/**
* Initialize an EntitiesDescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct($xml);
if ($xml === NULL) {
return;
}
if ($xml->hasAttribute('ID')) {
$this->ID = $xml->getAttribute('ID');
}
if ($xml->hasAttribute('validUntil')) {
$this->validUntil = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('validUntil'));
}
if ($xml->hasAttribute('cacheDuration')) {
$this->cacheDuration = $xml->getAttribute('cacheDuration');
}
if ($xml->hasAttribute('Name')) {
$this->Name = $xml->getAttribute('Name');
}
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:EntityDescriptor|./saml_metadata:EntitiesDescriptor') as $node) {
if ($node->localName === 'EntityDescriptor') {
$this->children[] = new SAML2_XML_md_EntityDescriptor($node);
} else {
$this->children[] = new SAML2_XML_md_EntitiesDescriptor($node);
}
}
}
/**
* Initialize a AffiliationDescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
* @throws Exception
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct($xml);
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('affiliationOwnerID')) {
throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.');
}
$this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID');
if ($xml->hasAttribute('ID')) {
$this->ID = $xml->getAttribute('ID');
}
if ($xml->hasAttribute('validUntil')) {
$this->validUntil = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('validUntil'));
}
if ($xml->hasAttribute('cacheDuration')) {
$this->cacheDuration = $xml->getAttribute('cacheDuration');
}
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
$this->AffiliateMember = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'AffiliateMember');
if (empty($this->AffiliateMember)) {
throw new Exception('Missing AffiliateMember in AffiliationDescriptor.');
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) {
$this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd);
}
}
public function testMarshallingOfSimpleRequest()
{
$document = new DOMDocument();
$document->loadXML(<<<AUTHNREQUEST
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_306f8ec5b618f361c70b6ffb1480eade"
Version="2.0"
IssueInstant="2004-12-05T09:21:59Z"
Destination="https://idp.example.org/SAML2/SSO/Artifact"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifact">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
</samlp:AuthnRequest>
AUTHNREQUEST
);
$authnRequest = new SAML2_AuthnRequest($document->documentElement);
$expectedIssueInstant = SAML2_Utils::xsDateTimeToTimestamp('2004-12-05T09:21:59Z');
$this->assertEquals($expectedIssueInstant, $authnRequest->getIssueInstant());
$this->assertEquals('https://idp.example.org/SAML2/SSO/Artifact', $authnRequest->getDestination());
$this->assertEquals('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', $authnRequest->getProtocolBinding());
$this->assertEquals('https://sp.example.com/SAML2/SSO/Artifact', $authnRequest->getAssertionConsumerServiceURL());
$this->assertEquals('https://sp.example.com/SAML2', $authnRequest->getIssuer());
}
/**
* Constructor for SAML 2 logout request messages.
*
* @param DOMElement|NULL $xml The input message.
* @throws Exception
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct('LogoutRequest', $xml);
$this->sessionIndexes = array();
if ($xml === NULL) {
return;
}
if ($xml->hasAttribute('NotOnOrAfter')) {
$this->notOnOrAfter = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('NotOnOrAfter'));
}
$nameId = SAML2_Utils::xpQuery($xml, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
if (empty($nameId)) {
throw new Exception('Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.');
} elseif (count($nameId) > 1) {
throw new Exception('More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.');
}
$nameId = $nameId[0];
if ($nameId->localName === 'EncryptedData') {
/* The NameID element is encrypted. */
$this->encryptedNameId = $nameId;
} else {
$this->nameId = SAML2_Utils::parseNameId($nameId);
}
$sessionIndexes = SAML2_Utils::xpQuery($xml, './saml_protocol:SessionIndex');
foreach ($sessionIndexes as $sessionIndex) {
$this->sessionIndexes[] = trim($sessionIndex->textContent);
}
}
/**
* Test xsDateTime format validity
*
* @dataProvider xsDateTimes
*/
public function testXsDateTimeToTimestamp($shouldPass, $time, $expectedTs = null)
{
try {
$ts = SAML2_Utils::xsDateTimeToTimestamp($time);
$this->assertTrue($shouldPass);
$this->assertEquals($expectedTs, $ts);
} catch (Exception $e) {
$this->assertFalse($shouldPass);
}
}
/**
* Create/parse a mdrpi:RegistrationInfo element.
*
* @param DOMElement|NULL $xml The XML element we should load.
