if (isset($_GET['revisionid'])) { $revisionid = $_GET['revisionid']; } else { throw new SimpleSAML_Error_Exception('Revisionid must be set'); } $md_options = $janus_config->getValue('mdexport.default_options'); $metaxml = sspmod_janus_MetaExport::getReadableXMLMetadata($eid, $revisionid, array('maxCache' => $md_options['maxCache'], 'maxDuration' => $md_options['maxDuration'])); $metaflat = sspmod_janus_MetaExport::getFlatMetadata($eid, $revisionid); $metaarray = sspmod_janus_MetaExport::getPHPArrayMetadata($eid, $revisionid); // Error generating som of the metadata if (empty($metaflat) || empty($metaxml)) { $t = new SimpleSAML_XHTML_Template($config, 'janus:error.php', 'janus:error'); $t->data['header'] = 'JANUS'; $t->data['title'] = 'error_required_metadata_missing_header'; $t->data['error'] = 'error_required_metadata_missing'; $t->data['extra_data'] = '<ul><li>' . implode("</li>\n<li>", sspmod_janus_MetaExport::getError()) . '</li></ul>'; $t->show(); exit(0); } elseif (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') { $t = new SimpleSAML_XHTML_Template($config, 'janus:metadata.php', 'janus:metadata'); $t->data['header'] = 'Metadata export'; $t->data['metaurl'] = SimpleSAML_Utilities::selfURLNoQuery(); $t->data['metadata'] = htmlentities($metaxml); $t->data['metadataflat'] = htmlentities($metaflat, ENT_COMPAT, 'UTF-8'); $t->data['metadatajson'] = json_encode($metaarray); $t->data['revision'] = $revisionid; $t->data['eid'] = $eid; $t->show(); } elseif (array_key_exists('output', $_GET) && $_GET['output'] == 'json') { header('Content-Type: application/json'); echo json_encode($metaarray);
$entitiesDescriptor->setAttribute('cacheDuration', 'PT' . $maxCache . 'S'); } if ($maxDuration !== NULL) { $entitiesDescriptor->setAttribute('validUntil', SimpleSAML_Utilities::generateTimestamp(time() + $maxDuration)); } $xml->appendChild($entitiesDescriptor); foreach ($entities as $entity) { $entityDescriptor = sspmod_janus_MetaExport::getXMLMetadata($entity['eid'], $entity['revisionid'], array('maxCache' => $maxCache, 'maxDuration' => $maxDuration)); $ssp_metadata = $ssp_metadata . "\n\n" . sspmod_janus_MetaExport::getFlatMetadata($entity['eid'], $entity['revisionid']); if (empty($entityDescriptor)) { $t = new SimpleSAML_XHTML_Template($config, 'janus:error.php', 'janus:error'); $t->data['header'] = 'JANUS'; $t->data['title'] = 'error_required_metadata_missing_header'; $t->data['error'] = 'error_required_metadata_missing_entity'; $t->data['error_data'] = array('%ENTITY%' => $entity['entityid']); $t->data['extra_data'] = implode("\n", sspmod_janus_MetaExport::getError()); $t->show(); exit(0); } $entitiesDescriptor->appendChild($xml->importNode($entityDescriptor, TRUE)); } /* Sign the metadata if enabled. */ if ($janus_config->getBoolean('sign.enable', FALSE)) { $signer = new SimpleSAML_XML_Signer(array('privatekey' => $janus_config->getString('sign.privatekey'), 'privatekey_pass' => $janus_config->getString('sign.privatekey_pass', NULL), 'certificate' => $janus_config->getString('sign.certificate'), 'id' => 'ID')); $signer->sign($entitiesDescriptor, $entitiesDescriptor, $entitiesDescriptor->firstChild); } if (isset($export_external)) { $externalconfig = $janus_config->getArray('export.external'); if (array_key_exists($export_external, $externalconfig)) { $externalconfig = $externalconfig[$export_external]; try {
