);
+ throw new Error\UnserializableException($e);
}
// Completed
@@ -241,10 +247,10 @@ class ProcessingChain
$filter = array_shift($state[self::FILTERS_INDEX]);
try {
$filter->process($state);
- } catch (\SimpleSAML\Error\Exception $e) {
+ } catch (Error\Exception $e) {
State::throwException($state, $e);
} catch (\Exception $e) {
- $e = new \SimpleSAML\Error\UnserializableException($e);
+ $e = new Error\UnserializableException($e);
State::throwException($state, $e);
}
}
@@ -261,7 +267,7 @@ class ProcessingChain
* in $state['ReturnURL'].
*/
$id = State::saveState($state, self::COMPLETED_STAGE);
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($state['ReturnURL'], [self::AUTHPARAM => $id]);
+ Utils\HTTP::redirectTrustedURL($state['ReturnURL'], [self::AUTHPARAM => $id]);
} else {
/* Pass the state to the function defined in $state['ReturnCall']. */
@@ -309,10 +315,10 @@ class ProcessingChain
$filter = array_shift($state[self::FILTERS_INDEX]);
try {
$filter->process($state);
- } catch (\SimpleSAML\Error\NoPassive $e) {
+ } catch (Error\NoPassive $e) {
// @deprecated will be removed in 2.0
// Ignore \SimpleSAML\Error\NoPassive exceptions
- } catch (\SimpleSAML\Module\saml\Error\NoPassive $e) {
+ } catch (Module\saml\Error\NoPassive $e) {
// Ignore \SimpleSAML\Module\saml\Error\NoPassive exceptions
}
}
@@ -345,10 +351,10 @@ class ProcessingChain
if (isset($state['Destination']['userid.attribute'])) {
$attributeName = $state['Destination']['userid.attribute'];
- \SimpleSAML\Logger::debug("The 'userid.attribute' option has been deprecated.");
+ Logger::debug("The 'userid.attribute' option has been deprecated.");
} elseif (isset($state['Source']['userid.attribute'])) {
$attributeName = $state['Source']['userid.attribute'];
- \SimpleSAML\Logger::debug("The 'userid.attribute' option has been deprecated.");
+ Logger::debug("The 'userid.attribute' option has been deprecated.");
} else {
// Default attribute
$attributeName = 'eduPersonPrincipalName';
@@ -360,12 +366,12 @@ class ProcessingChain
$uid = $state['Attributes'][$attributeName];
if (count($uid) === 0) {
- \SimpleSAML\Logger::warning('Empty user id attribute ['.$attributeName.'].');
+ Logger::warning('Empty user id attribute ['.$attributeName.'].');
return;
}
if (count($uid) > 1) {
- \SimpleSAML\Logger::warning('Multiple attribute values for user id attribute ['.$attributeName.'].');
+ Logger::warning('Multiple attribute values for user id attribute ['.$attributeName.'].');
return;
}
@@ -373,7 +379,7 @@ class ProcessingChain
$uid = $uid[0];
if (empty($uid)) {
- \SimpleSAML\Logger::warning('Empty value in attribute '.$attributeName.". on user. Cannot set UserID.");
+ Logger::warning('Empty value in attribute '.$attributeName.". on user. Cannot set UserID.");
return;
}
$state['UserID'] = $uid;
diff --git a/lib/SimpleSAML/Auth/Simple.php b/lib/SimpleSAML/Auth/Simple.php
index 927418261878eb50ff2a0a0c96019a9da2f7913a..769c0ab55230ed6eadf7637aec97ae10ef03e1ef 100644
--- a/lib/SimpleSAML/Auth/Simple.php
+++ b/lib/SimpleSAML/Auth/Simple.php
@@ -3,10 +3,10 @@
namespace SimpleSAML\Auth;
use \SimpleSAML\Configuration;
-use \SimpleSAML\Error\AuthSource as AuthSourceError;
+use \SimpleSAML\Error;
use \SimpleSAML\Module;
use \SimpleSAML\Session;
-use \SimpleSAML\Utils\HTTP;
+use \SimpleSAML\Utils;
/**
* Helper class for simple authentication applications.
@@ -65,7 +65,7 @@ class Simple
{
$as = Source::getById($this->authSource);
if ($as === null) {
- throw new AuthSourceError($this->authSource, 'Unknown authentication source.');
+ throw new Error\AuthSource($this->authSource, 'Unknown authentication source.');
}
return $as;
}
@@ -139,12 +139,12 @@ class Simple
if (array_key_exists('ReturnCallback', $params)) {
$returnTo = (array) $params['ReturnCallback'];
} else {
- $returnTo = HTTP::getSelfURL();
+ $returnTo = Utils\HTTP::getSelfURL();
}
}
if (is_string($returnTo) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
- $returnTo = HTTP::getPOSTRedirectURL($returnTo, $_POST);
+ $returnTo = Utils\HTTP::getPOSTRedirectURL($returnTo, $_POST);
}
if (array_key_exists('ErrorURL', $params)) {
@@ -190,7 +190,7 @@ class Simple
assert(is_array($params) || is_string($params) || $params === null);
if ($params === null) {
- $params = HTTP::getSelfURL();
+ $params = Utils\HTTP::getSelfURL();
}
if (is_string($params)) {
@@ -249,7 +249,7 @@ class Simple
$stateID = State::saveState($state, $state['ReturnStateStage']);
$params[$state['ReturnStateParam']] = $stateID;
}
- HTTP::redirectTrustedURL($state['ReturnTo'], $params);
+ Utils\HTTP::redirectTrustedURL($state['ReturnTo'], $params);
}
}
@@ -321,7 +321,7 @@ class Simple
assert($returnTo === null || is_string($returnTo));
if ($returnTo === null) {
- $returnTo = HTTP::getSelfURL();
+ $returnTo = Utils\HTTP::getSelfURL();
}
$login = Module::getModuleURL('core/as_login.php', [
@@ -346,7 +346,7 @@ class Simple
assert($returnTo === null || is_string($returnTo));
if ($returnTo === null) {
- $returnTo = HTTP::getSelfURL();
+ $returnTo = Utils\HTTP::getSelfURL();
}
$logout = Module::getModuleURL('core/as_logout.php', [
@@ -371,15 +371,15 @@ class Simple
protected function getProcessedURL($url = null)
{
if ($url === null) {
- $url = HTTP::getSelfURL();
+ $url = Utils\HTTP::getSelfURL();
}
$scheme = parse_url($url, PHP_URL_SCHEME);
- $host = parse_url($url, PHP_URL_HOST) ? : HTTP::getSelfHost();
+ $host = parse_url($url, PHP_URL_HOST) ? : Utils\HTTP::getSelfHost();
$port = parse_url($url, PHP_URL_PORT) ? : (
- $scheme ? '' : trim(HTTP::getServerPort(), ':')
+ $scheme ? '' : trim(Utils\HTTP::getServerPort(), ':')
);
- $scheme = $scheme ? : (HTTP::getServerHTTPS() ? 'https' : 'http');
+ $scheme = $scheme ? : (Utils\HTTP::getServerHTTPS() ? 'https' : 'http');
$path = parse_url($url, PHP_URL_PATH) ? : '/';
$query = parse_url($url, PHP_URL_QUERY) ? : '';
$fragment = parse_url($url, PHP_URL_FRAGMENT) ? : '';
diff --git a/lib/SimpleSAML/Auth/Source.php b/lib/SimpleSAML/Auth/Source.php
index 6bf02b352675e9bd26da3b8d47969e5f4980d47c..3327103d6fe11baf08d36b46be36924c73f2478c 100644
--- a/lib/SimpleSAML/Auth/Source.php
+++ b/lib/SimpleSAML/Auth/Source.php
@@ -2,6 +2,13 @@
namespace SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+
/**
* This class defines a base class for authentication source.
*
@@ -53,7 +60,7 @@ abstract class Source
{
assert(is_string($type));
- $config = \SimpleSAML\Configuration::getConfig('authsources.php');
+ $config = Configuration::getConfig('authsources.php');
$ret = [];
@@ -117,7 +124,7 @@ abstract class Source
assert(isset($state['ReturnCallback']));
// the default implementation just copies over the previous authentication data
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$data = $session->getAuthState($this->authId);
foreach ($data as $k => $v) {
$state[$k] = $v;
@@ -195,10 +202,10 @@ abstract class Source
try {
$this->authenticate($state);
- } catch (\SimpleSAML\Error\Exception $e) {
+ } catch (Error\Exception $e) {
State::throwException($state, $e);
} catch (\Exception $e) {
- $e = new \SimpleSAML\Error\UnserializableException($e);
+ $e = new Error\UnserializableException($e);
State::throwException($state, $e);
}
self::loginCompleted($state);
@@ -224,13 +231,13 @@ abstract class Source
$return = $state['\SimpleSAML\Auth\Source.Return'];
// save session state
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$authId = $state['\SimpleSAML\Auth\Source.id'];
$session->doLogin($authId, State::getPersistentAuthData($state));
if (is_string($return)) {
// redirect...
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($return);
+ Utils\HTTP::redirectTrustedURL($return);
} else {
call_user_func($return, $state);
}
@@ -311,7 +318,7 @@ abstract class Source
try {
// Check whether or not there's a factory responsible for instantiating our Auth Source instance
- $factoryClass = \SimpleSAML\Module::resolveClass(
+ $factoryClass = Module::resolveClass(
$id,
'Auth\Source\Factory',
'\SimpleSAML\Auth\SourceFactory'
@@ -322,7 +329,7 @@ abstract class Source
$authSource = $factory->create($info, $config);
} catch (\Exception $e) {
// If not, instantiate the Auth Source here
- $className = \SimpleSAML\Module::resolveClass($id, 'Auth\Source', '\SimpleSAML\Auth\Source');
+ $className = Module::resolveClass($id, 'Auth\Source', '\SimpleSAML\Auth\Source');
$authSource = new $className($info, $config);
}
@@ -354,12 +361,12 @@ abstract class Source
assert($type === null || is_string($type));
// for now - load and parse config file
- $config = \SimpleSAML\Configuration::getConfig('authsources.php');
+ $config = Configuration::getConfig('authsources.php');
$authConfig = $config->getArray($authId, null);
if ($authConfig === null) {
if ($type !== null) {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'No authentication source with id '.
var_export($authId, true).' found.'
);
@@ -374,7 +381,7 @@ abstract class Source
}
// the authentication source doesn't have the correct type
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'Invalid type of authentication source '.
var_export($authId, true).'. Was '.var_export(get_class($ret), true).
', should be '.var_export($type, true).'.'
@@ -395,9 +402,9 @@ abstract class Source
$source = $state['\SimpleSAML\Auth\Source.logoutSource'];
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
if (!$session->isValid($source)) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Received logout from an invalid authentication source '.
var_export($source, true)
);
@@ -445,12 +452,12 @@ abstract class Source
'state' => $callbackState,
];
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$session->setData(
'\SimpleSAML\Auth\Source.LogoutCallbacks',
$id,
$data,
- \SimpleSAML\Session::DATA_TIMEOUT_SESSION_END
+ Session::DATA_TIMEOUT_SESSION_END
);
}
@@ -472,7 +479,7 @@ abstract class Source
$id = strlen($this->authId).':'.$this->authId.$assoc;
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$data = $session->getData('\SimpleSAML\Auth\Source.LogoutCallbacks', $id);
if ($data === null) {
@@ -501,7 +508,7 @@ abstract class Source
*/
public static function getSources()
{
- $config = \SimpleSAML\Configuration::getOptionalConfig('authsources.php');
+ $config = Configuration::getOptionalConfig('authsources.php');
return $config->getOptions();
}
diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index 8c6019a6655c9bee9cda90c26d12486c598181f4..8e5030ddf825a3de6a7c31951a74ee5406022f06 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -2,6 +2,12 @@
namespace SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+
/**
* This is a helper class for saving and loading state information.
*
@@ -151,7 +157,7 @@ class State
assert(is_bool($rawId));
if (!array_key_exists(self::ID, $state)) {
- $state[self::ID] = \SimpleSAML\Utils\Random::generateID();
+ $state[self::ID] = Utils\Random::generateID();
}
$id = $state[self::ID];
@@ -174,7 +180,7 @@ class State
private static function getStateTimeout()
{
if (self::$stateTimeout === null) {
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
self::$stateTimeout = $globalConfig->getInteger('session.state.timeout', 60 * 60);
}
@@ -208,10 +214,10 @@ class State
// Save state
$serializedState = serialize($state);
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$session->setData('\SimpleSAML\Auth\State', $id, $serializedState, self::getStateTimeout());
- \SimpleSAML\Logger::debug('Saved state: '.var_export($return, true));
+ Logger::debug('Saved state: '.var_export($return, true));
return $return;
}
@@ -234,9 +240,9 @@ class State
$clonedState[self::CLONE_ORIGINAL_ID] = $state[self::ID];
unset($clonedState[self::ID]);
- \SimpleSAML\Logger::debug('Cloned state: '.var_export($state[self::ID], true));
+ Logger::debug('Cloned state: '.var_export($state[self::ID], true));
} else {
- \SimpleSAML\Logger::debug('Cloned state with undefined id.');
+ Logger::debug('Cloned state with undefined id.');
}
return $clonedState;
@@ -264,11 +270,11 @@ class State
assert(is_string($id));
assert(is_string($stage));
assert(is_bool($allowMissing));
- \SimpleSAML\Logger::debug('Loading state: '.var_export($id, true));
+ Logger::debug('Loading state: '.var_export($id, true));
$sid = self::parseStateID($id);
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$state = $session->getData('\SimpleSAML\Auth\State', $sid['id']);
if ($state === null) {
@@ -278,10 +284,10 @@ class State
}
if ($sid['url'] === null) {
- throw new \SimpleSAML\Error\NoState();
+ throw new Error\NoState();
}
- \SimpleSAML\Utils\HTTP::redirectUntrustedURL($sid['url']);
+ Utils\HTTP::redirectUntrustedURL($sid['url']);
}
$state = unserialize($state);
@@ -299,13 +305,13 @@ class State
$msg = 'Wrong stage in state. Was \''.$state[self::STAGE].
'\', should be \''.$stage.'\'.';
- \SimpleSAML\Logger::warning($msg);
+ Logger::warning($msg);
if ($sid['url'] === null) {
throw new \Exception($msg);
}
- \SimpleSAML\Utils\HTTP::redirectUntrustedURL($sid['url']);
+ Utils\HTTP::redirectUntrustedURL($sid['url']);
}
return $state;
@@ -329,9 +335,9 @@ class State
return;
}
- \SimpleSAML\Logger::debug('Deleting state: '.var_export($state[self::ID], true));
+ Logger::debug('Deleting state: '.var_export($state[self::ID], true));
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$session->deleteData('\SimpleSAML\Auth\State', $state[self::ID]);
}
@@ -345,7 +351,7 @@ class State
* @throws \SimpleSAML\Error\Exception If there is no exception handler defined, it will just throw the $exception.
* @return void
*/
- public static function throwException($state, \SimpleSAML\Error\Exception $exception)
+ public static function throwException($state, Error\Exception $exception)
{
assert(is_array($state));
@@ -355,7 +361,7 @@ class State
$id = self::saveState($state, self::EXCEPTION_STAGE);
// Redirect to the exception handler
- \SimpleSAML\Utils\HTTP::redirectTrustedURL(
+ Utils\HTTP::redirectTrustedURL(
$state[self::EXCEPTION_HANDLER_URL],
[self::EXCEPTION_PARAM => $id]
);
diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index 5b4c3c2a294aca514dc49c0cbc802a68429e6878..ec6ac4c2cf35277c1f1009528bb6b5a6f292225c 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Auth;
+use SimpleSAML\Utils;
+
/**
* A class that generates and verifies time-limited tokens.
*/
@@ -44,7 +46,7 @@ class TimeLimitedToken
public function __construct($lifetime = 900, $secretSalt = null, $skew = 1, $algo = 'sha1')
{
if ($secretSalt === null) {
- $secretSalt = \SimpleSAML\Utils\Config::getSecretSalt();
+ $secretSalt = Utils\Config::getSecretSalt();
}
if (!in_array($algo, hash_algos(), true)) {
diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 30d7d130bf0d083388dbf9a16448ea61a2f5f13a..702c59f828455eaf67aa8d129d89356de5cf0f57 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -9,13 +9,9 @@
namespace SimpleSAML\Bindings\Shib13;
use SAML2\DOMDocumentFactory;
+use SimpleSAML\Configuration;
use SimpleSAML\Error;
-use SimpleSAML\Utils\Config;
-use SimpleSAML\Utils\HTTP;
-use SimpleSAML\Utils\Random;
-use SimpleSAML\Utils\System;
-use SimpleSAML\Utils\Time;
-use SimpleSAML\Utils\XML;
+use SimpleSAML\Utils;
class Artifact
{
@@ -61,9 +57,9 @@ class Artifact
$msg = '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">'.
'<SOAP-ENV:Body>'.
'<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"'.
- ' RequestID="'.Random::generateID().'"'.
+ ' RequestID="'.Utils\Random::generateID().'"'.
' MajorVersion="1" MinorVersion="1"'.
- ' IssueInstant="'.Time::generateTimestamp().'"'.
+ ' IssueInstant="'.Utils\Time::generateTimestamp().'"'.
'>';
foreach ($artifacts as $a) {
@@ -96,18 +92,18 @@ class Artifact
}
$soapEnvelope = $doc->firstChild;
- if (!XML::isDOMNodeOfType($soapEnvelope, 'Envelope', 'http://schemas.xmlsoap.org/soap/envelope/')) {
+ if (!Utils\XML::isDOMNodeOfType($soapEnvelope, 'Envelope', 'http://schemas.xmlsoap.org/soap/envelope/')) {
throw new Error\Exception('Expected artifact response to contain a <soap:Envelope> element.');
}
- $soapBody = XML::getDOMChildren($soapEnvelope, 'Body', 'http://schemas.xmlsoap.org/soap/envelope/');
+ $soapBody = Utils\XML::getDOMChildren($soapEnvelope, 'Body', 'http://schemas.xmlsoap.org/soap/envelope/');
if (count($soapBody) === 0) {
throw new Error\Exception('Couldn\'t find <soap:Body> in <soap:Envelope>.');
}
$soapBody = $soapBody[0];
- $responseElement = XML::getDOMChildren($soapBody, 'Response', 'urn:oasis:names:tc:SAML:1.0:protocol');
+ $responseElement = Utils\XML::getDOMChildren($soapBody, 'Response', 'urn:oasis:names:tc:SAML:1.0:protocol');
if (count($responseElement) === 0) {
throw new Error\Exception('Couldn\'t find <saml1p:Response> in <soap:Body>.');
}
@@ -133,12 +129,12 @@ class Artifact
* @return string The <saml1p:Response> element, as an XML string.
* @throws Error\Exception
*/
- public static function receive(\SimpleSAML\Configuration $spMetadata, \SimpleSAML\Configuration $idpMetadata)
+ public static function receive(Configuration $spMetadata, Configuration $idpMetadata)
{
$artifacts = self::getArtifacts();
$request = self::buildRequest($artifacts);
- XML::debugSAMLMessage($request, 'out');
+ Utils\XML::debugSAMLMessage($request, 'out');
$url = $idpMetadata->getDefaultEndpoint(
'ArtifactResolutionService',
@@ -157,12 +153,12 @@ class Artifact
"-----END CERTIFICATE-----\n";
}
- $file = System::getTempDir().DIRECTORY_SEPARATOR.sha1($certData).'.crt';
+ $file = Utils\System::getTempDir().DIRECTORY_SEPARATOR.sha1($certData).'.crt';
if (!file_exists($file)) {
- System::writeFile($file, $certData);
+ Utils\System::writeFile($file, $certData);
}
- $spKeyCertFile = Config::getCertPath($spMetadata->getString('privatekey'));
+ $spKeyCertFile = Utils\Config::getCertPath($spMetadata->getString('privatekey'));
$opts = [
'ssl' => [
@@ -182,8 +178,8 @@ class Artifact
// Fetch the artifact
/** @var string $response */
- $response = HTTP::fetch($url, $opts);
- XML::debugSAMLMessage($response, 'in');
+ $response = Utils\HTTP::fetch($url, $opts);
+ Utils\XML::debugSAMLMessage($response, 'in');
// Find the response in the SOAP message
$response = self::extractResponse($response);
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index bc1a4b04f8580e135f6be3a4ccace51e2377c84c..89c3640df6370cec4a9376f1bbf929317fb135eb 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -11,9 +11,9 @@
namespace SimpleSAML\Bindings\Shib13;
use SAML2\DOMDocumentFactory;
-use SimpleSAML\Utils\Crypto;
-use SimpleSAML\Utils\HTTP;
-use SimpleSAML\Utils\XML;
+use SimpleSAML\Configuration;
+use SimpleSAML\Metadata\MetaDataStorageHandler;
+use SimpleSAML\Utils;
use SimpleSAML\XML\Shib13\AuthnResponse;
use SimpleSAML\XML\Signer;
@@ -37,8 +37,8 @@ class HTTPPost
* @param \SimpleSAML\Metadata\MetaDataStorageHandler $metadatastore A store where to find metadata.
*/
public function __construct(
- \SimpleSAML\Configuration $configuration,
- \SimpleSAML\Metadata\MetaDataStorageHandler $metadatastore
+ Configuration $configuration,
+ MetaDataStorageHandler $metadatastore
) {
$this->configuration = $configuration;
$this->metadata = $metadatastore;
@@ -57,15 +57,15 @@ class HTTPPost
*/
public function sendResponse(
$response,
- \SimpleSAML\Configuration $idpmd,
- \SimpleSAML\Configuration $spmd,
+ Configuration $idpmd,
+ Configuration $spmd,
$relayState,
$shire
) {
- XML::checkSAMLMessage($response, 'saml11');
+ Utils\XML::checkSAMLMessage($response, 'saml11');
- $privatekey = Crypto::loadPrivateKey($idpmd, true);
- $publickey = Crypto::loadPublicKey($idpmd, true);
+ $privatekey = Utils\Crypto::loadPrivateKey($idpmd, true);
+ $publickey = Utils\Crypto::loadPublicKey($idpmd, true);
$responsedom = DOMDocumentFactory::fromString(str_replace("\r", "", $response));
@@ -102,7 +102,7 @@ class HTTPPost
if ($signResponse) {
// sign the response - this must be done after encrypting the assertion
// we insert the signature before the saml2p:Status element
- $statusElements = XML::getDOMChildren($responseroot, 'Status', '@saml1p');
+ $statusElements = Utils\XML::getDOMChildren($responseroot, 'Status', '@saml1p');
assert(count($statusElements) === 1);
$signer->sign($responseroot, $responseroot, $statusElements[0]);
} else {
@@ -112,9 +112,9 @@ class HTTPPost
$response = $responsedom->saveXML();
- XML::debugSAMLMessage($response, 'out');
+ Utils\XML::debugSAMLMessage($response, 'out');
- HTTP::submitPOSTData($shire, [
+ Utils\HTTP::submitPOSTData($shire, [
'TARGET' => $relayState,
'SAMLResponse' => base64_encode($response),
]);
@@ -138,9 +138,9 @@ class HTTPPost
$rawResponse = $post['SAMLResponse'];
$samlResponseXML = base64_decode($rawResponse);
- XML::debugSAMLMessage($samlResponseXML, 'in');
+ Utils\XML::debugSAMLMessage($samlResponseXML, 'in');
- XML::checkSAMLMessage($samlResponseXML, 'saml11');
+ Utils\XML::checkSAMLMessage($samlResponseXML, 'saml11');
$samlResponse = new AuthnResponse();
$samlResponse->setXML($samlResponseXML);
diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php
index b7150dd894c5c9fba5b7034e4f8560af97767241..95077aed9df248598b3128bf2d24d056a7152676 100644
--- a/lib/SimpleSAML/Configuration.php
+++ b/lib/SimpleSAML/Configuration.php
@@ -2,7 +2,9 @@
namespace SimpleSAML;
-use SimpleSAML\Utils\System;
+use SAML2\Constants;
+use SimpleSAML\Error;
+use SimpleSAML\Utils;
/**
* Configuration of SimpleSAMLphp
@@ -579,7 +581,7 @@ class Configuration implements Utils\ClearableState
assert(is_string($path));
- return System::resolvePath($path, $this->getBaseDir());
+ return Utils\System::resolvePath($path, $this->getBaseDir());
}
@@ -1105,11 +1107,11 @@ class Configuration implements Utils\ClearableState
case 'saml20-idp-remote:SingleSignOnService':
case 'saml20-idp-remote:SingleLogoutService':
case 'saml20-sp-remote:SingleLogoutService':
- return \SAML2\Constants::BINDING_HTTP_REDIRECT;
+ return Constants::BINDING_HTTP_REDIRECT;
case 'saml20-sp-remote:AssertionConsumerService':
- return \SAML2\Constants::BINDING_HTTP_POST;
+ return Constants::BINDING_HTTP_POST;
case 'saml20-idp-remote:ArtifactResolutionService':
- return \SAML2\Constants::BINDING_SOAP;
+ return Constants::BINDING_SOAP;
case 'shib13-idp-remote:SingleSignOnService':
return 'urn:mace:shibboleth:1.0:profiles:AuthnRequest';
case 'shib13-sp-remote:AssertionConsumerService':
diff --git a/lib/SimpleSAML/Database.php b/lib/SimpleSAML/Database.php
index 33c760098c81ce785a254e52c2f03569c854d128..685fe568f7472f898688aa67e3274e4b5635f818 100644
--- a/lib/SimpleSAML/Database.php
+++ b/lib/SimpleSAML/Database.php
@@ -2,6 +2,9 @@
namespace SimpleSAML;
+use PDO;
+use PDOException;
+
/**
* This file implements functions to read and write to a group of database servers.
*
@@ -77,7 +80,7 @@ class Database
{
$driverOptions = $config->getArray('database.driver_options', []);
if ($config->getBoolean('database.persistent', true)) {
- $driverOptions = [\PDO::ATTR_PERSISTENT => true];
+ $driverOptions = [PDO::ATTR_PERSISTENT => true];
}
// connect to the master
@@ -144,11 +147,11 @@ class Database
private function connect($dsn, $username, $password, $options)
{
try {
- $db = new \PDO($dsn, $username, $password, $options);
- $db->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
+ $db = new PDO($dsn, $username, $password, $options);
+ $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $db;
- } catch (\PDOException $e) {
+ } catch (PDOException $e) {
throw new \Exception("Database error: ".$e->getMessage());
}
}
@@ -205,16 +208,16 @@ class Database
foreach ($params as $param => $value) {
if (is_array($value)) {
- $query->bindValue(":$param", $value[0], ($value[1]) ? $value[1] : \PDO::PARAM_STR);
+ $query->bindValue(":$param", $value[0], ($value[1]) ? $value[1] : PDO::PARAM_STR);
} else {
- $query->bindValue(":$param", $value, \PDO::PARAM_STR);
+ $query->bindValue(":$param", $value, PDO::PARAM_STR);
}
}
$query->execute();
return $query;
- } catch (\PDOException $e) {
+ } catch (PDOException $e) {
$this->lastError = $db->errorInfo();
throw new \Exception("Database error: ".$e->getMessage());
}
@@ -237,7 +240,7 @@ class Database
try {
return $db->exec($stmt);
- } catch (\PDOException $e) {
+ } catch (PDOException $e) {
$this->lastError = $db->errorInfo();
throw new \Exception("Database error: ".$e->getMessage());
}
diff --git a/lib/SimpleSAML/Error/Assertion.php b/lib/SimpleSAML/Error/Assertion.php
index 691f2c90410b5fa38fd78f1513ca097f9b08d964..7e3581955d41a5bd2ee60ca017b642848f204579 100644
--- a/lib/SimpleSAML/Error/Assertion.php
+++ b/lib/SimpleSAML/Error/Assertion.php
@@ -60,7 +60,7 @@ class Assertion extends Exception
assert_options(ASSERT_WARNING, 0);
assert_options(ASSERT_QUIET_EVAL, 0);
- assert_options(ASSERT_CALLBACK, ['\SimpleSAML\Error\Assertion', 'onAssertion']);
+ assert_options(ASSERT_CALLBACK, [Assertion::class, 'onAssertion']);
}
diff --git a/lib/SimpleSAML/Error/CriticalConfigurationError.php b/lib/SimpleSAML/Error/CriticalConfigurationError.php
index 064a30fb3cf3c1cfaa3f193952af485bf963c07e..f078ee69579b3cf2108abc15025c72fcc28bc67b 100644
--- a/lib/SimpleSAML/Error/CriticalConfigurationError.php
+++ b/lib/SimpleSAML/Error/CriticalConfigurationError.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Error;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Utils;
+
/**
* This exception represents a configuration error that we cannot recover from.
*
@@ -30,7 +34,7 @@ class CriticalConfigurationError extends ConfigurationError
*/
private static $minimum_config = [
'logging.handler' => 'errorlog',
- 'logging.level' => \SimpleSAML\Logger::DEBUG,
+ 'logging.level' => Logger::DEBUG,
'errorreporting' => false,
'debug' => true,
];
@@ -47,10 +51,10 @@ class CriticalConfigurationError extends ConfigurationError
{
if ($config === null) {
$config = self::$minimum_config;
- $config['baseurlpath'] = \SimpleSAML\Utils\HTTP::guessBasePath();
+ $config['baseurlpath'] = Utils\HTTP::guessBasePath();
}
- \SimpleSAML\Configuration::loadFromArray(
+ Configuration::loadFromArray(
$config,
'',
'simplesaml'
diff --git a/lib/SimpleSAML/Error/Error.php b/lib/SimpleSAML/Error/Error.php
index 7d56196be750004d891a227e351eea3ba6bd5108..8fa391cd7182b8329e92069565bf6a3218c880e4 100644
--- a/lib/SimpleSAML/Error/Error.php
+++ b/lib/SimpleSAML/Error/Error.php
@@ -2,6 +2,12 @@
namespace SimpleSAML\Error;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+use SimpleSAML\XHTML\Template;
+
/**
* Class that wraps SimpleSAMLphp errors in exceptions.
*
@@ -175,10 +181,10 @@ class Error extends Exception
$etrace = implode("\n", $data);
$reportId = bin2hex(openssl_random_pseudo_bytes(4));
- \SimpleSAML\Logger::error('Error report with id '.$reportId.' generated.');
+ Logger::error('Error report with id '.$reportId.' generated.');
- $config = \SimpleSAML\Configuration::getInstance();
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $config = Configuration::getInstance();
+ $session = Session::getSessionFromRequest();
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
@@ -195,7 +201,7 @@ class Error extends Exception
'exceptionTrace' => $etrace,
'reportId' => $reportId,
'trackId' => $session->getTrackID(),
- 'url' => \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(),
+ 'url' => Utils\HTTP::getSelfURLNoQuery(),
'version' => $config->getVersion(),
'referer' => $referer,
];
@@ -219,7 +225,7 @@ class Error extends Exception
$this->logError();
$errorData = $this->saveError();
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$data = [];
$data['showerrors'] = $config->getBoolean('showerrors', true);
@@ -237,12 +243,12 @@ class Error extends Exception
$config->getString('technicalcontact_email', 'na@example.org') !== 'na@example.org'
) {
// enable error reporting
- $baseurl = \SimpleSAML\Utils\HTTP::getBaseURL();
+ $baseurl = Utils\HTTP::getBaseURL();
$data['errorReportAddress'] = $baseurl.'errorreport.php';
}
$data['email'] = '';
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$authorities = $session->getAuthorities();
foreach ($authorities as $authority) {
$attributes = $session->getAuthData($authority, 'Attributes');
@@ -258,10 +264,11 @@ class Error extends Exception
call_user_func($show_function, $config, $data);
assert(false);
} else {
- $t = new \SimpleSAML\XHTML\Template($config, 'error.php', 'errors');
+ $t = new Template($config, 'error.php', 'errors');
+ $translator = $t->getTranslator();
$t->data = array_merge($t->data, $data);
- $t->data['dictTitleTranslated'] = $t->getTranslator()->t($t->data['dictTitle']);
- $t->data['dictDescrTranslated'] = $t->getTranslator()->t($t->data['dictDescr'], $t->data['parameters']);
+ $t->data['dictTitleTranslated'] = $translator->t($t->data['dictTitle']);
+ $t->data['dictDescrTranslated'] = $translator->t($t->data['dictDescr'], $t->data['parameters']);
$t->show();
}
diff --git a/lib/SimpleSAML/Error/ErrorCodes.php b/lib/SimpleSAML/Error/ErrorCodes.php
index d15f8c46ff268d03933ec39b011f03f3547fac90..75e7f1b8567e211d91fd000d297de7ed50a96b04 100644
--- a/lib/SimpleSAML/Error/ErrorCodes.php
+++ b/lib/SimpleSAML/Error/ErrorCodes.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Error;
+use SimpleSAML\Locale\Translate;
+
/**
* Class that maps SimpleSAMLphp error codes to translateable strings.
*
@@ -19,39 +21,39 @@ class ErrorCodes
final public static function defaultGetAllErrorCodeTitles()
{
return [
- 'ACSPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:title_ACSPARAMS}'),
- 'ARSPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:title_ARSPARAMS}'),
- 'AUTHSOURCEERROR' => \SimpleSAML\Locale\Translate::noop('{errors:title_AUTHSOURCEERROR}'),
- 'BADREQUEST' => \SimpleSAML\Locale\Translate::noop('{errors:title_BADREQUEST}'),
- 'CASERROR' => \SimpleSAML\Locale\Translate::noop('{errors:title_CASERROR}'),
- 'CONFIG' => \SimpleSAML\Locale\Translate::noop('{errors:title_CONFIG}'),
- 'CREATEREQUEST' => \SimpleSAML\Locale\Translate::noop('{errors:title_CREATEREQUEST}'),
- 'DISCOPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:title_DISCOPARAMS}'),
- 'GENERATEAUTHNRESPONSE' => \SimpleSAML\Locale\Translate::noop('{errors:title_GENERATEAUTHNRESPONSE}'),
- 'INVALIDCERT' => \SimpleSAML\Locale\Translate::noop('{errors:title_INVALIDCERT}'),
- 'LDAPERROR' => \SimpleSAML\Locale\Translate::noop('{errors:title_LDAPERROR}'),
- 'LOGOUTINFOLOST' => \SimpleSAML\Locale\Translate::noop('{errors:title_LOGOUTINFOLOST}'),
- 'LOGOUTREQUEST' => \SimpleSAML\Locale\Translate::noop('{errors:title_LOGOUTREQUEST}'),
- 'MEMCACHEDOWN' => \SimpleSAML\Locale\Translate::noop('{errors:title_MEMCACHEDOWN}'),
- 'METADATA' => \SimpleSAML\Locale\Translate::noop('{errors:title_METADATA}'),
- 'METADATANOTFOUND' => \SimpleSAML\Locale\Translate::noop('{errors:title_METADATANOTFOUND}'),
- 'NOACCESS' => \SimpleSAML\Locale\Translate::noop('{errors:title_NOACCESS}'),
- 'NOCERT' => \SimpleSAML\Locale\Translate::noop('{errors:title_NOCERT}'),
- 'NORELAYSTATE' => \SimpleSAML\Locale\Translate::noop('{errors:title_NORELAYSTATE}'),
- 'NOSTATE' => \SimpleSAML\Locale\Translate::noop('{errors:title_NOSTATE}'),
- 'NOTFOUND' => \SimpleSAML\Locale\Translate::noop('{errors:title_NOTFOUND}'),
- 'NOTFOUNDREASON' => \SimpleSAML\Locale\Translate::noop('{errors:title_NOTFOUNDREASON}'),
- 'NOTSET' => \SimpleSAML\Locale\Translate::noop('{errors:title_NOTSET}'),
- 'NOTVALIDCERT' => \SimpleSAML\Locale\Translate::noop('{errors:title_NOTVALIDCERT}'),
- 'PROCESSASSERTION' => \SimpleSAML\Locale\Translate::noop('{errors:title_PROCESSASSERTION}'),
- 'PROCESSAUTHNREQUEST' => \SimpleSAML\Locale\Translate::noop('{errors:title_PROCESSAUTHNREQUEST}'),
- 'RESPONSESTATUSNOSUCCESS' => \SimpleSAML\Locale\Translate::noop('{errors:title_RESPONSESTATUSNOSUCCESS}'),
- 'SLOSERVICEPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:title_SLOSERVICEPARAMS}'),
- 'SSOPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:title_SSOPARAMS}'),
- 'UNHANDLEDEXCEPTION' => \SimpleSAML\Locale\Translate::noop('{errors:title_UNHANDLEDEXCEPTION}'),
- 'UNKNOWNCERT' => \SimpleSAML\Locale\Translate::noop('{errors:title_UNKNOWNCERT}'),
- 'USERABORTED' => \SimpleSAML\Locale\Translate::noop('{errors:title_USERABORTED}'),
- 'WRONGUSERPASS' => \SimpleSAML\Locale\Translate::noop('{errors:title_WRONGUSERPASS}'),
+ 'ACSPARAMS' => Translate::noop('{errors:title_ACSPARAMS}'),
+ 'ARSPARAMS' => Translate::noop('{errors:title_ARSPARAMS}'),
+ 'AUTHSOURCEERROR' => Translate::noop('{errors:title_AUTHSOURCEERROR}'),
+ 'BADREQUEST' => Translate::noop('{errors:title_BADREQUEST}'),
+ 'CASERROR' => Translate::noop('{errors:title_CASERROR}'),
+ 'CONFIG' => Translate::noop('{errors:title_CONFIG}'),
+ 'CREATEREQUEST' => Translate::noop('{errors:title_CREATEREQUEST}'),
+ 'DISCOPARAMS' => Translate::noop('{errors:title_DISCOPARAMS}'),
+ 'GENERATEAUTHNRESPONSE' => Translate::noop('{errors:title_GENERATEAUTHNRESPONSE}'),
+ 'INVALIDCERT' => Translate::noop('{errors:title_INVALIDCERT}'),
+ 'LDAPERROR' => Translate::noop('{errors:title_LDAPERROR}'),
+ 'LOGOUTINFOLOST' => Translate::noop('{errors:title_LOGOUTINFOLOST}'),
+ 'LOGOUTREQUEST' => Translate::noop('{errors:title_LOGOUTREQUEST}'),
+ 'MEMCACHEDOWN' => Translate::noop('{errors:title_MEMCACHEDOWN}'),
+ 'METADATA' => Translate::noop('{errors:title_METADATA}'),
+ 'METADATANOTFOUND' => Translate::noop('{errors:title_METADATANOTFOUND}'),
+ 'NOACCESS' => Translate::noop('{errors:title_NOACCESS}'),
+ 'NOCERT' => Translate::noop('{errors:title_NOCERT}'),
+ 'NORELAYSTATE' => Translate::noop('{errors:title_NORELAYSTATE}'),
+ 'NOSTATE' => Translate::noop('{errors:title_NOSTATE}'),
+ 'NOTFOUND' => Translate::noop('{errors:title_NOTFOUND}'),
+ 'NOTFOUNDREASON' => Translate::noop('{errors:title_NOTFOUNDREASON}'),
+ 'NOTSET' => Translate::noop('{errors:title_NOTSET}'),
+ 'NOTVALIDCERT' => Translate::noop('{errors:title_NOTVALIDCERT}'),
+ 'PROCESSASSERTION' => Translate::noop('{errors:title_PROCESSASSERTION}'),
+ 'PROCESSAUTHNREQUEST' => Translate::noop('{errors:title_PROCESSAUTHNREQUEST}'),
+ 'RESPONSESTATUSNOSUCCESS' => Translate::noop('{errors:title_RESPONSESTATUSNOSUCCESS}'),
+ 'SLOSERVICEPARAMS' => Translate::noop('{errors:title_SLOSERVICEPARAMS}'),
+ 'SSOPARAMS' => Translate::noop('{errors:title_SSOPARAMS}'),
+ 'UNHANDLEDEXCEPTION' => Translate::noop('{errors:title_UNHANDLEDEXCEPTION}'),
+ 'UNKNOWNCERT' => Translate::noop('{errors:title_UNKNOWNCERT}'),
+ 'USERABORTED' => Translate::noop('{errors:title_USERABORTED}'),
+ 'WRONGUSERPASS' => Translate::noop('{errors:title_WRONGUSERPASS}'),
];
}
@@ -77,39 +79,39 @@ class ErrorCodes
final public static function defaultGetAllErrorCodeDescriptions()
{
return [
- 'ACSPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:descr_ACSPARAMS}'),
- 'ARSPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:descr_ARSPARAMS}'),
- 'AUTHSOURCEERROR' => \SimpleSAML\Locale\Translate::noop('{errors:descr_AUTHSOURCEERROR}'),
- 'BADREQUEST' => \SimpleSAML\Locale\Translate::noop('{errors:descr_BADREQUEST}'),
- 'CASERROR' => \SimpleSAML\Locale\Translate::noop('{errors:descr_CASERROR}'),
- 'CONFIG' => \SimpleSAML\Locale\Translate::noop('{errors:descr_CONFIG}'),
- 'CREATEREQUEST' => \SimpleSAML\Locale\Translate::noop('{errors:descr_CREATEREQUEST}'),
- 'DISCOPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:descr_DISCOPARAMS}'),
- 'GENERATEAUTHNRESPONSE' => \SimpleSAML\Locale\Translate::noop('{errors:descr_GENERATEAUTHNRESPONSE}'),
- 'INVALIDCERT' => \SimpleSAML\Locale\Translate::noop('{errors:descr_INVALIDCERT}'),
- 'LDAPERROR' => \SimpleSAML\Locale\Translate::noop('{errors:descr_LDAPERROR}'),
- 'LOGOUTINFOLOST' => \SimpleSAML\Locale\Translate::noop('{errors:descr_LOGOUTINFOLOST}'),
- 'LOGOUTREQUEST' => \SimpleSAML\Locale\Translate::noop('{errors:descr_LOGOUTREQUEST}'),
- 'MEMCACHEDOWN' => \SimpleSAML\Locale\Translate::noop('{errors:descr_MEMCACHEDOWN}'),
- 'METADATA' => \SimpleSAML\Locale\Translate::noop('{errors:descr_METADATA}'),
- 'METADATANOTFOUND' => \SimpleSAML\Locale\Translate::noop('{errors:descr_METADATANOTFOUND}'),
- 'NOACCESS' => \SimpleSAML\Locale\Translate::noop('{errors:descr_NOACCESS}'),
- 'NOCERT' => \SimpleSAML\Locale\Translate::noop('{errors:descr_NOCERT}'),
- 'NORELAYSTATE' => \SimpleSAML\Locale\Translate::noop('{errors:descr_NORELAYSTATE}'),
- 'NOSTATE' => \SimpleSAML\Locale\Translate::noop('{errors:descr_NOSTATE}'),
- 'NOTFOUND' => \SimpleSAML\Locale\Translate::noop('{errors:descr_NOTFOUND}'),
- 'NOTFOUNDREASON' => \SimpleSAML\Locale\Translate::noop('{errors:descr_NOTFOUNDREASON}'),
- 'NOTSET' => \SimpleSAML\Locale\Translate::noop('{errors:descr_NOTSET}'),
- 'NOTVALIDCERT' => \SimpleSAML\Locale\Translate::noop('{errors:descr_NOTVALIDCERT}'),
- 'PROCESSASSERTION' => \SimpleSAML\Locale\Translate::noop('{errors:descr_PROCESSASSERTION}'),
- 'PROCESSAUTHNREQUEST' => \SimpleSAML\Locale\Translate::noop('{errors:descr_PROCESSAUTHNREQUEST}'),
- 'RESPONSESTATUSNOSUCCESS' => \SimpleSAML\Locale\Translate::noop('{errors:descr_RESPONSESTATUSNOSUCCESS}'),
- 'SLOSERVICEPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:descr_SLOSERVICEPARAMS}'),
- 'SSOPARAMS' => \SimpleSAML\Locale\Translate::noop('{errors:descr_SSOPARAMS}'),
- 'UNHANDLEDEXCEPTION' => \SimpleSAML\Locale\Translate::noop('{errors:descr_UNHANDLEDEXCEPTION}'),
- 'UNKNOWNCERT' => \SimpleSAML\Locale\Translate::noop('{errors:descr_UNKNOWNCERT}'),
- 'USERABORTED' => \SimpleSAML\Locale\Translate::noop('{errors:descr_USERABORTED}'),
- 'WRONGUSERPASS' => \SimpleSAML\Locale\Translate::noop('{errors:descr_WRONGUSERPASS}'),
+ 'ACSPARAMS' => Translate::noop('{errors:descr_ACSPARAMS}'),
+ 'ARSPARAMS' => Translate::noop('{errors:descr_ARSPARAMS}'),
+ 'AUTHSOURCEERROR' => Translate::noop('{errors:descr_AUTHSOURCEERROR}'),
+ 'BADREQUEST' => Translate::noop('{errors:descr_BADREQUEST}'),
+ 'CASERROR' => Translate::noop('{errors:descr_CASERROR}'),
+ 'CONFIG' => Translate::noop('{errors:descr_CONFIG}'),
+ 'CREATEREQUEST' => Translate::noop('{errors:descr_CREATEREQUEST}'),
+ 'DISCOPARAMS' => Translate::noop('{errors:descr_DISCOPARAMS}'),
+ 'GENERATEAUTHNRESPONSE' => Translate::noop('{errors:descr_GENERATEAUTHNRESPONSE}'),
+ 'INVALIDCERT' => Translate::noop('{errors:descr_INVALIDCERT}'),
+ 'LDAPERROR' => Translate::noop('{errors:descr_LDAPERROR}'),
+ 'LOGOUTINFOLOST' => Translate::noop('{errors:descr_LOGOUTINFOLOST}'),
+ 'LOGOUTREQUEST' => Translate::noop('{errors:descr_LOGOUTREQUEST}'),
+ 'MEMCACHEDOWN' => Translate::noop('{errors:descr_MEMCACHEDOWN}'),
+ 'METADATA' => Translate::noop('{errors:descr_METADATA}'),
+ 'METADATANOTFOUND' => Translate::noop('{errors:descr_METADATANOTFOUND}'),
+ 'NOACCESS' => Translate::noop('{errors:descr_NOACCESS}'),
+ 'NOCERT' => Translate::noop('{errors:descr_NOCERT}'),
+ 'NORELAYSTATE' => Translate::noop('{errors:descr_NORELAYSTATE}'),
+ 'NOSTATE' => Translate::noop('{errors:descr_NOSTATE}'),
+ 'NOTFOUND' => Translate::noop('{errors:descr_NOTFOUND}'),
+ 'NOTFOUNDREASON' => Translate::noop('{errors:descr_NOTFOUNDREASON}'),
+ 'NOTSET' => Translate::noop('{errors:descr_NOTSET}'),
+ 'NOTVALIDCERT' => Translate::noop('{errors:descr_NOTVALIDCERT}'),
+ 'PROCESSASSERTION' => Translate::noop('{errors:descr_PROCESSASSERTION}'),
+ 'PROCESSAUTHNREQUEST' => Translate::noop('{errors:descr_PROCESSAUTHNREQUEST}'),
+ 'RESPONSESTATUSNOSUCCESS' => Translate::noop('{errors:descr_RESPONSESTATUSNOSUCCESS}'),
+ 'SLOSERVICEPARAMS' => Translate::noop('{errors:descr_SLOSERVICEPARAMS}'),
+ 'SSOPARAMS' => Translate::noop('{errors:descr_SSOPARAMS}'),
+ 'UNHANDLEDEXCEPTION' => Translate::noop('{errors:descr_UNHANDLEDEXCEPTION}'),
+ 'UNKNOWNCERT' => Translate::noop('{errors:descr_UNKNOWNCERT}'),
+ 'USERABORTED' => Translate::noop('{errors:descr_USERABORTED}'),
+ 'WRONGUSERPASS' => Translate::noop('{errors:descr_WRONGUSERPASS}'),
];
}
diff --git a/lib/SimpleSAML/Error/Exception.php b/lib/SimpleSAML/Error/Exception.php
index 78267a17c7fef8c3d963f01047cb7a3793bb299c..18aabf398edfd659297df534aac8f1f8e0799d90 100644
--- a/lib/SimpleSAML/Error/Exception.php
+++ b/lib/SimpleSAML/Error/Exception.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Error;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+
/**
* Base class for SimpleSAMLphp Exceptions
*
@@ -168,7 +171,7 @@ class Exception extends \Exception
public function formatBacktrace($anonymize = false)
{
$ret = [];
- $basedir = \SimpleSAML\Configuration::getInstance()->getBaseDir();
+ $basedir = Configuration::getInstance()->getBaseDir();
$e = $this;
do {
@@ -197,10 +200,10 @@ class Exception extends \Exception
* @param int $level
* @return void
*/
- protected function logBacktrace($level = \SimpleSAML\Logger::DEBUG)
+ protected function logBacktrace($level = Logger::DEBUG)
{
// see if debugging is enabled for backtraces
- $debug = \SimpleSAML\Configuration::getInstance()->getArrayize('debug', ['backtraces' => false]);
+ $debug = Configuration::getInstance()->getArrayize('debug', ['backtraces' => false]);
if (!(in_array('backtraces', $debug, true) // implicitly enabled
|| (array_key_exists('backtraces', $debug) && $debug['backtraces'] === true)
@@ -213,12 +216,12 @@ class Exception extends \Exception
$backtrace = $this->formatBacktrace();
- $callback = ['\SimpleSAML\Logger'];
+ $callback = [Logger::class];
$functions = [
- \SimpleSAML\Logger::ERR => 'error',
- \SimpleSAML\Logger::WARNING => 'warning',
- \SimpleSAML\Logger::INFO => 'info',
- \SimpleSAML\Logger::DEBUG => 'debug',
+ Logger::ERR => 'error',
+ Logger::WARNING => 'warning',
+ Logger::INFO => 'info',
+ Logger::DEBUG => 'debug',
];
$callback[] = $functions[$level];
@@ -239,10 +242,10 @@ class Exception extends \Exception
public function log($default_level)
{
$fn = [
- \SimpleSAML\Logger::ERR => 'logError',
- \SimpleSAML\Logger::WARNING => 'logWarning',
- \SimpleSAML\Logger::INFO => 'logInfo',
- \SimpleSAML\Logger::DEBUG => 'logDebug',
+ Logger::ERR => 'logError',
+ Logger::WARNING => 'logWarning',
+ Logger::INFO => 'logInfo',
+ Logger::DEBUG => 'logDebug',
];
call_user_func([$this, $fn[$default_level]], $default_level);
}
@@ -256,8 +259,8 @@ class Exception extends \Exception
*/
public function logError()
{
- \SimpleSAML\Logger::error($this->getClass().': '.$this->getMessage());
- $this->logBacktrace(\SimpleSAML\Logger::ERR);
+ Logger::error($this->getClass().': '.$this->getMessage());
+ $this->logBacktrace(Logger::ERR);
}
@@ -269,8 +272,8 @@ class Exception extends \Exception
*/
public function logWarning()
{
- \SimpleSAML\Logger::warning($this->getClass().': '.$this->getMessage());
- $this->logBacktrace(\SimpleSAML\Logger::WARNING);
+ Logger::warning($this->getClass().': '.$this->getMessage());
+ $this->logBacktrace(Logger::WARNING);
}
@@ -282,8 +285,8 @@ class Exception extends \Exception
*/
public function logInfo()
{
- \SimpleSAML\Logger::info($this->getClass().': '.$this->getMessage());
- $this->logBacktrace(\SimpleSAML\Logger::INFO);
+ Logger::info($this->getClass().': '.$this->getMessage());
+ $this->logBacktrace(Logger::INFO);
}
@@ -295,8 +298,8 @@ class Exception extends \Exception
*/
public function logDebug()
{
- \SimpleSAML\Logger::debug($this->getClass().': '.$this->getMessage());
- $this->logBacktrace(\SimpleSAML\Logger::DEBUG);
+ Logger::debug($this->getClass().': '.$this->getMessage());
+ $this->logBacktrace(Logger::DEBUG);
}
diff --git a/lib/SimpleSAML/Error/NotFound.php b/lib/SimpleSAML/Error/NotFound.php
index 0e618526962b0a596948e394b1f04abf046c1298..187b658d09ab559869556e4f4ba59536f27c4a99 100644
--- a/lib/SimpleSAML/Error/NotFound.php
+++ b/lib/SimpleSAML/Error/NotFound.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Error;
+use SimpleSAML\Utils;
+
/**
* Exception which will show a 404 Not Found error page.
