/**
* Initialize a AffiliationDescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct($xml);
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('affiliationOwnerID')) {
throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.');
}
$this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID');
if ($xml->hasAttribute('ID')) {
$this->ID = $xml->getAttribute('ID');
}
if ($xml->hasAttribute('validUntil')) {
$this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
}
if ($xml->hasAttribute('cacheDuration')) {
$this->cacheDuration = $xml->getAttribute('cacheDuration');
}
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
$this->AffiliateMember = SAML2_Utils::extractStrings($xml, './saml_metadata:AffiliateMember');
if (empty($this->AffiliateMember)) {
throw new Exception('Missing AffiliateMember in AffiliationDescriptor.');
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) {
$this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd);
}
}
/**
* Test retrieval of a string value for a given node.
*/
public function testExtractString()
{
$document = SAML2_DOMDocumentFactory::fromString('<root xmlns="' . SAML2_Const::NS_MD . '">' . '<somenode>value1</somenode>' . '<somenode>value2</somenode>' . '</root>');
$stringValues = SAML2_Utils::extractStrings($document->firstChild, SAML2_Const::NS_MD, 'somenode');
$this->assertTrue(count($stringValues) === 2);
$this->assertEquals('value1', $stringValues[0]);
$this->assertEquals('value2', $stringValues[1]);
}
/**
* Create a DiscoHints element.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL)
{
if ($xml === NULL) {
return;
}
$this->IPHint = SAML2_Utils::extractStrings($xml, self::NS, 'IPHint');
$this->DomainHint = SAML2_Utils::extractStrings($xml, self::NS, 'DomainHint');
$this->GeolocationHint = SAML2_Utils::extractStrings($xml, self::NS, 'GeolocationHint');
foreach (SAML2_Utils::xpQuery($xml, "./*[namespace-uri()!='" . self::NS . "']") as $node) {
$this->children[] = new SAML2_XML_Chunk($node);
}
}
/**
* Initialize an IDPSSODescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
* @throws Exception
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct('md:PDPDescriptor', $xml);
if ($xml === NULL) {
return;
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AuthzService') as $ep) {
$this->AuthzService[] = new SAML2_XML_md_EndpointType($ep);
}
if (empty($this->AuthzService)) {
throw new Exception('Must have at least one AuthzService in PDPDescriptor.');
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($ep);
}
$this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat');
}
/**
* Initialize a SSODescriptor.
*
* @param string $elementName The name of this element.
* @param DOMElement|NULL $xml The XML element we should load.
*/
protected function __construct($elementName, DOMElement $xml = NULL)
{
assert('is_string($elementName)');
parent::__construct($elementName, $xml);
if ($xml === NULL) {
return;
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ArtifactResolutionService') as $ep) {
$this->ArtifactResolutionService[] = new SAML2_XML_md_IndexedEndpointType($ep);
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:SingleLogoutService') as $ep) {
$this->SingleLogoutService[] = new SAML2_XML_md_EndpointType($ep);
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ManageNameIDService') as $ep) {
$this->ManageNameIDService[] = new SAML2_XML_md_EndpointType($ep);
}
$this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat');
}
/**
* Initialize an IDPSSODescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct('md:AttributeAuthorityDescriptor', $xml);
if ($xml === NULL) {
return;
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AttributeService') as $ep) {
$this->AttributeService[] = new SAML2_XML_md_EndpointType($ep);
}
if (empty($this->AttributeService)) {
throw new Exception('Must have at least one AttributeService in AttributeAuthorityDescriptor.');
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($airs);
}
$this->NameIDFormat = SAML2_Utils::extractStrings($xml, './saml_metadata:NameIDFormat');
$this->AttributeProfile = SAML2_Utils::extractStrings($xml, './saml_metadata:AttributeProfile');
foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute') as $a) {
$this->Attribute[] = new SAML2_XML_saml_Attribute($a);
}
}
/**
* Initialize an IDPSSODescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct('md:IDPSSODescriptor', $xml);
if ($xml === NULL) {
return;
}
$this->WantAuthnRequestsSigned = SAML2_Utils::parseBoolean($xml, 'WantAuthnRequestsSigned', NULL);
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:SingleSignOnService') as $ep) {
$this->SingleSignOnService[] = new SAML2_XML_md_EndpointType($ep);
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:NameIDMappingService') as $ep) {
$this->NameIDMappingService[] = new SAML2_XML_md_EndpointType($ep);
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) {
$this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($airs);
}
$this->AttributeProfile = SAML2_Utils::extractStrings($xml, './saml_metadata:AttributeProfile');
foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute') as $a) {
$this->Attribute[] = new SAML2_XML_saml_Attribute($a);
}
}
/**
* Parse AuthnStatement in assertion.
