Progress on the SAML 2.0 XML Meta data handler... Added a separate sipleXML...

Progress on the SAML 2.0 XML Meta data handler... Added a separate sipleXML parser, that I will reuse other places in the code.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@148 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php

@@ -11,6 +11,7 @@
 
 require_once('SimpleSAML/Configuration.php');
 require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/XML/Parser.php');
 require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
 
 /**
@@ -19,6 +20,7 @@ require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
 class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Metadata_MetaDataStorageHandler {
 
 
+	static var $cachedfiles = array();
 
 	/* This constructor is included in case it is needed in the the
 	 * future. Including it now allows us to write parent::__construct() in
@@ -32,65 +34,50 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
 		$metadata = null;
 		if (!in_array($set, array(
 			'saml20-sp-hosted', 'saml20-sp-remote','saml20-idp-hosted', 'saml20-idp-remote',
-			'shib13-sp-hosted', 'shib13-sp-remote', 'shib13-idp-hosted', 'shib13-idp-remote',
-			'openid-provider'))) {
+			'shib13-sp-hosted', 'shib13-sp-remote', 'shib13-idp-hosted', 'shib13-idp-remote' ))) {
 				throw new Exception('Trying to load illegal set of Meta data [' . $set . ']');
 		}
 		
+		$settofile = array(
+			'saml20-sp-hosted' => 'saml20-hosted',
+			'saml20-idp-hosted' => 'saml20-hosted',
+			'saml20-sp-remote' => 'saml20-remote',
+			'saml20-idp-remote' => 'saml20-remote',
+			'shib13-sp-hosted' => 'shib13-hosted',
+			'shib13-idp-hosted' => 'shib13-hosted',
+			'shib13-sp-remote' => 'shib13-remote',
+			'shib13-idp-remote' => 'shib13-remote'
+		);
+		
 		/* Get the configuration. */
 		$config = SimpleSAML_Configuration::getInstance();
 		assert($config instanceof SimpleSAML_Configuration);
-		
-		$metadatasetfile = $config->getBaseDir() . '/' . 
-			$config->getValue('metadatadir') . '/xml/' . $set . '.xml';
-		
-		
-		if (!file_exists($metadatasetfile)) throw new Exception('Could not find SAML 2.0 Metadata file :'. $metadatasetfile);
-		
-		#$metadata = file_get_contents($metadatasetfile);
-		
-		// for now testing with the shib aai metadata...
-		$metadata = file_get_contents("http://www.switch.ch/aai/federation/SWITCHaai/metadata.switchaai_signed.xml");
-		echo '<pre>';
-		
-		$simplexml_metadata = new SimpleXMLElement($metadata);
-		$simplexml_metadata->registerXPathNamespace('saml2meta', 'urn:oasis:names:tc:SAML:2.0:metadata');
-		
-		$idpentities = $simplexml_metadata->xpath('/saml2meta:EntitiesDescriptor/saml2meta:EntityDescriptor[./saml2meta:IDPSSODescriptor]');
-		
-		if (!$idpentities) throw new Exception('Could not find any entity descriptors in the meta data file: ' . $metadatasetfile);
-		foreach ($idpentities as $idpentity) {
-			echo 'Entity: ' . $idpentity['entityID'][0] . "\n";
-			
-			$newmeta = array('entityid' => (string) $idpentity['entityID']);
-			
-			#$idpentity['xmlns'] = 'urn:oasis:names:tc:SAML:2.0:metadata';
-			
-			$namespaces = $idpentity->getNamespaces();
-			
-			foreach ($namespaces AS $prefix => $ns) {
-				$newmeta[($prefix === '') ? 'xmlns' : 'xmlns:' . $prefix)] = $ns;
-			}
-			
-			$simplexml_metadata_entry = new SimpleXMLElement($idpentity->asXML());
-			$simplexml_metadata_entry->registerXPathNamespace('saml2meta', 'urn:oasis:names:tc:SAML:2.0:metadata');
-			
-			
-			$entry = $simplexml_metadata_entry->xpath("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:SingleSignOnService[@Binding='urn:mace:shibboleth:1.0:profiles:AuthnRequest']/@Location");
-			
-			$newmeta['SingleSignOnService'] = (string)$entry[0]['Location'];
-			
-			echo 'Entry: ';
-			print_r($newmeta);
 