*
@@ -29,7 +31,7 @@ class NotFound extends Error
{
assert($reason === null || is_string($reason));
- $url = \SimpleSAML\Utils\HTTP::getSelfURL();
+ $url = Utils\HTTP::getSelfURL();
if ($reason === null) {
parent::__construct(['NOTFOUND', '%URL%' => $url]);
diff --git a/lib/SimpleSAML/HTTP/Router.php b/lib/SimpleSAML/HTTP/Router.php
index 699d3a752bbcfc93c30b655ea11f7665a2f3ea71..cb49e805793ca35bb685f011c39cdba24c06c3ce 100644
--- a/lib/SimpleSAML/HTTP/Router.php
+++ b/lib/SimpleSAML/HTTP/Router.php
@@ -3,6 +3,7 @@
namespace SimpleSAML\HTTP;
use SimpleSAML\Configuration;
+use SimpleSAML\Module\ControllerResolver;
use SimpleSAML\Session;
use Symfony\Component\EventDispatcher\EventDispatcher;
@@ -54,7 +55,7 @@ class Router
{
$this->arguments = new ArgumentResolver();
$this->context = new RequestContext();
- $this->resolver = new \SimpleSAML\Module\ControllerResolver($module);
+ $this->resolver = new ControllerResolver($module);
$this->dispatcher = new EventDispatcher();
}
diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php
index 6a963c30e048101030c366ce54f364a1b6744191..a68d95b859305a634f2344a238d3361a81839337 100644
--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -2,7 +2,11 @@
namespace SimpleSAML;
-use SimpleSAML\Error\Exception;
+use SimpleSAML\Auth;
+use SimpleSAML\Error;
+use SimpleSAML\Metadata\MetaDataStorageHandler;
+use SimpleSAML\Module\saml\Error\NoPassive;
+use SimpleSAML\Utils;
/**
* IdP class.
@@ -57,7 +61,7 @@ class IdP
*
* @param string $id The identifier of this IdP.
*
- * @throws Exception If the IdP is disabled or no such auth source was found.
+ * @throws \SimpleSAML\Error\Exception If the IdP is disabled or no such auth source was found.
*/
private function __construct($id)
{
@@ -65,22 +69,22 @@ class IdP
$this->id = $id;
- $metadata = Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$globalConfig = Configuration::getInstance();
if (substr($id, 0, 6) === 'saml2:') {
if (!$globalConfig->getBoolean('enable.saml20-idp', false)) {
- throw new Exception('enable.saml20-idp disabled in config.php.');
+ throw new Error\Exception('enable.saml20-idp disabled in config.php.');
}
$this->config = $metadata->getMetaDataConfig(substr($id, 6), 'saml20-idp-hosted');
} elseif (substr($id, 0, 6) === 'saml1:') {
if (!$globalConfig->getBoolean('enable.shib13-idp', false)) {
- throw new Exception('enable.shib13-idp disabled in config.php.');
+ throw new Error\Exception('enable.shib13-idp disabled in config.php.');
}
$this->config = $metadata->getMetaDataConfig(substr($id, 6), 'shib13-idp-hosted');
} elseif (substr($id, 0, 5) === 'adfs:') {
if (!$globalConfig->getBoolean('enable.adfs-idp', false)) {
- throw new Exception('enable.adfs-idp disabled in config.php.');
+ throw new Error\Exception('enable.adfs-idp disabled in config.php.');
}
$this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted');
@@ -103,7 +107,7 @@ class IdP
if (Auth\Source::getById($auth) !== null) {
$this->authSource = new Auth\Simple($auth);
} else {
- throw new Exception('No such "'.$auth.'" auth source found.');
+ throw new Error\Exception('No such "'.$auth.'" auth source found.');
}
}
@@ -179,7 +183,7 @@ class IdP
$prefix = substr($assocId, 0, 4);
$spEntityId = substr($assocId, strlen($prefix) + 1);
- $metadata = Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
if ($prefix === 'saml') {
try {
@@ -276,7 +280,7 @@ class IdP
assert(is_callable($state['Responder']));
if (isset($state['core:SP'])) {
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$session->setData(
'core:idp-ssotime',
$state['core:IdP'].';'.$state['core:SP'],
@@ -295,7 +299,7 @@ class IdP
*
* @param array $state The authentication request state array.
*
- * @throws Exception If we are not authenticated.
+ * @throws \SimpleSAML\Error\Exception If we are not authenticated.
* @return void
*/
public static function postAuth(array $state)
@@ -303,7 +307,7 @@ class IdP
$idp = IdP::getByState($state);
if (!$idp->isAuthenticated()) {
- throw new Exception('Not authenticated.');
+ throw new Error\Exception('Not authenticated.');
}
$state['Attributes'] = $idp->authSource->getAttributes();
@@ -343,13 +347,13 @@ class IdP
*
* @param array &$state The authentication request state.
*
- * @throws Module\saml\Error\NoPassive If we were asked to do passive authentication.
+ * @throws \SimpleSAML\Module\saml\Error\NoPassive If we were asked to do passive authentication.
* @return void
*/
private function authenticate(array &$state)
{
if (isset($state['isPassive']) && (bool) $state['isPassive']) {
- throw new Module\saml\Error\NoPassive('Passive authentication not supported.');
+ throw new NoPassive('Passive authentication not supported.');
}
$this->authSource->login($state);
@@ -416,8 +420,8 @@ class IdP
$this->reauthenticate($state);
}
$this->postAuth($state);
- } catch (Exception $e) {
- \SimpleSAML\Auth\State::throwException($state, $e);
+ } catch (Error\Exception $e) {
+ Auth\State::throwException($state, $e);
} catch (\Exception $e) {
$e = new Error\UnserializableException($e);
Auth\State::throwException($state, $e);
@@ -444,7 +448,7 @@ class IdP
$handler = '\SimpleSAML\IdP\IFrameLogoutHandler';
break;
default:
- throw new Exception('Unknown logout handler: '.var_export($logouttype, true));
+ throw new Error\Exception('Unknown logout handler: '.var_export($logouttype, true));
}
return new $handler($this);
@@ -512,10 +516,10 @@ class IdP
*
* @param string $assocId The association that is terminated.
* @param string|null $relayState The RelayState from the start of the logout.
- * @param Exception|null $error The error that occurred during session termination (if any).
+ * @param \SimpleSAML\Error\Exception|null $error The error that occurred during session termination (if any).
* @return void
*/
- public function handleLogoutResponse($assocId, $relayState, Exception $error = null)
+ public function handleLogoutResponse($assocId, $relayState, Error\Exception $error = null)
{
assert(is_string($assocId));
assert(is_string($relayState) || $relayState === null);
diff --git a/lib/SimpleSAML/IdP/IFrameLogoutHandler.php b/lib/SimpleSAML/IdP/IFrameLogoutHandler.php
index 363fae8d35838c86f849b6848adec6505cba33ca..6a6aa90d52878743944ca93379fb6974346e71c2 100644
--- a/lib/SimpleSAML/IdP/IFrameLogoutHandler.php
+++ b/lib/SimpleSAML/IdP/IFrameLogoutHandler.php
@@ -2,8 +2,13 @@
namespace SimpleSAML\IdP;
+use SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\IdP;
use SimpleSAML\Module;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Utils;
+use SimpleSAML\XHTML\Template;
/**
* Class that handles iframe logout.
@@ -25,7 +30,7 @@ class IFrameLogoutHandler implements LogoutHandlerInterface
*
* @param \SimpleSAML\IdP $idp The IdP to log out from.
*/
- public function __construct(\SimpleSAML\IdP $idp)
+ public function __construct(IdP $idp)
{
$this->idp = $idp;
}
@@ -48,7 +53,7 @@ class IFrameLogoutHandler implements LogoutHandlerInterface
}
foreach ($associations as $id => &$association) {
- $idp = \SimpleSAML\IdP::getByState($association);
+ $idp = IdP::getByState($association);
$association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
$association['core:Logout-IFrame:State'] = 'onhold';
}
@@ -66,14 +71,14 @@ class IFrameLogoutHandler implements LogoutHandlerInterface
}
$params = [
- 'id' => \SimpleSAML\Auth\State::saveState($state, 'core:Logout-IFrame'),
+ 'id' => Auth\State::saveState($state, 'core:Logout-IFrame'),
];
if (isset($state['core:Logout-IFrame:InitType'])) {
$params['type'] = $state['core:Logout-IFrame:InitType'];
}
$url = Module::getModuleURL('core/idp/logout-iframe.php', $params);
- HTTP::redirectTrustedURL($url);
+ Utils\HTTP::redirectTrustedURL($url);
}
@@ -87,14 +92,14 @@ class IFrameLogoutHandler implements LogoutHandlerInterface
* @param \SimpleSAML\Error\Exception|null $error The error that occurred during session termination (if any).
* @return void
*/
- public function onResponse($assocId, $relayState, \SimpleSAML\Error\Exception $error = null)
+ public function onResponse($assocId, $relayState, Error\Exception $error = null)
{
assert(is_string($assocId));
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$this->idp->terminateAssociation($assocId);
- $t = new \SimpleSAML\XHTML\Template($config, 'IFrameLogoutHandler.twig');
+ $t = new Template($config, 'IFrameLogoutHandler.twig');
$t->data['assocId'] = var_export($assocId, true);
$t->data['spId'] = sha1($assocId);
if (!is_null($error)) {
diff --git a/lib/SimpleSAML/IdP/LogoutHandlerInterface.php b/lib/SimpleSAML/IdP/LogoutHandlerInterface.php
index 3ac7a3d118c2b2b36acf2327172b8bacec51ea3a..fe52c00415a614b63e8d90ed32f526ebf2bffee2 100644
--- a/lib/SimpleSAML/IdP/LogoutHandlerInterface.php
+++ b/lib/SimpleSAML/IdP/LogoutHandlerInterface.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\IdP;
+use SimpleSAML\Error;
+use SimpleSAML\IdP;
+
/**
* Interface that all logout handlers must implement.
*
@@ -15,7 +18,7 @@ interface LogoutHandlerInterface
*
* @param \SimpleSAML\IdP $idp The IdP we are logging out from.
*/
- public function __construct(\SimpleSAML\IdP $idp);
+ public function __construct(IdP $idp);
/**
@@ -40,5 +43,5 @@ interface LogoutHandlerInterface
* @param \SimpleSAML\Error\Exception|null $error The error that occurred during session termination (if any).
* @return void
*/
- public function onResponse($assocId, $relayState, \SimpleSAML\Error\Exception $error = null);
+ public function onResponse($assocId, $relayState, Error\Exception $error = null);
}
diff --git a/lib/SimpleSAML/IdP/TraditionalLogoutHandler.php b/lib/SimpleSAML/IdP/TraditionalLogoutHandler.php
index e6b1717e9058009c47cbf8e78df6068be4fe5fcd..7649ef75309f2f80d73d356bd6338d5080445627 100644
--- a/lib/SimpleSAML/IdP/TraditionalLogoutHandler.php
+++ b/lib/SimpleSAML/IdP/TraditionalLogoutHandler.php
@@ -2,8 +2,11 @@
namespace SimpleSAML\IdP;
+use SimpleSAML\Auth;
+use SimpleSAML\Error;
+use SimpleSAML\IdP;
use SimpleSAML\Logger;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Utils;
/**
* Class that handles traditional logout.
@@ -26,7 +29,7 @@ class TraditionalLogoutHandler implements LogoutHandlerInterface
*
* @param \SimpleSAML\IdP $idp The IdP to log out from.
*/
- public function __construct(\SimpleSAML\IdP $idp)
+ public function __construct(IdP $idp)
{
$this->idp = $idp;
}
@@ -47,15 +50,15 @@ class TraditionalLogoutHandler implements LogoutHandlerInterface
$this->idp->finishLogout($state);
}
- $relayState = \SimpleSAML\Auth\State::saveState($state, 'core:LogoutTraditional', true);
+ $relayState = Auth\State::saveState($state, 'core:LogoutTraditional', true);
$id = $association['id'];
Logger::info('Logging out of '.var_export($id, true).'.');
try {
- $idp = \SimpleSAML\IdP::getByState($association);
+ $idp = IdP::getByState($association);
$url = call_user_func([$association['Handler'], 'getLogoutURL'], $idp, $association, $relayState);
- HTTP::redirectTrustedURL($url);
+ Utils\HTTP::redirectTrustedURL($url);
} catch (\Exception $e) {
Logger::warning('Unable to initialize logout to '.var_export($id, true).'.');
$this->idp->terminateAssociation($id);
@@ -97,16 +100,16 @@ class TraditionalLogoutHandler implements LogoutHandlerInterface
*
* @throws \SimpleSAML\Error\Exception If the RelayState was lost during logout.
*/
- public function onResponse($assocId, $relayState, \SimpleSAML\Error\Exception $error = null)
+ public function onResponse($assocId, $relayState, Error\Exception $error = null)
{
assert(is_string($assocId));
assert(is_string($relayState) || $relayState === null);
if ($relayState === null) {
- throw new \SimpleSAML\Error\Exception('RelayState lost during logout.');
+ throw new Error\Exception('RelayState lost during logout.');
}
- $state = \SimpleSAML\Auth\State::loadState($relayState, 'core:LogoutTraditional');
+ $state = Auth\State::loadState($relayState, 'core:LogoutTraditional');
if ($error === null) {
Logger::info('Logged out of '.var_export($assocId, true).'.');
diff --git a/lib/SimpleSAML/Locale/Language.php b/lib/SimpleSAML/Locale/Language.php
index e8f06cf09875a05bfee64a5779acd3a4e5c4792b..31189db618c7febd7aaefd8a4e01ccdc5ed38ae6 100644
--- a/lib/SimpleSAML/Locale/Language.php
+++ b/lib/SimpleSAML/Locale/Language.php
@@ -10,7 +10,9 @@
namespace SimpleSAML\Locale;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Utils;
class Language
{
@@ -138,7 +140,7 @@ class Language
*
* @param \SimpleSAML\Configuration $configuration Configuration object
*/
- public function __construct(\SimpleSAML\Configuration $configuration)
+ public function __construct(Configuration $configuration)
{
$this->configuration = $configuration;
$this->availableLanguages = $this->getInstalledLanguages();
@@ -168,7 +170,7 @@ class Language
if (array_key_exists($code, $this->language_names) && isset($this->language_names[$code])) {
$availableLanguages[] = $code;
} else {
- \SimpleSAML\Logger::error("Language \"$code\" not installed. Check config.");
+ Logger::error("Language \"$code\" not installed. Check config.");
}
}
return $availableLanguages;
@@ -263,7 +265,7 @@ class Language
if (array_key_exists($code, $this->language_names) && isset($this->language_names[$code])) {
return $this->language_names[$code];
}
- \SimpleSAML\Logger::error("Name for language \"$code\" not found. Check config.");
+ Logger::error("Name for language \"$code\" not found. Check config.");
return null;
}
@@ -287,7 +289,7 @@ class Language
*/
private function getHTTPLanguage()
{
- $languageScore = HTTP::getAcceptLanguage();
+ $languageScore = Utils\HTTP::getAcceptLanguage();
// for now we only use the default language map. We may use a configurable language map in the future
$languageMap = self::$defaultLanguageMap;
@@ -381,7 +383,7 @@ class Language
*/
public static function getLanguageCookie()
{
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$availableLanguages = $config->getArray('language.available', ['en']);
$name = $config->getString('language.cookie.name', 'language');
@@ -408,7 +410,7 @@ class Language
assert(is_string($language));
$language = strtolower($language);
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$availableLanguages = $config->getArray('language.available', ['en']);
if (!in_array($language, $availableLanguages, true) || headers_sent()) {
@@ -424,6 +426,6 @@ class Language
'httponly' => ($config->getBoolean('language.cookie.httponly', false)),
];
- HTTP::setCookie($name, $language, $params, false);
+ Utils\HTTP::setCookie($name, $language, $params, false);
}
}
diff --git a/lib/SimpleSAML/Locale/Localization.php b/lib/SimpleSAML/Locale/Localization.php
index c9c7e93a2f4f64fe339cc98bac239843e8954649..dd25eb131f8926f679be642cce0bb652d8ea06db 100644
--- a/lib/SimpleSAML/Locale/Localization.php
+++ b/lib/SimpleSAML/Locale/Localization.php
@@ -11,6 +11,8 @@ namespace SimpleSAML\Locale;
use Gettext\Translations;
use Gettext\Translator;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
class Localization
{
@@ -90,7 +92,7 @@ class Localization
*
* @param \SimpleSAML\Configuration $configuration Configuration object
*/
- public function __construct(\SimpleSAML\Configuration $configuration)
+ public function __construct(Configuration $configuration)
{
$this->configuration = $configuration;
$this->localeDir = $this->configuration->resolvePath('locales');
@@ -154,7 +156,7 @@ class Localization
public function addDomain($localeDir, $domain)
{
$this->localeDomainMap[$domain] = $localeDir;
- \SimpleSAML\Logger::debug("Localization: load domain '$domain' at '$localeDir'");
+ Logger::debug("Localization: load domain '$domain' at '$localeDir'");
$this->loadGettextGettextFromPO($domain);
}
@@ -172,7 +174,7 @@ class Localization
$langcode = $langcode[0];
$localeDir = $this->localeDomainMap[$domain];
$langPath = $localeDir.'/'.$langcode.'/LC_MESSAGES/';
- \SimpleSAML\Logger::debug("Trying langpath for '$langcode' as '$langPath'");
+ Logger::debug("Trying langpath for '$langcode' as '$langPath'");
if (is_dir($langPath) && is_readable($langPath)) {
return $langPath;
}
@@ -181,7 +183,7 @@ class Localization
$alias = $this->language->getLanguageCodeAlias($langcode);
if (isset($alias)) {
$langPath = $localeDir.'/'.$alias.'/LC_MESSAGES/';
- \SimpleSAML\Logger::debug("Trying langpath for alternative '$alias' as '$langPath'");
+ Logger::debug("Trying langpath for alternative '$alias' as '$langPath'");
if (is_dir($langPath) && is_readable($langPath)) {
return $langPath;
}
@@ -194,13 +196,13 @@ class Localization
// Report that the localization for the preferred language is missing
$error = "Localization not found for langcode '$langcode' at '$langPath', falling back to langcode '".
$defLangcode."'";
- \SimpleSAML\Logger::error($_SERVER['PHP_SELF'].' - '.$error);
+ Logger::error($_SERVER['PHP_SELF'].' - '.$error);
return $langPath;
}
// Locale for default language missing even, error out
$error = "Localization directory missing/broken for langcode '$langcode' and domain '$domain'";
- \SimpleSAML\Logger::critical($_SERVER['PHP_SELF'].' - '.$error);
+ Logger::critical($_SERVER['PHP_SELF'].' - '.$error);
throw new \Exception($error);
}
@@ -234,7 +236,7 @@ class Localization
$langPath = $this->getLangPath($domain);
} catch (\Exception $e) {
$error = "Something went wrong when trying to get path to language file, cannot load domain '$domain'.";
- \SimpleSAML\Logger::error($_SERVER['PHP_SELF'].' - '.$error);
+ Logger::error($_SERVER['PHP_SELF'].' - '.$error);
if ($catchException) {
// bail out!
return;
@@ -249,7 +251,7 @@ class Localization
$this->translator->loadTranslations($translations);
} else {
$error = "Localization file '$poFile' not found in '$langPath', falling back to default";
- \SimpleSAML\Logger::error($_SERVER['PHP_SELF'].' - '.$error);
+ Logger::error($_SERVER['PHP_SELF'].' - '.$error);
}
}
@@ -277,7 +279,7 @@ class Localization
private function setupL10N()
{
if ($this->i18nBackend === self::SSP_I18N_BACKEND) {
- \SimpleSAML\Logger::debug("Localization: using old system");
+ Logger::debug("Localization: using old system");
return;
}
diff --git a/lib/SimpleSAML/Locale/Translate.php b/lib/SimpleSAML/Locale/Translate.php
index a5c0442ad2b23228b48dd00d4db5c80c1cb1aa07..7d7dfd177626c9a4ac85503050da8b0269a54690 100644
--- a/lib/SimpleSAML/Locale/Translate.php
+++ b/lib/SimpleSAML/Locale/Translate.php
@@ -10,6 +10,11 @@
namespace SimpleSAML\Locale;
+use Gettext\BaseTranslator;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+
class Translate
{
/**
@@ -53,7 +58,7 @@ class Translate
* @param \SimpleSAML\Configuration $configuration Configuration object
* @param string|null $defaultDictionary The default dictionary where tags will come from.
*/
- public function __construct(\SimpleSAML\Configuration $configuration, $defaultDictionary = null)
+ public function __construct(Configuration $configuration, $defaultDictionary = null)
{
$this->configuration = $configuration;
$this->language = new Language($configuration);
@@ -63,7 +68,7 @@ class Translate
// for backwards compatibility - print warning
$backtrace = debug_backtrace();
$where = $backtrace[0]['file'].':'.$backtrace[0]['line'];
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Deprecated use of new SimpleSAML\Locale\Translate(...) at '.$where.
'. The last parameter is now a dictionary name, which should not end in ".php".'
);
@@ -101,7 +106,7 @@ class Translate
if ($sepPos !== false) {
$module = substr($name, 0, $sepPos);
$fileName = substr($name, $sepPos + 1);
- $dictDir = \SimpleSAML\Module::getModuleDir($module).'/dictionaries/';
+ $dictDir = Module::getModuleDir($module).'/dictionaries/';
} else {
$dictDir = $this->configuration->getPathValue('dictionarydir', 'dictionaries/');
$fileName = $name;
@@ -271,7 +276,7 @@ class Translate
$backtrace = debug_backtrace();
$where = $backtrace[0]['file'].':'.$backtrace[0]['line'];
if (!$fallbackdefault) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Deprecated use of new SimpleSAML\Locale\Translate::t(...) at '.$where.
'. This parameter will go away, the fallback will become'.
' identical to the $tag in 2.0.'
@@ -281,14 +286,14 @@ class Translate
// TODO: remove this entire if for 2.0
// old style call to t(...). Print warning to log
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Deprecated use of SimpleSAML\Locale\Translate::t(...) at '.$where.
'. Please update the code to use the new style of parameters.'
);
// for backwards compatibility
if (!$replacements && ($this->getTag($tag) === null)) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Code which uses $fallbackdefault === FALSE should be updated to use the getTag() method instead.'
);
return null;
@@ -299,7 +304,7 @@ class Translate
if (is_array($tag)) {
$tagData = $tag;
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Deprecated use of new SimpleSAML\Locale\Translate::t(...) at '.$where.
'. The $tag-parameter can only be a string in 2.0.'
);
@@ -307,7 +312,7 @@ class Translate
$tagData = $this->getTag($tag);
if ($tagData === null) {
// tag not found
- \SimpleSAML\Logger::info('Translate: Looking up ['.$tag.']: not translated at all.');
+ Logger::info('Translate: Looking up ['.$tag.']: not translated at all.');
return $this->getStringNotTranslated($tag, $fallbackdefault);
}
}
@@ -361,7 +366,7 @@ class Translate
throw new \Exception("Inline translation should be string or array. Is ".gettype($translation)." now!");
}
- \SimpleSAML\Logger::debug('Translate: Adding inline language translation for tag ['.$tag.']');
+ Logger::debug('Translate: Adding inline language translation for tag ['.$tag.']');
$this->langtext[$tag] = $translation;
}
@@ -384,7 +389,7 @@ class Translate
}
$lang = $this->readDictionaryFile($filebase.$file);
- \SimpleSAML\Logger::debug('Translate: Merging language array. Loading ['.$file.']');
+ Logger::debug('Translate: Merging language array. Loading ['.$file.']');
$this->langtext = array_merge($this->langtext, $lang);
}
@@ -404,7 +409,7 @@ class Translate
$lang = json_decode($fileContent, true);
if (empty($lang)) {
- \SimpleSAML\Logger::error('Invalid dictionary definition file ['.$definitionFile.']');
+ Logger::error('Invalid dictionary definition file ['.$definitionFile.']');
return [];
}
@@ -452,7 +457,7 @@ class Translate
{
assert(is_string($filename));
- \SimpleSAML\Logger::debug('Translate: Reading dictionary ['.$filename.']');
+ Logger::debug('Translate: Reading dictionary ['.$filename.']');
$jsonFile = $filename.'.definition.json';
if (file_exists($jsonFile)) {
@@ -464,7 +469,7 @@ class Translate
return $this->readDictionaryPHP($filename);
}
- \SimpleSAML\Logger::error(
+ Logger::error(
$_SERVER['PHP_SELF'].' - Translate: Could not find dictionary file at ['.$filename.']'
);
return [];
@@ -479,7 +484,7 @@ class Translate
*/
public static function translateSingularGettext($original)
{
- $text = \Gettext\BaseTranslator::$current->gettext($original);
+ $text = BaseTranslator::$current->gettext($original);
if (func_num_args() === 1) {
return $text;
@@ -501,7 +506,7 @@ class Translate
*/
public static function translatePluralGettext($original, $plural, $value)
{
- $text = \Gettext\BaseTranslator::$current->ngettext($original, $plural, $value);
+ $text = BaseTranslator::$current->ngettext($original, $plural, $value);
if (func_num_args() === 3) {
return $text;
@@ -538,10 +543,10 @@ class Translate
}
// we don't have a translation for the current language, load alternative priorities
- $sspcfg = \SimpleSAML\Configuration::getInstance();
+ $sspcfg = Configuration::getInstance();
$langcfg = $sspcfg->getConfigItem('language', null);
$priorities = [];
- if ($langcfg instanceof \SimpleSAML\Configuration) {
+ if ($langcfg instanceof Configuration) {
$priorities = $langcfg->getArray('priorities', []);
}
diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php
index 696ce6fe57050085ab3e91bb991d3f373145889e..ba193eae843ecf83d1568aa07366cd3abefaace6 100644
--- a/lib/SimpleSAML/Logger.php
+++ b/lib/SimpleSAML/Logger.php
@@ -376,7 +376,7 @@ class Logger
// register a shutdown handler if needed
if (!self::$shutdownRegistered) {
- register_shutdown_function(['SimpleSAML\Logger', 'flush']);
+ register_shutdown_function([self::class, 'flush']);
self::$shutdownRegistered = true;
}
}
diff --git a/lib/SimpleSAML/Logger/ErrorLogLoggingHandler.php b/lib/SimpleSAML/Logger/ErrorLogLoggingHandler.php
index bde8bc75733383d35d270851b97ee202676b805a..07bfea093e2e7ec3bac7e7ac2e780008c7a5a7a5 100644
--- a/lib/SimpleSAML/Logger/ErrorLogLoggingHandler.php
+++ b/lib/SimpleSAML/Logger/ErrorLogLoggingHandler.php
@@ -2,6 +2,7 @@
namespace SimpleSAML\Logger;
+use SimpleSAML\Configuration;
use SimpleSAML\Logger;
/**
@@ -43,7 +44,7 @@ class ErrorLogLoggingHandler implements LoggingHandlerInterface
*
* @param \SimpleSAML\Configuration $config The configuration object for this handler.
*/
- public function __construct(\SimpleSAML\Configuration $config)
+ public function __construct(Configuration $config)
{
$this->processname = $config->getString('logging.processname', 'SimpleSAMLphp');
}
diff --git a/lib/SimpleSAML/Logger/FileLoggingHandler.php b/lib/SimpleSAML/Logger/FileLoggingHandler.php
index 5a6923f9265051521bbea863e8d1d93cd625e447..a85307f6b7f15e2357f52eb742c6654f6d1c1d0d 100644
--- a/lib/SimpleSAML/Logger/FileLoggingHandler.php
+++ b/lib/SimpleSAML/Logger/FileLoggingHandler.php
@@ -2,7 +2,9 @@
namespace SimpleSAML\Logger;
+use SimpleSAML\Configuration;
use SimpleSAML\Logger;
+use SimpleSAML\Utils;
/**
* A logging handler that dumps logs to files.
@@ -48,7 +50,7 @@ class FileLoggingHandler implements LoggingHandlerInterface
* Build a new logging handler based on files.
* @param \SimpleSAML\Configuration $config
*/
- public function __construct(\SimpleSAML\Configuration $config)
+ public function __construct(Configuration $config)
{
// get the metadata handler option from the configuration
$this->logFile = $config->getPathValue('loggingdir', 'log/').
@@ -68,7 +70,7 @@ class FileLoggingHandler implements LoggingHandlerInterface
}
}
- \SimpleSAML\Utils\Time::initTimezone();
+ Utils\Time::initTimezone();
}
diff --git a/lib/SimpleSAML/Logger/LoggingHandlerInterface.php b/lib/SimpleSAML/Logger/LoggingHandlerInterface.php
index e3b46cf27705be1aac3835197b6b5519a85dbfde..3d00324e5e21b1e649f81e9eeffc6cd8d284f54a 100644
--- a/lib/SimpleSAML/Logger/LoggingHandlerInterface.php
+++ b/lib/SimpleSAML/Logger/LoggingHandlerInterface.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Logger;
+use SimpleSAML\Configuration;
+
/**
* The interface that must be implemented by any log handler.
*
@@ -16,7 +18,7 @@ interface LoggingHandlerInterface
*
* @param \SimpleSAML\Configuration $config The configuration to use in this log handler.
*/
- public function __construct(\SimpleSAML\Configuration $config);
+ public function __construct(Configuration $config);
/**
diff --git a/lib/SimpleSAML/Logger/StandardErrorLoggingHandler.php b/lib/SimpleSAML/Logger/StandardErrorLoggingHandler.php
index f17e58ddc5e12fddab7c4933ebe72959769df098..ecc028bf0e0e301a13bb5f149100501c1d76403b 100644
--- a/lib/SimpleSAML/Logger/StandardErrorLoggingHandler.php
+++ b/lib/SimpleSAML/Logger/StandardErrorLoggingHandler.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Logger;
+use SimpleSAML\Configuration;
+
/**
* A logging handler that outputs all messages to standard error.
*
@@ -17,7 +19,7 @@ class StandardErrorLoggingHandler extends FileLoggingHandler
*
* @param \SimpleSAML\Configuration $config
*/
- public function __construct(\SimpleSAML\Configuration $config)
+ public function __construct(Configuration $config)
{
$this->processname = $config->getString('logging.processname', 'SimpleSAMLphp');
$this->logFile = 'php://stderr';
diff --git a/lib/SimpleSAML/Logger/SyslogLoggingHandler.php b/lib/SimpleSAML/Logger/SyslogLoggingHandler.php
index fcbb157ffc554e94c9f99c52869fb0038a042282..a5cfa6bc0692809b46792163b52afcc8270a82ca 100644
--- a/lib/SimpleSAML/Logger/SyslogLoggingHandler.php
+++ b/lib/SimpleSAML/Logger/SyslogLoggingHandler.php
@@ -2,7 +2,8 @@
namespace SimpleSAML\Logger;
-use SimpleSAML\Utils\System;
+use SimpleSAML\Configuration;
+use SimpleSAML\Utils;
/**
* A logger that sends messages to syslog.
@@ -24,14 +25,14 @@ class SyslogLoggingHandler implements LoggingHandlerInterface
* Build a new logging handler based on syslog.
* @param \SimpleSAML\Configuration $config
*/
- public function __construct(\SimpleSAML\Configuration $config)
+ public function __construct(Configuration $config)
{
$facility = $config->getInteger('logging.facility', defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER);
$processname = $config->getString('logging.processname', 'SimpleSAMLphp');
// Setting facility to LOG_USER (only valid in Windows), enable log level rewrite on windows systems
- if (System::getOS() === System::WINDOWS) {
+ if (Utils\System::getOS() === Utils\System::WINDOWS) {
$this->isWindows = true;
$facility = LOG_USER;
}
diff --git a/lib/SimpleSAML/Memcache.php b/lib/SimpleSAML/Memcache.php
index bccf7be723c92830caf03eb93697b543d5390f55..0d4a11eded06d535a064f07d09f5f8edab44548a 100644
--- a/lib/SimpleSAML/Memcache.php
+++ b/lib/SimpleSAML/Memcache.php
@@ -2,6 +2,8 @@
namespace SimpleSAML;
+use SimpleSAML\Utils;
+
/**
* This file implements functions to read and write to a group of memcache
* servers.
@@ -417,7 +419,7 @@ class Memcache
{
// get the configuration instance
$config = Configuration::getInstance();
- assert($config instanceof \SimpleSAML\Configuration);
+ assert($config instanceof Configuration);
// get the expire-value from the configuration
$expire = $config->getInteger('memcache_store.expires', 0);
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
index a0ee3db680e55e1ac973f90b49e9d4f9a3b072a5..00b5674be01422386ac0c31a177f3a81a01ecf1c 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php
@@ -2,8 +2,12 @@
namespace SimpleSAML\Metadata;
+use SAML2\Constants;
use SAML2\XML\saml\Issuer;
-use SimpleSAML\Utils\ClearableState;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Utils;
/**
* This file defines a class for metadata handling.
@@ -12,7 +16,7 @@ use SimpleSAML\Utils\ClearableState;
* @package SimpleSAMLphp
*/
-class MetaDataStorageHandler implements ClearableState
+class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState
{
/**
* This static variable contains a reference to the current
@@ -56,7 +60,7 @@ class MetaDataStorageHandler implements ClearableState
*/
protected function __construct()
{
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$sourcesConfig = $config->getArray('metadata.sources', null);
@@ -98,14 +102,14 @@ class MetaDataStorageHandler implements ClearableState
}
// get the configuration
- $config = \SimpleSAML\Configuration::getInstance();
- assert($config instanceof \SimpleSAML\Configuration);
+ $config = Configuration::getInstance();
+ assert($config instanceof Configuration);
- $baseurl = \SimpleSAML\Utils\HTTP::getSelfURLHost().$config->getBasePath();
+ $baseurl = Utils\HTTP::getSelfURLHost().$config->getBasePath();
if ($set == 'saml20-sp-hosted') {
if ($property === 'SingleLogoutServiceBinding') {
- return \SAML2\Constants::BINDING_HTTP_REDIRECT;
+ return Constants::BINDING_HTTP_REDIRECT;
}
} elseif ($set == 'saml20-idp-hosted') {
switch ($property) {
@@ -113,13 +117,13 @@ class MetaDataStorageHandler implements ClearableState
return $baseurl.'saml2/idp/SSOService.php';
case 'SingleSignOnServiceBinding':
- return \SAML2\Constants::BINDING_HTTP_REDIRECT;
+ return Constants::BINDING_HTTP_REDIRECT;
case 'SingleLogoutService':
return $baseurl.'saml2/idp/SingleLogoutService.php';
case 'SingleLogoutServiceBinding':
- return \SAML2\Constants::BINDING_HTTP_REDIRECT;
+ return Constants::BINDING_HTTP_REDIRECT;
}
} elseif ($set == 'shib13-idp-hosted') {
if ($property === 'SingleSignOnService') {
@@ -152,9 +156,9 @@ class MetaDataStorageHandler implements ClearableState
if (array_key_exists('expire', $le)) {
if ($le['expire'] < time()) {
unset($srcList[$key]);
- \SimpleSAML\Logger::warning(
+ Logger::warning(
"Dropping metadata entity ".var_export($key, true).", expired ".
- \SimpleSAML\Utils\Time::generateTimestamp($le['expire'])."."
+ Utils\Time::generateTimestamp($le['expire'])."."
);
}
}
@@ -199,7 +203,7 @@ class MetaDataStorageHandler implements ClearableState
assert(is_string($set));
// first we look for the hostname/path combination
- $currenthostwithpath = \SimpleSAML\Utils\HTTP::getSelfHostWithPath(); // sp.example.org/university
+ $currenthostwithpath = Utils\HTTP::getSelfHostWithPath(); // sp.example.org/university
foreach ($this->sources as $source) {
$index = $source->getEntityIdFromHostPath($currenthostwithpath, $set, $type);
@@ -209,7 +213,7 @@ class MetaDataStorageHandler implements ClearableState
}
// then we look for the hostname
- $currenthost = \SimpleSAML\Utils\HTTP::getSelfHost(); // sp.example.org
+ $currenthost = Utils\HTTP::getSelfHost(); // sp.example.org
foreach ($this->sources as $source) {
$index = $source->getEntityIdFromHostPath($currenthost, $set, $type);
@@ -299,7 +303,7 @@ class MetaDataStorageHandler implements ClearableState
}
}
- throw new \SimpleSAML\Error\MetadataNotFound($index);
+ throw new Error\MetadataNotFound($index);
}
@@ -320,7 +324,7 @@ class MetaDataStorageHandler implements ClearableState
assert(is_string($set));
$metadata = $this->getMetaData($entityId, $set);
- return \SimpleSAML\Configuration::loadFromArray($metadata, $set.'/'.var_export($entityId, true));
+ return Configuration::loadFromArray($metadata, $set.'/'.var_export($entityId, true));
}
@@ -352,7 +356,7 @@ class MetaDataStorageHandler implements ClearableState
if (sha1($remote_provider['entityid']) == $sha1) {
$remote_provider['metadata-set'] = $set;
- return \SimpleSAML\Configuration::loadFromArray(
+ return Configuration::loadFromArray(
$remote_provider,
$set.'/'.var_export($remote_provider['entityid'], true)
);
@@ -362,6 +366,7 @@ class MetaDataStorageHandler implements ClearableState
return null;
}
+
/**
* Clear any metadata cached.
* Allows for metadata configuration to be changed and reloaded during a given request. Most useful
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerFlatFile.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerFlatFile.php
index de0fb88b0efc2f0d017b70a95be5a06179f819ef..f18ac585a548fef08a4ed2ddf8c77942095e6ba7 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerFlatFile.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerFlatFile.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Metadata;
+use SimpleSAML\Configuration;
+
/**
* This file defines a flat file metadata source.
* Instantiation of session handler objects should be done through
@@ -44,7 +46,7 @@ class MetaDataStorageHandlerFlatFile extends MetaDataStorageSource
assert(is_array($config));
// get the configuration
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
// find the path to the directory we should search for metadata in
if (array_key_exists('directory', $config)) {
@@ -105,11 +107,11 @@ class MetaDataStorageHandlerFlatFile extends MetaDataStorageSource
return $this->cachedMetadata[$set];
}
+ /** @var array|null $metadataSet */
$metadataSet = $this->load($set);
if ($metadataSet === null) {
$metadataSet = [];
}
- /** @var array $metadataSet */
// add the entity id of an entry to each entry in the metadata
foreach ($metadataSet as $entityId => &$entry) {
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php
index 4c26cec764fb36ee4b6ccf12f52b8fd961b2483e..408bfb243f1e575c8808f0e73103113971402fea 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Metadata;
+use SimpleSAML\Database;
+use SimpleSAML\Error;
+
/**
* Class for handling metadata files stored in a database.
*
@@ -62,7 +65,7 @@ class MetaDataStorageHandlerPdo extends MetaDataStorageSource
{
assert(is_array($config));
- $this->db = \SimpleSAML\Database::getInstance();
+ $this->db = Database::getInstance();
}
@@ -95,7 +98,7 @@ class MetaDataStorageHandlerPdo extends MetaDataStorageSource
while ($d = $stmt->fetch()) {
$data = json_decode($d['entity_data'], true);
if ($data === null) {
- throw new \SimpleSAML\Error\Exception("Cannot decode metadata for entity '${d['entity_id']}'");
+ throw new Error\Exception("Cannot decode metadata for entity '${d['entity_id']}'");
}
if (!array_key_exists('entityid', $data)) {
$data['entityid'] = $d['entity_id'];
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSerialize.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSerialize.php
index fa57368561aa78726bfbfe527d227c966d024c76..0d7474e3dd7bfad84ce1f0247e0a94854d31320c 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSerialize.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSerialize.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Metadata;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+
/**
* Class for handling metadata files in serialized format.