* @throws Exception
*/
public function __construct(DOMElement $xml = NULL)
{
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('registrationAuthority')) {
throw new Exception('Missing required attribute "registrationAuthority" in mdrpi:RegistrationInfo element.');
}
$this->registrationAuthority = $xml->getAttribute('registrationAuthority');
if ($xml->hasAttribute('registrationInstant')) {
$this->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('registrationInstant'));
}
$this->RegistrationPolicy = SAML2_Utils::extractLocalizedStrings($xml, SAML2_XML_mdrpi_Common::NS_MDRPI, 'RegistrationPolicy');
}
/**
* Create/parse a mdrpi:PublicationInfo element.
*
* @param DOMElement|NULL $xml The XML element we should load.
* @throws Exception
*/
public function __construct(DOMElement $xml = NULL)
{
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('publisher')) {
throw new Exception('Missing required attribute "publisher" in mdrpi:PublicationInfo element.');
}
$this->publisher = $xml->getAttribute('publisher');
if ($xml->hasAttribute('creationInstant')) {
$this->creationInstant = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('creationInstant'));
}
if ($xml->hasAttribute('publicationId')) {
$this->publicationId = $xml->getAttribute('publicationId');
}
$this->UsagePolicy = SAML2_Utils::extractLocalizedStrings($xml, SAML2_XML_mdrpi_Common::NS_MDRPI, 'UsagePolicy');
}
/**
* Initialize (and parse) a SubjectConfirmationData element.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL)
{
if ($xml === NULL) {
return;
}
if ($xml->hasAttribute('NotBefore')) {
$this->NotBefore = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('NotBefore'));
}
if ($xml->hasAttribute('NotOnOrAfter')) {
$this->NotOnOrAfter = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('NotOnOrAfter'));
}
if ($xml->hasAttribute('Recipient')) {
$this->Recipient = $xml->getAttribute('Recipient');
}
if ($xml->hasAttribute('InResponseTo')) {
$this->InResponseTo = $xml->getAttribute('InResponseTo');
}
if ($xml->hasAttribute('Address')) {
$this->Address = $xml->getAttribute('Address');
}
for ($n = $xml->firstChild; $n !== NULL; $n = $n->nextSibling) {
if (!$n instanceof DOMElement) {
continue;
}
if ($n->namespaceURI !== XMLSecurityDSig::XMLDSIGNS) {
$this->info[] = new SAML2_XML_Chunk($n);
continue;
}
switch ($n->localName) {
case 'KeyInfo':
$this->info[] = new SAML2_XML_ds_KeyInfo($n);
break;
default:
$this->info[] = new SAML2_XML_Chunk($n);
break;
}
}
}
/**
* Retrieve all entities as an EntitiesDescriptor.
*
* @return SAML2_XML_md_EntitiesDescriptor The entities.
*/
protected function getEntitiesDescriptor()
{
$ret = new SAML2_XML_md_EntitiesDescriptor();
$now = time();
// add RegistrationInfo extension if enabled
if ($this->regInfo !== NULL) {
$ri = new SAML2_XML_mdrpi_RegistrationInfo();
$ri->registrationInstant = $now;
foreach ($this->regInfo as $riName => $riValues) {
switch ($riName) {
case 'authority':
$ri->registrationAuthority = $riValues;
break;
case 'instant':
$ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues);
break;
case 'policies':
$ri->RegistrationPolicy = $riValues;
break;
}
}
$ret->Extensions[] = $ri;
}
foreach ($this->sources as $source) {
$m = $source->getMetadata();
if ($m === NULL) {
continue;
}
$ret->children[] = $m;
}
$ret->validUntil = $now + $this->validLength;
return $ret;
}
/**
* Initialize a message.
*
* This constructor takes an optional parameter with a DOMElement. If this
* parameter is given, the message will be initialized with data from that
* XML element.
*
* If no XML element is given, the message is initialized with suitable
* default values.
*
* @param string $tagName The tag name of the root element.
* @param DOMElement|NULL $xml The input message.
