/**
* Given an entity (like a SAML2 SP) and a list of remote entities (like a set of SAML2 IdPs)
* find out which of those remote entities do not allow the entity to connect.
*
* @param sspmod_janus_Entity $entity
* @param array $remoteEntities
*/
public function getReverseBlockedEntities(sspmod_janus_Entity $entity, array $remoteEntities)
{
if (empty($remoteEntities)) {
return array();
}
$remoteEids = array();
foreach ($remoteEntities as $remoteEntity) {
$remoteEids[] = $remoteEntity['eid'];
}
$queryParams = array($entity->getEid(), $entity->getEid());
$queryParams = array_merge($queryParams, $remoteEids);
$queryEidsIn = implode(', ', array_fill(0, count($remoteEids), '?'));
$tablePrefix = $this->getTablePrefix();
$query = <<<SQL
SELECT eid,
entityid,
revisionid,
state,
type
FROM (
SELECT CONNECTION_REVISION.eid,
CONNECTION_REVISION.entityid,
CONNECTION_REVISION.revisionid,
CONNECTION_REVISION.state,
CONNECTION_REVISION.type,
CONNECTION_REVISION.allowedall,
(SELECT COUNT(*) > 0 FROM {$tablePrefix}allowedConnection WHERE connectionRevisionId = CONNECTION_REVISION.id) AS uses_whitelist,
(SELECT COUNT(*) > 0 FROM {$tablePrefix}blockedConnection WHERE connectionRevisionId = CONNECTION_REVISION.id) AS uses_blacklist,
(SELECT COUNT(*) > 0 FROM {$tablePrefix}allowedConnection WHERE connectionRevisionId = CONNECTION_REVISION.id AND remoteeid = ?) AS in_whitelist,
(SELECT COUNT(*) > 0 FROM {$tablePrefix}blockedConnection WHERE connectionRevisionId = CONNECTION_REVISION.id AND remoteeid = ?) AS in_blacklist
FROM {$tablePrefix}connection CONNECTION
INNER JOIN {$tablePrefix}connectionRevision CONNECTION_REVISION
ON CONNECTION_REVISION.eid = CONNECTION.id
AND CONNECTION_REVISION.revisionid = CONNECTION.revisionNr
WHERE CONNECTION.id IN ({$queryEidsIn})
) AS LATEST_REVISION
WHERE allowedall = 'no'
AND (
(uses_whitelist = TRUE AND in_whitelist = FALSE)
OR (uses_blacklist = TRUE AND in_blacklist = TRUE)
OR (uses_blacklist = FALSE AND uses_whitelist = FALSE)
)
SQL;
$statement = $this->execute($query, $queryParams);
return $statement->fetchAll();
}
alt="Edit"
width="16"
height="16"
onclick="ARP.create();" />
<br />
<!-- ARP Add -->
<div id="arpEdit" style="display: none;">
<script type="text/javascript">
<?php
foreach ($this->data['adminentities'] as $entity) {
$arpId = $entity->getArp();
$entityId = $entity->getEntityid();
$entityName = $entity->getPrettyname();
$entityData = array('eid' => $entity->getEid(), 'entityId' => $entity->getEntityid(), 'name' => $entity->getPrettyname(), 'revision' => $entity->getRevisionid());
$entityDataJson = json_encode($entityData, true);
echo "ARP.setEntityForArp({$arpId}, {$entityDataJson});" . PHP_EOL;
}
?>
</script>
<form action="" method="post" onsubmit="return ARP.validate()">
<a href="#"
style="float: right;"
onclick="$(this).parents('#arpEdit').hide(); return false;"
>
[<?php
echo strtoupper($this->t('text_close'));
?>
]
</a>
$userEntities = $adminUtil->getEntitiesFromUser($user->getUid());
}
$reverseBlockedEntities = $adminUtil->getReverseBlockedEntities($entity, $userEntities);
// Get metadatafields
$mfc = $janus_config->getArray('metadatafields.' . $entity->getType());
$mb = new sspmod_janus_MetadataFieldBuilder($mfc);
$et->data['metadatafields'] = $mb->getMetadataFields();
$remote_entities = array();
$remote_entities_acl_sorted = array();
// Only parse name and description in current language
foreach ($remoteEntities as $remoteEntityRow) {
$remoteEntity = new sspmod_janus_Entity($janus_config);
$remoteEntity->setEid($remoteEntityRow["eid"]);
$remoteEntity->setRevisionid($remoteEntityRow["revisionid"]);
$remoteEntity->load();
$remoteEntityFormatted = array('eid' => $remoteEntity->getEid(), 'revisionid' => $remoteEntity->getRevisionid(), 'type' => $remoteEntity->getType(), 'notes' => $remoteEntity->getNotes());
// Format the name for the remote entity
$remoteEntityName = $remoteEntity->getPrettyName();
if (isset($remoteEntityName)) {
if (is_array($remoteEntityName)) {
if (array_key_exists($language, $remoteEntityName)) {
$remoteEntityFormatted['name'][$language] = $remoteEntityName[$language];
} else {
reset($remoteEntityName);
$remoteEntityFormatted['name'][$language] = 'No name in current language (' . current($remoteEntityName) . ')';
}
} else {
$remoteEntityFormatted['name'][$language] = $remoteEntityName;
}
} else {
$remoteEntityFormatted['name'][$language] = 'No name given';
/**
* Create new entity with parsed entityid
*
* Create a new entity and give the user access to the entity.