*
@@ -37,9 +40,9 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
{
assert(is_array($config));
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
- $cfgHelp = \SimpleSAML\Configuration::loadFromArray($config, 'serialize metadata source');
+ $cfgHelp = Configuration::loadFromArray($config, 'serialize metadata source');
$this->directory = $cfgHelp->getString('directory');
@@ -78,7 +81,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
$dh = @opendir($this->directory);
if ($dh === false) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Serialize metadata handler: Unable to open directory: '.var_export($this->directory, true)
);
return $ret;
@@ -93,7 +96,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
$path = $this->directory.'/'.$entry;
if (!is_dir($path)) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Serialize metadata handler: Metadata directory contained a file where only directories should '.
'exist: '.var_export($path, true)
);
@@ -130,7 +133,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
$dh = @opendir($dir);
if ($dh === false) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Serialize metadata handler: Unable to open directory: '.var_export($dir, true)
);
return $ret;
@@ -185,7 +188,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
$data = @file_get_contents($filePath);
if ($data === false) {
$error = error_get_last();
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Error reading file '.$filePath.': '.$error['message']
);
return null;
@@ -193,7 +196,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
$data = @unserialize($data);
if ($data === false) {
- \SimpleSAML\Logger::warning('Error unserializing file: '.$filePath);
+ Logger::warning('Error unserializing file: '.$filePath);
return null;
}
@@ -225,30 +228,30 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
$dir = dirname($filePath);
if (!is_dir($dir)) {
- \SimpleSAML\Logger::info('Creating directory: '.$dir);
+ Logger::info('Creating directory: '.$dir);
$res = @mkdir($dir, 0777, true);
if ($res === false) {
$error = error_get_last();
- \SimpleSAML\Logger::error('Failed to create directory '.$dir.': '.$error['message']);
+ Logger::error('Failed to create directory '.$dir.': '.$error['message']);
return false;
}
}
$data = serialize($metadata);
- \SimpleSAML\Logger::debug('Writing: '.$newPath);
+ Logger::debug('Writing: '.$newPath);
$res = file_put_contents($newPath, $data);
if ($res === false) {
$error = error_get_last();
- \SimpleSAML\Logger::error('Error saving file '.$newPath.': '.$error['message']);
+ Logger::error('Error saving file '.$newPath.': '.$error['message']);
return false;
}
$res = rename($newPath, $filePath);
if ($res === false) {
$error = error_get_last();
- \SimpleSAML\Logger::error('Error renaming '.$newPath.' to '.$filePath.': '.$error['message']);
+ Logger::error('Error renaming '.$newPath.' to '.$filePath.': '.$error['message']);
return false;
}
@@ -271,7 +274,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
$filePath = $this->getMetadataPath($entityId, $set);
if (!file_exists($filePath)) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Attempted to erase nonexistent metadata entry '.
var_export($entityId, true).' in set '.var_export($set, true).'.'
);
@@ -281,7 +284,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource
$res = unlink($filePath);
if ($res === false) {
$error = error_get_last();
- \SimpleSAML\Logger::error(
+ Logger::error(
'Failed to delete file '.$filePath.
': '.$error['message']
);
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerXML.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerXML.php
index 9430781b6c1d02d2d6edbb451ec990183e8915f6..e47ddedf864932474cd0a4e9633bc3b513d5a697 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerXML.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerXML.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Metadata;
+use SimpleSAML\Configuration;
+
/**
* This class implements a metadata source which loads metadata from XML files.
* The XML files should be in the SAML 2.0 metadata format.
@@ -12,7 +14,6 @@ namespace SimpleSAML\Metadata;
class MetaDataStorageHandlerXML extends MetaDataStorageSource
{
-
/**
* This variable contains an associative array with the parsed metadata.
*
@@ -37,7 +38,7 @@ class MetaDataStorageHandlerXML extends MetaDataStorageSource
$src = $srcXml = null;
if (array_key_exists('file', $config)) {
// get the configuration
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
$src = $globalConfig->resolvePath($config['file']);
} elseif (array_key_exists('url', $config)) {
$src = $config['url'];
diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageSource.php b/lib/SimpleSAML/Metadata/MetaDataStorageSource.php
index e6cdb5d15942f769897293e5cb66255e89157e21..81ffd3b12ec190674bc2974ba6a45aeb4ef667a1 100644
--- a/lib/SimpleSAML/Metadata/MetaDataStorageSource.php
+++ b/lib/SimpleSAML/Metadata/MetaDataStorageSource.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Metadata;
+use SimpleSAML\Error;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
+
/**
* This abstract class defines an interface for metadata storage sources.
*
@@ -82,13 +86,13 @@ abstract class MetaDataStorageSource
default:
// metadata store from module
try {
- $className = \SimpleSAML\Module::resolveClass(
+ $className = Module::resolveClass(
$type,
'MetadataStore',
'\SimpleSAML\Metadata\MetaDataStorageSource'
);
} catch (\Exception $e) {
- throw new \SimpleSAML\Error\CriticalConfigurationError(
+ throw new Error\CriticalConfigurationError(
"Invalid 'type' for metadata source. Cannot find store '$type'.",
null
);
@@ -173,7 +177,6 @@ abstract class MetaDataStorageSource
*/
public function getPreferredEntityIdFromCIDRhint($set, $ip, $type = 'entityid')
{
-
$metadataSet = $this->getMetadataSet($set);
foreach ($metadataSet as $index => $entry) {
@@ -197,7 +200,7 @@ abstract class MetaDataStorageSource
}
foreach ($cidrHints as $hint_entry) {
- if (\SimpleSAML\Utils\Net::ipCIDRcheck($hint_entry, $ip)) {
+ if (Utils\Net::ipCIDRcheck($hint_entry, $ip)) {
if ($type === 'entityid') {
return $entry['entityid'];
} else {
@@ -256,7 +259,7 @@ abstract class MetaDataStorageSource
assert(is_array($metadataSet));
// check for hostname
- $currentHost = \SimpleSAML\Utils\HTTP::getSelfHost(); // sp.example.org
+ $currentHost = Utils\HTTP::getSelfHost(); // sp.example.org
foreach ($metadataSet as $index => $entry) {
// explicit index match
@@ -284,7 +287,7 @@ abstract class MetaDataStorageSource
assert(is_string($set));
// get the configuration
- $baseUrl = \SimpleSAML\Utils\HTTP::getBaseURL();
+ $baseUrl = Utils\HTTP::getBaseURL();
if ($set === 'saml20-idp-hosted') {
return $baseUrl.'saml2/idp/metadata.php';
@@ -299,10 +302,10 @@ abstract class MetaDataStorageSource
return $baseUrl.'shib13/sp/metadata.php';
}
else if ($set === 'wsfed-sp-hosted') {
- return 'urn:federation:'.\SimpleSAML\Utils\HTTP::getSelfHost();
+ return 'urn:federation:'.Utils\HTTP::getSelfHost();
}
else if ($set === 'adfs-idp-hosted') {
- return 'urn:federation:'.\SimpleSAML\Utils\HTTP::getSelfHost().':idp';
+ return 'urn:federation:'.Utils\HTTP::getSelfHost().':idp';
}
else {
throw new \Exception('Can not generate dynamic EntityID for metadata of this type: ['.$set.']');
@@ -340,4 +343,4 @@ abstract class MetaDataStorageSource
return $modifiedMetadataEntry;
}
-}
\ No newline at end of file
+}
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index 733d802f731c4020dc0d0b78c51a9f30802e77f1..c8eb4af3978a727f5eb4b87708a03b834f945015 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -2,7 +2,30 @@
namespace SimpleSAML\Metadata;
-use \SAML2\XML\md\EntityDescriptor;
+use SAML2\Constants;
+use SAML2\XML\md\AttributeAuthorityDescriptor;
+use SAML2\XML\md\AttributeConsumingService;
+use SAML2\XML\md\EndpointType;
+use SAML2\XML\md\EntityDescriptor;
+use SAML2\XML\md\IDPSSODescriptor;
+use SAML2\XML\md\IndexedEndpointType;
+use SAML2\XML\md\Organization;
+use SAML2\XML\md\RequestedAttribute;
+use SAML2\XML\md\RoleDescriptor;
+use SAML2\XML\md\SPSSODescriptor;
+use SAML2\XML\mdattr\EntityAttributes;
+use SAML2\XML\mdrpi\RegistrationInfo;
+use SAML2\XML\mdui\DiscoHints;
+use SAML2\XML\mdui\Keywords;
+use SAML2\XML\mdui\Logo;
+use SAML2\XML\mdui\UIInfo;
+use SAML2\XML\saml\Attribute;
+use SAML2\XML\saml\AttributeValue;
+use SAML2\XML\shibmd\Scope;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Module\adfs\SAML2\XML\fed\SecurityTokenServiceType;
+use SimpleSAML\Utils;
/**
* Class for generating SAML 2.0 metadata from SimpleSAMLphp metadata arrays.
@@ -109,7 +132,7 @@ class SAMLBuilder
$xml = $this->getEntityDescriptor();
if ($formatted) {
- \SimpleSAML\Utils\XML::formatDOMElement($xml);
+ Utils\XML::formatDOMElement($xml);
}
return $xml->ownerDocument->saveXML();
@@ -128,9 +151,9 @@ class SAMLBuilder
assert(isset($metadata['entityid']));
assert(isset($metadata['metadata-set']));
- $metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
+ $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']);
$defaultEndpoint = $metadata->getDefaultEndpoint('SingleSignOnService');
- $e = new \SimpleSAML\Module\adfs\SAML2\XML\fed\SecurityTokenServiceType();
+ $e = new SecurityTokenServiceType();
$e->setLocation($defaultEndpoint['Location']);
$this->addCertificate($e, $metadata);
@@ -146,29 +169,29 @@ class SAMLBuilder
* @param \SAML2\XML\md\RoleDescriptor $e Reference to the element where the Extensions element should be included.
* @return void
*/
- private function addExtensions(\SimpleSAML\Configuration $metadata, \SAML2\XML\md\RoleDescriptor $e)
+ private function addExtensions(Configuration $metadata, RoleDescriptor $e)
{
if ($metadata->hasValue('tags')) {
- $a = new \SAML2\XML\saml\Attribute();
+ $a = new Attribute();
$a->setName('tags');
foreach ($metadata->getArray('tags') as $tag) {
- $a->addAttributeValue(new \SAML2\XML\saml\AttributeValue($tag));
+ $a->addAttributeValue(new AttributeValue($tag));
}
$e->setExtensions(array_merge($e->getExtensions(), [$a]));
}
if ($metadata->hasValue('hint.cidr')) {
- $a = new \SAML2\XML\saml\Attribute();
+ $a = new Attribute();
$a->setName('hint.cidr');
foreach ($metadata->getArray('hint.cidr') as $hint) {
- $a->addAttributeValue(new \SAML2\XML\saml\AttributeValue($hint));
+ $a->addAttributeValue(new AttributeValue($hint));
}
$e->setExtensions(array_merge($e->getExtensions(), [$a]));
}
if ($metadata->hasValue('scope')) {
foreach ($metadata->getArray('scope') as $scopetext) {
- $s = new \SAML2\XML\shibmd\Scope();
+ $s = new Scope();
$s->setScope($scopetext);
// Check whether $ ^ ( ) * | \ are in a scope -> assume regex.
if (1 === preg_match('/[\$\^\)\(\*\|\\\\]/', $scopetext)) {
@@ -181,9 +204,9 @@ class SAMLBuilder
}
if ($metadata->hasValue('EntityAttributes')) {
- $ea = new \SAML2\XML\mdattr\EntityAttributes();
+ $ea = new EntityAttributes();
foreach ($metadata->getArray('EntityAttributes') as $attributeName => $attributeValues) {
- $a = new \SAML2\XML\saml\Attribute();
+ $a = new Attribute();
$a->setName($attributeName);
$a->setNameFormat('urn:oasis:names:tc:SAML:2.0:attrname-format:uri');
@@ -191,12 +214,12 @@ class SAMLBuilder
if (preg_match('/^\{(.*?)\}(.*)$/', $attributeName, $matches)) {
$a->setName($matches[2]);
$nameFormat = $matches[1];
- if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
+ if ($nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
$a->setNameFormat($nameFormat);
}
}
foreach ($attributeValues as $attributeValue) {
- $a->addAttributeValue(new \SAML2\XML\saml\AttributeValue($attributeValue));
+ $a->addAttributeValue(new AttributeValue($attributeValue));
}
$ea->addChildren($a);
}
@@ -206,7 +229,7 @@ class SAMLBuilder
}
if ($metadata->hasValue('RegistrationInfo')) {
- $ri = new \SAML2\XML\mdrpi\RegistrationInfo();
+ $ri = new RegistrationInfo();
foreach ($metadata->getArray('RegistrationInfo') as $riName => $riValues) {
switch ($riName) {
case 'authority':
@@ -226,7 +249,7 @@ class SAMLBuilder
}
if ($metadata->hasValue('UIInfo')) {
- $ui = new \SAML2\XML\mdui\UIInfo();
+ $ui = new UIInfo();
foreach ($metadata->getArray('UIInfo') as $uiName => $uiValues) {
switch ($uiName) {
case 'DisplayName':
@@ -243,7 +266,7 @@ class SAMLBuilder
break;
case 'Keywords':
foreach ($uiValues as $lang => $keywords) {
- $uiItem = new \SAML2\XML\mdui\Keywords();
+ $uiItem = new Keywords();
$uiItem->setLanguage($lang);
$uiItem->setKeywords($keywords);
$ui->addKeyword($uiItem);
@@ -251,7 +274,7 @@ class SAMLBuilder
break;
case 'Logo':
foreach ($uiValues as $logo) {
- $uiItem = new \SAML2\XML\mdui\Logo();
+ $uiItem = new Logo();
$uiItem->setUrl($logo['url']);
$uiItem->setWidth($logo['width']);
$uiItem->setHeight($logo['height']);
@@ -267,7 +290,7 @@ class SAMLBuilder
}
if ($metadata->hasValue('DiscoHints')) {
- $dh = new \SAML2\XML\mdui\DiscoHints();
+ $dh = new DiscoHints();
foreach ($metadata->getArray('DiscoHints') as $dhName => $dhValues) {
switch ($dhName) {
case 'IPHint':
@@ -296,7 +319,7 @@ class SAMLBuilder
*/
public function addOrganization(array $orgName, array $orgDisplayName, array $orgURL)
{
- $org = new \SAML2\XML\md\Organization();
+ $org = new Organization();
$org->setOrganizationName($orgName);
$org->setOrganizationDisplayName($orgDisplayName);
@@ -322,9 +345,9 @@ class SAMLBuilder
return;
}
- $orgName = \SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationName'], 'en');
- $orgDisplayName = \SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationDisplayName'], 'en');
- $orgURL = \SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationURL'], 'en');
+ $orgName = Utils\Arrays::arrayize($metadata['OrganizationName'], 'en');
+ $orgDisplayName = Utils\Arrays::arrayize($metadata['OrganizationDisplayName'], 'en');
+ $orgURL = Utils\Arrays::arrayize($metadata['OrganizationURL'], 'en');
$this->addOrganization($orgName, $orgDisplayName, $orgURL);
}
@@ -347,7 +370,7 @@ class SAMLBuilder
foreach ($endpoints as &$ep) {
if ($indexed) {
- $t = new \SAML2\XML\md\IndexedEndpointType();
+ $t = new IndexedEndpointType();
if (!isset($ep['index'])) {
// Find the maximum index
$maxIndex = -1;
@@ -366,7 +389,7 @@ class SAMLBuilder
$t->setIndex($ep['index']);
} else {
- $t = new \SAML2\XML\md\EndpointType();
+ $t = new EndpointType();
}
$t->setBinding($ep['Binding']);
@@ -376,9 +399,9 @@ class SAMLBuilder
}
if (isset($ep['hoksso:ProtocolBinding'])) {
$t->setAttributeNS(
- \SAML2\Constants::NS_HOK,
+ Constants::NS_HOK,
'hoksso:ProtocolBinding',
- \SAML2\Constants::BINDING_HTTP_REDIRECT
+ Constants::BINDING_HTTP_REDIRECT
);
}
@@ -397,8 +420,8 @@ class SAMLBuilder
* @return void
*/
private function addAttributeConsumingService(
- \SAML2\XML\md\SPSSODescriptor $spDesc,
- \SimpleSAML\Configuration $metadata
+ SPSSODescriptor $spDesc,
+ Configuration $metadata
) {
$attributes = $metadata->getArray('attributes', []);
$name = $metadata->getLocalizedString('name', null);
@@ -414,7 +437,7 @@ class SAMLBuilder
* Add an AttributeConsumingService element with information as name and description and list
* of requested attributes
*/
- $attributeconsumer = new \SAML2\XML\md\AttributeConsumingService();
+ $attributeconsumer = new AttributeConsumingService();
$attributeconsumer->setIndex($metadata->getInteger('attributes.index', 0));
@@ -425,14 +448,14 @@ class SAMLBuilder
$attributeconsumer->setServiceName($name);
$attributeconsumer->setServiceDescription($metadata->getLocalizedString('description', []));
- $nameFormat = $metadata->getString('attributes.NameFormat', \SAML2\Constants::NAMEFORMAT_UNSPECIFIED);
+ $nameFormat = $metadata->getString('attributes.NameFormat', Constants::NAMEFORMAT_UNSPECIFIED);
foreach ($attributes as $friendlyName => $attribute) {
- $t = new \SAML2\XML\md\RequestedAttribute();
+ $t = new RequestedAttribute();
$t->setName($attribute);
if (!is_int($friendlyName)) {
$t->setFriendlyName($friendlyName);
}
- if ($nameFormat !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED) {
+ if ($nameFormat !== Constants::NAMEFORMAT_UNSPECIFIED) {
$t->setNameFormat($nameFormat);
}
if (in_array($attribute, $attributesrequired, true)) {
@@ -476,7 +499,7 @@ class SAMLBuilder
$this->addAttributeAuthority($metadata);
break;
default:
- \SimpleSAML\Logger::warning('Unable to generate metadata for unknown type \''.$set.'\'.');
+ Logger::warning('Unable to generate metadata for unknown type \''.$set.'\'.');
}
}
@@ -488,16 +511,16 @@ class SAMLBuilder
* @param array $protocols The protocols supported. Defaults to \SAML2\Constants::NS_SAMLP.
* @return void
*/
- public function addMetadataSP20($metadata, $protocols = [\SAML2\Constants::NS_SAMLP])
+ public function addMetadataSP20($metadata, $protocols = [Constants::NS_SAMLP])
{
assert(is_array($metadata));
assert(is_array($protocols));
assert(isset($metadata['entityid']));
assert(isset($metadata['metadata-set']));
- $metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
+ $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new \SAML2\XML\md\SPSSODescriptor();
+ $e = new SPSSODescriptor();
$e->setProtocolSupportEnumeration($protocols);
if ($metadata->hasValue('saml20.sign.assertion')) {
@@ -521,7 +544,7 @@ class SAMLBuilder
$endpoints = $metadata->getEndpoints('AssertionConsumerService');
foreach ($metadata->getArrayizeString('AssertionConsumerService.artifact', []) as $acs) {
$endpoints[] = [
- 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
+ 'Binding' => Constants::BINDING_HTTP_ARTIFACT,
'Location' => $acs,
];
}
@@ -533,7 +556,7 @@ class SAMLBuilder
foreach ($metadata->getArray('contacts', []) as $contact) {
if (array_key_exists('contactType', $contact) && array_key_exists('emailAddress', $contact)) {
- $this->addContact($contact['contactType'], \SimpleSAML\Utils\Config\Metadata::getContact($contact));
+ $this->addContact($contact['contactType'], Utils\Config\Metadata::getContact($contact));
}
}
}
@@ -551,10 +574,10 @@ class SAMLBuilder
assert(isset($metadata['entityid']));
assert(isset($metadata['metadata-set']));
- $metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
+ $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new \SAML2\XML\md\IDPSSODescriptor();
- $e->setProtocolSupportEnumeration(array_merge($e->getProtocolSupportEnumeration(), ['urn:oasis:names:tc:SAML:2.0:protocol']));
+ $e = new IDPSSODescriptor();
+ $e->setProtocolSupportEnumeration(array_merge($e->getProtocolSupportEnumeration(), [Constants::NS_SAMLP]));
if ($metadata->hasValue('sign.authnrequest')) {
$e->setWantAuthnRequestsSigned($metadata->getBoolean('sign.authnrequest'));
@@ -583,7 +606,7 @@ class SAMLBuilder
foreach ($metadata->getArray('contacts', []) as $contact) {
if (array_key_exists('contactType', $contact) && array_key_exists('emailAddress', $contact)) {
- $this->addContact($contact['contactType'], \SimpleSAML\Utils\Config\Metadata::getContact($contact));
+ $this->addContact($contact['contactType'], Utils\Config\Metadata::getContact($contact));
}
}
}
@@ -601,13 +624,15 @@ class SAMLBuilder
assert(isset($metadata['entityid']));
assert(isset($metadata['metadata-set']));
- $metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
+ $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new \SAML2\XML\md\SPSSODescriptor();
- $e->setProtocolSupportEnumeration(array_merge(
+ $e = new SPSSODescriptor();
+ $e->setProtocolSupportEnumeration(
+ array_merge(
$e->getProtocolSupportEnumeration(),
['urn:oasis:names:tc:SAML:1.1:protocol']
- ));
+ )
+ );
$this->addCertificate($e, $metadata);
@@ -640,9 +665,9 @@ class SAMLBuilder
assert(isset($metadata['entityid']));
assert(isset($metadata['metadata-set']));
- $metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
+ $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new \SAML2\XML\md\IDPSSODescriptor();
+ $e = new IDPSSODescriptor();
$e->setProtocolSupportEnumeration(
array_merge($e->getProtocolSupportEnumeration(), [
'urn:oasis:names:tc:SAML:1.1:protocol',
@@ -673,10 +698,10 @@ class SAMLBuilder
assert(isset($metadata['entityid']));
assert(isset($metadata['metadata-set']));
- $metadata = \SimpleSAML\Configuration::loadFromArray($metadata, $metadata['entityid']);
+ $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']);
- $e = new \SAML2\XML\md\AttributeAuthorityDescriptor();
- $e->setProtocolSupportEnumeration($metadata->getArray('protocols', [\SAML2\Constants::NS_SAMLP]));
+ $e = new AttributeAuthorityDescriptor();
+ $e->setProtocolSupportEnumeration($metadata->getArray('protocols', [Constants::NS_SAMLP]));
$this->addExtensions($metadata, $e);
$this->addCertificate($e, $metadata);
@@ -714,7 +739,7 @@ class SAMLBuilder
assert(in_array($type, ['technical', 'support', 'administrative', 'billing', 'other'], true));
// TODO: remove this check as soon as getContact() is called always before calling this function
- $details = \SimpleSAML\Utils\Config\Metadata::getContact($details);
+ $details = Utils\Config\Metadata::getContact($details);
$e = new \SAML2\XML\md\ContactPerson();
$e->setContactType($type);
@@ -765,7 +790,7 @@ class SAMLBuilder
* @param string $x509data The certificate data.
* @return void
*/
- private function addX509KeyDescriptor(\SAML2\XML\md\RoleDescriptor $rd, $use, $x509data)
+ private function addX509KeyDescriptor(RoleDescriptor $rd, $use, $x509data)
{
assert(in_array($use, ['encryption', 'signing'], true));
assert(is_string($x509data));
@@ -785,7 +810,7 @@ class SAMLBuilder
* @param \SimpleSAML\Configuration $metadata The metadata of the entity.
* @return void
*/
- private function addCertificate(\SAML2\XML\md\RoleDescriptor $rd, \SimpleSAML\Configuration $metadata)
+ private function addCertificate(RoleDescriptor $rd, Configuration $metadata)
{
$keys = $metadata->getPublicKeys();
foreach ($keys as $key) {
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index f330b82d4057af8fcf81927d9f9db1ebfd75bcda..d18c6d176e41a114841d7b148f5d828aede50612 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -2,8 +2,37 @@
namespace SimpleSAML\Metadata;
+use DOMDocument;
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
+use SAML2\Constants;
+use SAML2\DOMDocumentFactory;
+use SAML2\XML\Chunk;
+use SAML2\XML\ds\X509Certificate;
+use SAML2\XML\ds\X509Data;
+use SAML2\XML\md\AttributeAuthorityDescriptor;
+use SAML2\XML\md\AttributeConsumingService;
+use SAML2\XML\md\ContactPerson;
+use SAML2\XML\md\EndpointType;
+use SAML2\XML\md\EntityDescriptor;
+use SAML2\XML\md\EntitiesDescriptor;
+use SAML2\XML\md\IDPSSODescriptor;
+use SAML2\XML\md\IndexedEndpointType;
+use SAML2\XML\md\KeyDescriptor;
+use SAML2\XML\md\Organization;
+use SAML2\XML\md\RoleDescriptor;
+use SAML2\XML\md\SPSSODescriptor;
+use SAML2\XML\md\SSODescriptorType;
+use SAML2\XML\mdattr\EntityAttributes;
+use SAML2\XML\mdrpi\RegistrationInfo;
+use SAML2\XML\mdui\DiscoHints;
+use SAML2\XML\mdui\Keywords;
+use SAML2\XML\mdui\Logo;
+use SAML2\XML\mdui\UIInfo;
+use SAML2\XML\saml\Attribute;
+use SAML2\XML\shibmd\Scope;
+use SimpleSAML\Logger;
+use SimpleSAML\Utils;
/**
* This is class for parsing of SAML 1.x and SAML 2.0 metadata.
@@ -35,7 +64,7 @@ class SAMLParser
* @var string[]
*/
private static $SAML20Protocols = [
- 'urn:oasis:names:tc:SAML:2.0:protocol',
+ Constants::NS_SAMLP,
];
/**
@@ -142,6 +171,7 @@ class SAMLParser
*/
private $entityDescriptor;
+
/**
* This is the constructor for the SAMLParser class.
*
@@ -152,7 +182,7 @@ class SAMLParser
* @param array $parentExtensions An optional array of extensions from the parent element.
*/
private function __construct(
- \SAML2\XML\md\EntityDescriptor $entityElement,
+ EntityDescriptor $entityElement,
$maxExpireTime,
array $validators = [],
array $parentExtensions = []
@@ -181,11 +211,11 @@ class SAMLParser
// look over the RoleDescriptors
foreach ($entityElement->getRoleDescriptor() as $child) {
- if ($child instanceof \SAML2\XML\md\SPSSODescriptor) {
+ if ($child instanceof SPSSODescriptor) {
$this->processSPSSODescriptor($child, $expireTime);
- } elseif ($child instanceof \SAML2\XML\md\IDPSSODescriptor) {
+ } elseif ($child instanceof IDPSSODescriptor) {
$this->processIDPSSODescriptor($child, $expireTime);
- } elseif ($child instanceof \SAML2\XML\md\AttributeAuthorityDescriptor) {
+ } elseif ($child instanceof AttributeAuthorityDescriptor) {
$this->processAttributeAuthorityDescriptor($child, $expireTime);
}
}
@@ -213,10 +243,10 @@ class SAMLParser
public static function parseFile($file)
{
/** @var string $data */
- $data = \SimpleSAML\Utils\HTTP::fetch($file);
+ $data = Utils\HTTP::fetch($file);
try {
- $doc = \SAML2\DOMDocumentFactory::fromString($data);
+ $doc = DOMDocumentFactory::fromString($data);
} catch (\Exception $e) {
throw new \Exception('Failed to read XML from file: '.$file);
}
@@ -236,7 +266,7 @@ class SAMLParser
public static function parseString($metadata)
{
try {
- $doc = \SAML2\DOMDocumentFactory::fromString($metadata);
+ $doc = DOMDocumentFactory::fromString($metadata);
} catch (\Exception $e) {
throw new \Exception('Failed to parse XML string.');
}
@@ -254,7 +284,7 @@ class SAMLParser
*/
public static function parseDocument($document)
{
- assert($document instanceof \DOMDocument);
+ assert($document instanceof DOMDocument);
$entityElement = self::findEntityDescriptor($document);
@@ -272,7 +302,7 @@ class SAMLParser
*/
public static function parseElement($entityElement)
{
- assert($entityElement instanceof \SAML2\XML\md\EntityDescriptor);
+ assert($entityElement instanceof EntityDescriptor);
return new SAMLParser($entityElement, null, []);
}
@@ -295,10 +325,10 @@ class SAMLParser
}
/** @var string $data */
- $data = \SimpleSAML\Utils\HTTP::fetch($file);
+ $data = Utils\HTTP::fetch($file);
try {
- $doc = \SAML2\DOMDocumentFactory::fromString($data);
+ $doc = DOMDocumentFactory::fromString($data);
} catch (\Exception $e) {
throw new \Exception('Failed to read XML from file: '.$file);
}
@@ -325,7 +355,7 @@ class SAMLParser
public static function parseDescriptorsString($string)
{
try {
- $doc = \SAML2\DOMDocumentFactory::fromString($string);
+ $doc = DOMDocumentFactory::fromString($string);
} catch (\Exception $e) {
throw new \Exception('Failed to parse XML string.');
}
@@ -351,10 +381,10 @@ class SAMLParser
throw new \Exception('Document was empty.');
}
- if (\SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntityDescriptor', '@md') === true) {
- return self::processDescriptorsElement(new \SAML2\XML\md\EntityDescriptor($element));
- } elseif (\SimpleSAML\Utils\XML::isDOMNodeOfType($element, 'EntitiesDescriptor', '@md') === true) {
- return self::processDescriptorsElement(new \SAML2\XML\md\EntitiesDescriptor($element));
+ if (Utils\XML::isDOMNodeOfType($element, 'EntityDescriptor', '@md') === true) {
+ return self::processDescriptorsElement(new EntityDescriptor($element));
+ } elseif (Utils\XML::isDOMNodeOfType($element, 'EntitiesDescriptor', '@md') === true) {
+ return self::processDescriptorsElement(new EntitiesDescriptor($element));
} else {
throw new \Exception('Unexpected root node: ['.$element->namespaceURI.']:'.$element->localName);
}
@@ -381,14 +411,14 @@ class SAMLParser
) {
assert($maxExpireTime === null || is_int($maxExpireTime));
- if ($element instanceof \SAML2\XML\md\EntityDescriptor) {
+ if ($element instanceof EntityDescriptor) {
$ret = new SAMLParser($element, $maxExpireTime, $validators, $parentExtensions);
$ret = [$ret->getEntityId() => $ret];
/** @var SAMLParser[] $ret */
return $ret;
}
- assert($element instanceof \SAML2\XML\md\EntitiesDescriptor);
+ assert($element instanceof EntitiesDescriptor);
$extensions = self::processExtensions($element, $parentExtensions);
$expTime = self::getExpireTime($element, $maxExpireTime);
@@ -501,7 +531,7 @@ class SAMLParser
$metadata['EntityAttributes'] = $this->entityAttributes;
// check for entity categories
- if (\SimpleSAML\Utils\Config\Metadata::isHiddenFromDiscovery($metadata)) {
+ if (Utils\Config\Metadata::isHiddenFromDiscovery($metadata)) {
$metadata['hide.from.discovery'] = true;
}
}
@@ -689,7 +719,7 @@ class SAMLParser
// find the NameIDFormat. This may not exist
if (count($spd['nameIDFormats']) > 0) {
- // SimpleSAMLphp currently only supports a single NameIDFormat pr. SP. We use the first one
+ // SimpleSAMLphp currently only supports a single NameIDFormat per SP. We use the first one
$ret['NameIDFormat'] = $spd['nameIDFormats'][0];
}
@@ -841,7 +871,7 @@ class SAMLParser
*
* @return array An associative array with metadata we have extracted from this element.
*/
- private static function parseRoleDescriptorType(\SAML2\XML\md\RoleDescriptor $element, $expireTime)
+ private static function parseRoleDescriptorType(RoleDescriptor $element, $expireTime)
{
assert($expireTime === null || is_int($expireTime));
@@ -892,7 +922,7 @@ class SAMLParser
*
* @return array An associative array with metadata we have extracted from this element.
*/
- private static function parseSSODescriptor(\SAML2\XML\md\SSODescriptorType $element, $expireTime)
+ private static function parseSSODescriptor(SSODescriptorType $element, $expireTime)
{
assert($expireTime === null || is_int($expireTime));
@@ -920,7 +950,7 @@ class SAMLParser
* NULL if unknown.
* @return void
*/
- private function processSPSSODescriptor(\SAML2\XML\md\SPSSODescriptor $element, $expireTime)
+ private function processSPSSODescriptor(SPSSODescriptor $element, $expireTime)
{
assert($expireTime === null || is_int($expireTime));
@@ -957,7 +987,7 @@ class SAMLParser
* NULL if unknown.
* @return void
*/
- private function processIDPSSODescriptor(\SAML2\XML\md\IDPSSODescriptor $element, $expireTime)
+ private function processIDPSSODescriptor(IDPSSODescriptor $element, $expireTime)
{
assert($expireTime === null || is_int($expireTime));
@@ -985,7 +1015,7 @@ class SAMLParser
* @return void
*/
private function processAttributeAuthorityDescriptor(
- \SAML2\XML\md\AttributeAuthorityDescriptor $element,
+ AttributeAuthorityDescriptor $element,
$expireTime
) {
assert($expireTime === null || is_int($expireTime));
@@ -1023,35 +1053,35 @@ class SAMLParser
];
// Some extensions may get inherited from a parent element
- if (($element instanceof \SAML2\XML\md\EntityDescriptor || $element instanceof \SAML2\XML\md\EntitiesDescriptor)
+ if (($element instanceof EntityDescriptor || $element instanceof EntitiesDescriptor)
&& !empty($parentExtensions['RegistrationInfo'])) {
$ret['RegistrationInfo'] = $parentExtensions['RegistrationInfo'];
}
foreach ($element->getExtensions() as $e) {
- if ($e instanceof \SAML2\XML\shibmd\Scope) {
+ if ($e instanceof Scope) {
$ret['scope'][] = $e->getScope();
continue;
}
// Entity Attributes are only allowed at entity level extensions and not at RoleDescriptor level
- if ($element instanceof \SAML2\XML\md\EntityDescriptor ||
- $element instanceof \SAML2\XML\md\EntitiesDescriptor) {
- if ($e instanceof \SAML2\XML\mdrpi\RegistrationInfo) {
+ if ($element instanceof EntityDescriptor ||
+ $element instanceof EntitiesDescriptor) {
+ if ($e instanceof RegistrationInfo) {
// Registration Authority cannot be overridden (warn only if override attempts to change the value)
if (isset($ret['RegistrationInfo']['registrationAuthority'])
&& $ret['RegistrationInfo']['registrationAuthority'] !== $e->getRegistrationAuthority()) {
- \SimpleSAML\Logger::warning('Invalid attempt to override registrationAuthority \''.
+ Logger::warning('Invalid attempt to override registrationAuthority \''.
$ret['RegistrationInfo']['registrationAuthority']."' with '{$e->getRegistrationAuthority()}'");
} else {
$ret['RegistrationInfo']['registrationAuthority'] = $e->getRegistrationAuthority();
}
}
- if ($e instanceof \SAML2\XML\mdattr\EntityAttributes && !empty($e->getChildren())) {
+ if ($e instanceof EntityAttributes && !empty($e->getChildren())) {
foreach ($e->getChildren() as $attr) {
// only saml:Attribute are currently supported here. The specifications also allows
// saml:Assertions, which more complex processing
- if ($attr instanceof \SAML2\XML\saml\Attribute) {
+ if ($attr instanceof Attribute) {
$attrName = $attr->getName();
$attrNameFormat = $attr->getNameFormat();
$attrValue = $attr->getAttributeValue();
@@ -1063,8 +1093,8 @@ class SAMLParser
// attribute names that is not URI is prefixed as this: '{nameformat}name'
$name = $attrName;
if ($attrNameFormat === null) {
- $name = '{'.\SAML2\Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->getName();
- } elseif ($attrNameFormat !== 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri') {
+ $name = '{'.Constants::NAMEFORMAT_UNSPECIFIED.'}'.$attr->getName();
+ } elseif ($attrNameFormat !== Constants::NAMEFORMAT_URI) {
$name = '{'.$attrNameFormat.'}'.$attrName;
}
@@ -1080,8 +1110,8 @@ class SAMLParser
}
// UIInfo elements are only allowed at RoleDescriptor level extensions
- if ($element instanceof \SAML2\XML\md\RoleDescriptor) {
- if ($e instanceof \SAML2\XML\mdui\UIInfo) {
+ if ($element instanceof RoleDescriptor) {
+ if ($e instanceof UIInfo) {
$ret['UIInfo']['DisplayName'] = $e->getDisplayName();
$ret['UIInfo']['Description'] = $e->getDescription();
$ret['UIInfo']['InformationURL'] = $e->getInformationURL();
@@ -1097,7 +1127,7 @@ class SAMLParser
$ret['UIInfo']['Keywords'][$uiItem->getLanguage()] = $uiItem->getKeywords();
}
foreach ($e->getLogo() as $uiItem) {
- if (!($uiItem instanceof \SAML2\XML\mdui\Logo)
+ if (!($uiItem instanceof Logo)
|| ($uiItem->getUrl() === null)
|| ($uiItem->getHeight() === null)
|| ($uiItem->getWidth() === null)
@@ -1118,25 +1148,25 @@ class SAMLParser
}
// DiscoHints elements are only allowed at IDPSSODescriptor level extensions
- if ($element instanceof \SAML2\XML\md\IDPSSODescriptor) {
- if ($e instanceof \SAML2\XML\mdui\DiscoHints) {
+ if ($element instanceof IDPSSODescriptor) {
+ if ($e instanceof DiscoHints) {
$ret['DiscoHints']['IPHint'] = $e->getIPHint();
$ret['DiscoHints']['DomainHint'] = $e->getDomainHint();
$ret['DiscoHints']['GeolocationHint'] = $e->getGeolocationHint();
}
}
- if (!($e instanceof \SAML2\XML\Chunk)) {
+ if (!($e instanceof Chunk)) {
continue;
}
- if ($e->getLocalName() === 'Attribute' && $e->getNamespaceURI() === \SAML2\Constants::NS_SAML) {
+ if ($e->getLocalName() === 'Attribute' && $e->getNamespaceURI() === Constants::NS_SAML) {
$attribute = $e->getXML();
$name = $attribute->getAttribute('Name');
$values = array_map(
['\SimpleSAML\Utils\XML', 'getDOMText'],
- \SimpleSAML\Utils\XML::getDOMChildren($attribute, 'AttributeValue', '@saml2')
+ Utils\XML::getDOMChildren($attribute, 'AttributeValue', '@saml2')
);
if ($name === 'tags') {
@@ -1158,7 +1188,7 @@ class SAMLParser
* @param \SAML2\XML\md\Organization $element The Organization element.
* @return void
*/
- private function processOrganization(\SAML2\XML\md\Organization $element)
+ private function processOrganization(Organization $element)
{
$this->organizationName = $element->getOrganizationName();
$this->organizationDisplayName = $element->getOrganizationDisplayName();
@@ -1172,7 +1202,7 @@ class SAMLParser
* @param \SAML2\XML\md\ContactPerson $element The ContactPerson element.
* @return void
*/
- private function processContactPerson(\SAML2\XML\md\ContactPerson $element)
+ private function processContactPerson(ContactPerson $element)
{
$contactPerson = [];
if ($element->getContactType() !== '') {
@@ -1206,7 +1236,7 @@ class SAMLParser
* @param array $sp The array with the SP's metadata.
* @return void
*/
- private static function parseAttributeConsumerService(\SAML2\XML\md\AttributeConsumingService $element, &$sp)
+ private static function parseAttributeConsumerService(AttributeConsumingService $element, &$sp)
{
assert(is_array($sp));
@@ -1227,13 +1257,13 @@ class SAMLParser
if ($child->getNameFormat() !== null) {
$attrformat = $child->getNameFormat();
} else {
- $attrformat = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
+ $attrformat = Constants::NAMEFORMAT_UNSPECIFIED;
}
if ($format === null) {
$format = $attrformat;
} elseif ($format !== $attrformat) {
- $format = \SAML2\Constants::NAMEFORMAT_UNSPECIFIED;
+ $format = Constants::NAMEFORMAT_UNSPECIFIED;
}
}
@@ -1245,7 +1275,7 @@ class SAMLParser
unset($sp['attributes.required']);
}
- if ($format !== \SAML2\Constants::NAMEFORMAT_UNSPECIFIED && $format !== null) {
+ if ($format !== Constants::NAMEFORMAT_UNSPECIFIED && $format !== null) {
$sp['attributes.NameFormat'] = $format;
}
}
@@ -1265,7 +1295,7 @@ class SAMLParser
*
* @return array An associative array with the data we have extracted from the element.
*/
- private static function parseGenericEndpoint(\SAML2\XML\md\EndpointType $element)
+ private static function parseGenericEndpoint(EndpointType $element)
{
$ep = [];
@@ -1276,7 +1306,7 @@ class SAMLParser
$ep['ResponseLocation'] = $element->getResponseLocation();
}
- if ($element instanceof \SAML2\XML\md\IndexedEndpointType) {
+ if ($element instanceof IndexedEndpointType) {
$ep['index'] = $element->getIndex();
if ($element->getIsDefault() !== null) {
@@ -1315,7 +1345,7 @@ class SAMLParser
*
* @return array|null An associative array describing the key, or null if this is an unsupported key.
*/
- private static function parseKeyDescriptor(\SAML2\XML\md\KeyDescriptor $kd)
+ private static function parseKeyDescriptor(KeyDescriptor $kd)
{
$r = [];
@@ -1333,9 +1363,9 @@ class SAMLParser
$keyInfo = $kd->getKeyInfo();
foreach ($keyInfo->getInfo() as $i) {
- if ($i instanceof \SAML2\XML\ds\X509Data) {
+ if ($i instanceof X509Data) {
foreach ($i->getData() as $d) {
- if ($d instanceof \SAML2\XML\ds\X509Certificate) {
+ if ($d instanceof X509Certificate) {
$r['type'] = 'X509Certificate';
$r['X509Certificate'] = $d->getCertificate();
return $r;
@@ -1409,7 +1439,7 @@ class SAMLParser
*/
private static function findEntityDescriptor($doc)
{
- assert($doc instanceof \DOMDocument);
+ assert($doc instanceof DOMDocument);
// find the EntityDescriptor DOMElement. This should be the first (and only) child of the DOMDocument
$ed = $doc->documentElement;
@@ -1418,11 +1448,11 @@ class SAMLParser
throw new \Exception('Failed to load SAML metadata from empty XML document.');
}
- if (\SimpleSAML\Utils\XML::isDOMNodeOfType($ed, 'EntityDescriptor', '@md') === false) {
+ if (Utils\XML::isDOMNodeOfType($ed, 'EntityDescriptor', '@md') === false) {
throw new \Exception('Expected first element in the metadata document to be an EntityDescriptor element.');
}
- return new \SAML2\XML\md\EntityDescriptor($ed);
+ return new EntityDescriptor($ed);
}
@@ -1439,7 +1469,7 @@ class SAMLParser
{
foreach ($certificates as $cert) {
assert(is_string($cert));
- $certFile = \SimpleSAML\Utils\Config::getCertPath($cert);
+ $certFile = Utils\Config::getCertPath($cert);
if (!file_exists($certFile)) {
throw new \Exception(
'Could not find certificate file ['.$certFile.'], which is needed to validate signature'
@@ -1459,7 +1489,7 @@ class SAMLParser
}
}
}
- \SimpleSAML\Logger::debug('Could not validate signature');
+ Logger::debug('Could not validate signature');
return false;
}
@@ -1522,7 +1552,7 @@ class SAMLParser
}
}
}
- \SimpleSAML\Logger::debug('Fingerprint was ['.$fingerprint.'] not one of ['.join(', ', $candidates).']');
+ Logger::debug('Fingerprint was ['.$fingerprint.'] not one of ['.join(', ', $candidates).']');
return false;
}
}
diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index ecb95441f6479a93f2d0f7cd602eabb45fd4821a..b149fdd9e359d2820e0ddd7f66b8117151963741 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -4,6 +4,10 @@ namespace SimpleSAML\Metadata;
use RobRichards\XMLSecLibs\XMLSecurityKey;
use RobRichards\XMLSecLibs\XMLSecurityDSig;
+use SAML2\DOMDocumentFactory;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Utils;
/**
* This class implements a helper function for signing of metadata.
@@ -163,7 +167,7 @@ class Signer
// configure the algorithm to use
if (array_key_exists('metadata.sign.algorithm', $entityMetadata)) {
if (!is_string($entityMetadata['metadata.sign.algorithm'])) {
- throw new \SimpleSAML\Error\CriticalConfigurationError(
+ throw new Error\CriticalConfigurationError(
"Invalid value for the 'metadata.sign.algorithm' configuration option for the ".$type.