* @throws Exception
*/
protected function __construct($tagName, DOMElement $xml = NULL)
{
assert('is_string($tagName)');
$this->tagName = $tagName;
$this->id = SAML2_Utils::getContainer()->generateId();
$this->issueInstant = time();
$this->certificates = array();
$this->validators = array();
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('ID')) {
throw new Exception('Missing ID attribute on SAML message.');
}
$this->id = $xml->getAttribute('ID');
if ($xml->getAttribute('Version') !== '2.0') {
/* Currently a very strict check. */
throw new Exception('Unsupported version: ' . $xml->getAttribute('Version'));
}
$this->issueInstant = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant'));
if ($xml->hasAttribute('Destination')) {
$this->destination = $xml->getAttribute('Destination');
}
if ($xml->hasAttribute('Consent')) {
$this->consent = $xml->getAttribute('Consent');
}
$issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer');
if (!empty($issuer)) {
$this->issuer = trim($issuer[0]->textContent);
}
/* Validate the signature element of the message. */
try {
$sig = SAML2_Utils::validateElement($xml);
if ($sig !== FALSE) {
$this->certificates = $sig['Certificates'];
$this->validators[] = array('Function' => array('SAML2_Utils', 'validateSignature'), 'Data' => $sig);
}
} catch (Exception $e) {
/* Ignore signature validation errors. */
}
$this->extensions = SAML2_XML_samlp_Extensions::getList($xml);
}
/**
* Parse AuthnStatement in assertion.
*
* @param DOMElement $xml The assertion XML element.
* @throws Exception
*/
private function parseAuthnStatement(DOMElement $xml)
{
$authnStatements = SAML2_Utils::xpQuery($xml, './saml_assertion:AuthnStatement');
if (empty($authnStatements)) {
$this->authnInstant = NULL;
return;
} elseif (count($authnStatements) > 1) {
throw new Exception('More that one <saml:AuthnStatement> in <saml:Assertion> not supported.');
}
$authnStatement = $authnStatements[0];
if (!$authnStatement->hasAttribute('AuthnInstant')) {
throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.');
}
$this->authnInstant = SAML2_Utils::xsDateTimeToTimestamp($authnStatement->getAttribute('AuthnInstant'));
if ($authnStatement->hasAttribute('SessionNotOnOrAfter')) {
$this->sessionNotOnOrAfter = SAML2_Utils::xsDateTimeToTimestamp($authnStatement->getAttribute('SessionNotOnOrAfter'));
}
if ($authnStatement->hasAttribute('SessionIndex')) {
$this->sessionIndex = $authnStatement->getAttribute('SessionIndex');
}
$this->parseAuthnContext($authnStatement);
}
/**
* Initialize an EntitiyDescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
* @throws Exception
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct($xml);
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('entityID')) {
throw new Exception('Missing required attribute entityID on EntityDescriptor.');
}
$this->entityID = $xml->getAttribute('entityID');
if ($xml->hasAttribute('ID')) {
$this->ID = $xml->getAttribute('ID');
}
if ($xml->hasAttribute('validUntil')) {
$this->validUntil = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('validUntil'));
}
if ($xml->hasAttribute('cacheDuration')) {
$this->cacheDuration = $xml->getAttribute('cacheDuration');
}
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
for ($node = $xml->firstChild; $node !== NULL; $node = $node->nextSibling) {
if (!$node instanceof DOMElement) {
continue;
}
if ($node->namespaceURI !== SAML2_Const::NS_MD) {
continue;
}
switch ($node->localName) {
case 'RoleDescriptor':
$this->RoleDescriptor[] = new SAML2_XML_md_UnknownRoleDescriptor($node);
break;
case 'IDPSSODescriptor':
$this->RoleDescriptor[] = new SAML2_XML_md_IDPSSODescriptor($node);
break;
case 'SPSSODescriptor':
$this->RoleDescriptor[] = new SAML2_XML_md_SPSSODescriptor($node);
break;
case 'AuthnAuthorityDescriptor':
$this->RoleDescriptor[] = new SAML2_XML_md_AuthnAuthorityDescriptor($node);
break;
case 'AttributeAuthorityDescriptor':
$this->RoleDescriptor[] = new SAML2_XML_md_AttributeAuthorityDescriptor($node);
break;
case 'PDPDescriptor':
$this->RoleDescriptor[] = new SAML2_XML_md_PDPDescriptor($node);
break;
}
}
$affiliationDescriptor = SAML2_Utils::xpQuery($xml, './saml_metadata:AffiliationDescriptor');
if (count($affiliationDescriptor) > 1) {
throw new Exception('More than one AffiliationDescriptor in the entity.');
} elseif (!empty($affiliationDescriptor)) {
$this->AffiliationDescriptor = new SAML2_XML_md_AffiliationDescriptor($affiliationDescriptor[0]);
}
if (empty($this->RoleDescriptor) && is_null($this->AffiliationDescriptor)) {
throw new Exception('Must have either one of the RoleDescriptors or an AffiliationDescriptor in EntityDescriptor.');
} elseif (!empty($this->RoleDescriptor) && !is_null($this->AffiliationDescriptor)) {
throw new Exception('AffiliationDescriptor cannot be combined with other RoleDescriptor elements in EntityDescriptor.');
}
$organization = SAML2_Utils::xpQuery($xml, './saml_metadata:Organization');
if (count($organization) > 1) {
throw new Exception('More than one Organization in the entity.');
} elseif (!empty($organization)) {
$this->Organization = new SAML2_XML_md_Organization($organization[0]);
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ContactPerson') as $cp) {
$this->ContactPerson[] = new SAML2_XML_md_ContactPerson($cp);
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AdditionalMetadataLocation') as $aml) {
$this->AdditionalMetadataLocation[] = new SAML2_XML_md_AdditionalMetadataLocation($aml);
}
}
/**
* Add extensions to the metadata.