*
* @param DOMElement $xml The assertion XML element.
*/
private function parseAuthnStatement(DOMElement $xml)
{
$as = SAML2_Utils::xpQuery($xml, './saml_assertion:AuthnStatement');
if (empty($as)) {
$this->authnInstant = NULL;
return;
} elseif (count($as) > 1) {
throw new Exception('More that one <saml:AuthnStatement> in <saml:Assertion> not supported.');
}
$as = $as[0];
$this->authnStatement = array();
if (!$as->hasAttribute('AuthnInstant')) {
throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.');
}
$this->authnInstant = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('AuthnInstant'));
if ($as->hasAttribute('SessionNotOnOrAfter')) {
$this->sessionNotOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('SessionNotOnOrAfter'));
}
if ($as->hasAttribute('SessionIndex')) {
$this->sessionIndex = $as->getAttribute('SessionIndex');
}
$ac = SAML2_Utils::xpQuery($as, './saml_assertion:AuthnContext');
if (empty($ac)) {
throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.');
} elseif (count($ac) > 1) {
throw new Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.');
}
$ac = $ac[0];
$accr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextClassRef');
if (empty($accr)) {
$acdr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextDeclRef');
if (empty($acdr)) {
throw new Exception('Neither <saml:AuthnContextClassRef> nor <saml:AuthnContextDeclRef> found in <saml:AuthnContext>.');
} elseif (count($accr) > 1) {
throw new Exception('More than one <saml:AuthnContextDeclRef> in <saml:AuthnContext>.');
}
$this->authnContext = trim($acdr[0]->textContent);
} elseif (count($accr) > 1) {
throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
} else {
$this->authnContext = trim($accr[0]->textContent);
}
$this->AuthenticatingAuthority = SAML2_Utils::extractStrings($ac, SAML2_Const::NS_SAML, 'AuthenticatingAuthority');
}
/**
* Parse AuthnContext in AuthnStatement.
*
* @param DOMElement $authnStatementEl
* @throws Exception
*/
private function parseAuthnContext(DOMElement $authnStatementEl)
{
// Get the AuthnContext element
$authnContexts = SAML2_Utils::xpQuery($authnStatementEl, './saml_assertion:AuthnContext');
if (count($authnContexts) > 1) {
throw new Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.');
} elseif (empty($authnContexts)) {
throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.');
}
$authnContextEl = $authnContexts[0];
// Get the AuthnContextDeclRef (if available)
$authnContextDeclRefs = SAML2_Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextDeclRef');
if (count($authnContextDeclRefs) > 1) {
throw new Exception('More than one <saml:AuthnContextDeclRef> found?');
} elseif (count($authnContextDeclRefs) === 1) {
$this->setAuthnContextDeclRef(trim($authnContextDeclRefs[0]->textContent));
}
// Get the AuthnContextDecl (if available)
$authnContextDecls = SAML2_Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextDecl');
if (count($authnContextDecls) > 1) {
throw new Exception('More than one <saml:AuthnContextDecl> found?');
} elseif (count($authnContextDecls) === 1) {
$this->setAuthnContextDecl(new SAML2_XML_Chunk($authnContextDecls[0]));
}
// Get the AuthnContextClassRef (if available)
$authnContextClassRefs = SAML2_Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextClassRef');
if (count($authnContextClassRefs) > 1) {
throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
} elseif (count($authnContextClassRefs) === 1) {
$this->setAuthnContextClassRef(trim($authnContextClassRefs[0]->textContent));
}
// Constraint from XSD: MUST have one of the three
if (empty($this->authnContextClassRef) && empty($this->authnContextDecl) && empty($this->authnContextDeclRef)) {
throw new Exception('Missing either <saml:AuthnContextClassRef> or <saml:AuthnContextDeclRef> or <saml:AuthnContextDecl>');
}
$this->AuthenticatingAuthority = SAML2_Utils::extractStrings($authnContextEl, SAML2_Const::NS_SAML, 'AuthenticatingAuthority');
}