*
* @param string $entityid Entity id for the new entity
* @param string $type Entity type
*
* @return sspmod_janus_Entity|bool Returns the entity or false on error.
* @since Method available since Release 1.0.0
*/
public function createNewEntity($entityid, $type)
{
assert('is_string($entityid)');
assert('is_string($type)');
if ($this->isEntityIdInUse($entityid, $errorMessage)) {
return $errorMessage;
}
if ($this->hasEntityIdBeenUsed($entityid, $errorMessage)) {
return $errorMessage;
}
$startstate = $this->_config->getString('workflowstate.default');
// Get the default ARP
$default_arp = '0';
$st = $this->execute("SELECT aid FROM " . self::$prefix . "arp WHERE is_default = TRUE AND deleted = ''");
if ($st) {
$rows = $st->fetchAll();
if (count($rows) === 1) {
$default_arp = $rows[0]['aid'];
}
}
// Instantiate a new entity
$entity = new sspmod_janus_Entity($this->_config, true);
$entity->setEntityid($entityid);
$entity->setWorkflow($startstate);
$entity->setType($type);
$entity->setArp($default_arp);
$entity->setUser($this->_user->getUid());
$entity->setRevisionnote('Entity created.');
$entity->save();
$st = $this->execute('INSERT INTO ' . self::$prefix . 'hasEntity
(`uid`, `eid`, `created`, `ip`)
VALUES
(?, ?, ?, ?);', array($this->_user->getUid(), $entity->getEid(), date('c'), $_SERVER['REMOTE_ADDR']));
if ($st === false) {
return 'error_db';
}
$ec = new sspmod_janus_EntityController($this->_config);
$ec->setEntity($entity);
$update = false;
// Get metadatafields for new type
$nm_mb = new sspmod_janus_MetadatafieldBuilder($this->_config->getArray('metadatafields.' . $type));
$metadatafields = $nm_mb->getMetadatafields();
// Add all required fileds
foreach ($metadatafields as $mf) {
if (isset($mf->required) && $mf->required === true) {
$ec->addMetadata($mf->name, $mf->default);
$update = true;
}
}
if ($update === true) {
$ec->saveEntity();
}
// Reset list of entities
$this->_entities = null;
$this->_loadEntities();
return $entity->getEid();
}
/**
* Create new entity with parsed entityid
*
* Create a new entity and give the user access to the entity.
*
* @param string $entityid Entity id for the new entity
* @param string $type Entity type
* @param string $metadataUrl The -optional- metadata url for the new entity
*
* @return sspmod_janus_Entity|bool Returns the entity or false on error.
* @since Method available since Release 1.0.0
*/
public function createNewEntity($entityid, $type, $metadataUrl = null)
{
assert('is_string($entityid)');
assert('is_string($type)');
if ($this->isEntityIdInUse($entityid, $errorMessage)) {
return $errorMessage;
}
$startstate = $this->_config->getString('workflowstate.default');
// Instantiate a new entity
$entity = new sspmod_janus_Entity($this->_config, true);
$entity->setEntityid($entityid);
$entity->setWorkflow($startstate);
$entity->setType($type);
$entity->setUser($this->_user->getUid());
$entity->setRevisionnote('Entity created.');
if ($metadataUrl) {
$entity->setMetadataURL($metadataUrl);
}
$entity->save(array());
$adminUtil = new sspmod_janus_AdminUtil();
$adminUtil->addUserToEntity($entity->getEid(), $this->_user->getUid());
$ec = sspmod_janus_DiContainer::getInstance()->getEntityController();
$ec->setEntity($entity);
$update = false;
// Get metadatafields for new type
$nm_mb = new sspmod_janus_MetadataFieldBuilder($this->_config->getArray('metadatafields.' . $type));
$metadatafields = $nm_mb->getMetadataFields();
// Add all required fileds
foreach ($metadatafields as $mf) {
if (isset($mf->required) && $mf->required === true) {
$ec->addMetadata($mf->name, $mf->default);
$update = true;
}
}
if ($update === true) {
$ec->saveEntity();
}
// Reset list of entities
$this->_entities = null;
$this->_loadEntities();
return $entity->getEid();
}
/**
* Does the Identity Provider allow a particular connection?
*
* @static
* @param string sspmod_janus_Entity $sp Service Provider to check for
* @param string sspmod_janus_Entity $idp Identity Provider to check against
* @return bool Is the connection allowed?
*/
protected static function _checkIdPMetadataIsConnectionAllowed(sspmod_janus_Entity $sp, sspmod_janus_Entity $idp)
{
$idpController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$idpController->setEntity($idp);
$spEid = $sp->getEid();
if ($idpController->getAllowedAll() === "yes") {
return true;
}
$allowedSps = $idpController->getAllowedEntities();
if (count($allowedSps) > 0 && array_key_exists($spEid, $allowedSps)) {
return true;
}
$blockedSps = $idpController->getBlockedEntities();
if (count($blockedSps) > 0 && !array_key_exists($spEid, $blockedSps)) {
return true;
}
return false;
}
