This function parses a string with XML data. The root node of the XML data is expected to be either an
EntityDescriptor element or an EntitiesDescriptor element. It will return an associative array of
SAMLParser instances.
| public static parseDescriptorsString ( string $string ) : SimpleSAML_Metadata_SAMLParser[] | ||
| $string | string | The string with XML data. |
| return | SimpleSAML_Metadata_SAMLParser[] | An associative array of SAMLParser instances. The key of the array will be the entity id. |
function convert_metadata($xmldata)
{
$config = SimpleSAML_Configuration::getInstance();
if ($xmldata) {
$xmldata = htmlspecialchars_decode($xmldata);
SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
foreach ($entities as &$entity) {
$entity = array('shib13-sp-remote' => $entity->getMetadata1xSP(), 'shib13-idp-remote' => $entity->getMetadata1xIdP(), 'saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP());
}
$output = array($entity['saml20-sp-remote']['entityid'] => $entity['saml20-sp-remote']);
} else {
$xmldata = '';
$output = array();
}
return $output;
}
public function reviewEndpoints()
{
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($this->metadataXML);
$entity = array_pop($entities);
$spmetadata = $entity->getMetadata20SP();
# $spmetadata = $this->metadataXML->getMetadata20SP();
$allHTTPS = TRUE;
$acspost = FALSE;
if (isset($spmetadata)) {
# echo '<pre>';
# print_r($spmetadata);
}
if (isset($spmetadata['AssertionConsumerService'])) {
foreach ($spmetadata['AssertionConsumerService'] as $e) {
if ($e['Binding'] === 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST') {
$acspost = TRUE;
}
if (substr($e['Location'], 0, 5) !== 'https') {
#echo 'comparing [' . substr($e['Location'], 0, 5) . ']';
$allHTTPS = FALSE;
}
}
}
if (isset($spmetadata['SingleLogoutService'])) {
foreach ($spmetadata['SingleLogoutService'] as $e) {
// if ($e['Binding'] === 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect')
// $acspost = TRUE;
if (substr($e['Location'], 0, 5) !== 'https') {
$allHTTPS = FALSE;
}
}
}
if ($allHTTPS) {
$this->setResult(sspmod_fedlab_Tester::STATUS_OK, 'metadata', 'https', 'All endpoints in SP metadata SHOULD be HTTPS (not http) (saml2int)');
} else {
$this->setResult(sspmod_fedlab_Tester::STATUS_FATAL, 'metadata', 'https', 'All endpoints in SP metadata SHOULD be HTTPS (not http) (saml2int)');
}
if ($acspost) {
$this->setResult(sspmod_fedlab_Tester::STATUS_OK, 'metadata', 'acspost', 'SP Metadata MUST contain at least an ACS endpoint with the HTTP-POST binding (saml2int)');
} else {
$this->setResult(sspmod_fedlab_Tester::STATUS_FATAL, 'metadata', 'acspost', 'SP Metadata MUST contain at least an ACS endpoint with the HTTP-POST binding (saml2int)');
}
}
private function import($metadata, $parserFunction)
{
$this->startImport();
// Parse metadata
try {
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($metadata);
} catch (Exception $e) {
SimpleSAML_Logger::error('Importer - Metadata not valid SAML 2.0' . var_export($e, true));
$this->resetMemoryLimit();
return 'error_not_valid_saml20';
}
SimpleSAML_Logger::debug('Entities Found: ' . count($entities));
if (count($entities) > 1) {
// We found multiple entities, So we have to loop through them
// in order to select the entity ID which we want to import
foreach ($entities as $entityId => $parser) {
if ($entityId === $this->_entityId) {
SimpleSAML_Logger::debug('Matching EntityIDs found for: ' . $entityId);
// Import metadata
SimpleSAML_Logger::debug('Processing EntityID: ' . $entityId);
$result = $this->importParsedMetadata($parserFunction($parser));
$this->resetMemoryLimit();
return $result;
}
}
// Apparently the entity was not found in supplied metadata, Log error
SimpleSAML_Logger::error('importMetadata20SP - EntityId not found');
$this->resetMemoryLimit();
return 'error_entityid_not_found';
} else {
if (count($entities) == 1) {
$parser = $entities[key($entities)];
$result = $this->importParsedMetadata($parserFunction($parser));
$this->resetMemoryLimit();
return $result;
}
}
// The parsed metadata contains no entities
SimpleSAML_Logger::error('importMetadata20SP - EntityId not found');
return 'error_entityid_not_found';
}
<?php
require_once '../_include.php';
/* Make sure that the user has admin access rights. */
SimpleSAML\Utils\Auth::requireAdmin();
$config = SimpleSAML_Configuration::getInstance();
if (!empty($_FILES['xmlfile']['tmp_name'])) {
$xmldata = file_get_contents($_FILES['xmlfile']['tmp_name']);
} elseif (array_key_exists('xmldata', $_POST)) {
$xmldata = $_POST['xmldata'];
}
if (!empty($xmldata)) {
\SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
/* Get all metadata for the entities. */
foreach ($entities as &$entity) {
$entity = array('shib13-sp-remote' => $entity->getMetadata1xSP(), 'shib13-idp-remote' => $entity->getMetadata1xIdP(), 'saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP());
}
/* Transpose from $entities[entityid][type] to $output[type][entityid]. */
$output = SimpleSAML\Utils\Arrays::transpose($entities);
/* Merge all metadata of each type to a single string which should be
* added to the corresponding file.