-		}
 		
+		$metadatasetfile = $config->getBaseDir() . '' . 
+			$config->getValue('metadatadir') . 'xml/' . $settofile[$set] . '.xml';
 		
-		//echo htmlentities($metadata);
-		echo '</pre>';
-				exit();
+		if (array_key_exists($metadatasetfile, $cachedfiles)) {
+			$metadata = self::$cachedfiles[$metadatasetfile];
+		} else {
+			if (!file_exists($metadatasetfile)) throw new Exception('Could not find SAML 2.0 Metadata file :'. $metadatasetfile);
 		
+			// for now testing with the shib aai metadata...
+			//$metadataxml = file_get_contents("http://www.switch.ch/aai/federation/SWITCHaai/metadata.switchaai_signed.xml");
+			$metadata = file_get_contents($metadatasetfile);
+		}
 
+		$metadata = null;
+		switch ($set) {
+			case 'saml20-idp-remote' : $metadata = $this->getmetadata_saml20idpremote($metadataxml); break;
+			case 'saml20-idp-hosted' : throw new Exception('Meta data parsing for SAML 2.0 IdP Hosted not yet implemented.');
+			case 'saml20-sp-remote' : throw new Exception('Meta data parsing for SAML 2.0 SP Remote not yet implemented.');
+			case 'saml20-sp-hosted' : throw new Exception('Meta data parsing for SAML 2.0 SP Hosted not yet implemented.');
+			case 'shib13-idp-remote' : $metadata = getmetadata_shib13idpremote($metadataxml); break;
+			case 'shib13-idp-hosted' : throw new Exception('Meta data parsing for Shib 1.3 IdP Hosted not yet implemented.');
+			case 'shib13-sp-remote' : throw new Exception('Meta data parsing for Shib 1.3 SP Remote not yet implemented.');
+			case 'shib13-sp-hosted' : throw new Exception('Meta data parsing for Shib 1.3 SP Hosted not yet implemented.');
+		}
 
 		
 		if (!is_array($metadata)) {
@@ -109,6 +96,66 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met
 	}
 	