"'".$entityMetadata['entityid']."'. This option has restricted values"
);
@@ -181,7 +185,7 @@ class Signer
];
if (!in_array($alg, $supported_algs, true)) {
- throw new \SimpleSAML\Error\CriticalConfigurationError("Unknown signature algorithm '$alg'");
+ throw new Error\CriticalConfigurationError("Unknown signature algorithm '$alg'");
}
switch ($alg) {
@@ -217,7 +221,7 @@ class Signer
*/
public static function sign($metadataString, $entityMetadata, $type)
{
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
// check if metadata signing is enabled
if (!self::isMetadataSigningEnabled($config, $entityMetadata, $type)) {
@@ -227,7 +231,7 @@ class Signer
// find the key & certificate which should be used to sign the metadata
$keyCertFiles = self::findKeyCert($config, $entityMetadata, $type);
- $keyFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['privatekey']);
+ $keyFile = Utils\Config::getCertPath($keyCertFiles['privatekey']);
if (!file_exists($keyFile)) {
throw new \Exception(
'Could not find private key file ['.$keyFile.'], which is needed to sign the metadata'
@@ -235,7 +239,7 @@ class Signer
}
$keyData = file_get_contents($keyFile);
- $certFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['certificate']);
+ $certFile = Utils\Config::getCertPath($keyCertFiles['certificate']);
if (!file_exists($certFile)) {
throw new \Exception(
'Could not find certificate file ['.$certFile.'], which is needed to sign the metadata'
@@ -246,7 +250,7 @@ class Signer
// convert the metadata to a DOM tree
try {
- $xml = \SAML2\DOMDocumentFactory::fromString($metadataString);
+ $xml = DOMDocumentFactory::fromString($metadataString);
} catch (\Exception $e) {
throw new \Exception('Error parsing self-generated metadata.');
}
diff --git a/lib/SimpleSAML/Metadata/Sources/MDQ.php b/lib/SimpleSAML/Metadata/Sources/MDQ.php
index 1f141657be9631a62597c2916c7fad85a23341df..bd47dfb093fb4d76ef3b863a8cac5b18f9211de8 100644
--- a/lib/SimpleSAML/Metadata/Sources/MDQ.php
+++ b/lib/SimpleSAML/Metadata/Sources/MDQ.php
@@ -3,8 +3,10 @@
namespace SimpleSAML\Metadata\Sources;
use RobRichards\XMLSecLibs\XMLSecurityDSig;
+use SimpleSAML\Configuration;
use SimpleSAML\Logger;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Metadata\SAMLParser;
+use SimpleSAML\Utils;
/**
* This class implements SAML Metadata Query Protocol
@@ -86,7 +88,7 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource
}
if (array_key_exists('cachedir', $config)) {
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
$this->cacheDir = $globalConfig->resolvePath($config['cachedir']);
} else {
$this->cacheDir = null;
@@ -229,7 +231,7 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource
* @return array|NULL The associative array with the metadata, or NULL if no metadata for
* the given set was found.
*/
- private static function getParsedSet(\SimpleSAML\Metadata\SAMLParser $entity, $set)
+ private static function getParsedSet(SAMLParser $entity, $set)
{
assert(is_string($set));
@@ -304,7 +306,7 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource
Logger::debug(__CLASS__.': downloading metadata for "'.$index.'" from ['.$mdq_url.']');
try {
- $xmldata = HTTP::fetch($mdq_url);
+ $xmldata = Utils\HTTP::fetch($mdq_url);
} catch (\Exception $e) {
// Avoid propagating the exception, make sure we can handle the error later
$xmldata = false;
@@ -318,7 +320,7 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource
}
/** @var string $xmldata */
- $entity = \SimpleSAML\Metadata\SAMLParser::parseString($xmldata);
+ $entity = SAMLParser::parseString($xmldata);
Logger::debug(__CLASS__.': completed parsing of ['.$mdq_url.']');
if ($this->validateFingerprint !== null) {
diff --git a/lib/SimpleSAML/Module.php b/lib/SimpleSAML/Module.php
index 40c664d55d20ac9b7d703dedd3338530db9cabfa..e0bf063a5c4f59b7da97ed64927f250333936786 100644
--- a/lib/SimpleSAML/Module.php
+++ b/lib/SimpleSAML/Module.php
@@ -2,11 +2,15 @@
namespace SimpleSAML;
+use SimpleSAML\HTTP\Router;
+use SimpleSAML\Utils;
+use Symfony\Component\Config\Exception\FileLocatorFileNotFoundException;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/**
* Helper class for accessing information about modules.
@@ -18,7 +22,6 @@ use Symfony\Component\HttpFoundation\ResponseHeaderBag;
*/
class Module
{
-
/**
* Index pages: file names to attempt when accessing directories.
*
@@ -166,12 +169,12 @@ class Module
$config = Configuration::getInstance();
if ($config->getBoolean('usenewui', false) === true) {
- $router = new HTTP\Router($module);
+ $router = new Router($module);
try {
return $router->process();
- } catch (\Symfony\Component\Config\Exception\FileLocatorFileNotFoundException $e) {
+ } catch (FileLocatorFileNotFoundException $e) {
// no routes configured for this module, fall back to the old system
- } catch (\Symfony\Component\HttpKernel\Exception\NotFoundHttpException $e) {
+ } catch (NotFoundHttpException $e) {
// this module has been migrated, but the route wasn't found
}
}
@@ -308,7 +311,7 @@ class Module
!file_exists($moduleDir.'/default-enable') &&
!file_exists($moduleDir.'/default-disable')
) {
- \SimpleSAML\Logger::error("Missing default-enable or default-disable file for the module $module");
+ Logger::error("Missing default-enable or default-disable file for the module $module");
}
if (file_exists($moduleDir.'/enable')) {
@@ -517,7 +520,7 @@ class Module
require_once(self::$module_info[$module]['hooks'][$hook]['file']);
if (!is_callable(self::$module_info[$module]['hooks'][$hook]['func'])) {
- throw new \SimpleSAML\Error\Exception('Invalid hook \''.$hook.'\' for module \''.$module.'\'.');
+ throw new Error\Exception('Invalid hook \''.$hook.'\' for module \''.$module.'\'.');
}
$fn = self::$module_info[$module]['hooks'][$hook]['func'];
diff --git a/lib/SimpleSAML/Module/ControllerResolver.php b/lib/SimpleSAML/Module/ControllerResolver.php
index 85d39744362857f9a8ce3faff8d8b368736453b6..633b7d861d8f1a09018b709f02aaea665f5217d3 100644
--- a/lib/SimpleSAML/Module/ControllerResolver.php
+++ b/lib/SimpleSAML/Module/ControllerResolver.php
@@ -33,7 +33,6 @@ use Symfony\Component\Routing\RouteCollection;
*/
class ControllerResolver extends SymfonyControllerResolver implements ArgumentResolverInterface
{
-
/** @var ArgumentMetadataFactory */
protected $argFactory;
@@ -137,7 +136,7 @@ class ControllerResolver extends SymfonyControllerResolver implements ArgumentRe
/** @var ArgumentMetadata $argMeta */
foreach ($metadata as $argMeta) {
- if ($argMeta->getType() === 'Symfony\Component\HttpFoundation\Request') {
+ if ($argMeta->getType() === Request::class) {
// add request argument
$args[] = $request;
continue;
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 062382c9cdfee0c887f12cb2845707bdd693b33b..816934a6e9b7a59dc3bcad96b721142d5e153725 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -2,7 +2,9 @@
namespace SimpleSAML;
+use SAML2\XML\saml\AttributeValue;
use SimpleSAML\Error;
+use SimpleSAML\Utils;
/**
* The Session class holds information about a user session, and everything attached to it.
@@ -643,7 +645,7 @@ class Session implements \Serializable, Utils\ClearableState
}
// create an AttributeValue object and save it to 'RawAttributes', using same attribute name and index
- $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
+ $attrval = new AttributeValue($value->item(0)->parentNode);
$data['RawAttributes'][$attribute][$idx] = $attrval;
}
}
diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php
index 04ff7c0bb0142f4e2d6031af1848c45b60b0dca3..556105f2e830f2d6986cf8514e934cc113b60bf8 100644
--- a/lib/SimpleSAML/SessionHandlerCookie.php
+++ b/lib/SimpleSAML/SessionHandlerCookie.php
@@ -13,7 +13,7 @@
namespace SimpleSAML;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Utils;
abstract class SessionHandlerCookie extends SessionHandler
{
@@ -167,6 +167,6 @@ abstract class SessionHandlerCookie extends SessionHandler
$params = $this->getCookieParams();
}
- HTTP::setCookie($sessionName, $sessionID, $params, true);
+ Utils\HTTP::setCookie($sessionName, $sessionID, $params, true);
}
}
diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index a67e032428836f3982f5cb68d33771b1fe370a8d..da573a2df47f80f5befaf5849272d63ebb3394a0 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -11,8 +11,8 @@
namespace SimpleSAML;
-use SimpleSAML\Error\CannotSetCookie;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Error;
+use SimpleSAML\Utils;
class SessionHandlerPHP extends SessionHandler
{
@@ -147,13 +147,13 @@ class SessionHandlerPHP extends SessionHandler
$sid_bits_per_char = (int) ini_get('session.sid_bits_per_character');
if (($sid_length * $sid_bits_per_char) < 128) {
- \SimpleSAML\Logger::warning("Unsafe defaults used for sessionId generation!");
+ Logger::warning("Unsafe defaults used for sessionId generation!");
}
$sessionId = session_create_id();
} else {
$sessionId = bin2hex(openssl_random_pseudo_bytes(16));
}
- \SimpleSAML\Session::createSession($sessionId);
+ Session::createSession($sessionId);
return $sessionId;
}
@@ -175,8 +175,8 @@ class SessionHandlerPHP extends SessionHandler
$session_cookie_params = session_get_cookie_params();
- if ($session_cookie_params['secure'] && !HTTP::isHTTPS()) {
- throw new \SimpleSAML\Error\Exception('Session start with secure cookie not allowed on http.');
+ if ($session_cookie_params['secure'] && !Utils\HTTP::isHTTPS()) {
+ throw new Error\Exception('Session start with secure cookie not allowed on http.');
}
@session_start();
@@ -226,13 +226,13 @@ class SessionHandlerPHP extends SessionHandler
// session not initiated with getCookieSessionId(), start session without setting cookie
$ret = ini_set('session.use_cookies', '0');
if ($ret === false) {
- throw new \SimpleSAML\Error\Exception('Disabling PHP option session.use_cookies failed.');
+ throw new Error\Exception('Disabling PHP option session.use_cookies failed.');
}
session_id($sessionId);
@session_start();
} elseif ($sessionId !== session_id()) {
- throw new \SimpleSAML\Error\Exception('Cannot load PHP session with a specific ID.');
+ throw new Error\Exception('Cannot load PHP session with a specific ID.');
}
} elseif (session_id() === '') {
$this->getCookieSessionId();
@@ -282,7 +282,7 @@ class SessionHandlerPHP extends SessionHandler
$ret = parent::getCookieParams();
if ($config->hasValue('session.phpsession.limitedpath') && $config->hasValue('session.cookie.path')) {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'You cannot set both the session.phpsession.limitedpath and session.cookie.path options.'
);
} elseif ($config->hasValue('session.phpsession.limitedpath')) {
@@ -314,17 +314,17 @@ class SessionHandlerPHP extends SessionHandler
$cookieParams = session_get_cookie_params();
}
- if ($cookieParams['secure'] && !HTTP::isHTTPS()) {
- throw new CannotSetCookie(
+ if ($cookieParams['secure'] && !Utils\HTTP::isHTTPS()) {
+ throw new Error\CannotSetCookie(
'Setting secure cookie on plain HTTP is not allowed.',
- CannotSetCookie::SECURE_COOKIE
+ Error\CannotSetCookie::SECURE_COOKIE
);
}
if (headers_sent()) {
- throw new CannotSetCookie(
+ throw new Error\CannotSetCookie(
'Headers already sent.',
- CannotSetCookie::HEADERS_SENT
+ Error\CannotSetCookie::HEADERS_SENT
);
}
diff --git a/lib/SimpleSAML/Stats.php b/lib/SimpleSAML/Stats.php
index 8c77b0da8eba6a2a9611af698e67a6b04a6f153a..3a75fc357ad42cea2eef6bae8b951aaff57a5873 100644
--- a/lib/SimpleSAML/Stats.php
+++ b/lib/SimpleSAML/Stats.php
@@ -38,7 +38,7 @@ class Stats
private static function createOutput(\SimpleSAML\Configuration $config)
{
$cls = $config->getString('class');
- $cls = \SimpleSAML\Module::resolveClass($cls, 'Stats\Output', '\SimpleSAML\Stats\Output');
+ $cls = Module::resolveClass($cls, 'Stats\Output', '\SimpleSAML\Stats\Output');
$output = new $cls($config);
return $output;
@@ -53,7 +53,7 @@ class Stats
private static function initOutputs()
{
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$outputCfgs = $config->getConfigList('statistics.out', []);
self::$outputs = [];
diff --git a/lib/SimpleSAML/Stats/Output.php b/lib/SimpleSAML/Stats/Output.php
index a4a05ed44b0f318d9ec339fc9ac1d6687b10b160..0790f6ac5033b09f7054b6cfa6644dd06e26142d 100644
--- a/lib/SimpleSAML/Stats/Output.php
+++ b/lib/SimpleSAML/Stats/Output.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Stats;
+use SimpleSAML\Configuration;
+
/**
* Interface for statistics outputs.
*
@@ -15,7 +17,7 @@ abstract class Output
*
* @param \SimpleSAML\Configuration $config The configuration for this output.
*/
- public function __construct(\SimpleSAML\Configuration $config)
+ public function __construct(Configuration $config)
{
// do nothing by default
}
diff --git a/lib/SimpleSAML/Store.php b/lib/SimpleSAML/Store.php
index 70fca6c395745af92203389d07a065e0de30f3b6..46c9dba127081af443071963d3feaacdf27cccaf 100644
--- a/lib/SimpleSAML/Store.php
+++ b/lib/SimpleSAML/Store.php
@@ -2,7 +2,7 @@
namespace SimpleSAML;
-use SimpleSAML\Error\CriticalConfigurationError;
+use SimpleSAML\Error;
/**
* Base class for data stores.
@@ -58,7 +58,7 @@ abstract class Store implements Utils\ClearableState
} catch (\Exception $e) {
$c = $config->toArray();
$c['store.type'] = 'phpsession';
- throw new CriticalConfigurationError(
+ throw new Error\CriticalConfigurationError(
"Invalid 'store.type' configuration option. Cannot find store '$storeType'.",
null,
$c
diff --git a/lib/SimpleSAML/Store/Memcache.php b/lib/SimpleSAML/Store/Memcache.php
index 01739072e49a8785f6fde2e833ec6f1dfafb07d8..515ca953046f209264252dd080c34478a87da9b9 100644
--- a/lib/SimpleSAML/Store/Memcache.php
+++ b/lib/SimpleSAML/Store/Memcache.php
@@ -2,8 +2,8 @@
namespace SimpleSAML\Store;
-use \SimpleSAML\Configuration;
-use \SimpleSAML\Store;
+use SimpleSAML\Configuration;
+use SimpleSAML\Store;
/**
* A memcache based data store.
diff --git a/lib/SimpleSAML/Store/Redis.php b/lib/SimpleSAML/Store/Redis.php
index 53c27f4549c333c95953f61b7f2e168e37c7c20e..3a8a410fea3b001ba5bacb36917b17d5459639a8 100644
--- a/lib/SimpleSAML/Store/Redis.php
+++ b/lib/SimpleSAML/Store/Redis.php
@@ -2,8 +2,10 @@
namespace SimpleSAML\Store;
-use \SimpleSAML\Configuration;
-use \SimpleSAML\Store;
+use Predis\Client;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Store;
/**
* A data store using Redis to keep the data.
@@ -21,10 +23,10 @@ class Redis extends Store
*/
public function __construct($redis = null)
{
- assert($redis === null || is_subclass_of($redis, 'Predis\\Client'));
+ assert($redis === null || is_subclass_of($redis, Client::class));
- if (!class_exists('\Predis\Client')) {
- throw new \SimpleSAML\Error\CriticalConfigurationError('predis/predis is not available.');
+ if (!class_exists(Client::class)) {
+ throw new Error\CriticalConfigurationError('predis/predis is not available.');
}
if ($redis === null) {
@@ -35,7 +37,7 @@ class Redis extends Store
$prefix = $config->getString('store.redis.prefix', 'SimpleSAMLphp');
$password = $config->getString('store.redis.password', '');
- $redis = new \Predis\Client(
+ $redis = new Client(
[
'scheme' => 'tcp',
'host' => $host,
@@ -50,6 +52,7 @@ class Redis extends Store
$this->redis = $redis;
}
+
/**
* Deconstruct the Redis data store.
*/
@@ -60,6 +63,7 @@ class Redis extends Store
}
}
+
/**
* Retrieve a value from the data store.
*
@@ -82,6 +86,7 @@ class Redis extends Store
return unserialize($result);
}
+
/**
* Save a value in the data store.
*
@@ -107,6 +112,7 @@ class Redis extends Store
}
}
+
/**
* Delete an entry from the data store.
*
diff --git a/lib/SimpleSAML/Store/SQL.php b/lib/SimpleSAML/Store/SQL.php
index 175d15c67f2aae9b5756fdda44df0f9c20b5a825..44599b9f9e4419248c05e6f96c879f2256feef95 100644
--- a/lib/SimpleSAML/Store/SQL.php
+++ b/lib/SimpleSAML/Store/SQL.php
@@ -2,9 +2,11 @@
namespace SimpleSAML\Store;
-use \SimpleSAML\Configuration;
-use \SimpleSAML\Logger;
-use \SimpleSAML\Store;
+use PDO;
+use PDOException;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Store;
/**
* A data store using a RDBMS to keep the data.
@@ -58,13 +60,13 @@ class SQL extends Store
$options = $config->getArray('store.sql.options', null);
$this->prefix = $config->getString('store.sql.prefix', 'simpleSAMLphp');
try {
- $this->pdo = new \PDO($dsn, $username, $password, $options);
- } catch (\PDOException $e) {
+ $this->pdo = new PDO($dsn, $username, $password, $options);
+ } catch (PDOException $e) {
throw new \Exception("Database error: ".$e->getMessage());
}
- $this->pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
+ $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $this->driver = $this->pdo->getAttribute(\PDO::ATTR_DRIVER_NAME);
+ $this->driver = $this->pdo->getAttribute(PDO::ATTR_DRIVER_NAME);
if ($this->driver === 'mysql') {
$this->pdo->exec('SET time_zone = "+00:00"');
@@ -85,7 +87,7 @@ class SQL extends Store
try {
$fetchTableVersion = $this->pdo->query('SELECT _name, _version FROM '.$this->prefix.'_tableVersion');
- } catch (\PDOException $e) {
+ } catch (PDOException $e) {
$this->pdo->exec(
'CREATE TABLE '.$this->prefix.
'_tableVersion (_name VARCHAR(30) NOT NULL UNIQUE, _version INTEGER NOT NULL)'
@@ -93,7 +95,7 @@ class SQL extends Store
return;
}
- while (($row = $fetchTableVersion->fetch(\PDO::FETCH_ASSOC)) !== false) {
+ while (($row = $fetchTableVersion->fetch(PDO::FETCH_ASSOC)) !== false) {
$this->tableVersions[$row['_name']] = (int) $row['_version'];
}
}
@@ -239,7 +241,7 @@ class SQL extends Store
try {
$insertQuery->execute($data);
return;
- } catch (\PDOException $e) {
+ } catch (PDOException $e) {
$ecode = (string) $e->getCode();
switch ($ecode) {
case '23505': // PostgreSQL
@@ -308,7 +310,7 @@ class SQL extends Store
$query = $this->pdo->prepare($query);
$query->execute($params);
- $row = $query->fetch(\PDO::FETCH_ASSOC);
+ $row = $query->fetch(PDO::FETCH_ASSOC);
if ($row === false) {
return null;
}
diff --git a/lib/SimpleSAML/Utils/Attributes.php b/lib/SimpleSAML/Utils/Attributes.php
index 88c87f1aa26a271f0f473062ace38c1c22029c07..c84f86b3e300f3b1dcd99b3fca7d7f356c2db9e1 100644
--- a/lib/SimpleSAML/Utils/Attributes.php
+++ b/lib/SimpleSAML/Utils/Attributes.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Utils;
+use SimpleSAML\Error;
+
/**
* Attribute-related utility methods.
*
@@ -39,7 +41,7 @@ class Attributes
}
if (!array_key_exists($expected, $attributes)) {
- throw new \SimpleSAML\Error\Exception("No such attribute '".$expected."' found.");
+ throw new Error\Exception("No such attribute '".$expected."' found.");
}
$attribute = $attributes[$expected];
@@ -48,7 +50,7 @@ class Attributes
}
if (count($attribute) === 0) {
- throw new \SimpleSAML\Error\Exception("Empty attribute '".$expected."'.'");
+ throw new Error\Exception("Empty attribute '".$expected."'.'");
} elseif (count($attribute) > 1) {
if ($allow_multiple === false) {
throw new \SimpleSAML\Error\Exception(
diff --git a/lib/SimpleSAML/Utils/Auth.php b/lib/SimpleSAML/Utils/Auth.php
index 61d49b6e919409d83229ea958c91e1fc3ef0f51b..48cfcb16fcbf48de33b1d98e6d52713bf541f191 100644
--- a/lib/SimpleSAML/Utils/Auth.php
+++ b/lib/SimpleSAML/Utils/Auth.php
@@ -2,7 +2,10 @@
namespace SimpleSAML\Utils;
+use SimpleSAML\Auth as Authentication;
+use SimpleSAML\Error;
use SimpleSAML\Module;
+use SimpleSAML\Session;
/**
* Auth-related utility methods.
@@ -47,7 +50,7 @@ class Auth
throw new \InvalidArgumentException('Invalid input parameters.');
}
- $as = new \SimpleSAML\Auth\Simple('admin');
+ $as = new Authentication\Simple('admin');
return $as->getLogoutURL($returnTo = null);
}
@@ -61,7 +64,7 @@ class Auth
*/
public static function isAdmin()
{
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
return $session->isValid('admin') || $session->isValid('login-admin');
}
@@ -84,11 +87,11 @@ class Auth
}
// not authenticated as admin user, start authentication
- if (\SimpleSAML\Auth\Source::getById('admin') !== null) {
- $as = new \SimpleSAML\Auth\Simple('admin');
+ if (Authentication\Source::getById('admin') !== null) {
+ $as = new Authentication\Simple('admin');
$as->login();
} else {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'Cannot find "admin" auth source, and admin privileges are required.'
);
}
diff --git a/lib/SimpleSAML/Utils/Config.php b/lib/SimpleSAML/Utils/Config.php
index 663073e00f48582bdeb74cc5ab814cfaf0f8a3e0..ca25cc12462ac07d3b924cc4b200289e04520ae7 100644
--- a/lib/SimpleSAML/Utils/Config.php
+++ b/lib/SimpleSAML/Utils/Config.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Utils;
+use SimpleSAML\Configuration;
+
/**
* Utility class for SimpleSAMLphp configuration management and manipulation.
*
@@ -25,7 +27,7 @@ class Config
throw new \InvalidArgumentException('Invalid input parameters.');
}
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
$base = $globalConfig->getPathValue('certdir', 'cert/');
return System::resolvePath($path, $base);
}
@@ -48,7 +50,7 @@ class Config
*/
public static function getSecretSalt()
{
- $secretSalt = \SimpleSAML\Configuration::getInstance()->getString('secretsalt');
+ $secretSalt = Configuration::getInstance()->getString('secretsalt');
if ($secretSalt === 'defaultsecretsalt') {
throw new \InvalidArgumentException('The "secretsalt" configuration option must be set to a secret value.');
}
diff --git a/lib/SimpleSAML/Utils/Config/Metadata.php b/lib/SimpleSAML/Utils/Config/Metadata.php
index f20a06c2f35a1f43e41aa9e00048077fdcab65d5..c179f18ce44fee21361fb431a7dced063886e01d 100644
--- a/lib/SimpleSAML/Utils/Config/Metadata.php
+++ b/lib/SimpleSAML/Utils/Config/Metadata.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Utils\Config;
+use SAML2\Constants;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+
/**
* Class with utilities to fetch different configuration objects from metadata configuration arrays.
*
@@ -278,9 +282,9 @@ class Metadata
*/
public static function isHiddenFromDiscovery(array $metadata)
{
- \SimpleSAML\Logger::maskErrors(E_ALL);
+ Logger::maskErrors(E_ALL);
$hidden = in_array(self::$HIDE_FROM_DISCOVERY, $metadata['EntityAttributes'][self::$ENTITY_CATEGORY], true);
- \SimpleSAML\Logger::popErrorMask();
+ Logger::popErrorMask();
return $hidden === true;
}
@@ -301,9 +305,9 @@ class Metadata
$policy = ['Format' => $nameIdPolicy];
} elseif (is_array($nameIdPolicy)) {
// handle current configurations specifying an array in the NameIDPolicy config option
- $nameIdPolicy_cf = \SimpleSAML\Configuration::loadFromArray($nameIdPolicy);
+ $nameIdPolicy_cf = Configuration::loadFromArray($nameIdPolicy);
$policy = [
- 'Format' => $nameIdPolicy_cf->getString('Format', \SAML2\Constants::NAMEID_TRANSIENT),
+ 'Format' => $nameIdPolicy_cf->getString('Format', Constants::NAMEID_TRANSIENT),
'AllowCreate' => $nameIdPolicy_cf->getBoolean('AllowCreate', true),
];
$spNameQualifier = $nameIdPolicy_cf->getString('SPNameQualifier', false);
@@ -312,7 +316,7 @@ class Metadata
}
} elseif ($nameIdPolicy === null) {
// when NameIDPolicy is unset or set to null, default to transient as before
- $policy = ['Format' => \SAML2\Constants::NAMEID_TRANSIENT];
+ $policy = ['Format' => Constants::NAMEID_TRANSIENT];
}
return $policy;
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 2dc9e7ad2411f7191721c84323ffbc3eb7614b61..fa9b60028595db2cb9189d46b849aa64a200108a 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -3,10 +3,11 @@
namespace SimpleSAML\Utils;
use SimpleSAML\Configuration;
+use SimpleSAML\Error;
use SimpleSAML\Logger;
use SimpleSAML\Module;
use SimpleSAML\Session;
-use SimpleSAML\Error;
+use SimpleSAML\XHTML\Template;
/**
* HTTP-related utility methods.
@@ -735,6 +736,7 @@ class HTTP
return substr($url, $start, $length);
}
+
/**
* Retrieve our own host together with the URL path. Please note this function will return the base URL for the
* current SP, as defined in the global configuration.
@@ -1225,7 +1227,7 @@ class HTTP
self::redirect(self::getSecurePOSTRedirectURL($destination, $data));
}
- $p = new \SimpleSAML\XHTML\Template($config, 'post.php');
+ $p = new Template($config, 'post.php');
$p->data['destination'] = $destination;
$p->data['post'] = $data;
$p->show();
diff --git a/lib/SimpleSAML/Utils/System.php b/lib/SimpleSAML/Utils/System.php
index e0e93fab83055f2bd6f0198b96a5cd1f36e691be..6607edd6e9dd11470312fcf9bcbeb6fa5b1b9d4a 100644
--- a/lib/SimpleSAML/Utils/System.php
+++ b/lib/SimpleSAML/Utils/System.php
@@ -2,6 +2,7 @@
namespace SimpleSAML\Utils;
+use SimpleSAML\Configuration;
use SimpleSAML\Error;
/**
@@ -72,7 +73,7 @@ class System
*/
public static function getTempDir()
{
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
$tempDir = rtrim(
$globalConfig->getString(
@@ -123,7 +124,7 @@ class System
public static function resolvePath($path, $base = null)
{
if ($base === null) {
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$base = $config->getBaseDir();
}
diff --git a/lib/SimpleSAML/Utils/Time.php b/lib/SimpleSAML/Utils/Time.php
index 78246f9415fdd9d886b8c75c7d7c072b01821a9e..9f0c690f8d5b1eb413b9a627401b892c9e411a2e 100644
--- a/lib/SimpleSAML/Utils/Time.php
+++ b/lib/SimpleSAML/Utils/Time.php
@@ -8,6 +8,8 @@
namespace SimpleSAML\Utils;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
use SimpleSAML\Logger;
class Time
@@ -54,12 +56,12 @@ class Time
return;
}
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
$timezone = $globalConfig->getString('timezone', null);
if ($timezone !== null) {
if (!date_default_timezone_set($timezone)) {
- throw new \SimpleSAML\Error\Exception('Invalid timezone set in the "timezone" option in config.php.');
+ throw new Error\Exception('Invalid timezone set in the "timezone" option in config.php.');
}
self::$tz_initialized = true;
return;
diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php
index da5e66e3c798778a78e4511a89388ccc46835f8d..c517b0db8e440b98965c023fe9245a50e5474427 100644
--- a/lib/SimpleSAML/Utils/XML.php
+++ b/lib/SimpleSAML/Utils/XML.php
@@ -8,6 +8,14 @@
namespace SimpleSAML\Utils;
+use DOMComment;
+use DOMDocument;
+use DOMElement;
+use DOMNode;
+use DOMText;
+use SAML2\DOMDocumentFactory;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
use SimpleSAML\Logger;
use SimpleSAML\XML\Errors;
@@ -41,12 +49,12 @@ class XML
// a SAML message should not contain a doctype-declaration
if (strpos($message, '<!DOCTYPE') !== false) {
- throw new \SimpleSAML\Error\Exception('XML contained a doctype declaration.');
+ throw new Error\Exception('XML contained a doctype declaration.');
}
// see if debugging is enabled for XML validation
- $debug = \SimpleSAML\Configuration::getInstance()->getArrayize('debug', ['validatexml' => false]);
- $enabled = \SimpleSAML\Configuration::getInstance()->getBoolean('debug.validatexml', false);
+ $debug = Configuration::getInstance()->getArrayize('debug', ['validatexml' => false]);
+ $enabled = Configuration::getInstance()->getBoolean('debug.validatexml', false);
if (!(in_array('validatexml', $debug, true) // implicitly enabled
|| (array_key_exists('validatexml', $debug) && $debug['validatexml'] === true)
@@ -94,12 +102,12 @@ class XML
*/
public static function debugSAMLMessage($message, $type)
{
- if (!(is_string($type) && (is_string($message) || $message instanceof \DOMElement))) {
+ if (!(is_string($type) && (is_string($message) || $message instanceof DOMElement))) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
// see if debugging is enabled for SAML messages
- $debug = \SimpleSAML\Configuration::getInstance()->getArrayize('debug', ['saml' => false]);
+ $debug = Configuration::getInstance()->getArrayize('debug', ['saml' => false]);
if (!(in_array('saml', $debug, true) // implicitly enabled
|| (array_key_exists('saml', $debug) && $debug['saml'] === true)
@@ -111,7 +119,7 @@ class XML
return;
}
- if ($message instanceof \DOMElement) {
+ if ($message instanceof DOMElement) {
$message = $message->ownerDocument->saveXML($message);
}
@@ -155,7 +163,7 @@ class XML
*
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
*/
- public static function formatDOMElement(\DOMNode $root, $indentBase = '')
+ public static function formatDOMElement(DOMNode $root, $indentBase = '')
{
if (!is_string($indentBase)) {
throw new \InvalidArgumentException('Invalid input parameters');
@@ -169,10 +177,10 @@ class XML
/** @var \DOMNode $child */
$child = $root->childNodes->item($i);
- if ($child instanceof \DOMText) {
+ if ($child instanceof DOMText) {
$textNodes[] = $child;
$fullText .= $child->wholeText;
- } elseif ($child instanceof \DOMComment || $child instanceof \DOMElement) {
+ } elseif ($child instanceof DOMComment || $child instanceof DOMElement) {
$childNodes[] = $child;
} else {
// unknown node type. We don't know how to format this
@@ -202,7 +210,7 @@ class XML
if ($hasText) {
// only text - add a single text node to the element with the full text
- $root->appendChild(new \DOMText($fullText));
+ $root->appendChild(new DOMText($fullText));
return;
}
@@ -217,7 +225,7 @@ class XML
$childIndentation = $indentBase.' ';
foreach ($childNodes as $node) {
// add indentation before node
- $root->insertBefore(new \DOMText("\n".$childIndentation), $node);
+ $root->insertBefore(new DOMText("\n".$childIndentation), $node);
// format child elements
if ($node instanceof \DOMElement) {
@@ -226,7 +234,7 @@ class XML
}
// add indentation before closing tag
- $root->appendChild(new \DOMText("\n".$indentBase));
+ $root->appendChild(new DOMText("\n".$indentBase));
}
@@ -252,7 +260,7 @@ class XML
}
try {
- $doc = \SAML2\DOMDocumentFactory::fromString($xml);
+ $doc = DOMDocumentFactory::fromString($xml);
} catch (\Exception $e) {
throw new \DOMException('Error parsing XML string.');
}
@@ -279,7 +287,7 @@ class XML
* @throws \InvalidArgumentException If $element is not an instance of DOMElement, $localName is not a string or
* $namespaceURI is not a string.
*/
- public static function getDOMChildren(\DOMNode $element, $localName, $namespaceURI)
+ public static function getDOMChildren(DOMNode $element, $localName, $namespaceURI)
{
if (!is_string($localName) || !is_string($namespaceURI)) {
throw new \InvalidArgumentException('Invalid input parameters.');
@@ -292,7 +300,7 @@ class XML
$child = $element->childNodes->item($i);
// skip text nodes and comment elements
- if ($child instanceof \DOMText || $child instanceof \DOMComment) {
+ if ($child instanceof DOMText || $child instanceof DOMComment) {
continue;
}
@@ -315,15 +323,15 @@ class XML
*
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
*/
- public static function getDOMText(\DOMElement $element)
+ public static function getDOMText(DOMElement $element)
{
$txt = '';
for ($i = 0; $i < $element->childNodes->length; $i++) {
/** @var \DOMElement $child */
$child = $element->childNodes->item($i);
- if (!($child instanceof \DOMText)) {
- throw new \SimpleSAML\Error\Exception($element->localName.' contained a non-text child node.');
+ if (!($child instanceof DOMText)) {
+ throw new Error\Exception($element->localName.' contained a non-text child node.');
}
$txt .= $child->wholeText;
@@ -356,7 +364,7 @@ class XML
* @author Andreas Solberg, UNINETT AS <andreas.solberg@uninett.no>
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
*/
- public static function isDOMNodeOfType(\DOMNode $element, $name, $nsURI)
+ public static function isDOMNodeOfType(DOMNode $element, $name, $nsURI)
{
if (!is_string($name) || !is_string($nsURI) || strlen($nsURI) === 0) {
// most likely a comment-node
@@ -412,18 +420,18 @@ class XML
*/
public static function isValid($xml, $schema)
{
- if (!(is_string($schema) && (is_string($xml) || $xml instanceof \DOMDocument))) {
+ if (!(is_string($schema) && (is_string($xml) || $xml instanceof DOMDocument))) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
Errors::begin();
- if ($xml instanceof \DOMDocument) {
+ if ($xml instanceof DOMDocument) {
$dom = $xml;
$res = true;
} else {
try {
- $dom = \SAML2\DOMDocumentFactory::fromString($xml);
+ $dom = DOMDocumentFactory::fromString($xml);
$res = true;
} catch (\Exception $e) {
$res = false;
@@ -431,7 +439,7 @@ class XML
}
if ($res) {
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
/** @var string $schemaPath */
$schemaPath = $config->resolvePath('schemas');
$schemaFile = $schemaPath.'/'.$schema;
diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php
index 0fb503807b7271a313d5fcdd26043d035d7d8474..39d5f9c22a0fa67ed79152ae308ce933804c8e9a 100644
--- a/lib/SimpleSAML/XHTML/IdPDisco.php
+++ b/lib/SimpleSAML/XHTML/IdPDisco.php
@@ -2,6 +2,12 @@
namespace SimpleSAML\XHTML;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Metadata\MetaDataStorageHandler;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+
/**
* This class implements a generic IdP discovery service, for use in various IdP
* discovery service pages. This should reduce code duplication.
@@ -31,7 +37,6 @@ class IdPDisco
*/
protected $instance;
-
/**
* An instance of the metadata handler, which will allow us to fetch metadata about IdPs.
*
@@ -39,7 +44,6 @@ class IdPDisco
*/
protected $metadata;
-
/**
* The users session.
*
@@ -47,7 +51,6 @@ class IdPDisco
*/
protected $session;
-
/**
* The metadata sets we find allowed entities in, in prioritized order.
*
@@ -55,7 +58,6 @@ class IdPDisco
*/
protected $metadataSets;
-
/**
* The entity id of the SP which accesses this IdP discovery service.
*
@@ -78,7 +80,6 @@ class IdPDisco
*/
protected $setIdPentityID = null;
-
/**
* The name of the query parameter which should contain the users choice of IdP.
* This option default to 'entityID' for Shibboleth compatibility.
@@ -119,9 +120,9 @@ class IdPDisco
assert(is_string($instance));
// initialize standard classes
- $this->config = \SimpleSAML\Configuration::getInstance();
- $this->metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
- $this->session = \SimpleSAML\Session::getSessionFromRequest();
+ $this->config = Configuration::getInstance();
+ $this->metadata = MetaDataStorageHandler::getMetadataHandler();
+ $this->session = Session::getSessionFromRequest();
$this->instance = $instance;
$this->metadataSets = $metadataSets;
@@ -145,7 +146,7 @@ class IdPDisco
if (!array_key_exists('return', $_GET)) {
throw new \Exception('Missing parameter: return');
} else {
- $this->returnURL = \SimpleSAML\Utils\HTTP::checkURLAllowed($_GET['return']);
+ $this->returnURL = Utils\HTTP::checkURLAllowed($_GET['return']);
}
$this->isPassive = false;
@@ -177,7 +178,7 @@ class IdPDisco
*/
protected function log($message)
{
- \SimpleSAML\Logger::info('idpDisco.'.$this->instance.': '.$message);
+ Logger::info('idpDisco.'.$this->instance.': '.$message);
}
@@ -224,7 +225,7 @@ class IdPDisco
'httponly' => false,
];
- \SimpleSAML\Utils\HTTP::setCookie($prefixedName, $value, $params, false);
+ Utils\HTTP::setCookie($prefixedName, $value, $params, false);
}
@@ -520,7 +521,7 @@ class IdPDisco
$extDiscoveryStorage = $this->config->getString('idpdisco.extDiscoveryStorage', null);
if ($extDiscoveryStorage !== null) {
$this->log('Choice made ['.$idp.'] (Forwarding to external discovery storage)');
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($extDiscoveryStorage, [
+ Utils\HTTP::redirectTrustedURL($extDiscoveryStorage, [
'entityID' => $this->spEntityId,
'IdPentityID' => $idp,
'returnIDParam' => $this->returnIdParam,
@@ -531,13 +532,13 @@ class IdPDisco
$this->log(
'Choice made ['.$idp.'] (Redirecting the user back. returnIDParam='.$this->returnIdParam.')'
);
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL, [$this->returnIdParam => $idp]);
+ Utils\HTTP::redirectTrustedURL($this->returnURL, [$this->returnIdParam => $idp]);
}
}
if ($this->isPassive) {
$this->log('Choice not made. (Redirecting the user back without answer)');
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->returnURL);
+ Utils\HTTP::redirectTrustedURL($this->returnURL);
}
}
@@ -569,7 +570,7 @@ class IdPDisco
'Choice made ['.$idpintersection[0].'] (Redirecting the user back. returnIDParam='.
$this->returnIdParam.')'
);
- \SimpleSAML\Utils\HTTP::redirectTrustedURL(
+ Utils\HTTP::redirectTrustedURL(
$this->returnURL,
[$this->returnIdParam => $idpintersection[0]]
);
@@ -618,7 +619,7 @@ class IdPDisco
}
if (!empty($data['icon'])) {
$newlist[$entityid]['icon'] = $data['icon'];
- $newlist[$entityid]['iconurl'] = \SimpleSAML\Utils\HTTP::resolveURL($data['icon']);
+ $newlist[$entityid]['iconurl'] = Utils\HTTP::resolveURL($data['icon']);
}
}
usort(
@@ -638,7 +639,7 @@ class IdPDisco
$t->data['return'] = $this->returnURL;
$t->data['returnIDParam'] = $this->returnIdParam;
$t->data['entityID'] = $this->spEntityId;
- $t->data['urlpattern'] = htmlspecialchars(\SimpleSAML\Utils\HTTP::getSelfURLNoQuery());
+ $t->data['urlpattern'] = htmlspecialchars(Utils\HTTP::getSelfURLNoQuery());
$t->data['rememberenabled'] = $this->config->getBoolean('idpdisco.enableremember', false);
$t->show();
}
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index f55f68e0db338f68b957f217889c2b3d848dc190..b1c3cca00719a91f8a44a91c6c7ad9a076baf178 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -11,15 +11,19 @@ namespace SimpleSAML\XHTML;
use JaimePerez\TwigConfigurableI18n\Twig\Environment as Twig_Environment;
use JaimePerez\TwigConfigurableI18n\Twig\Extensions\Extension\I18n as Twig_Extensions_Extension_I18n;
-use Symfony\Component\HttpFoundation\Response;
use SimpleSAML\Configuration;
-use SimpleSAML\Utils\HTTP;
use SimpleSAML\Locale\Language;
use SimpleSAML\Locale\Localization;
use SimpleSAML\Locale\Translate;
use SimpleSAML\Logger;
use SimpleSAML\Module;
+use SimpleSAML\Utils;
+
+use Symfony\Component\HttpFoundation\Response;
+use Twig\Loader\FilesystemLoader;
+use Twig\TwigFilter;
+use Twig\TwigFunction;
class Template extends Response
{
@@ -246,7 +250,7 @@ class Template extends Response
// default, themeless templates are checked last
$templateDirs[] = [
- \Twig\Loader\FilesystemLoader::MAIN_NAMESPACE => $this->configuration->resolvePath('templates')
+ FilesystemLoader::MAIN_NAMESPACE => $this->configuration->resolvePath('templates')
];
foreach ($templateDirs as $entry) {
$loader->addPath($entry[key($entry)], key($entry));
@@ -309,7 +313,7 @@ class Template extends Response
// add a filter for translations out of arrays
$twig->addFilter(
- new \Twig\TwigFilter(
+ new TwigFilter(
'translateFromArray',
[Translate::class, 'translateFromArray'],
['needs_context' => true]
@@ -317,7 +321,7 @@ class Template extends Response
);
// add an asset() function
- $twig->addFunction(new \Twig\TwigFunction('asset', [$this, 'asset']));
+ $twig->addFunction(new TwigFunction('asset', [$this, 'asset']));
if ($this->controller !== null) {
$this->controller->setUpTwig($twig);
@@ -356,7 +360,7 @@ class Template extends Response
}
// set correct name for the default namespace
- $ns = ($entry === 'default') ? \Twig\Loader\FilesystemLoader::MAIN_NAMESPACE : $entry;
+ $ns = ($entry === 'default') ? FilesystemLoader::MAIN_NAMESPACE : $entry;
$themeTemplateDirs[] = [$ns => $themeDir.'/'.$entry];
}
return $themeTemplateDirs;
@@ -423,7 +427,7 @@ class Template extends Response
$langname = $this->translator->getLanguage()->getLanguageLocalizedName($lang);
$url = false;
if (!$current) {
- $url = htmlspecialchars(HTTP::addURLParameters(
+ $url = htmlspecialchars(Utils\HTTP::addURLParameters(
'',
[$parameterName => $lang]
));
diff --git a/lib/SimpleSAML/XHTML/TemplateControllerInterface.php b/lib/SimpleSAML/XHTML/TemplateControllerInterface.php
index 082320b234efebfb07d617d96e475c429d1d37e2..bead9a1c69c6209b27b5805115c9d57e2c6a56ae 100644
--- a/lib/SimpleSAML/XHTML/TemplateControllerInterface.php
+++ b/lib/SimpleSAML/XHTML/TemplateControllerInterface.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\XHTML;
+use Twig\Environment;
+
/**
* Interface that allows modules to run several hooks for templates.
*
@@ -17,7 +19,7 @@ interface TemplateControllerInterface
*
* @return void
*/
- public function setUpTwig(\Twig\Environment &$twig);
+ public function setUpTwig(Environment &$twig);
/**
diff --git a/lib/SimpleSAML/XHTML/TemplateLoader.php b/lib/SimpleSAML/XHTML/TemplateLoader.php
index b8de4368e5457709a1604050fc6f1432214c17de..a2c6571478d5c8d488a81e9b763d70c6b0a14e16 100644
--- a/lib/SimpleSAML/XHTML/TemplateLoader.php
+++ b/lib/SimpleSAML/XHTML/TemplateLoader.php
@@ -1,8 +1,9 @@
<?php
-
namespace SimpleSAML\XHTML;
+use SimpleSAML\Module;
+
/**
* This class extends the Twig\Loader\FilesystemLoader so that we can load templates from modules in twig, even
* when the main template is not part of a module (or the same one).
@@ -60,10 +61,10 @@ class TemplateLoader extends \Twig\Loader\FilesystemLoader
*/
public static function getModuleTemplateDir($module)
{
- if (!\SimpleSAML\Module::isModuleEnabled($module)) {
+ if (!Module::isModuleEnabled($module)) {
throw new \InvalidArgumentException('The module \''.$module.'\' is not enabled.');
}
- $moduledir = \SimpleSAML\Module::getModuleDir($module);
+ $moduledir = Module::getModuleDir($module);
// check if module has a /templates dir, if so, append
$templatedir = $moduledir.'/templates';
if (!is_dir($templatedir)) {
diff --git a/lib/SimpleSAML/XML/Errors.php b/lib/SimpleSAML/XML/Errors.php
index 01720fb8101b120797a58e1adbf875213d937bba..9871571904d8ed8aacbce0283baf93d091d1085a 100644
--- a/lib/SimpleSAML/XML/Errors.php
+++ b/lib/SimpleSAML/XML/Errors.php
@@ -81,7 +81,6 @@ class Errors
*/
public static function end()
{
-
// Check whether the error access functions are present
if (!function_exists('libxml_use_internal_errors')) {
// Pretend that no errors occurred
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
index 80bd641c21f03ef8f521f63c2242cbde6bc18015..41e8e2964bf9e142dc90869f4b8e08c5054b022d 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnRequest.php
@@ -10,6 +10,8 @@
namespace SimpleSAML\XML\Shib13;
+use SimpleSAML\Metadata\MetaDataStorageHandler;
+
class AuthnRequest
{
/** @var string|null */
@@ -64,7 +66,7 @@ class AuthnRequest
*/
public function createRedirect($destination, $shire)
{
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$idpmetadata = $metadata->getMetaDataConfig($destination, 'shib13-idp-remote');
$desturl = $idpmetadata->getDefaultEndpoint(
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 0a0bf47e1d2a7287712811da590ce8055f6712a3..d04983b3114fe1f4a6303d330fe096e87b1c8e4a 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -11,11 +11,12 @@ namespace SimpleSAML\XML\Shib13;
use DOMDocument;
use DOMNode;
+use DOMXpath;
use SAML2\DOMDocumentFactory;
-use SAML2\Utils;
-use SimpleSAML\Utils\Config;
-use SimpleSAML\Utils\Random;
-use SimpleSAML\Utils\Time;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Metadata\MetaDataStorageHandler;
+use SimpleSAML\Utils;
use SimpleSAML\XML\Validator;
class AuthnResponse
@@ -121,7 +122,7 @@ class AuthnResponse
$issuer = $this->getIssuer();
// Get the metadata of the issuer
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$md = $metadata->getMetaDataConfig($issuer, 'shib13-idp-remote');
$publicKeys = $md->getPublicKeys('signing');
@@ -141,9 +142,9 @@ class AuthnResponse
$this->validator->validateFingerprint($certFingerprints);
} elseif ($md->hasValue('caFile')) {
// Validate against CA
- $this->validator->validateCA(Config::getCertPath($md->getString('caFile')));
+ $this->validator->validateCA(Utils\Config::getCertPath($md->getString('caFile')));
} else {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'Missing certificate in Shibboleth 1.3 IdP Remote metadata for identity provider ['.$issuer.'].'