*/
foreach ($output as $type => &$entities) {
$text = '';
foreach ($entities as $entityId => $entityMetadata) {
if ($entityMetadata === NULL) {
continue;
}
/* Remove the entityDescriptor element because it is unused, and only
* makes the output harder to read.
function transaleXMLToSsPHP($xmldata)
{
if (!empty($xmldata)) {
SimpleSAML_Utilities::validateXMLDocument($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
/* Get all metadata for the entities. */
foreach ($entities as &$entity) {
$entity = array('saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP());
}
/* Transpose from $entities[entityid][type] to $output[type][entityid]. */
$output = SimpleSAML_Utilities::transposeArray($entities);
/* Merge all metadata of each type to a single string which should be
* added to the corresponding file.
*/
foreach ($output as $type => &$entities) {
$text = '';
foreach ($entities as $entityId => $entityMetadata) {
if ($entityMetadata === NULL) {
continue;
}
/* Remove the entityDescriptor element because it is unused, and only
* makes the output harder to read.
*/
unset($entityMetadata['entityDescriptor']);
$text .= '$metadata[' . var_export($entityId, TRUE) . '] = ' . var_export($entityMetadata, TRUE) . ";\n";
}
$entities = $text;
}
} else {
$output = array();
}
return $output;
}
/**
* Overriding this function from the superclass SimpleSAML_Metadata_MetaDataStorageSource.
*
* This function retrieves metadata for the given entity id in the given set of metadata.
* It will return NULL if it is unable to locate the metadata.
*
* This class implements this function using the getMetadataSet-function. A subclass should
* override this function if it doesn't implement the getMetadataSet function, or if the
* implementation of getMetadataSet is slow.
*
* @param $index The entityId or metaindex we are looking up.
* @param $set The set we are looking for metadata in.
* @return An associative array with metadata for the given entity, or NULL if we are unable to
* locate the entity.
*/
public function getMetaData($index, $set)
{
assert('is_string($index)');
assert('is_string($set)');
if (!preg_match('@(https?://([-\\w\\.]+)+(:\\d+)?(/([\\w/_\\.]*(\\?\\S+)?)?)?)@', $index)) {
SimpleSAML_Logger::info('MetaData - Handler.DynamicXML: EntityID/index [' . $index . '] does not look like a URL. Skipping.');
return NULL;
}
SimpleSAML_Logger::info('MetaData - Handler.DynamicXML: Loading metadata entity [' . $index . '] from [' . $set . ']');
/* Read from cache if possible. */
$data = $this->getFromCache($set, $index);
if ($data !== NULL && array_key_exists('expires', $data) && $data['expires'] < time()) {
/* Metadata has expired. */
$data = NULL;
}
if (isset($data)) {
/* Metadata found in cache and not expired. */
SimpleSAML_Logger::debug('MetaData - Handler.DynamicXML: Using cached metadata.');
return $data;
}
SimpleSAML_Logger::debug('MetaData - Handler.DynamicXML: Downloading [' . $index . ']');
$xmldata = file_get_contents($index);
if (empty($xmldata)) {
throw new Exception('Error downloading metadata from "' . $index . '": ' . SimpleSAML_Utilities::getLastError());
}
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
SimpleSAML_Logger::debug('MetaData - Handler.DynamicXML: Completed parsing of [' . $index . '] Found [' . count($entities) . '] entries.');
if (count($entities) === 0) {
throw new Exception('No entities found in "' . $index . '".');
}
if (!array_key_exists($index, $entities)) {
throw new Exception('No entity with correct entity id found in "' . $index . '".');
}
$entity = $entities[$index];
$data = self::getParsedSet($entity, $set);
if ($data === NULL) {
throw new Exception('No metadata for set "' . $set . '" available from "' . $index . '".');
}
$this->writeToCache($set, $index, $data);
return $data;
}
/**
* Import IdP SAML 2.0 metadata.
*
* Imports IdP SAML 2.0 metadata. The entity id is conpared with that entity id
* given in the metadata parsed.
*
* @param string $metadata SAML 2.0 metadata
* @param bool &$updated Whether the entity was updated
*
* @return string Return status_metadata_parsed_ok on success and
* error_not_valid_saml20, error_metadata_not_parsed or
* error_entityid_no_match on error.
*/
public function importMetadata20IdP($metadata, &$updated)
{
assert('$this->_entity instanceof Sspmod_Janus_Entity');
assert('$this->_entity->getType() == \'saml20-idp\'');
assert('is_string($metadata)');
// Parse metadata
try {
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($metadata);
} catch (Exception $e) {
SimpleSAML_Logger::error('importMetadata20IdP - Metadata not valid SAML 2.0' . var_export($e, true));
return 'error_not_valid_saml20';
}
SimpleSAML_Logger::debug('Entities Found: ' . count($entities));
if (count($entities) > 1) {
// We found multiple entities, So we have to loop through them
// in order to select the entity ID which we want to import
foreach ($entities as $entityId => $parser) {
if ($entityId === $this->_entity->getEntityid()) {
SimpleSAML_Logger::debug('Matching EntityIDs found for: ' . $entityId);
// Import metadata
SimpleSAML_Logger::debug('Processing EntityID: ' . $entityId);
return self::_importMetadata20IdP($parser, $updated);
}
}
// Apparently the entity was not found in supplied metadata, Log error
SimpleSAML_Logger::error('importMetadata20IdP - EntityId not found');
return 'error_entityid_not_found';
} else {
if (count($entities) == 1) {
$parser = $entities[key($entities)];
return self::_importMetadata20IdP($parser, $updated);
} else {
// The parsed metadata contains no entities
SimpleSAML_Logger::error('importMetadata20IdP - EntityId not found');
return 'error_entityid_not_found';
}
}
}
private function getMetadata()
{
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($this->xmlmetadata);
$entity = array_pop($entities);
$this->parsed = $entity->getMetadata20SP();
}