 	
+	private function getmetadata_saml20idpremote($metadataxml) {
+		// Create a parser for the metadata document.
+		$metadata_parser = new SimpleSAML_XML_Parser($metadataxml);
+		
+		// Get all entries in the metadata.
+		$idpentities = $metadata_parser->simplexml->xpath('/saml2meta:EntitiesDescriptor/saml2meta:EntityDescriptor[./saml2meta:IDPSSODescriptor]');
+		if (!$idpentities) throw new Exception('Could not find any entity descriptors in the meta data file: ' . $metadatasetfile);
+		
+		// Array to hold the resulting metadata, to return at the end of this function.
+		$metadata = array();
+		
+		// Traverse all entries.
+		foreach ($idpentities as $idpentity) {
+			try {
+				$entityid = (string) $idpentity['entityID'];
+				if (!$entityid) throw new Exception('Could not find entityID in element');
+				
+				$metadata[$entityid] = array('entityid' => $entityid);				
+				$metadata_entry = SimpleSAML_XML_Parser::fromSimpleXMLElement($idpentity);
+				
+				$metadata[$entityid]['SingleSignOnService'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:SingleSignOnService[@Binding='urn:mace:shibboleth:1.0:profiles:AuthnRequest']/@Location", true);
+
+			} catch (Exception $e) {
+				echo 'Error reading one metadata entry: ' . $e;
+			}
+
+		}
+		return $metadata;
+	}
+	
+	private function getmetadata_shib13idpremote($metadataxml) {
+		// Create a parser for the metadata document.
+		$metadata_parser = new SimpleSAML_XML_Parser($metadataxml);
+		
+		// Get all entries in the metadata.
+		$idpentities = $metadata_parser->simplexml->xpath('/saml2meta:EntitiesDescriptor/saml2meta:EntityDescriptor[./saml2meta:IDPSSODescriptor]');
+		if (!$idpentities) throw new Exception('Could not find any entity descriptors in the meta data file: ' . $metadatasetfile);
+		
+		// Array to hold the resulting metadata, to return at the end of this function.
+		$metadata = array();
+		
+		// Traverse all entries.
+		foreach ($idpentities as $idpentity) {
+			try {
+				$entityid = (string) $idpentity['entityID'];
+				if (!$entityid) throw new Exception('Could not find entityID in element');
+				
+				$metadata[$entityid] = array('entityid' => $entityid);				
+				$metadata_entry = SimpleSAML_XML_Parser::fromSimpleXMLElement($idpentity);
+				
+				$metadata[$entityid]['SingleSignOnService'] = $metadata_entry->getValue("/saml2meta:EntityDescriptor/saml2meta:IDPSSODescriptor/saml2meta:SingleSignOnService[@Binding='urn:mace:shibboleth:1.0:profiles:AuthnRequest']/@Location", true);
+
+			} catch (Exception $e) {
+				echo 'Error reading one metadata entry: ' . $e;
+			}
+
+		}
+		return $metadata;
+	}
+	
 	public function getMetaData($entityid = null, $set = 'saml20-sp-hosted') {
 		if (!isset($entityid)) {
 			return $this->getMetaDataCurrent($set);

lib/SimpleSAML/XML/Parser.php

+<?php
+
+/*
+ * This file is part of simpleSAMLphp. See the file COPYING in the
+ * root of the distribution for licence information.
+ *
+ * This file will help doing XPath queries in SAML 2 XML documents.
+ */
+
+
+/**
+ * Configuration of SimpleSAMLphp
+ *
+ * This class should be extending SimpleXMLElement, but it is not because of some bugs:
+ * http://bugs.php.net/bug.php?id=32188&edit=1
+ */
+class SimpleSAML_XML_Parser  {
+
+	var $simplexml = null;
+	
+	function __construct($xml) {
+		#parent::construct($xml);
+		$this->simplexml = new SimpleXMLElement($xml);
+		$this->simplexml->registerXPathNamespace('saml2meta', 'urn:oasis:names:tc:SAML:2.0:metadata');
+	}
+	
+	public static function fromSimpleXMLElement(SimpleXMLElement $element) {
+		
+		// Traverse all existing namespaces in element.
+		$namespaces = $element->getNamespaces();
+		foreach ($namespaces AS $prefix => $ns) {
+			$element[(($prefix === '') ? 'xmlns' : 'xmlns:' . $prefix)] = $ns;
+		}
+		
+		/* Create a new parser with the xml document where the namespace definitions
+		 * are added.
+		 */
+		$parser = new SimpleSAML_XML_Parser($element->asXML());
+		return $parser;
+		
+	}
+	
+	public function getValue($xpath, $required = false) {
+		
+		$result = $this->simplexml->xpath($xpath);
+		if (! $result or !is_array($result)) {
+			if ($required) throw new Exception('Could not get value from XML document using the following XPath expression: ' . $xpath);
+				else return null;
+		}
+		return (string) $result[0];
+	}
+	
+}
+
+?>
\ No newline at end of file