);
}
@@ -174,7 +175,7 @@ class AuthnResponse
$node = dom_import_simplexml($node);
}
- assert($node instanceof \DOMNode);
+ assert($node instanceof DOMNode);
return $this->validator->isNodeValidated($node);
}
@@ -191,15 +192,15 @@ class AuthnResponse
private function doXPathQuery($query, $node = null)
{
assert(is_string($query));
- assert($this->dom instanceof \DOMDocument);
+ assert($this->dom instanceof DOMDocument);
if ($node === null) {
$node = $this->dom->documentElement;
}
- assert($node instanceof \DOMNode);
+ assert($node instanceof DOMNode);
- $xPath = new \DOMXpath($this->dom);
+ $xPath = new DOMXpath($this->dom);
$xPath->registerNamespace('shibp', self::SHIB_PROTOCOL_NS);
$xPath->registerNamespace('shib', self::SHIB_ASSERT_NS);
@@ -232,11 +233,11 @@ class AuthnResponse
*/
public function getAttributes()
{
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$md = $metadata->getMetaData($this->getIssuer(), 'shib13-idp-remote');
$base64 = isset($md['base64attributes']) ? $md['base64attributes'] : false;
- if (!($this->dom instanceof \DOMDocument)) {
+ if (!($this->dom instanceof DOMDocument)) {
return [];
}
@@ -347,7 +348,7 @@ class AuthnResponse
* @param array|null $attributes The attributes which should be included in the response.
* @return string The response.
*/
- public function generate(\SimpleSAML\Configuration $idp, \SimpleSAML\Configuration $sp, $shire, $attributes)
+ public function generate(Configuration $idp, Configuration $sp, $shire, $attributes)
{
assert(is_string($shire));
assert($attributes === null || is_array($attributes));
@@ -360,16 +361,16 @@ class AuthnResponse
$scopedAttributes = [];
}
- $id = Random::generateID();
+ $id = Utils\Random::generateID();
- $issueInstant = Time::generateTimestamp();
+ $issueInstant = Utils\Time::generateTimestamp();
// 30 seconds timeskew back in time to allow differing clocks
- $notBefore = Time::generateTimestamp(time() - 30);
+ $notBefore = Utils\Time::generateTimestamp(time() - 30);
- $assertionExpire = Time::generateTimestamp(time() + 300); // 5 minutes
- $assertionid = Random::generateID();
+ $assertionExpire = Utils\Time::generateTimestamp(time() + 300); // 5 minutes
+ $assertionid = Utils\Random::generateID();
$spEntityId = $sp->getString('entityid');
@@ -377,7 +378,7 @@ class AuthnResponse
$base64 = $sp->getBoolean('base64attributes', false);
$namequalifier = $sp->getString('NameQualifier', $spEntityId);
- $nameid = Random::generateID();
+ $nameid = Utils\Random::generateID();
$subjectNode =
'<Subject>'.
'<NameIdentifier'.
@@ -505,14 +506,14 @@ class AuthnResponse
$currentTime = time();
if (!empty($start)) {
- $startTime = Utils::xsDateTimeToTimestamp($start);
+ $startTime = \SAML2\Utils::xsDateTimeToTimestamp($start);
// allow for a 10 minute difference in time
if (($startTime < 0) || (($startTime - 600) > $currentTime)) {
return false;
}
}
if (!empty($end)) {
- $endTime = Utils::xsDateTimeToTimestamp($end);
+ $endTime = \SAML2\Utils::xsDateTimeToTimestamp($end);
if (($endTime < 0) || ($endTime <= $currentTime)) {
return false;
}
diff --git a/lib/SimpleSAML/XML/Signer.php b/lib/SimpleSAML/XML/Signer.php
index ee58c4c092c4aa3b512905ab62bfc6c39c19b392..235335b649628b2523c96ceccca9d02165987454 100644
--- a/lib/SimpleSAML/XML/Signer.php
+++ b/lib/SimpleSAML/XML/Signer.php
@@ -16,7 +16,7 @@ use DOMElement;
use DOMText;
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
-use SimpleSAML\Utils\Config;
+use SimpleSAML\Utils;
class Signer
{
@@ -132,7 +132,7 @@ class Signer
assert(is_bool($full_path));
if (!$full_path) {
- $keyFile = Config::getCertPath($file);
+ $keyFile = Utils\Config::getCertPath($file);
} else {
$keyFile = $file;
}
@@ -196,7 +196,7 @@ class Signer
assert(is_bool($full_path));
if (!$full_path) {
- $certFile = Config::getCertPath($file);
+ $certFile = Utils\Config::getCertPath($file);
} else {
$certFile = $file;
}
@@ -245,7 +245,7 @@ class Signer
assert(is_bool($full_path));
if (!$full_path) {
- $certFile = Config::getCertPath($file);
+ $certFile = Utils\Config::getCertPath($file);
} else {
$certFile = $file;
}
diff --git a/modules/admin/lib/ConfigController.php b/modules/admin/lib/ConfigController.php
index a7844be3cac84d4bb2e40fbb22fe301409b4d939..97786c4ba0bf168af1dfea3a1d3783670de180a7 100644
--- a/modules/admin/lib/ConfigController.php
+++ b/modules/admin/lib/ConfigController.php
@@ -2,9 +2,13 @@
namespace SimpleSAML\Module\admin;
+use SimpleSAML\Configuration;
use SimpleSAML\HTTP\RunnableResponse;
use SimpleSAML\Locale\Translate;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Module;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+use SimpleSAML\XHTML\Template;
use Symfony\Component\HttpFoundation\Request;
/**
@@ -35,7 +39,7 @@ class ConfigController
* @param \SimpleSAML\Configuration $config The configuration to use.
* @param \SimpleSAML\Session $session The current user session.
*/
- public function __construct(\SimpleSAML\Configuration $config, \SimpleSAML\Session $session)
+ public function __construct(Configuration $config, Session $session)
{
$this->config = $config;
$this->session = $session;
@@ -52,28 +56,28 @@ class ConfigController
*/
public function diagnostics(Request $request)
{
- \SimpleSAML\Utils\Auth::requireAdmin();
+ Utils\Auth::requireAdmin();
- $t = new \SimpleSAML\XHTML\Template($this->config, 'admin:diagnostics.twig');
+ $t = new Template($this->config, 'admin:diagnostics.twig');
$t->data = [
'remaining' => $this->session->getAuthData('admin', 'Expire') - time(),
- 'logouturl' => \SimpleSAML\Utils\Auth::getAdminLogoutURL(),
+ 'logouturl' => Utils\Auth::getAdminLogoutURL(),
'items' => [
'HTTP_HOST' => [$request->getHost()],
'HTTPS' => $request->isSecure() ? ['on'] : [],
'SERVER_PROTOCOL' => [$request->getProtocolVersion()],
- 'getBaseURL()' => [HTTP::getBaseURL()],
- 'getSelfHost()' => [HTTP::getSelfHost()],
- 'getSelfHostWithNonStandardPort()' => [HTTP::getSelfHostWithNonStandardPort()],
- 'getSelfURLHost()' => [HTTP::getSelfURLHost()],
- 'getSelfURLNoQuery()' => [HTTP::getSelfURLNoQuery()],
- 'getSelfHostWithPath()' => [HTTP::getSelfHostWithPath()],
- 'getFirstPathElement()' => [HTTP::getFirstPathElement()],
- 'getSelfURL()' => [HTTP::getSelfURL()],
+ 'getBaseURL()' => [Utils\HTTP::getBaseURL()],
+ 'getSelfHost()' => [Utils\HTTP::getSelfHost()],
+ 'getSelfHostWithNonStandardPort()' => [Utils\HTTP::getSelfHostWithNonStandardPort()],
+ 'getSelfURLHost()' => [Utils\HTTP::getSelfURLHost()],
+ 'getSelfURLNoQuery()' => [Utils\HTTP::getSelfURLNoQuery()],
+ 'getSelfHostWithPath()' => [Utils\HTTP::getSelfHostWithPath()],
+ 'getFirstPathElement()' => [Utils\HTTP::getFirstPathElement()],
+ 'getSelfURL()' => [Utils\HTTP::getSelfURL()],
],
];
- $this->menu->addOption('logout', \SimpleSAML\Utils\Auth::getAdminLogoutURL(), Translate::noop('Log out'));
+ $this->menu->addOption('logout', $t->data['logouturl'], Translate::noop('Log out'));
return $this->menu->insert($t);
}
@@ -85,20 +89,20 @@ class ConfigController
*/
public function main()
{
- \SimpleSAML\Utils\Auth::requireAdmin();
+ Utils\Auth::requireAdmin();
- $t = new \SimpleSAML\XHTML\Template($this->config, 'admin:config.twig');
+ $t = new Template($this->config, 'admin:config.twig');
$t->data = [
'warnings' => $this->getWarnings(),
'directory' => $this->config->getBaseDir(),
'version' => $this->config->getVersion(),
'links' => [
[
- 'href' => \SimpleSAML\Module::getModuleURL('admin/diagnostics'),
+ 'href' => Module::getModuleURL('admin/diagnostics'),
'text' => Translate::noop('Diagnostics on hostname, port and protocol')
],
[
- 'href' => \SimpleSAML\Module::getModuleURL('admin/phpinfo'),
+ 'href' => Module::getModuleURL('admin/phpinfo'),
'text' => Translate::noop('Information on your PHP installation')
]
],
@@ -107,11 +111,11 @@ class ConfigController
'shib13idp' => $this->config->getBoolean('enable.shib13-idp', false),
],
'funcmatrix' => $this->getPrerequisiteChecks(),
- 'logouturl' => \SimpleSAML\Utils\Auth::getAdminLogoutURL(),
+ 'logouturl' => Utils\Auth::getAdminLogoutURL(),
];
- \SimpleSAML\Module::callHooks('configpage', $t);
- $this->menu->addOption('logout', \SimpleSAML\Utils\Auth::getAdminLogoutURL(), Translate::noop('Log out'));
+ Module::callHooks('configpage', $t);
+ $this->menu->addOption('logout', Utils\Auth::getAdminLogoutURL(), Translate::noop('Log out'));
return $this->menu->insert($t);
}
@@ -239,14 +243,14 @@ class ConfigController
]
],
'ldap_bind' => [
- 'required' => \SimpleSAML\Module::isModuleEnabled('ldap') ? 'required' : 'optional',
+ 'required' => Module::isModuleEnabled('ldap') ? 'required' : 'optional',
'descr' => [
'optional' => Translate::noop('LDAP extension (required if an LDAP backend is used)'),
'required' => Translate::noop('LDAP extension'),
]
],
'radius_auth_open' => [
- 'required' => \SimpleSAML\Module::isModuleEnabled('radius') ? 'required' : 'optional',
+ 'required' => Module::isModuleEnabled('radius') ? 'required' : 'optional',
'descr' => [
'optional' => Translate::noop('Radius extension (required if a radius backend is used)'),
'required' => Translate::noop('Radius extension'),
@@ -330,7 +334,7 @@ class ConfigController
$warnings = [];
// make sure we're using HTTPS
- if (!\SimpleSAML\Utils\HTTP::isHTTPS()) {
+ if (!Utils\HTTP::isHTTPS()) {
$warnings[] = Translate::noop(
'<strong>You are not using HTTPS</strong> to protect communications with your users. HTTP works fine '.
'for testing purposes, but in a production environment you should use HTTPS. <a '.
diff --git a/modules/admin/lib/FederationController.php b/modules/admin/lib/FederationController.php
index b0bcc47a4a9b1d824d9113b22fe58d43e786e7d9..1929504c332f9acc1396a70dd151d5f45c9f9797 100644
--- a/modules/admin/lib/FederationController.php
+++ b/modules/admin/lib/FederationController.php
@@ -2,17 +2,21 @@
namespace SimpleSAML\Module\admin;
+use SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\HTTP\RunnableResponse;
use SimpleSAML\Locale\Translate;
+use SimpleSAML\Logger;
use SimpleSAML\Metadata\MetaDataStorageHandler;
use SimpleSAML\Metadata\SAMLBuilder;
+use SimpleSAML\Metadata\SAMLParser;
+use SimpleSAML\Metadata\Signer;
use SimpleSAML\Module;
use SimpleSAML\Module\adfs\IdP\ADFS as ADFS_IdP;
use SimpleSAML\Module\saml\IdP\SAML1 as SAML1_IdP;
use SimpleSAML\Module\saml\IdP\SAML2 as SAML2_IdP;
-use SimpleSAML\Utils\Auth;
-
-use SimpleSAML\HTTP\RunnableResponse;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Utils;
+use SimpleSAML\XHTML\Template;
use Symfony\Component\HttpFoundation\Request;
/**
@@ -40,7 +44,7 @@ class FederationController
*
* @param \SimpleSAML\Configuration $config The configuration to use.
*/
- public function __construct(\SimpleSAML\Configuration $config)
+ public function __construct(Configuration $config)
{
$this->config = $config;
$this->menu = new Menu();
@@ -57,7 +61,7 @@ class FederationController
*/
public function main()
{
- Auth::requireAdmin();
+ Utils\Auth::requireAdmin();
// initialize basic metadata array
$hostedSPs = $this->getHostedSP();
@@ -77,7 +81,7 @@ class FederationController
];
// initialize template and language
- $t = new \SimpleSAML\XHTML\Template($this->config, 'admin:federation.twig');
+ $t = new Template($this->config, 'admin:federation.twig');
$language = $t->getTranslator()->getLanguage()->getLanguage();
$defaultLang = $this->config->getString('language.default', 'en');
@@ -140,7 +144,7 @@ class FederationController
'adfs-idp-remote' => Translate::noop('ADFS IdP metadata'),
'adfs-idp-hosted' => Translate::noop('ADFS IdP metadata'),
],
- 'logouturl' => Auth::getAdminLogoutURL(),
+ 'logouturl' => Utils\Auth::getAdminLogoutURL(),
];
Module::callHooks('federationpage', $t);
@@ -174,7 +178,7 @@ class FederationController
}
} else {
$saml2entities['saml20-idp'] = $this->mdHandler->getMetaDataCurrent('saml20-idp-hosted');
- $saml2entities['saml20-idp']['url'] = \SimpleSAML\Utils\HTTP::getBaseURL().'saml2/idp/metadata.php';
+ $saml2entities['saml20-idp']['url'] = Utils\HTTP::getBaseURL().'saml2/idp/metadata.php';
$saml2entities['saml20-idp']['metadata_array'] =
SAML2_IdP::getHostedMetadata(
$this->mdHandler->getMetaDataCurrentEntityID('saml20-idp-hosted')
@@ -189,7 +193,7 @@ class FederationController
$builder->addContact($contact['contactType'], $contact);
}
- $entity['metadata'] = \SimpleSAML\Metadata\Signer::sign(
+ $entity['metadata'] = Signer::sign(
$builder->getEntityDescriptorText(),
$entity['metadata_array'],
'SAML 2 IdP'
@@ -197,7 +201,7 @@ class FederationController
$entities[$index] = $entity;
}
} catch (\Exception $e) {
- \SimpleSAML\Logger::error('Federation: Error loading saml20-idp: '.$e->getMessage());
+ Logger::error('Federation: Error loading saml20-idp: '.$e->getMessage());
}
}
@@ -216,7 +220,7 @@ class FederationController
}
} else {
$shib13entities['shib13-idp'] = $this->mdHandler->getMetaDataCurrent('shib13-idp-hosted');
- $shib13entities['shib13-idp']['url'] = \SimpleSAML\Utils\HTTP::getBaseURL().
+ $shib13entities['shib13-idp']['url'] = Utils\HTTP::getBaseURL().
'shib13/idp/metadata.php';
$shib13entities['shib13-idp']['metadata_array'] =
SAML1_IdP::getHostedMetadata(
@@ -232,7 +236,7 @@ class FederationController
$builder->addContact($contact['contactType'], $contact);
}
- $entity['metadata'] = \SimpleSAML\Metadata\Signer::sign(
+ $entity['metadata'] = Signer::sign(
$builder->getEntityDescriptorText(),
$entity['metadata_array'],
'SAML 2 SP'
@@ -240,7 +244,7 @@ class FederationController
$entities[$index] = $entity;
}
} catch (\Exception $e) {
- \SimpleSAML\Logger::error('Federation: Error loading shib13-idp: '.$e->getMessage());
+ Logger::error('Federation: Error loading shib13-idp: '.$e->getMessage());
}
}
@@ -274,7 +278,7 @@ class FederationController
$builder->addContact($contact['contactType'], $contact);
}
- $entity['metadata'] = \SimpleSAML\Metadata\Signer::sign(
+ $entity['metadata'] = Signer::sign(
$builder->getEntityDescriptorText(),
$entity['metadata_array'],
'ADFS IdP'
@@ -282,7 +286,7 @@ class FederationController
$entities[$index] = $entity;
}
} catch (\Exception $e) {
- \SimpleSAML\Logger::error('Federation: Error loading adfs-idp: '.$e->getMessage());
+ Logger::error('Federation: Error loading adfs-idp: '.$e->getMessage());
}
}
@@ -328,7 +332,7 @@ class FederationController
$entities = [];
/** @var \SimpleSAML\Module\saml\Auth\Source\SP $source */
- foreach (\SimpleSAML\Auth\Source::getSourcesOfType('saml:SP') as $source) {
+ foreach (Auth\Source::getSourcesOfType('saml:SP') as $source) {
$metadata = $source->getHostedMetadata();
if (isset($metadata['keys']) ) {
$certificates = $metadata['keys'];
@@ -363,7 +367,7 @@ class FederationController
}
// sign the metadata if enabled
- $xml = \SimpleSAML\Metadata\Signer::sign($xml, $source->getMetadata()->toArray(), 'SAML 2 SP');
+ $xml = Signer::sign($xml, $source->getMetadata()->toArray(), 'SAML 2 SP');
$entities[] = [
'authid' => $source->getAuthId(),
@@ -389,7 +393,7 @@ class FederationController
*/
public function metadataConverter(Request $request)
{
- \SimpleSAML\Utils\Auth::requireAdmin();
+ Utils\Auth::requireAdmin();
if ($xmlfile = $request->files->get('xmlfile')) {
$xmldata = trim(file_get_contents($xmlfile));
@@ -398,8 +402,8 @@ class FederationController
}
if (!empty($xmldata)) {
- \SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
- $entities = \SimpleSAML\Metadata\SAMLParser::parseDescriptorsString($xmldata);
+ Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
+ $entities = SAMLParser::parseDescriptorsString($xmldata);
// get all metadata for the entities
foreach ($entities as &$entity) {
@@ -412,7 +416,7 @@ class FederationController
}
// transpose from $entities[entityid][type] to $output[type][entityid]
- $output = \SimpleSAML\Utils\Arrays::transpose($entities);
+ $output = Utils\Arrays::transpose($entities);
// merge all metadata of each type to a single string which should be added to the corresponding file
foreach ($output as $type => &$entities) {
@@ -435,14 +439,14 @@ class FederationController
$output = [];
}
- $t = new \SimpleSAML\XHTML\Template($this->config, 'admin:metadata_converter.twig');
+ $t = new Template($this->config, 'admin:metadata_converter.twig');
$t->data = [
- 'logouturl' => \SimpleSAML\Utils\Auth::getAdminLogoutURL(),
+ 'logouturl' => Utils\Auth::getAdminLogoutURL(),
'xmldata' => $xmldata,
'output' => $output,
];
- $this->menu->addOption('logout', \SimpleSAML\Utils\Auth::getAdminLogoutURL(), Translate::noop('Log out'));
+ $this->menu->addOption('logout', $t->data['logouturl'], Translate::noop('Log out'));
return $this->menu->insert($t);
}
}
diff --git a/modules/admin/lib/TestController.php b/modules/admin/lib/TestController.php
index be7a47033687b9992e23626a10ed78ea3a0407b0..957aca6c648d5cdb927fe3ecdb4eb25d8044b21a 100644
--- a/modules/admin/lib/TestController.php
+++ b/modules/admin/lib/TestController.php
@@ -2,9 +2,16 @@
namespace SimpleSAML\Module\admin;
+use SAML2\Constants;
+use SAML2\XML\saml\NameID;
+use SimpleSAML\Auth;
+use SimpleSAML\Configuration;
use SimpleSAML\HTTP\RunnableResponse;
use SimpleSAML\Locale\Translate;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Module;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+use SimpleSAML\XHTML\Template;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
@@ -34,7 +41,7 @@ class TestController
* @param \SimpleSAML\Configuration $config The configuration to use.
* @param \SimpleSAML\Session $session The current user session.
*/
- public function __construct(\SimpleSAML\Configuration $config, \SimpleSAML\Session $session)
+ public function __construct(Configuration $config, Session $session)
{
$this->config = $config;
$this->session = $session;
@@ -50,25 +57,25 @@ class TestController
*/
public function main(Request $request, $as)
{
- \SimpleSAML\Utils\Auth::requireAdmin();
+ Utils\Auth::requireAdmin();
if (is_null($as)) {
- $t = new \SimpleSAML\XHTML\Template($this->config, 'admin:authsource_list.twig');
+ $t = new Template($this->config, 'admin:authsource_list.twig');
$t->data = [
- 'sources' => \SimpleSAML\Auth\Source::getSources(),
+ 'sources' => Auth\Source::getSources(),
];
} else {
- $authsource = new \SimpleSAML\Auth\Simple($as);
+ $authsource = new Auth\Simple($as);
if (!is_null($request->query->get('logout'))) {
$authsource->logout($this->config->getBasePath().'logout.php');
- } elseif (!is_null($request->query->get(\SimpleSAML\Auth\State::EXCEPTION_PARAM))) {
+ } elseif (!is_null($request->query->get(Auth\State::EXCEPTION_PARAM))) {
// This is just a simple example of an error
- $state = \SimpleSAML\Auth\State::loadExceptionState();
- assert(array_key_exists(\SimpleSAML\Auth\State::EXCEPTION_DATA, $state));
- throw $state[\SimpleSAML\Auth\State::EXCEPTION_DATA];
+ $state = Auth\State::loadExceptionState();
+ assert(array_key_exists(Auth\State::EXCEPTION_DATA, $state));
+ throw $state[Auth\State::EXCEPTION_DATA];
}
if (!$authsource->isAuthenticated()) {
- $url = \SimpleSAML\Module::getModuleURL('admin/test/'.$as, []);
+ $url = Module::getModuleURL('admin/test/'.$as, []);
$params = [
'ErrorURL' => $url,
'ReturnTo' => $url,
@@ -80,13 +87,13 @@ class TestController
$authData = $authsource->getAuthDataArray();
$nameId = !is_null($authsource->getAuthData('saml:sp:NameID')) ? $authsource->getAuthData('saml:sp:NameID') : false;
- $t = new \SimpleSAML\XHTML\Template($this->config, 'admin:status.twig', 'attributes');
+ $t = new Template($this->config, 'admin:status.twig', 'attributes');
$t->data = [
'attributes' => $attributes,
'attributesHtml' => $this->getAttributesHTML($t, $attributes, ''),
'authData' => $authData,
'nameid' => $nameId,
- 'logouturl' => \SimpleSAML\Utils\HTTP::getSelfURLNoQuery().'?as='.urlencode($as).'&logout',
+ 'logouturl' => Utils\HTTP::getSelfURLNoQuery().'?as='.urlencode($as).'&logout',
];
if ($nameId !== false) {
@@ -94,8 +101,8 @@ class TestController
}
}
- \SimpleSAML\Module::callHooks('configpage', $t);
- $this->menu->addOption('logout', \SimpleSAML\Utils\Auth::getAdminLogoutURL(), Translate::noop('Log out'));
+ Module::callHooks('configpage', $t);
+ $this->menu->addOption('logout', Utils\Auth::getAdminLogoutURL(), Translate::noop('Log out'));
return $this->menu->insert($t);
}
@@ -105,7 +112,7 @@ class TestController
* @param \SAML2\XML\saml\NameID $nameId
* @return string
*/
- private function getNameIDHTML(\SimpleSAML\XHTML\Template $t, \SAML2\XML\saml\NameID $nameId)
+ private function getNameIDHTML(Template $t, NameID $nameId)
{
$result = '';
if ($nameId->getValue() === null) {
@@ -138,7 +145,7 @@ class TestController
* @param string $nameParent
* @return string
*/
- private function getAttributesHTML(\SimpleSAML\XHTML\Template $t, $attributes, $nameParent)
+ private function getAttributesHTML(Template $t, $attributes, $nameParent)
{
$alternate = ['pure-table-odd', 'pure-table-even'];
$i = 0;
@@ -188,10 +195,10 @@ class TestController
for ($idx = 0; $idx < $n; $idx++) {
$elem = $value[0]->item($idx);
/* @var \DOMElement $elem */
- if (!($elem->localName === 'NameID' && $elem->namespaceURI === \SAML2\Constants::NS_SAML)) {
+ if (!($elem->localName === 'NameID' && $elem->namespaceURI === Constants::NS_SAML)) {
continue;
}
- $str .= $this->present_eptid($trans, new \SAML2\XML\saml\NameID($elem));
+ $str .= $this->present_eptid($trans, new NameID($elem));
break; // we only support one NameID here
}
$str .= '</td></tr>';
@@ -253,7 +260,7 @@ class TestController
* @param \SAML2\XML\saml\NameID $nameID
* @return string
*/
- private function present_eptid(\SimpleSAML\Locale\Translate $t, \SAML2\XML\saml\NameID $nameID)
+ private function present_eptid(Translate $t, NameID $nameID)
{
$eptid = [
'NameID' => [$nameID->getValue()],
diff --git a/modules/core/lib/ACL.php b/modules/core/lib/ACL.php
index 2c682a3e08d6bfa8aab90ae4eadcdee1f95e8fdf..b1da4993d92bd8ce0739e149080c21aaeb8d733d 100644
--- a/modules/core/lib/ACL.php
+++ b/modules/core/lib/ACL.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+
/**
* Generic library for access control lists.
*
@@ -32,15 +35,15 @@ class ACL
foreach ($acl as $rule) {
if (!is_array($rule)) {
- throw new \SimpleSAML\Error\Exception('Invalid rule in access control list: '.var_export($rule, true));
+ throw new Error\Exception('Invalid rule in access control list: '.var_export($rule, true));
}
if (count($rule) === 0) {
- throw new \SimpleSAML\Error\Exception('Empty rule in access control list.');
+ throw new Error\Exception('Empty rule in access control list.');
}
$action = array_shift($rule);
if ($action !== 'allow' && $action !== 'deny') {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'Invalid action in rule in access control list: '.var_export($action, true)
);
}
@@ -58,9 +61,9 @@ class ACL
{
assert(is_string($id));
- $config = \SimpleSAML\Configuration::getOptionalConfig('acl.php');
+ $config = Configuration::getOptionalConfig('acl.php');
if (!$config->hasValue($id)) {
- throw new \SimpleSAML\Error\Exception('No ACL with id '.var_export($id, true).' in config/acl.php.');
+ throw new Error\Exception('No ACL with id '.var_export($id, true).' in config/acl.php.');
}
return $config->getArray($id);
@@ -121,7 +124,7 @@ class ACL
case 'or':
return self::opOr($attributes, $rule);
default:
- throw new \SimpleSAML\Error\Exception('Invalid ACL operation: '.var_export($op, true));
+ throw new Error\Exception('Invalid ACL operation: '.var_export($op, true));
}
}
diff --git a/modules/core/lib/Auth/Process/AttributeAlter.php b/modules/core/lib/Auth/Process/AttributeAlter.php
index c8900822a025ac632cdd7e31289a0d8a2280fda4..a522facfc65c86fe194d7561b863e1f7d46e510e 100644
--- a/modules/core/lib/Auth/Process/AttributeAlter.php
+++ b/modules/core/lib/Auth/Process/AttributeAlter.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Error;
+
/**
* Filter to modify attributes using regular expressions
*
@@ -64,7 +66,7 @@ class AttributeAlter extends \SimpleSAML\Auth\ProcessingFilter
} elseif ($value === '%remove') {
$this->remove = true;
} else {
- throw new \SimpleSAML\Error\Exception('Unknown flag : '.var_export($value, true));
+ throw new Error\Exception('Unknown flag : '.var_export($value, true));
}
continue;
} elseif ($name === 'pattern') {
@@ -102,20 +104,20 @@ class AttributeAlter extends \SimpleSAML\Auth\ProcessingFilter
// check that all required params are set in config
if (empty($this->pattern) || empty($this->subject)) {
- throw new \SimpleSAML\Error\Exception("Not all params set in config.");
+ throw new Error\Exception("Not all params set in config.");
}
if (!$this->replace && !$this->remove && $this->replacement === false) {
- throw new \SimpleSAML\Error\Exception("'replacement' must be set if neither '%replace' nor ".
+ throw new Error\Exception("'replacement' must be set if neither '%replace' nor ".
"'%remove' are set.");
}
if (!$this->replace && $this->replacement === null) {
- throw new \SimpleSAML\Error\Exception("'%replace' must be set if 'replacement' is null.");
+ throw new Error\Exception("'%replace' must be set if 'replacement' is null.");
}
if ($this->replace && $this->remove) {
- throw new \SimpleSAML\Error\Exception("'%replace' and '%remove' cannot be used together.");
+ throw new Error\Exception("'%replace' and '%remove' cannot be used together.");
}
if (empty($this->target)) {
@@ -124,7 +126,7 @@ class AttributeAlter extends \SimpleSAML\Auth\ProcessingFilter
}
if ($this->subject !== $this->target && $this->remove) {
- throw new \SimpleSAML\Error\Exception("Cannot use '%remove' when 'target' is different than 'subject'.");
+ throw new Error\Exception("Cannot use '%remove' when 'target' is different than 'subject'.");
}
if (!array_key_exists($this->subject, $attributes)) {
diff --git a/modules/core/lib/Auth/Process/AttributeLimit.php b/modules/core/lib/Auth/Process/AttributeLimit.php
index f0789d9a2dda31346619b1d1af532caf53a8f67c..8559db4d68f261c791d48cb8f0a4acc4f27821e9 100644
--- a/modules/core/lib/Auth/Process/AttributeLimit.php
+++ b/modules/core/lib/Auth/Process/AttributeLimit.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+
/**
* A filter for limiting which attributes are passed on.
*
@@ -41,18 +44,18 @@ class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter
$this->isDefault = (bool) $value;
} elseif (is_int($index)) {
if (!is_string($value)) {
- throw new \SimpleSAML\Error\Exception('AttributeLimit: Invalid attribute name: '.
+ throw new Error\Exception('AttributeLimit: Invalid attribute name: '.
var_export($value, true));
}
$this->allowedAttributes[] = $value;
} elseif (is_string($index)) {
if (!is_array($value)) {
- throw new \SimpleSAML\Error\Exception('AttributeLimit: Values for '.
+ throw new Error\Exception('AttributeLimit: Values for '.
var_export($index, true).' must be specified in an array.');
}
$this->allowedAttributes[$index] = $value;
} else {
- throw new \SimpleSAML\Error\Exception('AttributeLimit: Invalid option: '.var_export($index, true));
+ throw new Error\Exception('AttributeLimit: Invalid option: '.var_export($index, true));
}
}
}
@@ -113,7 +116,7 @@ class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter
if (array_key_exists($name, $allowedAttributes)) {
// but it is an index of the array
if (!is_array($allowedAttributes[$name])) {
- throw new \SimpleSAML\Error\Exception('AttributeLimit: Values for '.
+ throw new Error\Exception('AttributeLimit: Values for '.
var_export($name, true).' must be specified in an array.');
}
$attributes[$name] = $this->filterAttributeValues($attributes[$name], $allowedAttributes[$name]);
@@ -147,7 +150,7 @@ class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter
*/
$regexResult = @preg_match($pattern, $attributeValue);
if ($regexResult === false) {
- \SimpleSAML\Logger::warning("Error processing regex '$pattern' on value '$attributeValue'");
+ Logger::warning("Error processing regex '$pattern' on value '$attributeValue'");
break;
} elseif ($regexResult === 1) {
$matchedValues[] = $attributeValue;
diff --git a/modules/core/lib/Auth/Process/AttributeMap.php b/modules/core/lib/Auth/Process/AttributeMap.php
index 0a648dbccbfd5583545feb2cae627de0e48add48..db5bdbc4f54023d94afc8d59e984a9e2c299fc37 100644
--- a/modules/core/lib/Auth/Process/AttributeMap.php
+++ b/modules/core/lib/Auth/Process/AttributeMap.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Configuration;
+use SimpleSAML\Module;
+
/**
* Attribute filter for renaming attributes.
*
@@ -76,15 +79,15 @@ class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter
*/
private function loadMapFile($fileName)
{
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$m = explode(':', $fileName);
if (count($m) === 2) {
// we are asked for a file in a module
- if (!\SimpleSAML\Module::isModuleEnabled($m[0])) {
+ if (!Module::isModuleEnabled($m[0])) {
throw new \Exception("Module '$m[0]' is not enabled.");
}
- $filePath = \SimpleSAML\Module::getModuleDir($m[0]).'/attributemap/'.$m[1].'.php';
+ $filePath = Module::getModuleDir($m[0]).'/attributemap/'.$m[1].'.php';
} else {
$filePath = $config->getPathValue('attributenamemapdir', 'attributemap/').$fileName.'.php';
}
diff --git a/modules/core/lib/Auth/Process/AttributeValueMap.php b/modules/core/lib/Auth/Process/AttributeValueMap.php
index 189560f0bae0e0f2d66e8a8f6da6fc8ef6e12960..bf747b634baa89de8794891066ad7165aae653fc 100644
--- a/modules/core/lib/Auth/Process/AttributeValueMap.php
+++ b/modules/core/lib/Auth/Process/AttributeValueMap.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+
/**
* Filter to create target attribute based on value(s) in source attribute
*
@@ -64,7 +67,7 @@ class AttributeValueMap extends \SimpleSAML\Auth\ProcessingFilter
$this->keep = true;
} else {
// unknown configuration option, log it and ignore the error
- \SimpleSAML\Logger::warning(
+ Logger::warning(
"AttributeValueMap: unknown configuration flag '".var_export($value, true)."'"
);
}
@@ -89,13 +92,13 @@ class AttributeValueMap extends \SimpleSAML\Auth\ProcessingFilter
// now validate it
if (!is_string($this->sourceattribute)) {
- throw new \SimpleSAML\Error\Exception("AttributeValueMap: 'sourceattribute' configuration option not set.");
+ throw new Error\Exception("AttributeValueMap: 'sourceattribute' configuration option not set.");
}
if (!is_string($this->targetattribute)) {
- throw new \SimpleSAML\Error\Exception("AttributeValueMap: 'targetattribute' configuration option not set.");
+ throw new Error\Exception("AttributeValueMap: 'targetattribute' configuration option not set.");
}
if (!is_array($this->values)) {
- throw new \SimpleSAML\Error\Exception("AttributeValueMap: 'values' configuration option is not an array.");
+ throw new Error\Exception("AttributeValueMap: 'values' configuration option is not an array.");
}
}
@@ -108,7 +111,7 @@ class AttributeValueMap extends \SimpleSAML\Auth\ProcessingFilter
*/
public function process(&$request)
{
- \SimpleSAML\Logger::debug('Processing the AttributeValueMap filter.');
+ Logger::debug('Processing the AttributeValueMap filter.');
assert(is_array($request));
assert(array_key_exists('Attributes', $request));
@@ -128,7 +131,7 @@ class AttributeValueMap extends \SimpleSAML\Auth\ProcessingFilter
$values = [$values];
}
if (count(array_intersect($values, $sourceattribute)) > 0) {
- \SimpleSAML\Logger::debug("AttributeValueMap: intersect match for '$value'");
+ Logger::debug("AttributeValueMap: intersect match for '$value'");
$targetvalues[] = $value;
}
}
diff --git a/modules/core/lib/Auth/Process/Cardinality.php b/modules/core/lib/Auth/Process/Cardinality.php
index 8e66ad93a7a8af6fa23c40092fec63068af149e4..b60fc389a816b7406b479baf522aa94f03222fc2 100644
--- a/modules/core/lib/Auth/Process/Cardinality.php
+++ b/modules/core/lib/Auth/Process/Cardinality.php
@@ -2,7 +2,11 @@
namespace SimpleSAML\Module\core\Auth\Process;
-use SimpleSAML\Utils\HttpAdapter;
+use SimpleSAML\Auth;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
/**
* Filter to ensure correct cardinality of attributes
@@ -18,7 +22,7 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
/** @var array Entities that should be ignored */
private $ignoreEntities = [];
- /** @var HTTPAdapter */
+ /** @var \SimpleSAML\Utils\HttpAdapter */
private $http;
/**
@@ -26,15 +30,15 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
*
* @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
- * @param HTTPAdapter $http HTTP utility service (handles redirects).
+ * @param \SimpleSAML\Utils\HttpAdapter $http HTTP utility service (handles redirects).
* @throws \SimpleSAML\Error\Exception
*/
- public function __construct(&$config, $reserved, HttpAdapter $http = null)
+ public function __construct(&$config, $reserved, Utils\HttpAdapter $http = null)
{
parent::__construct($config, $reserved);
assert(is_array($config));
- $this->http = $http ? : new HttpAdapter();
+ $this->http = $http ? : new Utils\HttpAdapter();
foreach ($config as $attribute => $rules) {
if ($attribute === '%ignoreEntities') {
@@ -43,7 +47,7 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
}
if (!is_string($attribute)) {
- throw new \SimpleSAML\Error\Exception('Invalid attribute name: '.var_export($attribute, true));
+ throw new Error\Exception('Invalid attribute name: '.var_export($attribute, true));
}
$this->cardinality[$attribute] = ['warn' => false];
@@ -68,20 +72,20 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
} elseif (!is_int($this->cardinality[$attribute]['min']) ||
$this->cardinality[$attribute]['min'] < 0
) {
- throw new \SimpleSAML\Error\Exception('Minimum cardinality must be a positive integer: '.
+ throw new Error\Exception('Minimum cardinality must be a positive integer: '.
var_export($attribute, true));
}
if (array_key_exists('max', $this->cardinality[$attribute]) &&
!is_int($this->cardinality[$attribute]['max'])
) {
- throw new \SimpleSAML\Error\Exception('Maximum cardinality must be a positive integer: '.
+ throw new Error\Exception('Maximum cardinality must be a positive integer: '.
var_export($attribute, true));
}
if (array_key_exists('min', $this->cardinality[$attribute]) &&
array_key_exists('max', $this->cardinality[$attribute]) &&
$this->cardinality[$attribute]['min'] > $this->cardinality[$attribute]['max']
) {
- throw new \SimpleSAML\Error\Exception('Minimum cardinality must be less than maximium: '.
+ throw new Error\Exception('Minimum cardinality must be less than maximium: '.
var_export($attribute, true));
}
@@ -109,7 +113,7 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
$entityid = $request['Source']['entityid'];
}
if (in_array($entityid, $this->ignoreEntities, true)) {
- \SimpleSAML\Logger::debug('Cardinality: Ignoring assertions from '.$entityid);
+ Logger::debug('Cardinality: Ignoring assertions from '.$entityid);
return;
}
@@ -124,7 +128,7 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
/* minimum cardinality */
if (count($v) < $this->cardinality[$k]['min']) {
if ($this->cardinality[$k]['warn']) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
sprintf(
'Cardinality: attribute %s from %s does not meet minimum cardinality of %d (%d)',
$k,
@@ -145,7 +149,7 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
/* maximum cardinality */
if (array_key_exists('max', $this->cardinality[$k]) && count($v) > $this->cardinality[$k]['max']) {
if ($this->cardinality[$k]['warn']) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
sprintf(
'Cardinality: attribute %s from %s does not meet maximum cardinality of %d (%d)',
$k,
@@ -170,7 +174,7 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
continue;
}
if ($this->cardinality[$k]['warn']) {
- \SimpleSAML\Logger::warning(sprintf(
+ Logger::warning(sprintf(
'Cardinality: attribute %s from %s is missing',
$k,
$entityid
@@ -185,8 +189,8 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
/* abort if we found a problematic attribute */
if (array_key_exists('core:cardinality:errorAttributes', $request)) {
- $id = \SimpleSAML\Auth\State::saveState($request, 'core:cardinality');
- $url = \SimpleSAML\Module::getModuleURL('core/cardinality_error.php');
+ $id = Auth\State::saveState($request, 'core:cardinality');
+ $url = Module::getModuleURL('core/cardinality_error.php');
$this->http->redirectTrustedURL($url, ['StateId' => $id]);
return;
}
diff --git a/modules/core/lib/Auth/Process/CardinalitySingle.php b/modules/core/lib/Auth/Process/CardinalitySingle.php
index ca758adec8c0ec7ec95b2911212eb7e4ba11df89..13dad416bed83a371da51df9a9d2bc4819452f50 100644
--- a/modules/core/lib/Auth/Process/CardinalitySingle.php
+++ b/modules/core/lib/Auth/Process/CardinalitySingle.php
@@ -2,7 +2,10 @@
namespace SimpleSAML\Module\core\Auth\Process;
-use SimpleSAML\Utils\HttpAdapter;
+use SimpleSAML\Auth;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
/**
* Filter to ensure correct cardinality of single-valued attributes
@@ -30,7 +33,7 @@ class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter
/** @var array Entities that should be ignored */
private $ignoreEntities = [];
- /** @var HTTPAdapter */
+ /** @var \SimpleSAML\Utils\HttpAdapter */
private $http;
/**
@@ -38,14 +41,14 @@ class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter
*
* @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
- * @param HTTPAdapter $http HTTP utility service (handles redirects).
+ * @param \SimpleSAML\Utils\HttpAdapter $http HTTP utility service (handles redirects).
*/
- public function __construct(&$config, $reserved, HttpAdapter $http = null)
+ public function __construct(&$config, $reserved, Utils\HttpAdapter $http = null)
{
parent::__construct($config, $reserved);
assert(is_array($config));
- $this->http = $http ? : new HttpAdapter();
+ $this->http = $http ? : new Utils\HttpAdapter();
if (array_key_exists('singleValued', $config)) {
$this->singleValued = $config['singleValued'];
@@ -88,7 +91,7 @@ class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter
array_key_exists('entityid', $request['Source']) &&
in_array($request['Source']['entityid'], $this->ignoreEntities, true)
) {
- \SimpleSAML\Logger::debug('CardinalitySingle: Ignoring assertions from '.$request['Source']['entityid']);
+ Logger::debug('CardinalitySingle: Ignoring assertions from '.$request['Source']['entityid']);
return;
}
@@ -116,8 +119,8 @@ class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter
/* abort if we found a problematic attribute */
if (array_key_exists('core:cardinality:errorAttributes', $request)) {
- $id = \SimpleSAML\Auth\State::saveState($request, 'core:cardinality');
- $url = \SimpleSAML\Module::getModuleURL('core/cardinality_error.php');
+ $id = Auth\State::saveState($request, 'core:cardinality');
+ $url = Module::getModuleURL('core/cardinality_error.php');
$this->http->redirectTrustedURL($url, ['StateId' => $id]);
return;
}
diff --git a/modules/core/lib/Auth/Process/ExtendIdPSession.php b/modules/core/lib/Auth/Process/ExtendIdPSession.php
index adfa3fd1e547f2e5b560cd9c8f553001c02d9be7..7c6aa746a97dbc013e621dd40663abadb99229f4 100644
--- a/modules/core/lib/Auth/Process/ExtendIdPSession.php
+++ b/modules/core/lib/Auth/Process/ExtendIdPSession.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Configuration;
+use SimpleSAML\Session;
+use SimpleSAML\SessionHandler;
+
/**
* Extend IdP session and cookies.
*/
@@ -22,7 +26,7 @@ class ExtendIdPSession extends \SimpleSAML\Auth\ProcessingFilter
$now = time();
$delta = $state['Expire'] - $now;
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
$sessionDuration = $globalConfig->getInteger('session.duration', 28800); // 8*60*60
// Extend only if half of session duration already passed
@@ -31,7 +35,7 @@ class ExtendIdPSession extends \SimpleSAML\Auth\ProcessingFilter
}
// Update authority expire time
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$session->setAuthorityExpire($state['Authority']);
// Update session cookies duration
@@ -46,7 +50,7 @@ class ExtendIdPSession extends \SimpleSAML\Auth\ProcessingFilter
}
// Or if session lifetime is more than zero
- $sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();
+ $sessionHandler = SessionHandler::getSessionHandler();
$cookieParams = $sessionHandler->getCookieParams();
if ($cookieParams['lifetime'] > 0) {
$session->updateSessionCookies();
diff --git a/modules/core/lib/Auth/Process/GenerateGroups.php b/modules/core/lib/Auth/Process/GenerateGroups.php
index 0ea05f67cd36f7e29777e3af32b0a96222696370..b5d738e1df64a6c45d467a6ea10f881bd2f309e7 100644
--- a/modules/core/lib/Auth/Process/GenerateGroups.php
+++ b/modules/core/lib/Auth/Process/GenerateGroups.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Logger;
+
/**
* Filter to generate a groups attribute based on many of the attributes of the user.