*
* @param SimpleSAML_Configuration $metadata The metadata to get extensions from.
* @param SAML2_XML_md_RoleDescriptor $e Reference to the element where the Extensions element should be included.
*/
private function addExtensions(SimpleSAML_Configuration $metadata, SAML2_XML_md_RoleDescriptor $e)
{
if ($metadata->hasValue('tags')) {
$a = new SAML2_XML_saml_Attribute();
$a->Name = 'tags';
foreach ($metadata->getArray('tags') as $tag) {
$a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($tag);
}
$e->Extensions[] = $a;
}
if ($metadata->hasValue('hint.cidr')) {
$a = new SAML2_XML_saml_Attribute();
$a->Name = 'hint.cidr';
foreach ($metadata->getArray('hint.cidr') as $hint) {
$a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($hint);
}
$e->Extensions[] = $a;
}
if ($metadata->hasValue('scope')) {
foreach ($metadata->getArray('scope') as $scopetext) {
$s = new SAML2_XML_shibmd_Scope();
$s->scope = $scopetext;
// Check whether $ ^ ( ) * | \ are in a scope -> assume regex.
if (1 === preg_match('/[\\$\\^\\)\\(\\*\\|\\\\]/', $scopetext)) {
$s->regexp = true;
} else {
$s->regexp = false;
}
$e->Extensions[] = $s;
}
}
if ($metadata->hasValue('EntityAttributes')) {
$ea = new SAML2_XML_mdattr_EntityAttributes();
foreach ($metadata->getArray('EntityAttributes') as $attributeName => $attributeValues) {
$a = new SAML2_XML_saml_Attribute();
$a->Name = $attributeName;
$a->NameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri';
// Attribute names that is not URI is prefixed as this: '{nameformat}name'
if (preg_match('/^\\{(.*?)\\}(.*)$/', $attributeName, $matches)) {
$a->Name = $matches[2];
$nameFormat = $matches[1];
if ($nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
$a->NameFormat = $nameFormat;
}
}
foreach ($attributeValues as $attributeValue) {
$a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($attributeValue);
}
$ea->children[] = $a;
}
$this->entityDescriptor->Extensions[] = $ea;
}
if ($metadata->hasValue('RegistrationInfo')) {
$ri = new SAML2_XML_mdrpi_RegistrationInfo();
foreach ($metadata->getArray('RegistrationInfo') as $riName => $riValues) {
switch ($riName) {
case 'authority':
$ri->registrationAuthority = $riValues;
break;
case 'instant':
$ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues);
break;
case 'policies':
$ri->RegistrationPolicy = $riValues;
break;
}
}
$this->entityDescriptor->Extensions[] = $ri;
}
if ($metadata->hasValue('UIInfo')) {
$ui = new SAML2_XML_mdui_UIInfo();
foreach ($metadata->getArray('UIInfo') as $uiName => $uiValues) {
switch ($uiName) {
case 'DisplayName':
$ui->DisplayName = $uiValues;
break;
case 'Description':
$ui->Description = $uiValues;
break;
case 'InformationURL':
$ui->InformationURL = $uiValues;
break;
case 'PrivacyStatementURL':
$ui->PrivacyStatementURL = $uiValues;
break;
case 'Keywords':
foreach ($uiValues as $lang => $keywords) {
$uiItem = new SAML2_XML_mdui_Keywords();
$uiItem->lang = $lang;
$uiItem->Keywords = $keywords;
$ui->Keywords[] = $uiItem;
}
break;
case 'Logo':
foreach ($uiValues as $logo) {
$uiItem = new SAML2_XML_mdui_Logo();
$uiItem->url = $logo['url'];
$uiItem->width = $logo['width'];
$uiItem->height = $logo['height'];
if (isset($logo['lang'])) {
$uiItem->lang = $logo['lang'];
}
$ui->Logo[] = $uiItem;
}
break;
}
}
$e->Extensions[] = $ui;
}
if ($metadata->hasValue('DiscoHints')) {
$dh = new SAML2_XML_mdui_DiscoHints();
foreach ($metadata->getArray('DiscoHints') as $dhName => $dhValues) {
switch ($dhName) {
case 'IPHint':
$dh->IPHint = $dhValues;
break;
case 'DomainHint':
$dh->DomainHint = $dhValues;
break;
case 'GeolocationHint':
$dh->GeolocationHint = $dhValues;
break;
}
}
$e->Extensions[] = $dh;
}
}
/**
* Initialize a RoleDescriptor.