templates/default/en/admin-metadatalist.php

+<?php $this->includeAtTemplateBase('includes/header.php'); ?>
+
+	<div id="header">
+		<h1>Metadata overview</h1>
+		<div id="poweredby"><img src="/<?php echo $data['baseurlpath']; ?>resources/icons/bino.png" alt="Bino" /></div>
+	</div>
+	
+	<div id="content">
+
+		<h2><?php if (isset($data['header'])) { echo $data['header']; } else { echo "Metadata overview"; } ?></h2>
+		
+		<p>Here is a list of metadata that is configured for your installation.</p>
+		
+		<p>[ <a href="../">Go back to installation main page</a> ]</p>
+		
+		<?php
+		
+		
+		function showEntry($header, $list) {
+		
+			echo '<h3>' . $header . '</h3>';
+		
+			foreach ($list AS $entityid => $entity) {
+				$name = $entityid;
+				if (isset($entity['optional.found']['name'])) $name = $entity['optional.found']['name'];
+
+				//print_r($entity);
+
+				echo '<h4>' . $name . '</h4>';
+				if (isset($entity['optional.found']['description'])) {
+					echo '<p>' . $entity['optional.found']['description'] . '</p>';
+				}
+				
+				echo '<p>Required fields</p>';
+				echo '<table style="width: 100%; border: 1px solid #eee"><tr><th>Key</th><th>Value</th></tr>';
+				foreach ($entity['required.found'] AS $key => $value) {
+					echo '<tr><td>' . $key . '</td><td>' . $value . '</td></tr>';
+				}
+				echo '</table>';
+	
+				if (count($entity['required.notfound']) > 0) {
+					echo '<p>The following required fields was not found:<ul>';
+					foreach ($entity['required.notfound'] AS $key) {
+						echo '<li>' . $key . '</li>';
+					}
+					echo '</ul>';				
+				}
+				
+				if (count($entity['optional.found']) > 0) {
+					echo '<p>Optional fields</p>';
+					echo '<table><tr><th>Key</th><th>Value</th></tr>';
+					foreach ($entity['optional.found'] AS $key => $value) {
+						echo '<tr><td>' . $key . '</td><td>' . $value . '</td></tr>';
+					}
+					echo '</table>';
+				}
+	
+				if (count($entity['optional.notfound']) > 0) {
+					echo '<p>The following optional fields was not found:<ul>';
+					foreach ($entity['optional.notfound'] AS $key) {
+						echo '<li>' . $key . '</li>';
+					}
+					echo '</ul>';				
+				}
+				
+				if (count($entity['leftovers']) > 0) {
+					echo '<p>The following fields was not reckognized:<ul>';
+					foreach ($entity['leftovers'] AS $key => $value) {
+						echo '<li>' . $key . '</li>';
+					}
+					echo '</ul>';				
+				}
+			
+			}
+		}
+		
+		
+		if (array_key_exists('metadata.saml20-sp-hosted', $data)) 
+			showEntry('SAML 2.0 Service Provider (Hosted)', $data['metadata.saml20-sp-hosted']);
+		if (array_key_exists('metadata.saml20-sp-remote', $data)) 
+			showEntry('SAML 2.0 Service Provider (Remote)', $data['metadata.saml20-sp-remote']);
+		if (array_key_exists('metadata.saml20-idp-hosted', $data)) 
+			showEntry('SAML 2.0 Identity Provider (Hosted)', $data['metadata.saml20-idp-hosted']);
+		if (array_key_exists('metadata.saml20-idp-remote', $data)) 
+			showEntry('SAML 2.0 Identity Provider (Remote)', $data['metadata.saml20-idp-remote']);
+
+		
+		?>
+
+		
+<?php $this->includeAtTemplateBase('includes/footer.php'); ?>

www/admin/metadata.php

@@ -25,6 +25,7 @@ try {
 	
 	if ($config->getValue('enable.saml20-sp') === true) {
 		$results = array();	
+		/*
 		$metalist = $metadata->getList('saml20-sp-hosted');
 		foreach ($metalist AS $entityid => $mentry) {
 			$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,
@@ -33,7 +34,7 @@ try {
 			);
 		}
 		$et->data['metadata.saml20-sp-hosted'] = $results;
-		
+		*/
 		$metalist = $metadata->getList('saml20-idp-remote');
 		foreach ($metalist AS $entityid => $mentry) {
 			$results[$entityid] = SimpleSAML_Utilities::checkAssocArrayRules($mentry,