*
@@ -67,7 +69,7 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter
foreach ($this->generateGroupsFrom as $name) {
if (!array_key_exists($name, $attributes)) {
- \SimpleSAML\Logger::debug('GenerateGroups - attribute \''.$name.'\' not found.');
+ Logger::debug('GenerateGroups - attribute \''.$name.'\' not found.');
// Attribute not present
continue;
}
diff --git a/modules/core/lib/Auth/Process/LanguageAdaptor.php b/modules/core/lib/Auth/Process/LanguageAdaptor.php
index ebee8f1d775e458d1897677d2a43d08a29b3ca08..818b866a96c0d04215ddb5f1e48cdda2f1b6d355 100644
--- a/modules/core/lib/Auth/Process/LanguageAdaptor.php
+++ b/modules/core/lib/Auth/Process/LanguageAdaptor.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Locale\Language;
+use SimpleSAML\Logger;
+
/**
* Filter to set and get language settings from attributes.
*
@@ -50,18 +53,18 @@ class LanguageAdaptor extends \SimpleSAML\Auth\ProcessingFilter
$attrlang = $attributes[$this->langattr][0];
}
- $lang = \SimpleSAML\Locale\Language::getLanguageCookie();
+ $lang = Language::getLanguageCookie();
if (isset($attrlang)) {
- \SimpleSAML\Logger::debug('LanguageAdaptor: Language in attribute was set ['.$attrlang.']');
+ Logger::debug('LanguageAdaptor: Language in attribute was set ['.$attrlang.']');
}
if (isset($lang)) {
- \SimpleSAML\Logger::debug('LanguageAdaptor: Language in session was set ['.$lang.']');
+ Logger::debug('LanguageAdaptor: Language in session was set ['.$lang.']');
}
if (isset($attrlang) && !isset($lang)) {
// Language set in attribute but not in cookie - update cookie
- \SimpleSAML\Locale\Language::setLanguageCookie($attrlang);
+ Language::setLanguageCookie($attrlang);
} elseif (!isset($attrlang) && isset($lang)) {
// Language set in cookie, but not in attribute. Update attribute
$request['Attributes'][$this->langattr] = [$lang];
diff --git a/modules/core/lib/Auth/Process/PHP.php b/modules/core/lib/Auth/Process/PHP.php
index bf0504f52a570e2b6b6a79969f116ffd293b59ac..96eb1773b8b35a46e50247f92d09e7eb84fe2555 100644
--- a/modules/core/lib/Auth/Process/PHP.php
+++ b/modules/core/lib/Auth/Process/PHP.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Error;
+
/**
* Attribute filter for running arbitrary PHP code.
*
@@ -33,7 +35,7 @@ class PHP extends \SimpleSAML\Auth\ProcessingFilter
assert(is_array($config));
if (!isset($config['code'])) {
- throw new \SimpleSAML\Error\Exception("core:PHP: missing mandatory configuration option 'code'.");
+ throw new Error\Exception("core:PHP: missing mandatory configuration option 'code'.");
}
$this->code = (string) $config['code'];
}
diff --git a/modules/core/lib/Auth/Process/ScopeAttribute.php b/modules/core/lib/Auth/Process/ScopeAttribute.php
index f86058c5768a94d3321eb3ec8a6db4af75d8afcd..22bfa90aa0a87ff17e3726c07a4bab98bbfa1707 100644
--- a/modules/core/lib/Auth/Process/ScopeAttribute.php
+++ b/modules/core/lib/Auth/Process/ScopeAttribute.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Configuration;
+
/**
* Add a scoped variant of an attribute.
*
@@ -50,7 +52,7 @@ class ScopeAttribute extends \SimpleSAML\Auth\ProcessingFilter
parent::__construct($config, $reserved);
assert(is_array($config));
- $cfg = \SimpleSAML\Configuration::loadFromArray($config, 'ScopeAttribute');
+ $cfg = Configuration::loadFromArray($config, 'ScopeAttribute');
$this->scopeAttribute = $cfg->getString('scopeAttribute');
$this->sourceAttribute = $cfg->getString('sourceAttribute');
diff --git a/modules/core/lib/Auth/Process/ScopeFromAttribute.php b/modules/core/lib/Auth/Process/ScopeFromAttribute.php
index 323fc0038a914083988b57a53bb05f1493615b4d..54c9aa4cbf02a1c6d84257763e088b19041bf25a 100644
--- a/modules/core/lib/Auth/Process/ScopeFromAttribute.php
+++ b/modules/core/lib/Auth/Process/ScopeFromAttribute.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+
/**
* Retrieve a scope from a source attribute and add it as a virtual target
* attribute.
@@ -46,7 +49,7 @@ class ScopeFromAttribute extends \SimpleSAML\Auth\ProcessingFilter
parent::__construct($config, $reserved);
assert(is_array($config));
- $cfg = \SimpleSAML\Configuration::loadFromArray($config, 'ScopeFromAttribute');
+ $cfg = Configuration::loadFromArray($config, 'ScopeFromAttribute');
$this->targetAttribute = $cfg->getString('targetAttribute');
$this->sourceAttribute = $cfg->getString('sourceAttribute');
} // end constructor
@@ -85,10 +88,10 @@ class ScopeFromAttribute extends \SimpleSAML\Auth\ProcessingFilter
$attributes[$this->targetAttribute] = [];
$scope = substr($sourceAttrVal, $scopeIndex + 1);
$attributes[$this->targetAttribute][] = $scope;
- \SimpleSAML\Logger::debug('ScopeFromAttribute: Inserted new attribute '.
+ Logger::debug('ScopeFromAttribute: Inserted new attribute '.
$this->targetAttribute.', with scope '.$scope);
} else {
- \SimpleSAML\Logger::warning('ScopeFromAttribute: The configured source attribute '.
+ Logger::warning('ScopeFromAttribute: The configured source attribute '.
$this->sourceAttribute.' does not have a scope. Did not add attribute '.
$this->targetAttribute.'.');
}
diff --git a/modules/core/lib/Auth/Process/StatisticsWithAttribute.php b/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
index 7d796eceec7d6e18282e8290fa02ca1fd957419a..bf920128d881b4245a27c7d1d61c37a87b8bf4ba 100644
--- a/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
+++ b/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Logger;
+
/**
* Log a line in the STAT log with one attribute.
*
@@ -90,10 +92,10 @@ class StatisticsWithAttribute extends \SimpleSAML\Auth\ProcessingFilter
if (!array_key_exists('PreviousSSOTimestamp', $state)) {
// The user hasn't authenticated with this SP earlier in this session
- \SimpleSAML\Logger::stats($isPassive.$this->typeTag.'-first '.$dest.' '.$source.' '.$logAttribute);
+ Logger::stats($isPassive.$this->typeTag.'-first '.$dest.' '.$source.' '.$logAttribute);
}
- \SimpleSAML\Logger::stats($isPassive.$this->typeTag.' '.$dest.' '.$source.' '.$logAttribute);
+ Logger::stats($isPassive.$this->typeTag.' '.$dest.' '.$source.' '.$logAttribute);
}
/**
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index 46a6b04ff662cfe5c61b3b56722ab69b4de0065e..6c720d6ba530808692263cd4e28e0dc369a2b031 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SAML2\Constants;
+use SAML2\XML\saml\NameID;
+use SimpleSAML\Utils;
+
/**
* Filter to generate the eduPersonTargetedID attribute.
*
@@ -103,7 +107,7 @@ class TargetedID extends \SimpleSAML\Auth\ProcessingFilter
}
- $secretSalt = \SimpleSAML\Utils\Config::getSecretSalt();
+ $secretSalt = Utils\Config::getSecretSalt();
if (array_key_exists('Source', $state)) {
$srcID = self::getEntityId($state['Source']);
@@ -127,9 +131,9 @@ class TargetedID extends \SimpleSAML\Auth\ProcessingFilter
if ($this->generateNameId) {
// Convert the targeted ID to a SAML 2.0 name identifier element
- $nameId = new \SAML2\XML\saml\NameID();
+ $nameId = new NameID();
$nameId->setValue($uid);
- $nameId->setFormat(\SAML2\Constants::NAMEID_PERSISTENT);
+ $nameId->setFormat(Constants::NAMEID_PERSISTENT);
if (isset($state['Source']['entityid'])) {
$nameId->setNameQualifier($state['Source']['entityid']);
diff --git a/modules/core/lib/Auth/Process/WarnShortSSOInterval.php b/modules/core/lib/Auth/Process/WarnShortSSOInterval.php
index a2cbe71e80c0f24b5f914a14c0f7e15d3a182fa7..d79783e86ff9c08c3ada39ed957680aebf37e6ed 100644
--- a/modules/core/lib/Auth/Process/WarnShortSSOInterval.php
+++ b/modules/core/lib/Auth/Process/WarnShortSSOInterval.php
@@ -2,6 +2,11 @@
namespace SimpleSAML\Module\core\Auth\Process;
+use SimpleSAML\Auth;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
+
/**
* Give a warning to the user if we receive multiple requests in a short time.
*
@@ -42,12 +47,12 @@ class WarnShortSSOInterval extends \SimpleSAML\Auth\ProcessingFilter
$entityId = 'UNKNOWN';
}
- \SimpleSAML\Logger::warning('WarnShortSSOInterval: Only '.$timeDelta.
+ Logger::warning('WarnShortSSOInterval: Only '.$timeDelta.
' seconds since last SSO for this user from the SP '.var_export($entityId, true));
// Save state and redirect
- $id = \SimpleSAML\Auth\State::saveState($state, 'core:short_sso_interval');
- $url = \SimpleSAML\Module::getModuleURL('core/short_sso_interval.php');
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, ['StateId' => $id]);
+ $id = Auth\State::saveState($state, 'core:short_sso_interval');
+ $url = Module::getModuleURL('core/short_sso_interval.php');
+ Utils\HTTP::redirectTrustedURL($url, ['StateId' => $id]);
}
}
diff --git a/modules/core/lib/Auth/Source/AdminPassword.php b/modules/core/lib/Auth/Source/AdminPassword.php
index 45ce4c2696bb2514f9b579fcdf29f8c4dbcc1431..931707dbbc3b4985be1b8a23203dfd13a9482025 100644
--- a/modules/core/lib/Auth/Source/AdminPassword.php
+++ b/modules/core/lib/Auth/Source/AdminPassword.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Auth\Source;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+
/**
* Authentication source which verifies the password against
* the 'auth.adminpassword' configuration option.
@@ -46,19 +49,19 @@ class AdminPassword extends \SimpleSAML\Module\core\Auth\UserPassBase
assert(is_string($username));
assert(is_string($password));
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$adminPassword = $config->getString('auth.adminpassword', '123');
if ($adminPassword === '123') {
// We require that the user changes the password
- throw new \SimpleSAML\Error\Error('NOTSET');
+ throw new Error\Error('NOTSET');
}
if ($username !== "admin") {
- throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
+ throw new Error\Error('WRONGUSERPASS');
}
if (!\SimpleSAML\Utils\Crypto::pwValid($adminPassword, $password)) {
- throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
+ throw new Error\Error('WRONGUSERPASS');
}
return ['user' => ['admin']];
}
diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php
index 2730c8cb007df717d35e9a34a830437ad0d424cc..2eb860bf3a98873180fb8f7fa294ce4c2f98783f 100644
--- a/modules/core/lib/Auth/UserPassBase.php
+++ b/modules/core/lib/Auth/UserPassBase.php
@@ -2,6 +2,14 @@
namespace SimpleSAML\Module\core\Auth;
+use SAML2\Constants;
+use SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Utils\HTTP;
+
/**
* Helper class for username/password authentication.
*
@@ -104,7 +112,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
}
// get the "remember me" config options
- $sspcnf = \SimpleSAML\Configuration::getInstance();
+ $sspcnf = Configuration::getInstance();
$this->rememberMeEnabled = $sspcnf->getBoolean('session.rememberme.enable', false);
$this->rememberMeChecked = $sspcnf->getBoolean('session.rememberme.checked', false);
}
@@ -206,11 +214,11 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
// doesn't define how the credentials are transferred, but Office 365
// uses the Authorization header, so we will just use that in lieu of
// other use cases.
- if (isset($state['saml:Binding']) && $state['saml:Binding'] === \SAML2\Constants::BINDING_PAOS) {
+ if (isset($state['saml:Binding']) && $state['saml:Binding'] === Constants::BINDING_PAOS) {
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
- \SimpleSAML\Logger::error("ECP AuthnRequest did not contain Basic Authentication header");
+ Logger::error("ECP AuthnRequest did not contain Basic Authentication header");
// TODO Return a SOAP fault instead of using the current binding?
- throw new \SimpleSAML\Error\Error("WRONGUSERPASS");
+ throw new Error\Error("WRONGUSERPASS");
}
$username = $_SERVER['PHP_AUTH_USER'];
@@ -228,15 +236,15 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
}
// Save the $state-array, so that we can restore it after a redirect
- $id = \SimpleSAML\Auth\State::saveState($state, self::STAGEID);
+ $id = Auth\State::saveState($state, self::STAGEID);
/*
* Redirect to the login form. We include the identifier of the saved
* state array as a parameter to the login form.
*/
- $url = \SimpleSAML\Module::getModuleURL('core/loginuserpass.php');
+ $url = Module::getModuleURL('core/loginuserpass.php');
$params = ['AuthState' => $id];
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
+ HTTP::redirectTrustedURL($url, $params);
// The previous function never returns, so this code is never executed.
assert(false);
@@ -278,11 +286,11 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
assert(is_string($password));
// Here we retrieve the state array we saved in the authenticate-function.
- $state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
+ $state = Auth\State::loadState($authStateId, self::STAGEID);
// Retrieve the authentication source we are executing.
assert(array_key_exists(self::AUTHID, $state));
- $source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
+ $source = Auth\Source::getById($state[self::AUTHID]);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$state[self::AUTHID]);
}
@@ -296,17 +304,17 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
try {
$attributes = $source->login($username, $password);
} catch (\Exception $e) {
- \SimpleSAML\Logger::stats('Unsuccessful login attempt from '.$_SERVER['REMOTE_ADDR'].'.');
+ Logger::stats('Unsuccessful login attempt from '.$_SERVER['REMOTE_ADDR'].'.');
throw $e;
}
- \SimpleSAML\Logger::stats('User \''.$username.'\' successfully authenticated from '.$_SERVER['REMOTE_ADDR']);
+ Logger::stats('User \''.$username.'\' successfully authenticated from '.$_SERVER['REMOTE_ADDR']);
// Save the attributes we received from the login-function in the $state-array
assert(is_array($attributes));
$state['Attributes'] = $attributes;
// Return control to SimpleSAMLphp after successful authentication.
- \SimpleSAML\Auth\Source::completeAuth($state);
+ Auth\Source::completeAuth($state);
}
}
diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php
index 6eca0d095491f3c16d995fc0c487181a522e115a..3975ef2221ec84d1819e899590bca6824bd14969 100644
--- a/modules/core/lib/Auth/UserPassOrgBase.php
+++ b/modules/core/lib/Auth/UserPassOrgBase.php
@@ -2,6 +2,11 @@
namespace SimpleSAML\Module\core\Auth;
+use SimpleSAML\Auth;
+use SimpleSAML\Error;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
+
/**
* Helper class for username/password/organization authentication.
*
@@ -208,11 +213,11 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
// We are going to need the authId in order to retrieve this authentication source later
$state[self::AUTHID] = $this->authId;
- $id = \SimpleSAML\Auth\State::saveState($state, self::STAGEID);
+ $id = Auth\State::saveState($state, self::STAGEID);
- $url = \SimpleSAML\Module::getModuleURL('core/loginuserpassorg.php');
+ $url = Module::getModuleURL('core/loginuserpassorg.php');
$params = ['AuthState' => $id];
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
+ Utils\HTTP::redirectTrustedURL($url, $params);
}
@@ -267,11 +272,11 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
assert(is_string($organization));
/* Retrieve the authentication state. */
- $state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
+ $state = Auth\State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert(array_key_exists(self::AUTHID, $state));
- $source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
+ $source = Auth\Source::getById($state[self::AUTHID]);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$state[self::AUTHID]);
}
@@ -285,7 +290,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
} else {
if ($orgMethod === 'force') {
/* The organization should be a part of the username, but isn't. */
- throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
+ throw new Error\Error('WRONGUSERPASS');
}
}
}
@@ -298,7 +303,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
$state['PersistentAuthData'][] = self::ORGID;
$state['Attributes'] = $attributes;
- \SimpleSAML\Auth\Source::completeAuth($state);
+ Auth\Source::completeAuth($state);
}
@@ -316,11 +321,11 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
assert(is_string($authStateId));
/* Retrieve the authentication state. */
- $state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
+ $state = Auth\State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert(array_key_exists(self::AUTHID, $state));
- $source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
+ $source = Auth\Source::getById($state[self::AUTHID]);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$state[self::AUTHID]);
}
diff --git a/modules/core/lib/Controller.php b/modules/core/lib/Controller.php
index 8a4563f42df18c96261dab9a35344e64c8a01c7e..1d88454b0c1f791ea27aad4a13a0a3ecb0dd5ca6 100644
--- a/modules/core/lib/Controller.php
+++ b/modules/core/lib/Controller.php
@@ -2,9 +2,15 @@
namespace SimpleSAML\Module\core;
-use SimpleSAML\Error\Exception;
+use SimpleSAML\Auth;
+use SimpleSAML\Auth\AuthenticationFactory;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
use SimpleSAML\HTTP\RunnableResponse;
-
+use SimpleSAML\Module;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+use SimpleSAML\XHTML\Template;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
@@ -17,7 +23,6 @@ use Symfony\Component\HttpFoundation\Request;
*/
class Controller
{
-
/** @var \SimpleSAML\Configuration */
protected $config;
@@ -43,9 +48,9 @@ class Controller
* @throws \Exception
*/
public function __construct(
- \SimpleSAML\Configuration $config,
- \SimpleSAML\Session $session,
- \SimpleSAML\Auth\AuthenticationFactory $factory
+ Configuration $config,
+ Session $session,
+ AuthenticationFactory $factory
) {
$this->config = $config;
$this->factory = $factory;
@@ -67,24 +72,24 @@ class Controller
public function account($as)
{
if (!array_key_exists($as, $this->sources)) {
- throw new Exception('Invalid authentication source');
+ throw new Error\Exception('Invalid authentication source');
}
$auth = $this->factory->create($as);
if (!$auth->isAuthenticated()) {
// not authenticated, start auth with specified source
- return new RedirectResponse(\SimpleSAML\Module::getModuleURL('core/login/'.urlencode($as)));
+ return new RedirectResponse(Module::getModuleURL('core/login/'.urlencode($as)));
}
$attributes = $auth->getAttributes();
- $t = new \SimpleSAML\XHTML\Template($this->config, 'auth_status.twig', 'attributes');
+ $t = new Template($this->config, 'auth_status.twig', 'attributes');
$t->data['header'] = '{status:header_saml20_sp}';
$t->data['attributes'] = $attributes;
$t->data['nameid'] = !is_null($auth->getAuthData('saml:sp:NameID'))
? $auth->getAuthData('saml:sp:NameID')
: false;
- $t->data['logouturl'] = \SimpleSAML\Module::getModuleURL('core/logout/'.urlencode($as));
+ $t->data['logouturl'] = Module::getModuleURL('core/logout/'.urlencode($as));
$t->data['remaining'] = $this->session->getAuthData($as, 'Expire') - time();
$t->setStatusCode(200);
@@ -118,37 +123,37 @@ class Controller
}
if ($as === null) { // no authentication source specified
- $t = new \SimpleSAML\XHTML\Template($this->config, 'core:login.twig');
- $t->data['loginurl'] = \SimpleSAML\Utils\Auth::getAdminLoginURL();
+ $t = new Template($this->config, 'core:login.twig');
+ $t->data['loginurl'] = Utils\Auth::getAdminLoginURL();
$t->data['sources'] = $this->sources;
return $t;
}
// auth source defined, check if valid
if (!array_key_exists($as, $this->sources)) {
- throw new Exception('Invalid authentication source');
+ throw new Error\Exception('Invalid authentication source');
}
// at this point, we have a valid auth source selected, start auth
$auth = $this->factory->create($as);
$as = urlencode($as);
- if ($request->get(\SimpleSAML\Auth\State::EXCEPTION_PARAM, false) !== false) {
+ if ($request->get(Auth\State::EXCEPTION_PARAM, false) !== false) {
// This is just a simple example of an error
- $state = \SimpleSAML\Auth\State::loadExceptionState();
- assert(array_key_exists(\SimpleSAML\Auth\State::EXCEPTION_DATA, $state));
- $e = $state[\SimpleSAML\Auth\State::EXCEPTION_DATA];
+ $state = Auth\State::loadExceptionState();
+ assert(array_key_exists(Auth\State::EXCEPTION_DATA, $state));
+ $e = $state[Auth\State::EXCEPTION_DATA];
throw $e;
}
if ($auth->isAuthenticated()) {
- return new RedirectResponse(\SimpleSAML\Module::getModuleURL('core/account/'.$as));
+ return new RedirectResponse(Module::getModuleURL('core/account/'.$as));
}
// we're not logged in, start auth
- $url = \SimpleSAML\Module::getModuleURL('core/login/'.$as);
+ $url = Module::getModuleURL('core/login/'.$as);
$params = array(
'ErrorURL' => $url,
'ReturnTo' => $url,
@@ -168,7 +173,7 @@ class Controller
*/
public function logout($as)
{
- $auth = new \SimpleSAML\Auth\Simple($as);
+ $auth = new Auth\Simple($as);
return new RunnableResponse([$auth, 'logout'], [$this->config->getBasePath().'logout.php']);
}
}
diff --git a/modules/core/lib/Stats/Output/File.php b/modules/core/lib/Stats/Output/File.php
index fb95e42e7382d6dea8b1d2a58dc39d6dee2d80a5..d3875afd13bd1f29c88aec391544784d7f9b409a 100644
--- a/modules/core/lib/Stats/Output/File.php
+++ b/modules/core/lib/Stats/Output/File.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Stats\Output;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+
/**
* Statistics logger that writes to a set of log files
*
@@ -33,7 +36,7 @@ class File extends \SimpleSAML\Stats\Output
*
* @param \SimpleSAML\Configuration $config The configuration for this output.
*/
- public function __construct(\SimpleSAML\Configuration $config)
+ public function __construct(Configuration $config)
{
$this->logDir = $config->getPathValue('directory');
if ($this->logDir === null) {
@@ -63,7 +66,7 @@ class File extends \SimpleSAML\Stats\Output
$fileName = $this->logDir.'/'.$date.'.log';
$this->file = @fopen($fileName, 'a');
if ($this->file === false) {
- throw new \SimpleSAML\Error\Exception('Error opening log file: '.var_export($fileName, true));
+ throw new Error\Exception('Error opening log file: '.var_export($fileName, true));
}
// Disable output buffering
diff --git a/modules/core/lib/Stats/Output/Log.php b/modules/core/lib/Stats/Output/Log.php
index d4919c5795cc2a02efb867e7b209e9df88828f00..0bf5603131d16d313ab419be952452835e797a23 100644
--- a/modules/core/lib/Stats/Output/Log.php
+++ b/modules/core/lib/Stats/Output/Log.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Stats\Output;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+
/**
* Statistics logger that writes to the default logging handler.
*
@@ -22,10 +25,10 @@ class Log extends \SimpleSAML\Stats\Output
* @param \SimpleSAML\Configuration $config The configuration for this output.
* @throws \Exception
*/
- public function __construct(\SimpleSAML\Configuration $config)
+ public function __construct(Configuration $config)
{
$logLevel = $config->getString('level', 'notice');
- $this->logger = ['\SimpleSAML\Logger', $logLevel];
+ $this->logger = [Logger::class, $logLevel];
if (!is_callable($this->logger)) {
throw new \Exception('Invalid log level: '.var_export($logLevel, true));
}
diff --git a/modules/core/lib/Storage/SQLPermanentStorage.php b/modules/core/lib/Storage/SQLPermanentStorage.php
index 0650f7bf2ce9588e1905f0e11ca2f7ea9ad19d6b..bfbb4643725a502a8f326c2f2949a5aa46efc10f 100644
--- a/modules/core/lib/Storage/SQLPermanentStorage.php
+++ b/modules/core/lib/Storage/SQLPermanentStorage.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\core\Storage;
+use PDO;
+use SimpleSAML\Configuration;
+
/**
* SQLPermanentStorage
*
@@ -26,7 +29,7 @@ class SQLPermanentStorage
public function __construct($name, $config = null)
{
if (is_null($config)) {
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
}
$datadir = $config->getPathValue('datadir', 'data/');
@@ -43,7 +46,7 @@ class SQLPermanentStorage
}
$dbfile = 'sqlite:'.$sqllitedir.$name.'.sqlite';
- if ($this->db = new \PDO($dbfile)) {
+ if ($this->db = new PDO($dbfile)) {
$q = @$this->db->query('SELECT key1 FROM data LIMIT 1');
if ($q === false) {
$this->db->exec('
@@ -103,7 +106,7 @@ class SQLPermanentStorage
':updated' => time(), ':expire' => $expire,
':value' => serialize($value)];
$prepared->execute($data);
- $results = $prepared->fetchAll(\PDO::FETCH_ASSOC);
+ $results = $prepared->fetchAll(PDO::FETCH_ASSOC);
return $results;
}
@@ -127,7 +130,7 @@ class SQLPermanentStorage
':type' => $type, ':updated' => time(),
':expire' => $expire, ':value' => serialize($value)];
$prepared->execute($data);
- $results = $prepared->fetchAll(\PDO::FETCH_ASSOC);
+ $results = $prepared->fetchAll(PDO::FETCH_ASSOC);
return $results;
}
@@ -145,7 +148,7 @@ class SQLPermanentStorage
$prepared = $this->db->prepare($query);
$prepared->execute();
- $results = $prepared->fetchAll(\PDO::FETCH_ASSOC);
+ $results = $prepared->fetchAll(PDO::FETCH_ASSOC);
if (count($results) !== 1) {
return null;
}
@@ -185,7 +188,7 @@ class SQLPermanentStorage
$prepared = $this->db->prepare($query);
$data = [':type' => $type, ':key1' => $key1, ':key2' => $key2];
$prepared->execute($data);
- $results = $prepared->fetchAll(\PDO::FETCH_ASSOC);
+ $results = $prepared->fetchAll(PDO::FETCH_ASSOC);
return (count($results) == 1);
}
@@ -203,7 +206,7 @@ class SQLPermanentStorage
$prepared = $this->db->prepare($query);
$prepared->execute();
- $results = $prepared->fetchAll(\PDO::FETCH_ASSOC);
+ $results = $prepared->fetchAll(PDO::FETCH_ASSOC);
if (count($results) == 0) {
return null;
}
@@ -234,7 +237,7 @@ class SQLPermanentStorage
$prepared = $this->db->prepare($query);
$data = ['whichKey' => $whichKey];
$prepared->execute($data);
- $results = $prepared->fetchAll(\PDO::FETCH_ASSOC);
+ $results = $prepared->fetchAll(PDO::FETCH_ASSOC);
if (count($results) == 0) {
return null;
@@ -259,7 +262,7 @@ class SQLPermanentStorage
$prepared = $this->db->prepare($query);
$data = [':type' => $type, ':key1' => $key1, ':key2' => $key2];
$prepared->execute($data);
- $results = $prepared->fetchAll(\PDO::FETCH_ASSOC);
+ $results = $prepared->fetchAll(PDO::FETCH_ASSOC);
return (count($results) == 1);
}
diff --git a/modules/cron/lib/Cron.php b/modules/cron/lib/Cron.php
index 5396a2cfe0762221ccac7836b6c90718bb16b1cd..9956a87d42880436e36d8c8d7ac52ba3b69321b2 100644
--- a/modules/cron/lib/Cron.php
+++ b/modules/cron/lib/Cron.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Module\cron;
+use SimpleSAML\Configuration;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+
/**
* Handles interactions with SSP's cron system/hooks.
*/
@@ -17,10 +21,10 @@ class Cron
* @param \SimpleSAML\Configuration $cronconfig The cron configuration to use. If not specified defaults
* to `config/module_cron.php`
*/
- public function __construct(\SimpleSAML\Configuration $cronconfig = null)
+ public function __construct(Configuration $cronconfig = null)
{
if ($cronconfig == null) {
- $cronconfig = \SimpleSAML\Configuration::getConfig('module_cron.php');
+ $cronconfig = Configuration::getConfig('module_cron.php');
}
$this->cronconfig = $cronconfig;
}
@@ -43,10 +47,10 @@ class Cron
'tag' => $tag,
];
- \SimpleSAML\Module::callHooks('cron', $croninfo);
+ Module::callHooks('cron', $croninfo);
foreach ($summary as $s) {
- \SimpleSAML\Logger::debug('Cron - Summary: '.$s);
+ Logger::debug('Cron - Summary: '.$s);
}
return $croninfo;
diff --git a/modules/exampleauth/lib/Auth/Process/RedirectTest.php b/modules/exampleauth/lib/Auth/Process/RedirectTest.php
index e72c5459e197b7c03e3ec547206f4d5a224461e8..aa4109a75b7ac1fe0c8b525cf6a08ed330399ab3 100644
--- a/modules/exampleauth/lib/Auth/Process/RedirectTest.php
+++ b/modules/exampleauth/lib/Auth/Process/RedirectTest.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Module\exampleautth\Auth\Process;
+use SimpleSAML\Auth;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
+
/**
* A simple processing filter for testing that redirection works as it should.
*
@@ -23,8 +27,8 @@ class RedirectTest extends \SimpleSAML\Auth\ProcessingFilter
$state['Attributes']['RedirectTest1'] = ['OK'];
// Save state and redirect
- $id = \SimpleSAML\Auth\State::saveState($state, 'exampleauth:redirectfilter-test');
- $url = \SimpleSAML\Module::getModuleURL('exampleauth/redirecttest.php');
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, ['StateId' => $id]);
+ $id = Auth\State::saveState($state, 'exampleauth:redirectfilter-test');
+ $url = Module::getModuleURL('exampleauth/redirecttest.php');
+ Utils\HTTP::redirectTrustedURL($url, ['StateId' => $id]);
}
}
diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php
index 409b4ea42b8f87ff02fd3023925844ef6f328249..1b37ad7a86a99c5df7accf94a1ec84ab1d51dac5 100644
--- a/modules/exampleauth/lib/Auth/Source/External.php
+++ b/modules/exampleauth/lib/Auth/Source/External.php
@@ -2,6 +2,11 @@
namespace SimpleSAML\Module\exampleauth\Auth\Source;
+use SimpleSAML\Auth;
+use SimpleSAML\Error;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
+
/**
* Example external authentication source.
*
@@ -138,14 +143,14 @@ class External extends \SimpleSAML\Auth\Source
* and restores it in another location, and thus bypasses steps in
* the authentication process.
*/
- $stateId = \SimpleSAML\Auth\State::saveState($state, 'exampleauth:External');
+ $stateId = Auth\State::saveState($state, 'exampleauth:External');
/*
* Now we generate a URL the user should return to after authentication.
* We assume that whatever authentication page we send the user to has an
* option to return the user to a specific page afterwards.
*/
- $returnTo = \SimpleSAML\Module::getModuleURL('exampleauth/resume.php', [
+ $returnTo = Module::getModuleURL('exampleauth/resume.php', [
'State' => $stateId,
]);
@@ -156,7 +161,7 @@ class External extends \SimpleSAML\Auth\Source
* is also part of this module, but in a real example, this would likely be
* the absolute URL of the login page for the site.
*/
- $authPage = \SimpleSAML\Module::getModuleURL('exampleauth/authpage.php');
+ $authPage = Module::getModuleURL('exampleauth/authpage.php');
/*
* The redirect to the authentication page.
@@ -164,7 +169,7 @@ class External extends \SimpleSAML\Auth\Source
* Note the 'ReturnTo' parameter. This must most likely be replaced with
* the real name of the parameter for the login page.
*/
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($authPage, [
+ Utils\HTTP::redirectTrustedURL($authPage, [
'ReturnTo' => $returnTo,
]);
@@ -193,26 +198,26 @@ class External extends \SimpleSAML\Auth\Source
* it in the 'State' request parameter.
*/
if (!isset($_REQUEST['State'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing "State" parameter.');
+ throw new Error\BadRequest('Missing "State" parameter.');
}
/*
* Once again, note the second parameter to the loadState function. This must
* match the string we used in the saveState-call above.
*/
- $state = \SimpleSAML\Auth\State::loadState($_REQUEST['State'], 'exampleauth:External');
+ $state = Auth\State::loadState($_REQUEST['State'], 'exampleauth:External');
/*
* Now we have the $state-array, and can use it to locate the authentication
* source.
*/
- $source = \SimpleSAML\Auth\Source::getById($state['exampleauth:AuthID']);
+ $source = Auth\Source::getById($state['exampleauth:AuthID']);
if ($source === null) {
/*
* The only way this should fail is if we remove or rename the authentication source
* while the user is at the login page.
*/
- throw new \SimpleSAML\Error\Exception('Could not find authentication source with id '.$state[self::AUTHID]);
+ throw new Error\Exception('Could not find authentication source with id '.$state[self::AUTHID]);
}
/*
@@ -221,7 +226,7 @@ class External extends \SimpleSAML\Auth\Source
* change config/authsources.php while an user is logging in.
*/
if (!($source instanceof self)) {
- throw new \SimpleSAML\Error\Exception('Authentication source type changed.');
+ throw new Error\Exception('Authentication source type changed.');
}
/*
@@ -237,7 +242,7 @@ class External extends \SimpleSAML\Auth\Source
* Here we simply throw an exception, but we could also redirect the user back to the
* login page.
*/
- throw new \SimpleSAML\Error\Exception('User not authenticated after login page.');
+ throw new Error\Exception('User not authenticated after login page.');
}
/*
@@ -246,7 +251,7 @@ class External extends \SimpleSAML\Auth\Source
*/
$state['Attributes'] = $attributes;
- \SimpleSAML\Auth\Source::completeAuth($state);
+ Auth\Source::completeAuth($state);
/*
* The completeAuth-function never returns, so we never get this far.
diff --git a/modules/exampleauth/lib/Auth/Source/StaticSource.php b/modules/exampleauth/lib/Auth/Source/StaticSource.php
index 607a2e4962c94518253d0df461372177e3d33149..7d196b62d92407021317ee53d022594477d1d28c 100644
--- a/modules/exampleauth/lib/Auth/Source/StaticSource.php
+++ b/modules/exampleauth/lib/Auth/Source/StaticSource.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Module\exampleauth\Auth\Source;
+use SimpleSAML\Utils;
+
/**
* Example authentication source.
*
@@ -34,7 +36,7 @@ class StaticSource extends \SimpleSAML\Auth\Source
// Parse attributes
try {
- $this->attributes = \SimpleSAML\Utils\Attributes::normalizeAttributesArray($config);
+ $this->attributes = Utils\Attributes::normalizeAttributesArray($config);
} catch (\Exception $e) {
throw new \Exception('Invalid attributes for authentication source '.
$this->authId.': '.$e->getMessage());
diff --git a/modules/exampleauth/lib/Auth/Source/UserPass.php b/modules/exampleauth/lib/Auth/Source/UserPass.php
index 19da260bbdfa201c7bb86907da5a806e5002801b..76adc8324f346f1594e9a631861b25fd3d324780 100644
--- a/modules/exampleauth/lib/Auth/Source/UserPass.php
+++ b/modules/exampleauth/lib/Auth/Source/UserPass.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\exampleauth\Auth\Source;
+use SimpleSAML\Error;
+use SimpleSAML\Utils;
+
/**
* Example authentication source - username & password.
*
@@ -54,7 +57,7 @@ class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase
$password = $userpass[1];
try {
- $attributes = \SimpleSAML\Utils\Attributes::normalizeAttributesArray($attributes);
+ $attributes = Utils\Attributes::normalizeAttributesArray($attributes);
} catch (\Exception $e) {
throw new \Exception('Invalid attributes for user '.$username.
' in authentication source '.$this->authId.': '.$e->getMessage());
@@ -83,7 +86,7 @@ class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase
$userpass = $username.':'.$password;
if (!array_key_exists($userpass, $this->users)) {
- throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
+ throw new Error\Error('WRONGUSERPASS');
}
return $this->users[$userpass];
diff --git a/modules/multiauth/lib/Auth/Source/MultiAuth.php b/modules/multiauth/lib/Auth/Source/MultiAuth.php
index 185ccb46b2ed5d80c6b7259d080fbb0f64e5d174..31e76b2022383afedc6208afc758221d9ac5c8bb 100644
--- a/modules/multiauth/lib/Auth/Source/MultiAuth.php
+++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php
@@ -2,6 +2,13 @@
namespace SimpleSAML\Module\multiauth\Auth\Source;
+use SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\Module;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+
/**
* Authentication source which let the user chooses among a list of
* other authentication sources
@@ -68,9 +75,9 @@ class MultiAuth extends \SimpleSAML\Auth\Source
$this->preselect = $config['preselect'];
}
- $globalConfiguration = \SimpleSAML\Configuration::getInstance();
+ $globalConfiguration = Configuration::getInstance();
$defaultLanguage = $globalConfiguration->getString('language.default', 'en');
- $authsources = \SimpleSAML\Configuration::getConfig('authsources.php');
+ $authsources = Configuration::getConfig('authsources.php');
$this->sources = [];
foreach ($config['sources'] as $source => $info) {
if (is_int($source)) {
@@ -132,17 +139,17 @@ class MultiAuth extends \SimpleSAML\Auth\Source
$state[self::AUTHID] = $this->authId;
$state[self::SOURCESID] = $this->sources;
- if (!\array_key_exists('multiauth:preselect', $state) && is_string($this->preselect)) {
+ if (!array_key_exists('multiauth:preselect', $state) && is_string($this->preselect)) {
$state['multiauth:preselect'] = $this->preselect;
}
// Save the $state array, so that we can restore if after a redirect
- $id = \SimpleSAML\Auth\State::saveState($state, self::STAGEID);
+ $id = Auth\State::saveState($state, self::STAGEID);
/* Redirect to the select source page. We include the identifier of the
* saved state array as a parameter to the login form
*/
- $url = \SimpleSAML\Module::getModuleURL('multiauth/selectsource.php');
+ $url = Module::getModuleURL('multiauth/selectsource.php');
$params = ['AuthState' => $id];
// Allows the user to specify the auth source to be used
@@ -150,7 +157,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
$params['source'] = $_GET['source'];
}
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
+ Utils\HTTP::redirectTrustedURL($url, $params);
// The previous function never returns, so this code is never executed
assert(false);
@@ -175,7 +182,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
assert(is_string($authId));
assert(is_array($state));
- $as = \SimpleSAML\Auth\Source::getById($authId);
+ $as = Auth\Source::getById($authId);
$valid_sources = array_map(
/**
* @param array $src
@@ -191,23 +198,23 @@ class MultiAuth extends \SimpleSAML\Auth\Source
}
// Save the selected authentication source for the logout process.
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$session->setData(
self::SESSION_SOURCE,
$state[self::AUTHID],
$authId,
- \SimpleSAML\Session::DATA_TIMEOUT_SESSION_END
+ Session::DATA_TIMEOUT_SESSION_END
);
try {
$as->authenticate($state);
- } catch (\SimpleSAML\Error\Exception $e) {
- \SimpleSAML\Auth\State::throwException($state, $e);
+ } catch (Error\Exception $e) {
+ Auth\State::throwException($state, $e);
} catch (\Exception $e) {
- $e = new \SimpleSAML\Error\UnserializableException($e);
- \SimpleSAML\Auth\State::throwException($state, $e);
+ $e = new Error\UnserializableException($e);
+ Auth\State::throwException($state, $e);
}
- \SimpleSAML\Auth\Source::completeAuth($state);
+ Auth\Source::completeAuth($state);
}
@@ -225,10 +232,10 @@ class MultiAuth extends \SimpleSAML\Auth\Source
assert(is_array($state));
// Get the source that was used to authenticate
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$authId = $session->getData(self::SESSION_SOURCE, $this->authId);
- $source = \SimpleSAML\Auth\Source::getById($authId);
+ $source = Auth\Source::getById($authId);
if ($source === null) {
throw new \Exception('Invalid authentication source during logout: '.$source);
}
@@ -252,7 +259,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
$cookieName = 'multiauth_source_'.$this->authId;
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$params = [
// We save the cookies for 90 days
'lifetime' => 7776000, //60*60*24*90
@@ -261,7 +268,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
'httponly' => false,
];
- \SimpleSAML\Utils\HTTP::setCookie($cookieName, $source, $params, false);
+ Utils\HTTP::setCookie($cookieName, $source, $params, false);
}
diff --git a/modules/portal/lib/Portal.php b/modules/portal/lib/Portal.php
index 3df6495b583b9db2d96925bc28e4355b485716d1..12ae42aa98112e2d069c059082f6bde1d5f49eb3 100644
--- a/modules/portal/lib/Portal.php
+++ b/modules/portal/lib/Portal.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Module\portal;
+use SimpleSAML\Configuration;
+use SimpleSAML\Module;
+use SimpleSAML\Locale\Translate;
+
class Portal
{
/** @var array */
@@ -63,7 +67,7 @@ class Portal
public function getLoginInfo($translator, $thispage)
{
$info = ['info' => '', 'translator' => $translator, 'thispage' => $thispage];
- \SimpleSAML\Module::callHooks('portalLoginInfo', $info);
+ Module::callHooks('portalLoginInfo', $info);
return $info['info'];
}
@@ -74,8 +78,8 @@ class Portal
*/
public function getMenu($thispage)
{
- $config = \SimpleSAML\Configuration::getInstance();
- $t = new \SimpleSAML\Locale\Translate($config);
+ $config = Configuration::getInstance();
+ $t = new Translate($config);
$tabset = $this->getTabset($thispage);
$logininfo = $this->getLoginInfo($t, $thispage);
$classes = 'tabset_tabs ui-tabs-nav ui-helper-reset ui-helper-clearfix ui-widget-header ui-corner-all';
diff --git a/modules/saml/lib/Auth/Process/AttributeNameID.php b/modules/saml/lib/Auth/Process/AttributeNameID.php
index c7439d1e80fabd76f2e02a1fa13001c5583f3c3a..939bcacdb91f5c1db2037c0ddfda4a28961d5681 100644
--- a/modules/saml/lib/Auth/Process/AttributeNameID.php
+++ b/modules/saml/lib/Auth/Process/AttributeNameID.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\saml\Auth\Process;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+
/**
* Authentication processing filter to create a NameID from an attribute.
*
@@ -32,12 +35,12 @@ class AttributeNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
assert(is_array($config));
if (!isset($config['Format'])) {
- throw new \SimpleSAML\Error\Exception("AttributeNameID: Missing required option 'Format'.");
+ throw new Error\Exception("AttributeNameID: Missing required option 'Format'.");
}
$this->format = (string) $config['Format'];
if (!isset($config['attribute'])) {
- throw new \SimpleSAML\Error\Exception("AttributeNameID: Missing required option 'attribute'.");
+ throw new Error\Exception("AttributeNameID: Missing required option 'attribute'.");
}
$this->attribute = (string) $config['attribute'];
}
@@ -53,14 +56,14 @@ class AttributeNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
{
if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Missing attribute '.var_export($this->attribute, true).
' on user - not generating attribute NameID.'
);
return null;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'More than one value in attribute '.var_export($this->attribute, true).
' on user - not generating attribute NameID.'
);
@@ -70,7 +73,7 @@ class AttributeNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
$value = $value[0];
if (empty($value)) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Empty value in attribute '.var_export($this->attribute, true).
' on user - not generating attribute NameID.'
);
diff --git a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
index f579d2c5528802ed4e65c7e3afe8b0609f8e8693..c9330a8db1f5a2af5a594fe77948086aa57a5d70 100644
--- a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Module\saml\Auth\Process;
+use SimpleSAML\Error;
+
/**
* Filter for setting the AuthnContextClassRef in the response.
*
@@ -31,7 +33,7 @@ class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
assert(is_array($config));
if (!isset($config['AuthnContextClassRef'])) {
- throw new \SimpleSAML\Error\Exception('Missing AuthnContextClassRef option in processing filter.');
+ throw new Error\Exception('Missing AuthnContextClassRef option in processing filter.');
}
$this->authnContextClassRef = (string) $config['AuthnContextClassRef'];
diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
index b7aa14698a55f5443b104c520737dd6862850d20..7fde9ab41c0b0d04d4ebbe47127b41988fffe138 100644
--- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
@@ -2,6 +2,12 @@
namespace SimpleSAML\Module\saml\Auth\Process;
+use SimpleSAML\Auth;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Utils;
+
/**
* Attribute filter to validate AuthnContextClassRef values.
*
@@ -48,10 +54,10 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
assert(is_array($config));
if (empty($config['accepted'])) {
- \SimpleSAML\Logger::error(
+ Logger::error(
'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.'
);
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.'
);
}
@@ -92,15 +98,15 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
*/
protected function unauthorized(&$request)
{
- \SimpleSAML\Logger::error(
+ Logger::error(
'ExpectedAuthnContextClassRef: Invalid authentication context: '.$this->AuthnContextClassRef.