// Ignore excluded entities if (in_array($entity['entityid'], $md_options['exclude'])) { continue; } // Get metadata for entity // In XML $entityDescriptor = sspmod_janus_MetaExport::getXMLMetadata($entity['eid'], $entity['revisionid'], array('maxCache' => $md_options['maxCache'], 'maxDuration' => $md_options['maxDuration'])); // In flat file $ssp_metadata = $ssp_metadata . "\n\n" . sspmod_janus_MetaExport::getFlatMetadata($entity['eid'], $entity['revisionid']); // Error handling if (empty($entityDescriptor) || !$entityDescriptor) { // Ignore errors if ($md_options['ignore_errors']) { continue; } else { $errors[$entity['entityid']] = sspmod_janus_MetaExport::getError(); } } else { // Append metadata to entitiesDescriptor $entitiesDescriptor->appendChild($xml->importNode($entityDescriptor, TRUE)); } } // Display errors if any and ignore_errors is not set if (count($errors) > 0 && !$md_options['ignore_errors']) { $t = new SimpleSAML_XHTML_Template($config, 'janus:metadataexport.php', 'janus:metadataexport'); $t->data['allowed_mime'] = $allowed_mime; $t->data['states'] = $janus_config->getArray('workflowstates'); $t->data['types'] = $util->getAllowedTypes(); $t->data['postprocessor'] = $janus_config->getArray('mdexport.postprocessor'); $t->data['error_type'] = 'error_type_required_metadata'; $t->data['errors'] = "";
private static function getMetadata($eid, $revision, $type = null, array $option = null) { assert('ctype_digit($eid)'); assert('ctype_digit($revision)'); $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); if (!($entity = $entityController->setEntity($eid, $revision))) { self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revision); return false; } $metadata_raw = $entityController->getMetadata(); // Get metadata fields $nm_mb = new sspmod_janus_MetadataFieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType())); $metadatafields_required = $nm_mb->getMetadataFields(); // Get required metadata fields $required = array(); foreach ($metadatafields_required as $mf) { if (isset($mf->required) && $mf->required === true) { $required[] = $mf->name; } } // Get metadata to me tested $metadata = array(); foreach ($metadata_raw as $k => $v) { // Metadata field not defined if (!isset($metadatafields_required[$v->getKey()])) { continue; } // Value not set for metadata if (is_string($v->getValue()) && $v->getValue() == '') { continue; } // Compute is the default values is allowed $default_allow = false; if (isset($metadatafields_required[$v->getKey()]->default_allow) && is_bool($metadatafields_required[$v->getKey()]->default_allow)) { $default_allow = $metadatafields_required[$v->getKey()]->default_allow; } /* * Do not include metadata if value is set to default and default * is not allowed. */ if (!$default_allow && (isset($metadatafields_required[$v->getKey()]->default) && $v->getValue() == $metadatafields_required[$v->getKey()]->default)) { continue; } $metadata[] = $v->getKey(); } // Compute missing metadata that is required $missing_required = array_diff($required, $metadata); $entityId = $entity->getEntityid(); if (!empty($missing_required)) { SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityId); self::$_error = $missing_required; return false; } try { $metaArray = $entityController->getMetaArray(); $metaArray['eid'] = $eid; $blockedEntities = $entityController->getBlockedEntities(); $allowedEntities = $entityController->getAllowedEntities(); $disabledConsent = $entityController->getDisableConsent(); $metaFlat = '// Revision: ' . $entity->getRevisionid() . "\n"; $metaFlat .= var_export($entityId, TRUE) . ' => ' . var_export($metaArray, TRUE) . ','; // Add authproc filter to block blocked entities if (!empty($blockedEntities) || !empty($allowedEntities)) { $metaFlat = substr($metaFlat, 0, -2); if (!empty($allowedEntities)) { $metaFlat .