*
* @param string $elementName The name of this element.
* @param DOMElement|NULL $xml The XML element we should load.
* @throws Exception
*/
protected function __construct($elementName, DOMElement $xml = NULL)
{
assert('is_string($elementName)');
parent::__construct($xml);
$this->elementName = $elementName;
if ($xml === NULL) {
return;
}
if ($xml->hasAttribute('ID')) {
$this->ID = $xml->getAttribute('ID');
}
if ($xml->hasAttribute('validUntil')) {
$this->validUntil = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('validUntil'));
}
if ($xml->hasAttribute('cacheDuration')) {
$this->cacheDuration = $xml->getAttribute('cacheDuration');
}
if (!$xml->hasAttribute('protocolSupportEnumeration')) {
throw new Exception('Missing protocolSupportEnumeration attribute on ' . $xml->localName);
}
$this->protocolSupportEnumeration = preg_split('/[\\s]+/', $xml->getAttribute('protocolSupportEnumeration'));
if ($xml->hasAttribute('errorURL')) {
$this->errorURL = $xml->getAttribute('errorURL');
}
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) {
$this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd);
}
$organization = SAML2_Utils::xpQuery($xml, './saml_metadata:Organization');
if (count($organization) > 1) {
throw new Exception('More than one Organization in the entity.');
} elseif (!empty($organization)) {
$this->Organization = new SAML2_XML_md_Organization($organization[0]);
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ContactPerson') as $cp) {
$this->contactPersons[] = new SAML2_XML_md_ContactPerson($cp);
}
}
/**
* Parse AuthnStatement in assertion.
*
* @param DOMElement $xml The assertion XML element.
* @throws Exception
*/
private function parseAuthnStatement(DOMElement $xml)
{
$as = SAML2_Utils::xpQuery($xml, './saml_assertion:AuthnStatement');
if (empty($as)) {
$this->authnInstant = NULL;
return;
} elseif (count($as) > 1) {
throw new Exception('More that one <saml:AuthnStatement> in <saml:Assertion> not supported.');
}
$as = $as[0];
if (!$as->hasAttribute('AuthnInstant')) {
throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.');
}
$this->authnInstant = SAML2_Utils::xsDateTimeToTimestamp($as->getAttribute('AuthnInstant'));
if ($as->hasAttribute('SessionNotOnOrAfter')) {
$this->sessionNotOnOrAfter = SAML2_Utils::xsDateTimeToTimestamp($as->getAttribute('SessionNotOnOrAfter'));
}
if ($as->hasAttribute('SessionIndex')) {
$this->sessionIndex = $as->getAttribute('SessionIndex');
}
$ac = SAML2_Utils::xpQuery($as, './saml_assertion:AuthnContext');
if (empty($ac)) {
throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.');
} elseif (count($ac) > 1) {
throw new Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.');
}
$ac = $ac[0];
$accr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextClassRef');
if (empty($accr)) {
$acdr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextDeclRef');
if (empty($acdr)) {
throw new Exception('Neither <saml:AuthnContextClassRef> nor <saml:AuthnContextDeclRef> found in <saml:AuthnContext>.');
} elseif (count($accr) > 1) {
throw new Exception('More than one <saml:AuthnContextDeclRef> in <saml:AuthnContext>.');
}
$this->authnContext = trim($acdr[0]->textContent);
} elseif (count($accr) > 1) {
throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.');
} else {
$this->authnContext = trim($accr[0]->textContent);
}
$this->AuthenticatingAuthority = SAML2_Utils::extractStrings($ac, SAML2_Const::NS_SAML, 'AuthenticatingAuthority');
}
public static function checkDateConditions($start = NULL, $end = NULL)
{
$currentTime = time();
if (!empty($start)) {
$startTime = SAML2_Utils::xsDateTimeToTimestamp($start);
/* Allow for a 10 minute difference in Time */
if ($startTime < 0 || $startTime - 600 > $currentTime) {
return FALSE;
}
}
if (!empty($end)) {
$endTime = SAML2_Utils::xsDateTimeToTimestamp($end);
if ($endTime < 0 || $endTime <= $currentTime) {
return FALSE;
}
}
return TRUE;
}
/**
* Check if we are currently between the given date & time conditions.