'. Accepted values are: '.var_export($this->accepted, true)
);
- $id = \SimpleSAML\Auth\State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
- $url = \SimpleSAML\Module::getModuleURL(
+ $id = Auth\State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
+ $url = Module::getModuleURL(
'saml/sp/wrong_authncontextclassref.php'
);
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, ['StateId' => $id]);
+ Utils\HTTP::redirectTrustedURL($url, ['StateId' => $id]);
}
}
diff --git a/modules/saml/lib/Auth/Process/FilterScopes.php b/modules/saml/lib/Auth/Process/FilterScopes.php
index 1478112be462d1a4956a16d818dbca8f61609faa..7427be412bb5e2b12cd2be4dbce5c313a8da58c7 100644
--- a/modules/saml/lib/Auth/Process/FilterScopes.php
+++ b/modules/saml/lib/Auth/Process/FilterScopes.php
@@ -3,6 +3,7 @@
namespace SimpleSAML\Module\saml\Auth\Process;
use SimpleSAML\Logger;
+use SimpleSAML\Utils;
/**
* Filter to remove attribute values which are not properly scoped.
@@ -67,7 +68,7 @@ class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
$values = $request['Attributes'][$attribute];
$newValues = [];
foreach ($values as $value) {
- $ep = \SimpleSAML\Utils\Config\Metadata::getDefaultEndpoint($request['Source']['SingleSignOnService']);
+ $ep = Utils\Config\Metadata::getDefaultEndpoint($request['Source']['SingleSignOnService']);
$loc = $ep['Location'];
$host = parse_url($loc, PHP_URL_HOST);
if ($host === null) {
diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php
index 1ee6e5f421cd4faaed1fe65f346e64269b117f0c..e0522f53d608796dcbbc5a1a497b1c7415280e03 100644
--- a/modules/saml/lib/Auth/Process/NameIDAttribute.php
+++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\saml\Auth\Process;
+use SAML2\Constants;
+use SimpleSAML\Error;
+
/**
* Authentication processing filter to create an attribute from a NameID.
*
@@ -88,7 +91,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
$ret[] = '%';
break;
default:
- throw new \SimpleSAML\Error\Exception('NameIDAttribute: Invalid replacement: "%'.$replacement.'"');
+ throw new Error\Exception('NameIDAttribute: Invalid replacement: "%'.$replacement.'"');
}
$pos = $next + 2;
@@ -119,7 +122,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
assert(!is_null($rep->getValue()));
$rep->{'%'} = '%';
if ($rep->getFormat() !== null) {
- $rep->setFormat(\SAML2\Constants::NAMEID_UNSPECIFIED);
+ $rep->setFormat(Constants::NAMEID_UNSPECIFIED);
}
if ($rep->getNameQualifier() !== null) {
$rep->setNameQualifier($state['Source']['entityid']);
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID.php b/modules/saml/lib/Auth/Process/PersistentNameID.php
index a70c7493291050a32e215c20e888017d3ad4748b..a2fd9552f1f0deea7976397cb5cc8a51b7622e96 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID.php
@@ -2,6 +2,11 @@
namespace SimpleSAML\Module\saml\Auth\Process;
+use SAML2\Constants;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Utils;
+
/**
* Authentication processing filter to generate a persistent NameID.
*
@@ -31,10 +36,10 @@ class PersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
parent::__construct($config, $reserved);
assert(is_array($config));
- $this->format = \SAML2\Constants::NAMEID_PERSISTENT;
+ $this->format = Constants::NAMEID_PERSISTENT;
if (!isset($config['attribute'])) {
- throw new \SimpleSAML\Error\Exception("PersistentNameID: Missing required option 'attribute'.");
+ throw new Error\Exception("PersistentNameID: Missing required option 'attribute'.");
}
$this->attribute = $config['attribute'];
}
@@ -49,26 +54,26 @@ class PersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
protected function getValue(array &$state)
{
if (!isset($state['Destination']['entityid'])) {
- \SimpleSAML\Logger::warning('No SP entity ID - not generating persistent NameID.');
+ Logger::warning('No SP entity ID - not generating persistent NameID.');
return null;
}
$spEntityId = $state['Destination']['entityid'];
if (!isset($state['Source']['entityid'])) {
- \SimpleSAML\Logger::warning('No IdP entity ID - not generating persistent NameID.');
+ Logger::warning('No IdP entity ID - not generating persistent NameID.');
return null;
}
$idpEntityId = $state['Source']['entityid'];
if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Missing attribute '.var_export($this->attribute, true).
' on user - not generating persistent NameID.'
);
return null;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'More than one value in attribute '.var_export($this->attribute, true).
' on user - not generating persistent NameID.'
);
@@ -78,14 +83,14 @@ class PersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
$uid = $uid[0];
if (empty($uid)) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Empty value in attribute '.var_export($this->attribute, true).
' on user - not generating persistent NameID.'
);
return null;
}
- $secretSalt = \SimpleSAML\Utils\Config::getSecretSalt();
+ $secretSalt = Utils\Config::getSecretSalt();
$uidData = 'uidhashbase'.$secretSalt;
$uidData .= strlen($idpEntityId).':'.$idpEntityId;
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index 7bf2e2f1bbc1043da516f141ae333f38dab0dbf7..284162462684075bf7a86533b71bd04fa15f2dd4 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\saml\Auth\Process;
+use SAML2\Constants;
+use SimpleSAML\Logger;
+
/**
* Authentication processing filter to create the eduPersonTargetedID attribute from the persistent NameID.
*
@@ -60,16 +63,14 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
public function process(&$state)
{
assert(is_array($state));
-
- if (!isset($state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT])) {
- \SimpleSAML\Logger::warning(
+ if (!isset($state['saml:NameID'][Constants::NAMEID_PERSISTENT])) {
+ Logger::warning(
'Unable to generate eduPersonTargetedID because no persistent NameID was available.'
);
return;
}
-
/** @var \SAML2\XML\saml\NameID $nameID */
- $nameID = $state['saml:NameID'][\SAML2\Constants::NAMEID_PERSISTENT];
+ $nameID = $state['saml:NameID'][Constants::NAMEID_PERSISTENT];
$state['Attributes'][$this->attribute] = [(!$this->nameId) ? $nameID->getValue() : $nameID];
}
diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
index 172aace1c243957996a2c5677b49f49d7a1aff1b..c40851018b79f90f13fa7c39c69b0c31a27da558 100644
--- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Module\saml\Auth\Process;
+use SAML2\Constants;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+
/**
* Authentication processing filter to generate a persistent NameID.
*
@@ -52,10 +56,10 @@ class SQLPersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
parent::__construct($config, $reserved);
assert(is_array($config));
- $this->format = \SAML2\Constants::NAMEID_PERSISTENT;
+ $this->format = Constants::NAMEID_PERSISTENT;
if (!isset($config['attribute'])) {
- throw new \SimpleSAML\Error\Exception("PersistentNameID: Missing required option 'attribute'.");
+ throw new Error\Exception("PersistentNameID: Missing required option 'attribute'.");
}
$this->attribute = $config['attribute'];
@@ -85,7 +89,7 @@ class SQLPersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
{
if (!isset($state['saml:NameIDFormat']) && !$this->allowUnspecified) {
- \SimpleSAML\Logger::debug(
+ Logger::debug(
'SQLPersistentNameID: Request did not specify persistent NameID format, '.
'not generating persistent NameID.'
);
@@ -99,7 +103,7 @@ class SQLPersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
if (count($validNameIdFormats) && !in_array($this->format, $validNameIdFormats, true) &&
!$this->allowDifferent
) {
- \SimpleSAML\Logger::debug(
+ Logger::debug(
'SQLPersistentNameID: SP expects different NameID format ('.
implode(', ', $validNameIdFormats).'), not generating persistent NameID.'
);
@@ -107,26 +111,26 @@ class SQLPersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
}
if (!isset($state['Destination']['entityid'])) {
- \SimpleSAML\Logger::warning('SQLPersistentNameID: No SP entity ID - not generating persistent NameID.');
+ Logger::warning('SQLPersistentNameID: No SP entity ID - not generating persistent NameID.');
return null;
}
$spEntityId = $state['Destination']['entityid'];
if (!isset($state['Source']['entityid'])) {
- \SimpleSAML\Logger::warning('SQLPersistentNameID: No IdP entity ID - not generating persistent NameID.');
+ Logger::warning('SQLPersistentNameID: No IdP entity ID - not generating persistent NameID.');
return null;
}
$idpEntityId = $state['Source']['entityid'];
if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'SQLPersistentNameID: Missing attribute '.var_export($this->attribute, true).
' on user - not generating persistent NameID.'
);
return null;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'SQLPersistentNameID: More than one value in attribute '.var_export($this->attribute, true).
' on user - not generating persistent NameID.'
);
@@ -136,7 +140,7 @@ class SQLPersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
$uid = $uid[0];
if (empty($uid)) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'Empty value in attribute '.var_export($this->attribute, true).
' on user - not generating persistent NameID.'
);
@@ -145,7 +149,7 @@ class SQLPersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
$value = \SimpleSAML\Module\saml\IdP\SQLNameID::get($idpEntityId, $spEntityId, $uid);
if ($value !== null) {
- \SimpleSAML\Logger::debug(
+ Logger::debug(
'SQLPersistentNameID: Found persistent NameID '.var_export($value, true).' for user '.
var_export($uid, true).'.'
);
@@ -153,17 +157,17 @@ class SQLPersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
}
if ((!isset($state['saml:AllowCreate']) || !$state['saml:AllowCreate']) && !$this->alwaysCreate) {
- \SimpleSAML\Logger::warning(
+ Logger::warning(
'SQLPersistentNameID: Did not find persistent NameID for user, and not allowed to create new NameID.'
);
throw new \SimpleSAML\Module\saml\Error(
- \SAML2\Constants::STATUS_RESPONDER,
- 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'
+ Constants::STATUS_RESPONDER,
+ Constants::STATUS_INVALID_NAMEID_POLICY
);
}
$value = bin2hex(openssl_random_pseudo_bytes(20));
- \SimpleSAML\Logger::debug(
+ Logger::debug(
'SQLPersistentNameID: Created persistent NameID '.var_export($value, true).' for user '.
var_export($uid, true).'.'
);
diff --git a/modules/saml/lib/Auth/Process/TransientNameID.php b/modules/saml/lib/Auth/Process/TransientNameID.php
index b4a24de5ecc08fa5d1cc41d1561460f107c5a28b..8b069f491435f8412cb78f5acfb2d4577d18f334 100644
--- a/modules/saml/lib/Auth/Process/TransientNameID.php
+++ b/modules/saml/lib/Auth/Process/TransientNameID.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\saml\Auth\Process;
+use SAML2\Constants;
+use SimpleSAML\Utils;
+
/**
* Authentication processing filter to generate a transient NameID.
*
@@ -21,7 +24,7 @@ class TransientNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
parent::__construct($config, $reserved);
assert(is_array($config));
- $this->format = \SAML2\Constants::NAMEID_TRANSIENT;
+ $this->format = Constants::NAMEID_TRANSIENT;
}
@@ -33,6 +36,6 @@ class TransientNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator
*/
protected function getValue(array &$state)
{
- return \SimpleSAML\Utils\Random::generateID();
+ return Utils\Random::generateID();
}
}
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 2c79d6712100774e7ccc4553a9f1ba45d6148093..b055e8b232c2745e8750eb1de8fd9342f01ba4f9 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -7,22 +7,19 @@ use SAML2\Binding;
use SAML2\Constants;
use SAML2\XML\saml\NameID;
-use SimpleSAML\Auth\ProcessingChain;
-use SimpleSAML\Auth\Source;
-use SimpleSAML\Auth\State;
+use SimpleSAML\Auth;
use SimpleSAML\Configuration;
+use SimpleSAML\Error;
use SimpleSAML\IdP;
use SimpleSAML\Logger;
use SimpleSAML\Metadata\MetaDataStorageHandler;
use SimpleSAML\Module;
use SimpleSAML\Session;
use SimpleSAML\Store;
-use SimpleSAML\Utils\Arrays;
-use SimpleSAML\Utils\Config\Metadata;
-use SimpleSAML\Utils\Crypto;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Utils;
+use SimpleSAML\XML\Shib13;
-class SP extends Source
+class SP extends \SimpleSAML\Auth\Source
{
/**
* The entity ID of this SP.
@@ -186,7 +183,7 @@ class SP extends Source
$metadata['OrganizationDisplayName'] = $this->metadata->getLocalizedString('OrganizationDisplayName', $org);
$metadata['OrganizationURL'] = $this->metadata->getLocalizedString('OrganizationURL', null);
if ($metadata['OrganizationURL'] === null) {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'If OrganizationName is set, OrganizationURL must also be set.'
);
}
@@ -195,7 +192,7 @@ class SP extends Source
// add contacts
$contacts = $this->metadata->getArray('contact', []);
foreach ($contacts as $contact) {
- $metadata['contacts'][] = Metadata::getContact($contact);
+ $metadata['contacts'][] = Utils\Config\Metadata::getContact($contact);
}
// add technical contact
@@ -207,11 +204,11 @@ class SP extends Source
'name' => $globalConfig->getString('technicalcontact_name', null),
'contactType' => 'technical',
];
- $metadata['contacts'][] = Metadata::getContact($contact);
+ $metadata['contacts'][] = Utils\Config\Metadata::getContact($contact);
}
// add certificate(s)
- $certInfo = Crypto::loadPublicKey($this->metadata, false, 'new_');
+ $certInfo = Utils\Crypto::loadPublicKey($this->metadata, false, 'new_');
$hasNewCert = false;
if ($certInfo !== null && array_key_exists('certData', $certInfo)) {
$hasNewCert = true;
@@ -232,7 +229,7 @@ class SP extends Source
];
}
- $certInfo = Crypto::loadPublicKey($this->metadata);
+ $certInfo = Utils\Crypto::loadPublicKey($this->metadata);
if ($certInfo !== null && array_key_exists('certData', $certInfo)) {
$metadata['keys'][] = [
'type' => 'X509Certificate',
@@ -291,7 +288,7 @@ class SP extends Source
assert(is_string($entityId));
if ($this->idp !== null && $this->idp !== $entityId) {
- throw new \SimpleSAML\Error\Exception('Cannot retrieve metadata for IdP '.
+ throw new Error\Exception('Cannot retrieve metadata for IdP '.
var_export($entityId, true).' because it isn\'t a valid IdP for this SP.');
}
@@ -314,7 +311,7 @@ class SP extends Source
}
// Not found
- throw new \SimpleSAML\Error\Exception('Could not find the metadata of an IdP with entity ID '.
+ throw new Error\Exception('Could not find the metadata of an IdP with entity ID '.
var_export($entityId, true));
}
@@ -467,10 +464,10 @@ class SP extends Source
$state['saml:idp'] = $idpEntityId;
- $ar = new \SimpleSAML\XML\Shib13\AuthnRequest();
+ $ar = new Shib13\AuthnRequest();
$ar->setIssuer($this->entityId);
- $id = State::saveState($state, 'saml:sp:sso');
+ $id = Auth\State::saveState($state, 'saml:sp:sso');
$ar->setRelayState($id);
$useArtifact = $idpMetadata->getBoolean('saml1.useartifact', null);
@@ -488,7 +485,7 @@ class SP extends Source
Logger::debug('Starting SAML 1 SSO to '.var_export($idpEntityId, true).
' from '.var_export($this->entityId, true).'.');
- HTTP::redirectTrustedURL($url);
+ Utils\HTTP::redirectTrustedURL($url);
}
@@ -502,7 +499,7 @@ class SP extends Source
private function startSSO2(Configuration $idpMetadata, array $state)
{
if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) {
- State::throwException(
+ Auth\State::throwException(
$state,
new Module\saml\Error\ProxyCountExceeded(Constants::STATUS_RESPONDER)
);
@@ -518,9 +515,9 @@ class SP extends Source
$accr = null;
if ($idpMetadata->getString('AuthnContextClassRef', false)) {
- $accr = Arrays::arrayize($idpMetadata->getString('AuthnContextClassRef'));
+ $accr = Utils\Arrays::arrayize($idpMetadata->getString('AuthnContextClassRef'));
} else if (isset($state['saml:AuthnContextClassRef'])) {
- $accr = Arrays::arrayize($state['saml:AuthnContextClassRef']);
+ $accr = Utils\Arrays::arrayize($state['saml:AuthnContextClassRef']);
}
if ($accr !== null) {
@@ -553,7 +550,7 @@ class SP extends Source
if (isset($state['saml:NameID'])) {
if (!is_array($state['saml:NameID']) && !is_a($state['saml:NameID'], NameID::class)) {
- throw new \SimpleSAML\Error\Exception('Invalid value of $state[\'saml:NameID\'].');
+ throw new Error\Exception('Invalid value of $state[\'saml:NameID\'].');
}
$nameId = $state['saml:NameID'];
@@ -644,7 +641,7 @@ class SP extends Source
// save IdP entity ID as part of the state
$state['ExpectedIssuer'] = $idpMetadata->getString('entityid');
- $id = State::saveState($state, 'saml:sp:sso', true);
+ $id = Auth\State::saveState($state, 'saml:sp:sso', true);
$ar->setId($id);
Logger::debug(
@@ -731,7 +728,7 @@ class SP extends Source
*/
private function startDisco(array $state)
{
- $id = State::saveState($state, 'saml:sp:sso');
+ $id = Auth\State::saveState($state, 'saml:sp:sso');
$discoURL = $this->discoURL;
if ($discoURL === null) {
@@ -755,7 +752,7 @@ class SP extends Source
$params['isPassive'] = 'true';
}
- HTTP::redirectTrustedURL($discoURL, $params);
+ Utils\HTTP::redirectTrustedURL($discoURL, $params);
}
@@ -926,9 +923,9 @@ class SP extends Source
}
// save the state WITHOUT a restart URL, so that we don't try an IdP-initiated login if something goes wrong
- $id = State::saveState($state, 'saml:proxy:invalid_idp', true);
+ $id = Auth\State::saveState($state, 'saml:proxy:invalid_idp', true);
$url = Module::getModuleURL('saml/proxy/invalid_session.php');
- HTTP::redirectTrustedURL($url, ['AuthState' => $id]);
+ Utils\HTTP::redirectTrustedURL($url, ['AuthState' => $id]);
assert(false);
}
@@ -969,7 +966,7 @@ class SP extends Source
// Update session state
$session = Session::getSessionFromRequest();
$authId = $state['saml:sp:AuthId'];
- $session->doLogin($authId, State::getPersistentAuthData($state));
+ $session->doLogin($authId, Auth\State::getPersistentAuthData($state));
// resume the login process
call_user_func($state['ReturnCallback'], $state);
@@ -996,7 +993,7 @@ class SP extends Source
$state['Responder'] = $state['saml:proxy:reauthLogout:PrevResponder'];
}
- $sp = Source::getById($state['saml:sp:AuthId'], Module\saml\Auth\Source\SP::class);
+ $sp = Auth\Source::getById($state['saml:sp:AuthId'], Module\saml\Auth\Source\SP::class);
/** @var \SimpleSAML\Module\saml\Auth\Source\SP $authSource */
Logger::debug('Proxy: logging in again.');
$sp->authenticate($state);
@@ -1017,7 +1014,7 @@ class SP extends Source
assert(array_key_exists('saml:logout:NameID', $state));
assert(array_key_exists('saml:logout:SessionIndex', $state));
- $id = State::saveState($state, 'saml:slosent');
+ $id = Auth\State::saveState($state, 'saml:slosent');
$idp = $state['saml:logout:IdP'];
$nameId = $state['saml:logout:NameID'];
@@ -1120,7 +1117,7 @@ class SP extends Source
$authProcState['saml:sp:SessionIndex'] = $state['saml:sp:SessionIndex'];
}
- $pc = new ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp');
+ $pc = new Auth\ProcessingChain($idpMetadataArray, $spMetadataArray, 'sp');
$pc->processState($authProcState);
self::onProcessingCompleted($authProcState);
@@ -1163,9 +1160,9 @@ class SP extends Source
assert(is_string($redirectTo));
$session = Session::getSessionFromRequest();
- $session->doLogin($authId, State::getPersistentAuthData($state));
+ $session->doLogin($authId, Auth\State::getPersistentAuthData($state));
- HTTP::redirectUntrustedURL($redirectTo);
+ Utils\HTTP::redirectUntrustedURL($redirectTo);
}
@@ -1185,7 +1182,7 @@ class SP extends Source
$state = $authProcState['saml:sp:State'];
$sourceId = $state['saml:sp:AuthId'];
- $source = Source::getById($sourceId);
+ $source = Auth\Source::getById($sourceId);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$sourceId);
}
@@ -1204,6 +1201,6 @@ class SP extends Source
self::handleUnsolicitedAuth($sourceId, $state, $redirectTo);
}
- Source::completeAuth($state);
+ Auth\Source::completeAuth($state);
}
}
diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php
index 30f9470905fd54d5c0941f161a5f9fdd3c86ecc7..d199f28f97dd6918b5fbc73dd0995716ebd9ac61 100644
--- a/modules/saml/lib/BaseNameIDGenerator.php
+++ b/modules/saml/lib/BaseNameIDGenerator.php
@@ -2,6 +2,9 @@
namespace SimpleSAML\Module\saml;
+use SAML2\XML\saml\NameID;
+use SimpleSAML\Logger;
+
/**
* Base filter for generating NameID values.
*
@@ -92,7 +95,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
return;
}
- $nameId = new \SAML2\XML\saml\NameID();
+ $nameId = new NameID();
$nameId->setValue($value);
$nameId->setFormat($this->format);
@@ -100,7 +103,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
if (isset($state['IdPMetadata']['entityid'])) {
$nameId->setNameQualifier($state['IdPMetadata']['entityid']);
} else {
- \SimpleSAML\Logger::warning('No IdP entity ID, unable to set NameQualifier.');
+ Logger::warning('No IdP entity ID, unable to set NameQualifier.');
}
} elseif (is_string($this->nameQualifier)) {
$nameId->setNameQualifier($this->nameQualifier);
@@ -110,7 +113,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
if (isset($state['SPMetadata']['entityid'])) {
$nameId->setSPNameQualifier($state['SPMetadata']['entityid']);
} else {
- \SimpleSAML\Logger::warning('No SP entity ID, unable to set SPNameQualifier.');
+ Logger::warning('No SP entity ID, unable to set SPNameQualifier.');
}
} elseif (is_string($this->spNameQualifier)) {
$nameId->setSPNameQualifier($this->spNameQualifier);
diff --git a/modules/saml/lib/Error.php b/modules/saml/lib/Error.php
index e45b846ff89c99987927d99907da775750c7a43d..5612b05520bcd8bded03242a14f6fcb5e64b6528 100644
--- a/modules/saml/lib/Error.php
+++ b/modules/saml/lib/Error.php
@@ -2,6 +2,8 @@
namespace SimpleSAML\Module\saml;
+use SAML2\Constants;
+
/**
* Class for representing a SAML 2 error.
*
@@ -114,16 +116,16 @@ class Error extends \SimpleSAML\Error\Exception
// TODO: remove this branch in 2.0
} elseif ($exception instanceof \SimpleSAML\Error\NoPassive) {
$e = new self(
- \SAML2\Constants::STATUS_RESPONDER,
- \SAML2\Constants::STATUS_NO_PASSIVE,
+ Constants::STATUS_RESPONDER,
+ Constants::STATUS_NO_PASSIVE,
$exception->getMessage(),
$exception
);
// TODO: remove this branch in 2.0
} elseif ($exception instanceof \SimpleSAML\Error\ProxyCountExceeded) {
$e = new self(
- \SAML2\Constants::STATUS_RESPONDER,
- \SAML2\Constants::STATUS_PROXY_COUNT_EXCEEDED,
+ Constants::STATUS_RESPONDER,
+ Constants::STATUS_PROXY_COUNT_EXCEEDED,
$exception->getMessage(),
$exception
);
@@ -156,11 +158,11 @@ class Error extends \SimpleSAML\Error\Exception
$e = null;
switch ($this->status) {
- case \SAML2\Constants::STATUS_RESPONDER:
+ case Constants::STATUS_RESPONDER:
switch ($this->subStatus) {
- case \SAML2\Constants::STATUS_NO_PASSIVE:
+ case Constants::STATUS_NO_PASSIVE:
$e = new \SimpleSAML\Module\saml\Error\NoPassive(
- \SAML2\Constants::STATUS_RESPONDER,
+ Constants::STATUS_RESPONDER,
$this->statusMessage
);
break;
diff --git a/modules/saml/lib/IdP/SAML1.php b/modules/saml/lib/IdP/SAML1.php
index 5e78d48278a6bc7e63728120b41b60e2f88ab643..1254f0d169d41b291cfcaf3f4bfbdf7f81d7af06 100644
--- a/modules/saml/lib/IdP/SAML1.php
+++ b/modules/saml/lib/IdP/SAML1.php
@@ -2,10 +2,16 @@
namespace SimpleSAML\Module\saml\IdP;
+use SimpleSAML\Auth;
use SimpleSAML\Bindings\Shib13\HTTPPost;
-use SimpleSAML\Utils\Config\Metadata;
-use SimpleSAML\Utils\Crypto;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\IdP;
+use SimpleSAML\Logger;
+use SimpleSAML\Metadata\MetaDataStorageHandler;
+use SimpleSAML\Stats;
+use SimpleSAML\Utils;
+use SimpleSAML\XML\Shib13\AuthnResponse;
/**
* IdP implementation for SAML 1.1 protocol.
@@ -22,11 +28,11 @@ class SAML1
* @return array
* @throws \SimpleSAML\Error\Exception
* @throws \SimpleSAML\Error\MetadataNotFound
- * @throws \SimpleSAML_Error_Exception
+ * @throws \SimpleSAML\Error\Exception
*/
public static function getHostedMetadata($entityid)
{
- $handler = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $handler = MetaDataStorageHandler::getMetadataHandler();
$config = $handler->getMetaDataConfig($entityid, 'shib13-idp-hosted');
$metadata = [
@@ -39,7 +45,7 @@ class SAML1
// add certificates
$keys = [];
- $certInfo = Crypto::loadPublicKey($config, false, 'new_');
+ $certInfo = Utils\Crypto::loadPublicKey($config, false, 'new_');
$hasNewCert = false;
if ($certInfo !== null) {
$keys[] = [
@@ -52,7 +58,7 @@ class SAML1
$hasNewCert = true;
}
- $certInfo = Crypto::loadPublicKey($config, true);
+ $certInfo = Utils\Crypto::loadPublicKey($config, true);
$keys[] = [
'type' => 'X509Certificate',
'signing' => true,
@@ -71,7 +77,7 @@ class SAML1
);
if (!$config->hasValue('OrganizationURL')) {
- throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
+ throw new Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
}
@@ -86,7 +92,7 @@ class SAML1
$metadata['EntityAttributes'] = $config->getArray('EntityAttributes');
// check for entity categories
- if (Metadata::isHiddenFromDiscovery($metadata)) {
+ if (Utils\Config\Metadata::isHiddenFromDiscovery($metadata)) {
$metadata['hide.from.discovery'] = true;
}
}
@@ -104,7 +110,7 @@ class SAML1
}
// add contact information
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
$email = $globalConfig->getString('technicalcontact_email', false);
if ($email && $email !== 'na@example.org') {
$contact = [
@@ -112,7 +118,7 @@ class SAML1
'name' => $globalConfig->getString('technicalcontact_name', null),
'contactType' => 'technical',
];
- $metadata['contacts'][] = Metadata::getContact($contact);
+ $metadata['contacts'][] = Utils\Config\Metadata::getContact($contact);
}
return $metadata;
@@ -134,23 +140,23 @@ class SAML1
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid'];
- $spMetadata = \SimpleSAML\Configuration::loadFromArray(
+ $spMetadata = Configuration::loadFromArray(
$spMetadata,
'$metadata['.var_export($spEntityId, true).']'
);
- \SimpleSAML\Logger::info('Sending SAML 1.1 Response to '.var_export($spEntityId, true));
+ Logger::info('Sending SAML 1.1 Response to '.var_export($spEntityId, true));
$attributes = $state['Attributes'];
$shire = $state['saml:shire'];
$target = $state['saml:target'];
- $idp = \SimpleSAML\IdP::getByState($state);
+ $idp = IdP::getByState($state);
$idpMetadata = $idp->getConfig();
- $config = \SimpleSAML\Configuration::getInstance();
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $config = Configuration::getInstance();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$statsData = [
'spEntityID' => $spEntityId,
@@ -160,10 +166,10 @@ class SAML1
if (isset($state['saml:AuthnRequestReceivedAt'])) {
$statsData['logintime'] = microtime(true) - $state['saml:AuthnRequestReceivedAt'];
}
- \SimpleSAML\Stats::log('saml:idp:Response', $statsData);
+ Stats::log('saml:idp:Response', $statsData);
// Generate and send response.
- $ar = new \SimpleSAML\XML\Shib13\AuthnResponse();
+ $ar = new AuthnResponse();
$authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
$httppost = new HTTPPost($config, $metadata);
@@ -177,7 +183,7 @@ class SAML1
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
* @return void
*/
- public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
+ public static function receiveAuthnRequest(IdP $idp)
{
if (isset($_REQUEST['cookieTime'])) {
$cookieTime = (int) $_REQUEST['cookieTime'];
@@ -186,17 +192,17 @@ class SAML1
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
- HTTP::checkSessionCookie(HTTP::getSelfURL());
+ Utils\HTTP::checkSessionCookie(Utils\HTTP::getSelfURL());
}
}
if (!isset($_REQUEST['providerId'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing providerId parameter.');
+ throw new Error\BadRequest('Missing providerId parameter.');
}
$spEntityId = (string) $_REQUEST['providerId'];
if (!isset($_REQUEST['shire'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing shire parameter.');
+ throw new Error\BadRequest('Missing shire parameter.');
}
$shire = (string) $_REQUEST['shire'];
@@ -206,11 +212,11 @@ class SAML1
$target = null;
}
- \SimpleSAML\Logger::info(
+ Logger::info(
'Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from '.var_export($spEntityId, true).'.'
);
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote');
$found = false;
@@ -230,7 +236,7 @@ class SAML1
);
}
- \SimpleSAML\Stats::log(
+ Stats::log(
'saml:idp:AuthnRequest',
[
'spEntityID' => $spEntityId,
@@ -238,15 +244,15 @@ class SAML1
]
);
- $sessionLostURL = HTTP::addURLParameters(
- HTTP::getSelfURL(),
+ $sessionLostURL = Utils\HTTP::addURLParameters(
+ Utils\HTTP::getSelfURL(),
['cookieTime' => time()]
);
$state = [
'Responder' => ['\SimpleSAML\Module\saml\IdP\SAML1', 'sendResponse'],
'SPMetadata' => $spMetadata->toArray(),
- \SimpleSAML\Auth\State::RESTART => $sessionLostURL,
+ Auth\State::RESTART => $sessionLostURL,
'saml:shire' => $shire,
'saml:target' => $target,
'saml:AuthnRequestReceivedAt' => microtime(true),
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index aeece087423d2e99f2892b7c598f1d95ed8d3a91..f6cf7b5aa1e4e70bd2722e170fe7458dd22e0e9a 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -2,15 +2,35 @@
namespace SimpleSAML\Module\saml\IdP;
+use DOMNodeList;
use RobRichards\XMLSecLibs\XMLSecurityKey;
+use SAML2\Assertion;
+use SAML2\AuthnRequest;
+use SAML2\Binding;
use SAML2\Constants;
+use SAML2\DOMDocumentFactory;
+use SAML2\EncryptedAssertion;
+use SAML2\HTTPRedirect;
+use SAML2\LogoutRequest;
+use SAML2\LogoutResponse;
+use SAML2\SOAP;
+use SAML2\XML\ds\X509Certificate;
+use SAML2\XML\ds\X509Data;
+use SAML2\XML\ds\KeyInfo;
+use SAML2\XML\saml\AttributeValue;
use SAML2\XML\saml\Issuer;
+use SAML2\XML\saml\NameID;
+use SAML2\XML\saml\SubjectConfirmation;
+use SAML2\XML\saml\SubjectConfirmationData;
+use SimpleSAML\Auth;
use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\IdP;
use SimpleSAML\Logger;
-use SAML2\SOAP;
-use SimpleSAML\Utils\Config\Metadata;
-use SimpleSAML\Utils\Crypto;
-use SimpleSAML\Utils\HTTP;
+use SimpleSAML\Metadata\MetaDataStorageHandler;
+use SimpleSAML\Module;
+use SimpleSAML\Stats;
+use SimpleSAML\Utils;
/**
* IdP implementation for SAML 2.0 protocol.
@@ -47,7 +67,7 @@ class SAML2
$consumerURL = $state['saml:ConsumerURL'];
$protocolBinding = $state['saml:Binding'];
- $idp = \SimpleSAML\IdP::getByState($state);
+ $idp = IdP::getByState($state);
$idpMetadata = $idp->getConfig();
@@ -87,10 +107,10 @@ class SAML2
if (isset($state['saml:AuthnRequestReceivedAt'])) {
$statsData['logintime'] = microtime(true) - $state['saml:AuthnRequestReceivedAt'];
}
- \SimpleSAML\Stats::log('saml:idp:Response', $statsData);
+ Stats::log('saml:idp:Response', $statsData);
// send the response
- $binding = \SAML2\Binding::getBinding($protocolBinding);
+ $binding = Binding::getBinding($protocolBinding);
$binding->send($ar);
}
@@ -122,7 +142,7 @@ class SAML2
$consumerURL = $state['saml:ConsumerURL'];
$protocolBinding = $state['saml:Binding'];
- $idp = \SimpleSAML\IdP::getByState($state);
+ $idp = IdP::getByState($state);
$idpMetadata = $idp->getConfig();
@@ -151,9 +171,9 @@ class SAML2
if (isset($state['saml:AuthnRequestReceivedAt'])) {
$statsData['logintime'] = microtime(true) - $state['saml:AuthnRequestReceivedAt'];
}
- \SimpleSAML\Stats::log('saml:idp:Response:error', $statsData);
+ Stats::log('saml:idp:Response:error', $statsData);
- $binding = \SAML2\Binding::getBinding($protocolBinding);
+ $binding = Binding::getBinding($protocolBinding);
$binding->send($ar);
}
@@ -171,7 +191,7 @@ class SAML2
*/
private static function getAssertionConsumerService(
array $supportedBindings,
- \SimpleSAML\Configuration $spMetadata,
+ Configuration $spMetadata,
$AssertionConsumerServiceURL,
$ProtocolBinding,
$AssertionConsumerServiceIndex
@@ -258,18 +278,18 @@ class SAML2
*/
public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
{
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
- $supportedBindings = [\SAML2\Constants::BINDING_HTTP_POST];
+ $supportedBindings = [Constants::BINDING_HTTP_POST];
if ($idpMetadata->getBoolean('saml20.sendartifact', false)) {
- $supportedBindings[] = \SAML2\Constants::BINDING_HTTP_ARTIFACT;
+ $supportedBindings[] = Constants::BINDING_HTTP_ARTIFACT;
}
if ($idpMetadata->getBoolean('saml20.hok.assertion', false)) {
- $supportedBindings[] = \SAML2\Constants::BINDING_HOK_SSO;
+ $supportedBindings[] = Constants::BINDING_HOK_SSO;
}
if ($idpMetadata->getBoolean('saml20.ecp', false)) {
- $supportedBindings[] = \SAML2\Constants::BINDING_PAOS;
+ $supportedBindings[] = Constants::BINDING_PAOS;
}
if (isset($_REQUEST['spentityid']) || isset($_REQUEST['providerId'])) {
@@ -282,7 +302,7 @@ class SAML2
* Less than five seconds has passed since we were
* here the last time. Cookies are probably disabled.
*/
- \SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL());
+ Utils\HTTP::checkSessionCookie(Utils\HTTP::getSelfURL());
}
}
@@ -335,18 +355,18 @@ class SAML2
'SAML2.0 - IdP.SSOService: IdP initiated authentication: '.var_export($spEntityId, true)
);
} else {
- $binding = \SAML2\Binding::getCurrentBinding();
+ $binding = Binding::getCurrentBinding();
$request = $binding->receive();
- if (!($request instanceof \SAML2\AuthnRequest)) {
- throw new \SimpleSAML\Error\BadRequest(
+ if (!($request instanceof AuthnRequest)) {
+ throw new Error\BadRequest(
'Message received on authentication request endpoint wasn\'t an authentication request.'
);
}
$issuer = $request->getIssuer();
if ($issuer === null) {
- throw new \SimpleSAML\Error\BadRequest(
+ throw new Error\BadRequest(
'Received message on authentication request endpoint without issuer.'
);
} elseif ($issuer instanceof Issuer) {
@@ -394,7 +414,7 @@ class SAML2
);
}
- \SimpleSAML\Stats::log('saml:idp:AuthnRequest', [
+ Stats::log('saml:idp:AuthnRequest', [
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
'forceAuthn' => $forceAuthn,
@@ -432,18 +452,18 @@ class SAML2
*/
$sessionLostParams['cookieTime'] = time();
- $sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(
- \SimpleSAML\Utils\HTTP::getSelfURLNoQuery(),
+ $sessionLostURL = Utils\HTTP::addURLParameters(
+ Utils\HTTP::getSelfURLNoQuery(),
$sessionLostParams
);
$state = [
- 'Responder' => ['\SimpleSAML\Module\saml\IdP\SAML2', 'sendResponse'],
- \SimpleSAML\Auth\State::EXCEPTION_HANDLER_FUNC => [
+ 'Responder' => ['\SimpleSAML\Module\saml\IdP\SAML2', 'sendResponse'],
+ Auth\State::EXCEPTION_HANDLER_FUNC => [
'\SimpleSAML\Module\saml\IdP\SAML2',
'handleAuthError'
],
- \SimpleSAML\Auth\State::RESTART => $sessionLostURL,
+ Auth\State::RESTART => $sessionLostURL,
'SPMetadata' => $spMetadata->toArray(),
'saml:RelayState' => $relayState,
@@ -474,17 +494,17 @@ class SAML2
* @param string|null $relayState An id that should be carried across the logout.
* @return void
*/
- public static function sendLogoutRequest(\SimpleSAML\IdP $idp, array $association, $relayState)
+ public static function sendLogoutRequest(IdP $idp, array $association, $relayState)
{
assert(is_string($relayState) || $relayState === null);
Logger::info('Sending SAML 2.0 LogoutRequest to: '.var_export($association['saml:entityID'], true));
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');
- \SimpleSAML\Stats::log('saml:idp:LogoutRequest:sent', [
+ Stats::log('saml:idp:LogoutRequest:sent', [
'spEntityID' => $association['saml:entityID'],
'idpEntityID' => $idpMetadata->getString('entityid'),
]);
@@ -492,11 +512,11 @@ class SAML2
$dst = $spMetadata->getEndpointPrioritizedByBinding(
'SingleLogoutService',
[
- \SAML2\Constants::BINDING_HTTP_REDIRECT,
- \SAML2\Constants::BINDING_HTTP_POST
+ Constants::BINDING_HTTP_REDIRECT,
+ Constants::BINDING_HTTP_POST
]
);
- $binding = \SAML2\Binding::getBinding($dst['Binding']);
+ $binding = Binding::getBinding($dst['Binding']);
$lr = self::buildLogoutRequest($idpMetadata, $spMetadata, $association, $relayState);
$lr->setDestination($dst['Location']);
@@ -511,7 +531,7 @@ class SAML2
* @param array &$state The logout state array.
* @return void
*/
- public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state)
+ public static function sendLogoutResponse(IdP $idp, array $state)
{
assert(isset($state['saml:SPEntityId']));
assert(isset($state['saml:RequestId']));
@@ -519,7 +539,7 @@ class SAML2
$spEntityId = $state['saml:SPEntityId'];
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
@@ -530,8 +550,8 @@ class SAML2
if (isset($state['core:Failed']) && $state['core:Failed']) {
$partial = true;
$lr->setStatus([
- 'Code' => \SAML2\Constants::STATUS_SUCCESS,
- 'SubCode' => \SAML2\Constants::STATUS_PARTIAL_LOGOUT,
+ 'Code' => Constants::STATUS_SUCCESS,
+ 'SubCode' => Constants::STATUS_PARTIAL_LOGOUT,
]);
Logger::info('Sending logout response for partial logout to SP '.var_export($spEntityId, true));
} else {
@@ -539,7 +559,7 @@ class SAML2
Logger::debug('Sending logout response to SP '.var_export($spEntityId, true));
}
- \SimpleSAML\Stats::log('saml:idp:LogoutResponse:sent', [
+ Stats::log('saml:idp:LogoutResponse:sent', [
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
'partial' => $partial
@@ -547,11 +567,11 @@ class SAML2
$dst = $spMetadata->getEndpointPrioritizedByBinding(
'SingleLogoutService',
[
- \SAML2\Constants::BINDING_HTTP_REDIRECT,
- \SAML2\Constants::BINDING_HTTP_POST
+ Constants::BINDING_HTTP_REDIRECT,
+ Constants::BINDING_HTTP_POST
]
);
- $binding = \SAML2\Binding::getBinding($dst['Binding']);
+ $binding = Binding::getBinding($dst['Binding']);
if (isset($dst['ResponseLocation'])) {
$dst = $dst['ResponseLocation'];
} else {
@@ -570,28 +590,28 @@ class SAML2
* @return void
* @throws \SimpleSAML\Error\BadRequest In case an error occurs while trying to receive the logout message.
*/
- public static function receiveLogoutMessage(\SimpleSAML\IdP $idp)
+ public static function receiveLogoutMessage(IdP $idp)
{
- $binding = \SAML2\Binding::getCurrentBinding();
+ $binding = Binding::getCurrentBinding();
$message = $binding->receive();
$issuer = $message->getIssuer();
if ($issuer === null) {
/* Without an issuer we have no way to respond to the message. */
- throw new \SimpleSAML\Error\BadRequest('Received message on logout endpoint without issuer.');
+ throw new Error\BadRequest('Received message on logout endpoint without issuer.');
} elseif ($issuer instanceof Issuer) {
$spEntityId = $issuer->getValue();
} else {
$spEntityId = $issuer;
}
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
\SimpleSAML\Module\saml\Message::validateMessage($spMetadata, $idpMetadata, $message);
- if ($message instanceof \SAML2\LogoutResponse) {
+ if ($message instanceof LogoutResponse) {
Logger::info('Received SAML 2.0 LogoutResponse from: '.var_export($spEntityId, true));
$statsData = [
'spEntityID' => $spEntityId,
@@ -600,7 +620,7 @@ class SAML2
if (!$message->isSuccess()) {
$statsData['error'] = $message->getStatus();
}
- \SimpleSAML\Stats::log('saml:idp:LogoutResponse:recv', $statsData);
+ Stats::log('saml:idp:LogoutResponse:recv', $statsData);
$relayState = $message->getRelayState();
@@ -614,9 +634,9 @@ class SAML2
$assocId = 'saml:'.$spEntityId;
$idp->handleLogoutResponse($assocId, $relayState, $logoutError);
- } elseif ($message instanceof \SAML2\LogoutRequest) {
+ } elseif ($message instanceof LogoutRequest) {
Logger::info('Received SAML 2.0 LogoutRequest from: '.var_export($spEntityId, true));
- \SimpleSAML\Stats::log('saml:idp:LogoutRequest:recv', [
+ Stats::log('saml:idp:LogoutRequest:recv', [
'spEntityID' => $spEntityId,
'idpEntityID' => $idpMetadata->getString('entityid'),
]);
@@ -634,7 +654,7 @@ class SAML2
$assocId = 'saml:'.$spEntityId;
$idp->handleLogoutRequest($state, $assocId);
} else {
- throw new \SimpleSAML\Error\BadRequest('Unknown message received on logout endpoint: '.get_class($message));
+ throw new Error\BadRequest('Unknown message received on logout endpoint: '.get_class($message));
}
}
@@ -648,34 +668,34 @@ class SAML2
*
* @return string The logout URL.
*/
- public static function getLogoutURL(\SimpleSAML\IdP $idp, array $association, $relayState)
+ public static function getLogoutURL(IdP $idp, array $association, $relayState)
{
assert(is_string($relayState) || $relayState === null);
Logger::info('Sending SAML 2.0 LogoutRequest to: '.var_export($association['saml:entityID'], true));
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');
$bindings = [
- \SAML2\Constants::BINDING_HTTP_REDIRECT,
- \SAML2\Constants::BINDING_HTTP_POST
+ Constants::BINDING_HTTP_REDIRECT,
+ Constants::BINDING_HTTP_POST
];
$dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', $bindings);
- if ($dst['Binding'] === \SAML2\Constants::BINDING_HTTP_POST) {
+ if ($dst['Binding'] === Constants::BINDING_HTTP_POST) {
$params = ['association' => $association['id'], 'idp' => $idp->getId()];
if ($relayState !== null) {
$params['RelayState'] = $relayState;
}
- return \SimpleSAML\Module::getModuleURL('core/idp/logout-iframe-post.php', $params);
+ return Module::getModuleURL('core/idp/logout-iframe-post.php', $params);
}
$lr = self::buildLogoutRequest($idpMetadata, $spMetadata, $association, $relayState);
$lr->setDestination($dst['Location']);
- $binding = new \SAML2\HTTPRedirect();
+ $binding = new HTTPRedirect();
return $binding->getRedirectURL($lr);
}
@@ -688,9 +708,9 @@ class SAML2
*
* @return \SimpleSAML\Configuration Configuration object for the SP metadata.