= " 'allowed' => array(\n"; $metaArray['allowed'] = array(); foreach ($allowedEntities as $allowedEntity) { $metaFlat .= " '" . $allowedEntity['remoteentityid'] . "',\n"; $metaArray['allowed'][] = $allowedEntity['remoteentityid']; } $metaFlat .= " ),\n"; } if (!empty($blockedEntities)) { $metaFlat .= " 'blocked' => array(\n"; $metaArray['blocked'] = array(); foreach ($blockedEntities as $blockedEntity) { $metaFlat .= " '" . $blockedEntity['remoteentityid'] . "',\n"; $metaArray['blocked'][] = $blockedEntity['remoteentityid']; } $metaFlat .= " ),\n"; } $metaFlat .= '),'; } // Add disable consent if (!empty($disabledConsent)) { $metaFlat = substr($metaFlat, 0, -2); $metaFlat .= " 'consent.disable' => array(\n"; foreach ($disabledConsent as $key => $value) { $metaFlat .= " '" . $key . "',\n"; } $metaFlat .= " ),\n"; $metaFlat .= '),'; } $maxCache = isset($option['maxCache']) ? $option['maxCache'] : null; $maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null; try { $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId, $maxCache, $maxDuration); $metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray); } catch (Exception $e) { SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityId . ' - Error generating XML metadata - ' . var_export($e, true)); self::$_error = array('Error generating XML metadata - ' . $e->getMessage()); return false; } // Add organization info if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) { $metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL'])); } // Add contact info if (!empty($metaArray['contact'])) { $metaBuilder->addContact('technical', $metaArray['contact']); } switch ($type) { case self::XML: return $metaBuilder->getEntityDescriptor(); case self::XMLREADABLE: return $metaBuilder->getEntityDescriptorText(); case self::PHPARRAY: return $metaArray; case self::FLATFILE: default: return $metaFlat; } } catch (Exception $exception) { $session = SimpleSAML_Session::getInstance(); SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception); return false; } }
$xml = new DOMDocument(); $entitiesDescriptor = $xml->createElementNS('urn:oasis:names:tc:SAML:2.0:metadata', 'EntitiesDescriptor'); $entitiesDescriptorName = $janus_config->getString('export.entitiesDescriptorName', 'Federation'); $entitiesDescriptor->setAttribute('Name', $entitiesDescriptorName); if ($maxCache !== NULL) { $entitiesDescriptor->setAttribute('cacheDuration', 'PT' . $maxCache . 'S'); } if ($maxDuration !== NULL) { $entitiesDescriptor->setAttribute('validUntil', SimpleSAML_Utilities::generateTimestamp(time() + $maxDuration)); } $xml->appendChild($entitiesDescriptor); foreach ($entities as $entity) { if ($entity['entityid'] == $exclude_entityid) { continue; } $entityDescriptor = sspmod_janus_MetaExport::getXMLMetadata($entity['eid'], $entity['revisionid'], array('maxCache' => $maxCache, 'maxDuration' => $maxDuration)); if (empty($entityDescriptor) || !$entityDescriptor) { continue; } $entitiesDescriptor->appendChild($xml->importNode($entityDescriptor, TRUE)); } /* Sign the metadata if enabled. */ if ($janus_config->getBoolean('sign.enable', FALSE)) { $signer = new SimpleSAML_XML_Signer(array('privatekey' => $janus_config->getString('sign.privatekey'), 'privatekey_pass' => $janus_config->getString('sign.privatekey_pass', NULL), 'certificate' => $janus_config->getString('sign.certificate'), 'id' => 'ID')); $signer->sign($entitiesDescriptor, $entitiesDescriptor, $entitiesDescriptor->firstChild); } header('Content-Type: application/xml'); header('Content-Disposition: attachment; filename="federation.xml"'); echo $xml->saveXML(); } catch (Exception $exception) { $session = SimpleSAML_Session::getInstance();