*
* Note that this function allows a 10-minute leap from the initial time as marked by $start.
*
* @param string|null $start A SAML2 timestamp marking the start of the period to check. Defaults to null, in which
* case there's no limitations in the past.
* @param string|null $end A SAML2 timestamp marking the end of the period to check. Defaults to null, in which
* case there's no limitations in the future.
*
* @return bool True if the current time belongs to the period specified by $start and $end. False otherwise.
*
* @see \SAML2_Utils::xsDateTimeToTimestamp.
*
* @author Andreas Solberg, UNINETT AS <*****@*****.**>
* @author Olav Morken, UNINETT AS <*****@*****.**>
*/
protected static function checkDateConditions($start = null, $end = null)
{
$currentTime = time();
if (!empty($start)) {
$startTime = \SAML2_Utils::xsDateTimeToTimestamp($start);
// allow for a 10 minute difference in time
if ($startTime < 0 || $startTime - 600 > $currentTime) {
return false;
}
}
if (!empty($end)) {
$endTime = \SAML2_Utils::xsDateTimeToTimestamp($end);
if ($endTime < 0 || $endTime <= $currentTime) {
return false;
}
}
return true;
}
public function getMetadataDocument()
{
// Get metadata entries
$entities = $this->getSources();
$maxDuration = $this->getMaxDuration();
$reconstruct = $this->getReconstruct();
$entitiesDescriptor = new SAML2_XML_md_EntitiesDescriptor();
$entitiesDescriptor->Name = $this->id;
$entitiesDescriptor->validUntil = time() + $maxDuration;
// add RegistrationInfo extension if enabled
if ($this->gConfig->hasValue('RegistrationInfo')) {
$ri = new SAML2_XML_mdrpi_RegistrationInfo();
foreach ($this->gConfig->getArray('RegistrationInfo') as $riName => $riValues) {
switch ($riName) {
case 'authority':
$ri->registrationAuthority = $riValues;
break;
case 'instant':
$ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues);
break;
case 'policies':
$ri->RegistrationPolicy = $riValues;
break;
}
}
$entitiesDescriptor->Extensions[] = $ri;
}
/* Build EntityDescriptor elements for them. */
foreach ($entities as $entity => $sets) {
$entityDescriptor = NULL;
foreach ($sets as $set => $metadata) {
if (!array_key_exists('entityDescriptor', $metadata)) {
/* One of the sets doesn't contain an EntityDescriptor element. */
$entityDescriptor = FALSE;
break;
}
if ($entityDescriptor == NULL) {
/* First EntityDescriptor elements. */
$entityDescriptor = $metadata['entityDescriptor'];
continue;
}
assert('is_string($entityDescriptor)');
if ($entityDescriptor !== $metadata['entityDescriptor']) {
/* Entity contains multiple different EntityDescriptor elements. */
$entityDescriptor = FALSE;
break;
}
}
if (is_string($entityDescriptor) && !$reconstruct) {
/* All metadata sets for the entity contain the same entity descriptor. Use that one. */
$tmp = new DOMDocument();
$tmp->loadXML(base64_decode($entityDescriptor));
$entitiesDescriptor->children[] = new SAML2_XML_md_EntityDescriptor($tmp->documentElement);
} else {
$tmp = new SimpleSAML_Metadata_SAMLBuilder($entity, $maxDuration, $maxDuration);
$orgmeta = NULL;
foreach ($sets as $set => $metadata) {
$tmp->addMetadata($set, $metadata);
$orgmeta = $metadata;
}
$tmp->addOrganizationInfo($orgmeta);
$entitiesDescriptor->children[] = $tmp->getEntityDescriptor();
}
}
$document = $entitiesDescriptor->toXML();
// sign the metadata if enabled
if ($this->shouldSign()) {
$signer = new SimpleSAML_XML_Signer($this->getSigningInfo());
$signer->sign($document, $document, $document->firstChild);
}
return $document;
}