*/
- public static function getAssociationConfig(\SimpleSAML\IdP $idp, array $association)
+ public static function getAssociationConfig(IdP $idp, array $association)
{
- $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $metadata = MetaDataStorageHandler::getMetadataHandler();
try {
return $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');
} catch (\Exception $e) {
@@ -711,7 +731,7 @@ class SAML2
*/
public static function getHostedMetadata($entityid)
{
- $handler = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+ $handler = MetaDataStorageHandler::getMetadataHandler();
$config = $handler->getMetaDataConfig($entityid, 'saml20-idp-hosted');
// configure endpoints
@@ -760,7 +780,7 @@ class SAML2
// add certificates
$keys = [];
- $certInfo = Crypto::loadPublicKey($config, false, 'new_');
+ $certInfo = Utils\Crypto::loadPublicKey($config, false, 'new_');
$hasNewCert = false;
if ($certInfo !== null) {
$keys[] = [
@@ -773,7 +793,7 @@ class SAML2
$hasNewCert = true;
}
- $certInfo = Crypto::loadPublicKey($config, true);
+ $certInfo = Utils\Crypto::loadPublicKey($config, true);
$keys[] = [
'type' => 'X509Certificate',
'signing' => true,
@@ -783,7 +803,7 @@ class SAML2
];
if ($config->hasValue('https.certificate')) {
- $httpsCert = Crypto::loadPublicKey($config, true, 'https.');
+ $httpsCert = Utils\Crypto::loadPublicKey($config, true, 'https.');
$keys[] = [
'type' => 'X509Certificate',
'signing' => true,
@@ -799,7 +819,7 @@ class SAML2
$metadata['ArtifactResolutionService'][] = [
'index' => 0,
'Binding' => Constants::BINDING_SOAP,
- 'Location' => HTTP::getBaseURL().'saml2/idp/ArtifactResolutionService.php'
+ 'Location' => Utils\HTTP::getBaseURL().'saml2/idp/ArtifactResolutionService.php'
];
}
@@ -810,7 +830,7 @@ class SAML2
[
'hoksso:ProtocolBinding' => Constants::BINDING_HTTP_REDIRECT,
'Binding' => Constants::BINDING_HOK_SSO,
- 'Location' => HTTP::getBaseURL().'saml2/idp/SSOService.php',
+ 'Location' => Utils\HTTP::getBaseURL().'saml2/idp/SSOService.php',
]
);
}
@@ -820,7 +840,7 @@ class SAML2
$metadata['SingleSignOnService'][] = [
'index' => 0,
'Binding' => Constants::BINDING_SOAP,
- 'Location' => HTTP::getBaseURL().'saml2/idp/SSOService.php',
+ 'Location' => Utils\HTTP::getBaseURL().'saml2/idp/SSOService.php',
];
}
@@ -833,7 +853,7 @@ class SAML2
);
if (!$config->hasValue('OrganizationURL')) {
- throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
+ throw new Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
}
@@ -848,7 +868,7 @@ class SAML2
$metadata['EntityAttributes'] = $config->getArray('EntityAttributes');
// check for entity categories
- if (Metadata::isHiddenFromDiscovery($metadata)) {
+ if (Utils\Config\Metadata::isHiddenFromDiscovery($metadata)) {
$metadata['hide.from.discovery'] = true;
}
}
@@ -878,11 +898,11 @@ class SAML2
if ($config->hasValue('contacts')) {
$contacts = $config->getArray('contacts');
foreach ($contacts as $contact) {
- $metadata['contacts'][] = Metadata::getContact($contact);
+ $metadata['contacts'][] = Utils\Config\Metadata::getContact($contact);
}
}
- $globalConfig = \SimpleSAML\Configuration::getInstance();
+ $globalConfig = Configuration::getInstance();
$email = $globalConfig->getString('technicalcontact_email', false);
if ($email && $email !== 'na@example.org') {
$contact = [
@@ -890,7 +910,7 @@ class SAML2
'name' => $globalConfig->getString('technicalcontact_name', null),
'contactType' => 'technical',
];
- $metadata['contacts'][] = Metadata::getContact($contact);
+ $metadata['contacts'][] = Utils\Config\Metadata::getContact($contact);
}
return $metadata;
@@ -924,7 +944,7 @@ class SAML2
$idpEntityId = $idpMetadata->getString('entityid');
$spEntityId = $spMetadata->getString('entityid');
- $secretSalt = \SimpleSAML\Utils\Config::getSecretSalt();
+ $secretSalt = Utils\Config::getSecretSalt();
$uidData = 'uidhashbase'.$secretSalt;
$uidData .= strlen($idpEntityId).':'.$idpEntityId;
@@ -1000,8 +1020,8 @@ class SAML2
}
$attrval = $value;
- if ($value instanceof \DOMNodeList) {
- $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
+ if ($value instanceof DOMNodeList) {
+ $attrval = new AttributeValue($value->item(0)->parentNode);
}
switch ($encoding) {
@@ -1013,13 +1033,13 @@ class SAML2
break;
case 'raw':
if (is_string($value)) {
- $doc = \SAML2\DOMDocumentFactory::fromString('<root>'.$value.'</root>');
+ $doc = DOMDocumentFactory::fromString('<root>'.$value.'</root>');
$value = $doc->firstChild->childNodes;
}
- assert($value instanceof \DOMNodeList || $value instanceof \SAML2\XML\saml\NameID);
+ assert($value instanceof DOMNodeList || $value instanceof NameID);
break;
default:
- throw new \SimpleSAML\Error\Exception('Invalid encoding for attribute '.
+ throw new Error\Exception('Invalid encoding for attribute '.
var_export($name, true).': '.var_export($encoding, true));
}
$ret[$name][] = $value;
@@ -1063,7 +1083,7 @@ class SAML2
}
// default
- return 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic';
+ return Constants::NAMEFORMAT_BASIC;
}
@@ -1095,7 +1115,7 @@ class SAML2
$config = Configuration::getInstance();
- $a = new \SAML2\Assertion();
+ $a = new Assertion();
if ($signAssertion) {
\SimpleSAML\Module\saml\Message::addSign($idpMetadata, $spMetadata, $a);
}
@@ -1116,10 +1136,10 @@ class SAML2
if (isset($state['saml:AuthnContextClassRef'])) {
$a->setAuthnContextClassRef($state['saml:AuthnContextClassRef']);
- } elseif (\SimpleSAML\Utils\HTTP::isHTTPS()) {
- $a->setAuthnContextClassRef(\SAML2\Constants::AC_PASSWORD_PROTECTED_TRANSPORT);
+ } elseif (Utils\HTTP::isHTTPS()) {
+ $a->setAuthnContextClassRef(Constants::AC_PASSWORD_PROTECTED_TRANSPORT);
} else {
- $a->setAuthnContextClassRef(\SAML2\Constants::AC_PASSWORD);
+ $a->setAuthnContextClassRef(Constants::AC_PASSWORD);
}
$sessionStart = $now;
@@ -1131,10 +1151,10 @@ class SAML2
$sessionLifetime = $config->getInteger('session.duration', 8 * 60 * 60);
$a->setSessionNotOnOrAfter($sessionStart + $sessionLifetime);
- $a->setSessionIndex(\SimpleSAML\Utils\Random::generateID());
+ $a->setSessionIndex(Utils\Random::generateID());
- $sc = new \SAML2\XML\saml\SubjectConfirmation();
- $scd = new \SAML2\XML\saml\SubjectConfirmationData();
+ $sc = new SubjectConfirmation();
+ $scd = new SubjectConfirmationData();
$scd->setNotOnOrAfter($now + $assertionLifetime);
$scd->setRecipient($state['saml:ConsumerURL']);
$scd->setInResponseTo($state['saml:RequestId']);
@@ -1142,7 +1162,7 @@ class SAML2
// ProtcolBinding of SP's <AuthnRequest> overwrites IdP hosted metadata configuration
$hokAssertion = null;
- if ($state['saml:Binding'] === \SAML2\Constants::BINDING_HOK_SSO) {
+ if ($state['saml:Binding'] === Constants::BINDING_HOK_SSO) {
$hokAssertion = true;
}
if ($hokAssertion === null) {
@@ -1151,43 +1171,43 @@ class SAML2
if ($hokAssertion) {
// Holder-of-Key
- $sc->setMethod(\SAML2\Constants::CM_HOK);
- if (\SimpleSAML\Utils\HTTP::isHTTPS()) {
+ $sc->setMethod(Constants::CM_HOK);
+ if (Utils\HTTP::isHTTPS()) {
if (isset($_SERVER['SSL_CLIENT_CERT']) && !empty($_SERVER['SSL_CLIENT_CERT'])) {
// extract certificate data (if this is a certificate)
$clientCert = $_SERVER['SSL_CLIENT_CERT'];
$pattern = '/^-----BEGIN CERTIFICATE-----([^-]*)^-----END CERTIFICATE-----/m';
if (preg_match($pattern, $clientCert, $matches)) {
// we have a client certificate from the browser which we add to the HoK assertion
- $x509Certificate = new \SAML2\XML\ds\X509Certificate();
+ $x509Certificate = new X509Certificate();
$x509Certificate->setCertificate(str_replace(["\r", "\n", " "], '', $matches[1]));
- $x509Data = new \SAML2\XML\ds\X509Data();
+ $x509Data = new X509Data();
$x509Data->addData($x509Certificate);
- $keyInfo = new \SAML2\XML\ds\KeyInfo();
+ $keyInfo = new KeyInfo();
$keyInfo->addInfo($x509Data);
$scd->addInfo($keyInfo);
} else {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'Error creating HoK assertion: No valid client certificate provided during TLS handshake '.
'with IdP'
);
}
} else {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'Error creating HoK assertion: No client certificate provided during TLS handshake with IdP'
);
}
} else {
- throw new \SimpleSAML\Error\Exception(
+ throw new Error\Exception(
'Error creating HoK assertion: No HTTPS connection to IdP, but required for Holder-of-Key SSO'
);
}
} else {
// Bearer
- $sc->setMethod(\SAML2\Constants::CM_BEARER);
+ $sc->setMethod(Constants::CM_BEARER);
}
$sc->setSubjectConfirmationData($scd);
$a->setSubjectConfirmation([$sc]);
@@ -1211,7 +1231,7 @@ class SAML2
// either not set in request, or not set to a format we supply. Fall back to old generation method
$nameIdFormat = current($spMetadata->getArrayizeString('NameIDFormat', []));
if ($nameIdFormat === false) {
- $nameIdFormat = current($idpMetadata->getArrayizeString('NameIDFormat', [\SAML2\Constants::NAMEID_TRANSIENT]));
+ $nameIdFormat = current($idpMetadata->getArrayizeString('NameIDFormat', [Constants::NAMEID_TRANSIENT]));
}
}
@@ -1224,21 +1244,21 @@ class SAML2
$spNameQualifier = $spMetadata->getString('entityid');
}
- if ($nameIdFormat === \SAML2\Constants::NAMEID_TRANSIENT) {
+ if ($nameIdFormat === Constants::NAMEID_TRANSIENT) {
// generate a random id
- $nameIdValue = \SimpleSAML\Utils\Random::generateID();
+ $nameIdValue = Utils\Random::generateID();
} else {
/* this code will end up generating either a fixed assigned id (via nameid.attribute)
or random id if not assigned/configured */
$nameIdValue = self::generateNameIdValue($idpMetadata, $spMetadata, $state);
if ($nameIdValue === null) {
Logger::warning('Falling back to transient NameID.');
- $nameIdFormat = \SAML2\Constants::NAMEID_TRANSIENT;
- $nameIdValue = \SimpleSAML\Utils\Random::generateID();
+ $nameIdFormat = Constants::NAMEID_TRANSIENT;
+ $nameIdValue = Utils\Random::generateID();
}
}
- $nameId = new \SAML2\XML\saml\NameID();
+ $nameId = new NameID();
$nameId->setFormat($nameIdFormat);
$nameId->setValue($nameIdValue);
$nameId->setSPNameQualifier($spNameQualifier);
@@ -1277,7 +1297,7 @@ class SAML2
private static function encryptAssertion(
Configuration $idpMetadata,
Configuration $spMetadata,
- \SAML2\Assertion $assertion
+ Assertion $assertion
) {
$encryptAssertion = $spMetadata->getBoolean('assertion.encryption', null);
if ($encryptAssertion === null) {
@@ -1304,14 +1324,14 @@ class SAML2
"-----END CERTIFICATE-----\n";
break;
default:
- throw new \SimpleSAML\Error\Exception('Unsupported encryption key type: '.$key['type']);
+ throw new Error\Exception('Unsupported encryption key type: '.$key['type']);
}
// extract the public key from the certificate for encryption
$key = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, ['type' => 'public']);
$key->loadKey($pemKey);
} else {
- throw new \SimpleSAML\Error\ConfigurationError(
+ throw new Error\ConfigurationError(
'Missing encryption key for entity `'.$spMetadata->getString('entityid').'`',
$spMetadata->getString('metadata-set').'.php',
null
@@ -1319,7 +1339,7 @@ class SAML2
}
}
- $ea = new \SAML2\EncryptedAssertion();
+ $ea = new EncryptedAssertion();
$ea->setAssertion($assertion, $key);
return $ea;
}
diff --git a/modules/saml/lib/IdP/SQLNameID.php b/modules/saml/lib/IdP/SQLNameID.php
index e62f77f0f76787b89500621397dbc74cec1b2aef..8ea3db41dc1d6bdbbe83e5d59afbcd83f5dce0eb 100644
--- a/modules/saml/lib/IdP/SQLNameID.php
+++ b/modules/saml/lib/IdP/SQLNameID.php
@@ -2,6 +2,10 @@
namespace SimpleSAML\Module\saml\IdP;
+use PDO;
+use SimpleSAML\Error;
+use SimpleSAML\Store;
+
/**
* Helper class for working with persistent NameIDs stored in SQL datastore.
*
@@ -15,7 +19,7 @@ class SQLNameID
* @param \SimpleSAML\Store\SQL $store The datastore.
* @return void
*/
- private static function createTable(\SimpleSAML\Store\SQL $store)
+ private static function createTable(Store\SQL $store)
{
if ($store->getTableVersion('saml_PersistentNameID') === 1) {
return;
@@ -47,9 +51,9 @@ class SQLNameID
*/
private static function getStore()
{
- $store = \SimpleSAML\Store::getInstance();
- if (!($store instanceof \SimpleSAML\Store\SQL)) {
- throw new \SimpleSAML\Error\Exception(
+ $store = Store::getInstance();
+ if (!($store instanceof Store\SQL)) {
+ throw new Error\Exception(
'SQL NameID store requires SimpleSAMLphp to be configured with a SQL datastore.'
);
}
@@ -120,7 +124,7 @@ class SQLNameID
$query = $store->pdo->prepare($query);
$query->execute($params);
- $row = $query->fetch(\PDO::FETCH_ASSOC);
+ $row = $query->fetch(PDO::FETCH_ASSOC);
if ($row === false) {
// No NameID found
return null;
@@ -184,7 +188,7 @@ class SQLNameID
$query->execute($params);
$res = [];
- while (($row = $query->fetch(\PDO::FETCH_ASSOC)) !== false) {
+ while (($row = $query->fetch(PDO::FETCH_ASSOC)) !== false) {
$res[$row['_user']] = $row['_value'];
}
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index c68a2647cb7f597db4ec2f8fa3b2ee8ac77bba7a..5ef132ed20b7491a0e8c2d589ba54529002c0cdd 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -3,8 +3,23 @@
namespace SimpleSAML\Module\saml;
use RobRichards\XMLSecLibs\XMLSecurityKey;
+use SAML2\Assertion;
+use SAML2\AuthnRequest;
use SAML2\Constants;
+use SAML2\EncryptedAssertion;
+use SAML2\LogoutRequest;
+use SAML2\LogoutResponse;
+use SAML2\Response;
+use SAML2\SignedElement;
+use SAML2\StatusResponse;
+use SAML2\XML\ds\KeyInfo;
+use SAML2\XML\ds\X509Certificate;
+use SAML2\XML\ds\X509Data;
use SAML2\XML\saml\Issuer;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error as SSP_Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Utils;
/**
* Common code for building SAML 2 messages based on the available metadata.
@@ -22,18 +37,18 @@ class Message
* @return void
*/
public static function addSign(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata,
- \SAML2\SignedElement $element
+ Configuration $srcMetadata,
+ Configuration $dstMetadata,
+ SignedElement $element
) {
$dstPrivateKey = $dstMetadata->getString('signature.privatekey', null);
if ($dstPrivateKey !== null) {
- $keyArray = \SimpleSAML\Utils\Crypto::loadPrivateKey($dstMetadata, true, 'signature.');
- $certArray = \SimpleSAML\Utils\Crypto::loadPublicKey($dstMetadata, false, 'signature.');
+ $keyArray = Utils\Crypto::loadPrivateKey($dstMetadata, true, 'signature.');
+ $certArray = Utils\Crypto::loadPublicKey($dstMetadata, false, 'signature.');
} else {
- $keyArray = \SimpleSAML\Utils\Crypto::loadPrivateKey($srcMetadata, true);
- $certArray = \SimpleSAML\Utils\Crypto::loadPublicKey($srcMetadata, false);
+ $keyArray = Utils\Crypto::loadPrivateKey($srcMetadata, true);
+ $certArray = Utils\Crypto::loadPublicKey($srcMetadata, false);
}
$algo = $dstMetadata->getString('signature.algorithm', null);
@@ -72,18 +87,18 @@ class Message
* @return void
*/
private static function addRedirectSign(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata,
+ Configuration $srcMetadata,
+ Configuration $dstMetadata,
\SAML2\Message $message
) {
$signingEnabled = null;
- if ($message instanceof \SAML2\LogoutRequest || $message instanceof \SAML2\LogoutResponse) {
+ if ($message instanceof LogoutRequest || $message instanceof LogoutResponse) {
$signingEnabled = $srcMetadata->getBoolean('sign.logout', null);
if ($signingEnabled === null) {
$signingEnabled = $dstMetadata->getBoolean('sign.logout', null);
}
- } elseif ($message instanceof \SAML2\AuthnRequest) {
+ } elseif ($message instanceof AuthnRequest) {
$signingEnabled = $srcMetadata->getBoolean('sign.authnrequest', null);
if ($signingEnabled === null) {
$signingEnabled = $dstMetadata->getBoolean('sign.authnrequest', null);
@@ -136,7 +151,7 @@ class Message
$candidates = "'".implode("', '", $candidates)."'";
$fps = "'".implode("', '", $certFingerprints)."'";
- throw new \SimpleSAML\Error\Exception('Unable to find a certificate matching the configured '.
+ throw new SSP_Error\Exception('Unable to find a certificate matching the configured '.
'fingerprint. Candidates: '.$candidates.'; certFingerprint: '.$fps.'.');
}
@@ -151,7 +166,7 @@ class Message
* @throws \SimpleSAML\Error\Exception if there is not certificate in the metadata for the entity.
* @throws \Exception if the signature validation fails with an exception.
*/
- public static function checkSign(\SimpleSAML\Configuration $srcMetadata, \SAML2\SignedElement $element)
+ public static function checkSign(Configuration $srcMetadata, SignedElement $element)
{
// find the public key that should verify signatures by this entity
$keys = $srcMetadata->getPublicKeys('signing');
@@ -165,11 +180,11 @@ class Message
"-----END CERTIFICATE-----\n";
break;
default:
- \SimpleSAML\Logger::debug('Skipping unknown key type: '.$key['type']);
+ Logger::debug('Skipping unknown key type: '.$key['type']);
}
}
} elseif ($srcMetadata->hasValue('certFingerprint')) {
- \SimpleSAML\Logger::notice(
+ Logger::notice(
"Validating certificates by fingerprint is deprecated. Please use ".
"certData or certificate options in your remote metadata configuration."
);
@@ -184,22 +199,22 @@ class Message
// we don't have the full certificate stored. Try to find it in the message or the assertion instead
if (count($certificates) === 0) {
/* We need the full certificate in order to match it against the fingerprint. */
- \SimpleSAML\Logger::debug('No certificate in message when validating against fingerprint.');
+ Logger::debug('No certificate in message when validating against fingerprint.');
return false;
} else {
- \SimpleSAML\Logger::debug('Found '.count($certificates).' certificates in '.get_class($element));
+ Logger::debug('Found '.count($certificates).' certificates in '.get_class($element));
}
$pemCert = self::findCertificate($certFingerprint, $certificates);
$pemKeys = [$pemCert];
} else {
- throw new \SimpleSAML\Error\Exception(
+ throw new SSP_Error\Exception(
'Missing certificate in metadata for '.
var_export($srcMetadata->getString('entityid'), true)
);
}
- \SimpleSAML\Logger::debug('Has '.count($pemKeys).' candidate keys for validation.');
+ Logger::debug('Has '.count($pemKeys).' candidate keys for validation.');
$lastException = null;
foreach ($pemKeys as $i => $pem) {
@@ -210,12 +225,12 @@ class Message
// make sure that we have a valid signature on either the response or the assertion
$res = $element->validate($key);
if ($res) {
- \SimpleSAML\Logger::debug('Validation with key #'.$i.' succeeded.');
+ Logger::debug('Validation with key #'.$i.' succeeded.');
return true;
}
- \SimpleSAML\Logger::debug('Validation with key #'.$i.' failed without exception.');
+ Logger::debug('Validation with key #'.$i.' failed without exception.');
} catch (\Exception $e) {
- \SimpleSAML\Logger::debug('Validation with key #'.$i.' failed with exception: '.$e->getMessage());
+ Logger::debug('Validation with key #'.$i.' failed with exception: '.$e->getMessage());
$lastException = $e;
}
}
@@ -240,17 +255,17 @@ class Message
* @throws \SimpleSAML\Error\Exception if message validation is enabled, but there is no signature in the message.
*/
public static function validateMessage(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata,
+ Configuration $srcMetadata,
+ Configuration $dstMetadata,
\SAML2\Message $message
) {
$enabled = null;
- if ($message instanceof \SAML2\LogoutRequest || $message instanceof \SAML2\LogoutResponse) {
+ if ($message instanceof LogoutRequest || $message instanceof LogoutResponse) {
$enabled = $srcMetadata->getBoolean('validate.logout', null);
if ($enabled === null) {
$enabled = $dstMetadata->getBoolean('validate.logout', null);
}
- } elseif ($message instanceof \SAML2\AuthnRequest) {
+ } elseif ($message instanceof AuthnRequest) {
$enabled = $srcMetadata->getBoolean('validate.authnrequest', null);
if ($enabled === null) {
$enabled = $dstMetadata->getBoolean('validate.authnrequest', null);
@@ -269,7 +284,7 @@ class Message
}
if (!self::checkSign($srcMetadata, $message)) {
- throw new \SimpleSAML\Error\Exception(
+ throw new SSP_Error\Exception(
'Validation of received messages enabled, but no signature found on message.'
);
}
@@ -285,8 +300,8 @@ class Message
* @return array Array of decryption keys.
*/
public static function getDecryptionKeys(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata
+ Configuration $srcMetadata,
+ Configuration $dstMetadata
) {
$sharedKey = $srcMetadata->getString('sharedkey', null);
if ($sharedKey !== null) {
@@ -298,7 +313,7 @@ class Message
$keys = [];
// load the new private key if it exists
- $keyArray = \SimpleSAML\Utils\Crypto::loadPrivateKey($dstMetadata, false, 'new_');
+ $keyArray = Utils\Crypto::loadPrivateKey($dstMetadata, false, 'new_');
if ($keyArray !== null) {
assert(isset($keyArray['PEM']));
@@ -311,7 +326,7 @@ class Message
}
// find the existing private key
- $keyArray = \SimpleSAML\Utils\Crypto::loadPrivateKey($dstMetadata, true);
+ $keyArray = Utils\Crypto::loadPrivateKey($dstMetadata, true);
assert(isset($keyArray['PEM']));
$key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, ['type' => 'private']);
@@ -336,8 +351,8 @@ class Message
* @return array Array of blacklisted algorithms.
*/
public static function getBlacklistedAlgorithms(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata
+ Configuration $srcMetadata,
+ Configuration $dstMetadata
) {
$blacklist = $srcMetadata->getArray('encryption.blacklisted-algorithms', null);
if ($blacklist === null) {
@@ -361,13 +376,13 @@ class Message
* @throws \Exception if decryption fails for whatever reason.
*/
private static function decryptAssertion(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata,
+ Configuration $srcMetadata,
+ Configuration $dstMetadata,
$assertion
) {
- assert($assertion instanceof \SAML2\Assertion || $assertion instanceof \SAML2\EncryptedAssertion);
+ assert($assertion instanceof Assertion || $assertion instanceof EncryptedAssertion);
- if ($assertion instanceof \SAML2\Assertion) {
+ if ($assertion instanceof Assertion) {
$encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', null);
if ($encryptAssertion === null) {
$encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', false);
@@ -383,7 +398,7 @@ class Message
try {
$keys = self::getDecryptionKeys($srcMetadata, $dstMetadata);
} catch (\Exception $e) {
- throw new \SimpleSAML\Error\Exception('Error decrypting assertion: '.$e->getMessage());
+ throw new SSP_Error\Exception('Error decrypting assertion: '.$e->getMessage());
}
$blacklist = self::getBlacklistedAlgorithms($srcMetadata, $dstMetadata);
@@ -392,10 +407,10 @@ class Message
foreach ($keys as $i => $key) {
try {
$ret = $assertion->getAssertion($key, $blacklist);
- \SimpleSAML\Logger::debug('Decryption with key #'.$i.' succeeded.');
+ Logger::debug('Decryption with key #'.$i.' succeeded.');
return $ret;
} catch (\Exception $e) {
- \SimpleSAML\Logger::debug('Decryption with key #'.$i.' failed with exception: '.$e->getMessage());
+ Logger::debug('Decryption with key #'.$i.' failed with exception: '.$e->getMessage());
$lastException = $e;
}
}
@@ -417,9 +432,9 @@ class Message
* @throws \SimpleSAML\Error\Exception if we cannot get the decryption keys or decryption fails.
*/
private static function decryptAttributes(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata,
- \SAML2\Assertion &$assertion
+ Configuration $srcMetadata,
+ Configuration $dstMetadata,
+ Assertion &$assertion
) {
if (!$assertion->hasEncryptedAttributes()) {
return;
@@ -428,7 +443,7 @@ class Message
try {
$keys = self::getDecryptionKeys($srcMetadata, $dstMetadata);
} catch (\Exception $e) {
- throw new \SimpleSAML\Error\Exception('Error decrypting attributes: '.$e->getMessage());
+ throw new SSP_Error\Exception('Error decrypting attributes: '.$e->getMessage());
}
$blacklist = self::getBlacklistedAlgorithms($srcMetadata, $dstMetadata);
@@ -437,15 +452,15 @@ class Message
foreach ($keys as $i => $key) {
try {
$assertion->decryptAttributes($key, $blacklist);
- \SimpleSAML\Logger::debug('Attribute decryption with key #'.$i.' succeeded.');
+ Logger::debug('Attribute decryption with key #'.$i.' succeeded.');
$error = false;
break;
} catch (\Exception $e) {
- \SimpleSAML\Logger::debug('Attribute decryption failed with exception: '.$e->getMessage());
+ Logger::debug('Attribute decryption failed with exception: '.$e->getMessage());
}
}
if ($error) {
- throw new \SimpleSAML\Error\Exception('Could not decrypt the attributes');
+ throw new SSP_Error\Exception('Could not decrypt the attributes');
}
}
@@ -457,7 +472,7 @@ class Message
*
* @return \SimpleSAML\Module\saml\Error The error.
*/
- public static function getResponseError(\SAML2\StatusResponse $response)
+ public static function getResponseError(StatusResponse $response)
{
$status = $response->getStatus();
return new \SimpleSAML\Module\saml\Error($status['Code'], $status['SubCode'], $status['Message']);
@@ -472,10 +487,10 @@ class Message
* @return \SAML2\AuthnRequest An authentication request object.
*/
public static function buildAuthnRequest(
- \SimpleSAML\Configuration $spMetadata,
- \SimpleSAML\Configuration $idpMetadata
+ Configuration $spMetadata,
+ Configuration $idpMetadata
) {
- $ar = new \SAML2\AuthnRequest();
+ $ar = new AuthnRequest();
// get the NameIDPolicy to apply. IdP metadata has precedence.
$nameIdPolicy = null;
@@ -485,7 +500,7 @@ class Message
$nameIdPolicy = $spMetadata->getValue('NameIDPolicy');
}
- $policy = \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy($nameIdPolicy);
+ $policy = Utils\Config\Metadata::parseNameIdPolicy($nameIdPolicy);
if ($policy !== null) {
// either we have a policy set, or we used the transient default
$ar->setNameIdPolicy($policy);
@@ -495,15 +510,15 @@ class Message
$ar->setIsPassive($spMetadata->getBoolean('IsPassive', false));
$protbind = $spMetadata->getValueValidate('ProtocolBinding', [
- \SAML2\Constants::BINDING_HTTP_POST,
- \SAML2\Constants::BINDING_HOK_SSO,
- \SAML2\Constants::BINDING_HTTP_ARTIFACT,
- \SAML2\Constants::BINDING_HTTP_REDIRECT,
- ], \SAML2\Constants::BINDING_HTTP_POST);
+ Constants::BINDING_HTTP_POST,
+ Constants::BINDING_HOK_SSO,
+ Constants::BINDING_HTTP_ARTIFACT,
+ Constants::BINDING_HTTP_REDIRECT,
+ ], Constants::BINDING_HTTP_POST);
// Shoaib: setting the appropriate binding based on parameter in sp-metadata defaults to HTTP_POST
$ar->setProtocolBinding($protbind);
- $issuer = new \SAML2\XML\saml\Issuer();
+ $issuer = new Issuer();
$issuer->setValue($spMetadata->getString('entityid'));
$ar->setIssuer($issuer);
$ar->setAssertionConsumerServiceIndex($spMetadata->getInteger('AssertionConsumerServiceIndex', null));
@@ -512,11 +527,11 @@ class Message
if ($spMetadata->hasValue('AuthnContextClassRef')) {
$accr = $spMetadata->getArrayizeString('AuthnContextClassRef');
$comp = $spMetadata->getValueValidate('AuthnContextComparison', [
- \SAML2\Constants::COMPARISON_EXACT,
- \SAML2\Constants::COMPARISON_MINIMUM,
- \SAML2\Constants::COMPARISON_MAXIMUM,
- \SAML2\Constants::COMPARISON_BETTER,
- ], \SAML2\Constants::COMPARISON_EXACT);
+ Constants::COMPARISON_EXACT,
+ Constants::COMPARISON_MINIMUM,
+ Constants::COMPARISON_MAXIMUM,
+ Constants::COMPARISON_BETTER,
+ ], Constants::COMPARISON_EXACT);
$ar->setRequestedAuthnContext(['AuthnContextClassRef' => $accr, 'Comparison' => $comp]);
}
@@ -534,10 +549,10 @@ class Message
* @return \SAML2\LogoutRequest A logout request object.
*/
public static function buildLogoutRequest(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata
+ Configuration $srcMetadata,
+ Configuration $dstMetadata
) {
- $lr = new \SAML2\LogoutRequest();
+ $lr = new LogoutRequest();
$issuer = new Issuer();
$issuer->setValue($srcMetadata->getString('entityid'));
$issuer->setFormat(Constants::NAMEID_ENTITY);
@@ -557,10 +572,10 @@ class Message
* @return \SAML2\LogoutResponse A logout response object.
*/
public static function buildLogoutResponse(
- \SimpleSAML\Configuration $srcMetadata,
- \SimpleSAML\Configuration $dstMetadata
+ Configuration $srcMetadata,
+ Configuration $dstMetadata
) {
- $lr = new \SAML2\LogoutResponse();
+ $lr = new LogoutResponse();
$issuer = new Issuer();
$issuer->setValue($srcMetadata->getString('entityid'));
$issuer->setFormat(Constants::NAMEID_ENTITY);
@@ -587,16 +602,16 @@ class Message
* @throws \Exception if the destination of the response does not match the current URL.
*/
public static function processResponse(
- \SimpleSAML\Configuration $spMetadata,
- \SimpleSAML\Configuration $idpMetadata,
- \SAML2\Response $response
+ Configuration $spMetadata,
+ Configuration $idpMetadata,
+ Response $response
) {
if (!$response->isSuccess()) {
throw self::getResponseError($response);
}
// validate Response-element destination
- $currentURL = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery();
+ $currentURL = Utils\HTTP::getSelfURLNoQuery();
$msgDestination = $response->getDestination();
if ($msgDestination !== null && $msgDestination !== $currentURL) {
throw new \Exception('Destination in response doesn\'t match the current URL. Destination is "'.
@@ -611,7 +626,7 @@ class Message
*/
$assertion = $response->getAssertions();
if (empty($assertion)) {
- throw new \SimpleSAML\Error\Exception('No assertions found in response from IdP.');
+ throw new SSP_Error\Exception('No assertions found in response from IdP.');
}
$ret = [];
@@ -640,13 +655,13 @@ class Message
* @throws \Exception if we couldn't decrypt the NameID for unexpected reasons.
*/
private static function processAssertion(
- \SimpleSAML\Configuration $spMetadata,
- \SimpleSAML\Configuration $idpMetadata,
- \SAML2\Response $response,
+ Configuration $spMetadata,
+ Configuration $idpMetadata,
+ Response $response,
$assertion,
$responseSigned
) {
- assert($assertion instanceof \SAML2\Assertion || $assertion instanceof \SAML2\EncryptedAssertion);
+ assert($assertion instanceof Assertion || $assertion instanceof EncryptedAssertion);
assert(is_bool($responseSigned));
$assertion = self::decryptAssertion($idpMetadata, $spMetadata, $assertion);
@@ -654,14 +669,14 @@ class Message
if (!self::checkSign($idpMetadata, $assertion)) {
if (!$responseSigned) {
- throw new \SimpleSAML\Error\Exception('Neither the assertion nor the response was signed.');
+ throw new SSP_Error\Exception('Neither the assertion nor the response was signed.');
}
} // at least one valid signature found
- $currentURL = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery();
+ $currentURL = Utils\HTTP::getSelfURLNoQuery();
// check various properties of the assertion
- $config = \SimpleSAML\Configuration::getInstance();
+ $config = Configuration::getInstance();
$allowed_clock_skew = $config->getInteger('assertion.allowed_clock_skew', 180);
$options = [
'options' => [
@@ -673,19 +688,19 @@ class Message
$allowed_clock_skew = filter_var($allowed_clock_skew, FILTER_VALIDATE_INT, $options);
$notBefore = $assertion->getNotBefore();
if ($notBefore !== null && $notBefore > time() + $allowed_clock_skew) {
- throw new \SimpleSAML\Error\Exception(
+ throw new SSP_Error\Exception(
'Received an assertion that is valid in the future. Check clock synchronization on IdP and SP.'
);
}
$notOnOrAfter = $assertion->getNotOnOrAfter();
if ($notOnOrAfter !== null && $notOnOrAfter <= time() - $allowed_clock_skew) {
- throw new \SimpleSAML\Error\Exception(
+ throw new SSP_Error\Exception(
'Received an assertion that has expired. Check clock synchronization on IdP and SP.'
);
}
$sessionNotOnOrAfter = $assertion->getSessionNotOnOrAfter();
if ($sessionNotOnOrAfter !== null && $sessionNotOnOrAfter <= time() - $allowed_clock_skew) {
- throw new \SimpleSAML\Error\Exception(
+ throw new SSP_Error\Exception(
'Received an assertion with a session that has expired. Check clock synchronization on IdP and SP.'
);
}
@@ -694,14 +709,14 @@ class Message
$spEntityId = $spMetadata->getString('entityid');
if (!in_array($spEntityId, $validAudiences, true)) {
$candidates = '['.implode('], [', $validAudiences).']';
- throw new \SimpleSAML\Error\Exception('This SP ['.$spEntityId.
+ throw new SSP_Error\Exception('This SP ['.$spEntityId.
'] is not a valid audience for the assertion. Candidates were: '.$candidates);
}
}
$found = false;
$lastError = 'No SubjectConfirmation element in Subject.';
- $validSCMethods = [\SAML2\Constants::CM_BEARER, \SAML2\Constants::CM_HOK, \SAML2\Constants::CM_VOUCHES];
+ $validSCMethods = [Constants::CM_BEARER, Constants::CM_HOK, Constants::CM_VOUCHES];
foreach ($assertion->getSubjectConfirmation() as $sc) {
$method = $sc->getMethod();
if (!in_array($method, $validSCMethods, true)) {
@@ -714,20 +729,20 @@ class Message
if ($hok === null) {
$hok = $spMetadata->getBoolean('saml20.hok.assertion', false);
}
- if ($method === \SAML2\Constants::CM_BEARER && $hok) {
+ if ($method === Constants::CM_BEARER && $hok) {
$lastError = 'Bearer SubjectConfirmation received, but Holder-of-Key SubjectConfirmation needed';
continue;
}
- if ($method === \SAML2\Constants::CM_HOK && !$hok) {
+ if ($method === Constants::CM_HOK && !$hok) {
$lastError = 'Holder-of-Key SubjectConfirmation received, '.
'but the Holder-of-Key profile is not enabled.';
continue;
}
$scd = $sc->getSubjectConfirmationData();
- if ($method === \SAML2\Constants::CM_HOK) {
+ if ($method === Constants::CM_HOK) {
// check HoK Assertion
- if (\SimpleSAML\Utils\HTTP::isHTTPS() === false) {
+ if (Utils\HTTP::isHTTPS() === false) {
$lastError = 'No HTTPS connection, but required for Holder-of-Key SSO';
continue;
}
@@ -748,7 +763,7 @@ class Message
$keyInfo = [];
foreach ($scd->info as $thing) {
- if ($thing instanceof \SAML2\XML\ds\KeyInfo) {
+ if ($thing instanceof KeyInfo) {
$keyInfo[] = $thing;
}
}
@@ -760,7 +775,7 @@ class Message
$x509data = [];
foreach ($keyInfo[0]->info as $thing) {
- if ($thing instanceof \SAML2\XML\ds\X509Data) {
+ if ($thing instanceof X509Data) {
$x509data[] = $thing;
}
}
@@ -772,7 +787,7 @@ class Message
$x509cert = [];
foreach ($x509data[0]->data as $thing) {
- if ($thing instanceof \SAML2\XML\ds\X509Certificate) {
+ if ($thing instanceof X509Certificate) {
$x509cert[] = $thing;
}
}
@@ -825,7 +840,7 @@ class Message
break;
}
if (!$found) {
- throw new \SimpleSAML\Error\Exception('Error validating SubjectConfirmation in Assertion: '.$lastError);
+ throw new SSP_Error\Exception('Error validating SubjectConfirmation in Assertion: '.$lastError);
} // as far as we can tell, the assertion is valid
// maybe we need to base64 decode the attributes in the assertion?
@@ -848,7 +863,7 @@ class Message
try {
$keys = self::getDecryptionKeys($idpMetadata, $spMetadata);
} catch (\Exception $e) {
- throw new \SimpleSAML\Error\Exception('Error decrypting NameID: '.$e->getMessage());
+ throw new SSP_Error\Exception('Error decrypting NameID: '.$e->getMessage());
}
$blacklist = self::getBlacklistedAlgorithms($idpMetadata, $spMetadata);
@@ -857,11 +872,11 @@ class Message
foreach ($keys as $i => $key) {
try {
$assertion->decryptNameId($key, $blacklist);
- \SimpleSAML\Logger::debug('Decryption with key #'.$i.' succeeded.');
+ Logger::debug('Decryption with key #'.$i.' succeeded.');
$lastException = null;
break;
} catch (\Exception $e) {
- \SimpleSAML\Logger::debug('Decryption with key #'.$i.' failed with exception: '.$e->getMessage());
+ Logger::debug('Decryption with key #'.$i.' failed with exception: '.$e->getMessage());
$lastException = $e;
}
}
@@ -883,7 +898,7 @@ class Message
*
* @throws \SimpleSAML\Error\Exception if there is no supported encryption key in the metadata of this entity.
*/
- public static function getEncryptionKey(\SimpleSAML\Configuration $metadata)
+ public static function getEncryptionKey(Configuration $metadata)
{
$sharedKey = $metadata->getString('sharedkey', null);
@@ -906,7 +921,7 @@ class Message
}
}
- throw new \SimpleSAML\Error\Exception('No supported encryption key in '.
+ throw new SSP_Error\Exception('No supported encryption key in '.
var_export($metadata->getString('entityid'), true));
}
}
diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index 234380fa3224a7f4d019fdd15fe2333db981bb32..94c06782ec3745f98c99e722ef868bb4fcb8844c 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -2,6 +2,13 @@
namespace SimpleSAML\Module\saml\SP;
+use PDO;
+use SAML2\XML\saml\NameID;
+use SimpleSAML\Logger;
+use SimpleSAML\Session;
+use SimpleSAML\Store;
+use SimpleSAML\Utils;
+
/**
* A directory over logout information.
*
@@ -16,7 +23,7 @@ class LogoutStore
* @param \SimpleSAML\Store\SQL $store The datastore.
* @return void
*/
- private static function createLogoutTable(\SimpleSAML\Store\SQL $store)
+ private static function createLogoutTable(Store\SQL $store)
{
$tableVer = $store->getTableVersion('saml_LogoutStore');
if ($tableVer === 2) {
@@ -38,7 +45,7 @@ class LogoutStore
try {
$store->pdo->exec($query);
} catch (\Exception $e) {
- \SimpleSAML\Logger::warning('Database error: '.var_export($store->pdo->errorInfo(), true));
+ Logger::warning('Database error: '.var_export($store->pdo->errorInfo(), true));
return;
}
$store->setTableVersion('saml_LogoutStore', 2);
@@ -73,9 +80,9 @@ class LogoutStore
* @param \SimpleSAML\Store\SQL $store The datastore.
* @return void
*/
- private static function cleanLogoutStore(\SimpleSAML\Store\SQL $store)
+ private static function cleanLogoutStore(Store\SQL $store)
{
- \SimpleSAML\Logger::debug('saml.LogoutStore: Cleaning logout store.');
+ Logger::debug('saml.LogoutStore: Cleaning logout store.');
$query = 'DELETE FROM '.$store->prefix.'_saml_LogoutStore WHERE _expire < :now';
$params = ['now' => gmdate('Y-m-d H:i:s')];
@@ -97,7 +104,7 @@ class LogoutStore
* @return void
*/
private static function addSessionSQL(
- \SimpleSAML\Store\SQL $store,
+ Store\SQL $store,
$authId,
$nameId,
$sessionIndex,
@@ -139,7 +146,7 @@ class LogoutStore
* @param string $nameId The hash of the users NameID.
* @return array Associative array of SessionIndex => SessionId.
*/
- private static function getSessionsSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId)
+ private static function getSessionsSQL(Store\SQL $store, $authId, $nameId)
{
assert(is_string($authId));
assert(is_string($nameId));
@@ -159,7 +166,7 @@ class LogoutStore
$query->execute($params);
$res = [];
- while (($row = $query->fetch(\PDO::FETCH_ASSOC)) !== false) {
+ while (($row = $query->fetch(PDO::FETCH_ASSOC)) !== false) {
$res[$row['_sessionindex']] = $row['_sessionid'];
}
@@ -176,7 +183,7 @@ class LogoutStore
* @param array $sessionIndexes The session indexes.
* @return array Associative array of SessionIndex => SessionId.
*/
- private static function getSessionsStore(\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes)
+ private static function getSessionsStore(Store $store, $authId, $nameId, array $sessionIndexes)
{
assert(is_string($authId));
assert(is_string($nameId));
@@ -222,10 +229,10 @@ class LogoutStore
* it supports SLO, but we don't want an LogoutRequest with a specific
* SessionIndex to match this session. We therefore generate our own session index.
*/
- $sessionIndex = \SimpleSAML\Utils\Random::generateID();
+ $sessionIndex = Utils\Random::generateID();
}
- $store = \SimpleSAML\Store::getInstance();
+ $store = Store::getInstance();
if ($store === false) {
// We don't have a datastore.
return;
@@ -234,7 +241,7 @@ class LogoutStore
// serialize and anonymize the NameID
// TODO: remove this conditional statement
if (is_array($nameId)) {
- $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
+ $nameId = NameID::fromArray($nameId);
}
$strNameId = serialize($nameId);
$strNameId = sha1($strNameId);
@@ -244,10 +251,10 @@ class LogoutStore
$sessionIndex = sha1($sessionIndex);
}
- $session = \SimpleSAML\Session::getSessionFromRequest();
+ $session = Session::getSessionFromRequest();
$sessionId = $session->getSessionId();
- if ($store instanceof \SimpleSAML\Store\SQL) {
+ if ($store instanceof Store\SQL) {
self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);
} else {
$store->set('saml.LogoutStore', $strNameId.':'.$sessionIndex, $sessionId, $expire);
@@ -267,7 +274,7 @@ class LogoutStore
{
assert(is_string($authId));
- $store = \SimpleSAML\Store::getInstance();
+ $store = Store::getInstance();
if ($store === false) {
// We don't have a datastore
return false;
@@ -276,7 +283,7 @@ class LogoutStore
// serialize and anonymize the NameID
// TODO: remove this conditional statement
if (is_array($nameId)) {
- $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
+ $nameId = NameID::fromArray($nameId);
}
$strNameId = serialize($nameId);
$strNameId = sha1($strNameId);
@@ -292,7 +299,7 @@ class LogoutStore
// Remove reference
unset($sessionIndex);
- if ($store instanceof \SimpleSAML\Store\SQL) {
+ if ($store instanceof Store\SQL) {
$sessions = self::getSessionsSQL($store, $authId, $strNameId);
} elseif (empty($sessionIndexes)) {
// We cannot fetch all sessions without a SQL store
@@ -309,26 +316,26 @@ class LogoutStore
$numLoggedOut = 0;
foreach ($sessionIndexes as $sessionIndex) {
if (!isset($sessions[$sessionIndex])) {
- \SimpleSAML\Logger::info('saml.LogoutStore: Logout requested for unknown SessionIndex.');
+ Logger::info('saml.LogoutStore: Logout requested for unknown SessionIndex.');
continue;
}
$sessionId = $sessions[$sessionIndex];
- $session = \SimpleSAML\Session::getSession($sessionId);
+ $session = Session::getSession($sessionId);
if ($session === null) {
- \SimpleSAML\Logger::info('saml.LogoutStore: Skipping logout of missing session.');
+ Logger::info('saml.LogoutStore: Skipping logout of missing session.');
continue;
}
if (!$session->isValid($authId)) {
- \SimpleSAML\Logger::info(
+ Logger::info(
'saml.LogoutStore: Skipping logout of session because it isn\'t authenticated.'
);
continue;
}
- \SimpleSAML\Logger::info(
+ Logger::info(
'saml.LogoutStore: Logging out of session with trackId ['.$session->getTrackID().'].'
);
$session->doLogout($authId);