if (isset($_GET['revisionid'])) {
$revisionid = $_GET['revisionid'];
} else {
throw new SimpleSAML_Error_Exception('Revisionid must be set');
}
$md_options = $janus_config->getValue('mdexport.default_options');
$metaxml = sspmod_janus_MetaExport::getReadableXMLMetadata($eid, $revisionid, array('maxCache' => $md_options['maxCache'], 'maxDuration' => $md_options['maxDuration']));
$metaflat = sspmod_janus_MetaExport::getFlatMetadata($eid, $revisionid);
$metaarray = sspmod_janus_MetaExport::getPHPArrayMetadata($eid, $revisionid);
// Error generating som of the metadata
if (empty($metaflat) || empty($metaxml)) {
$t = new SimpleSAML_XHTML_Template($config, 'janus:error.php', 'janus:error');
$t->data['header'] = 'JANUS';
$t->data['title'] = 'error_required_metadata_missing_header';
$t->data['error'] = 'error_required_metadata_missing';
$t->data['extra_data'] = '<ul><li>' . implode("</li>\n<li>", sspmod_janus_MetaExport::getError()) . '</li></ul>';
$t->show();
exit(0);
} elseif (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
$t = new SimpleSAML_XHTML_Template($config, 'janus:metadata.php', 'janus:metadata');
$t->data['header'] = 'Metadata export';
$t->data['metaurl'] = SimpleSAML_Utilities::selfURLNoQuery();
$t->data['metadata'] = htmlentities($metaxml);
$t->data['metadataflat'] = htmlentities($metaflat, ENT_COMPAT, 'UTF-8');
$t->data['metadatajson'] = json_encode($metaarray);
$t->data['revision'] = $revisionid;
$t->data['eid'] = $eid;
$t->show();
} elseif (array_key_exists('output', $_GET) && $_GET['output'] == 'json') {
header('Content-Type: application/json');
echo json_encode($metaarray);
$entitiesDescriptor->setAttribute('cacheDuration', 'PT' . $maxCache . 'S');
}
if ($maxDuration !== NULL) {
$entitiesDescriptor->setAttribute('validUntil', SimpleSAML_Utilities::generateTimestamp(time() + $maxDuration));
}
$xml->appendChild($entitiesDescriptor);
foreach ($entities as $entity) {
$entityDescriptor = sspmod_janus_MetaExport::getXMLMetadata($entity['eid'], $entity['revisionid'], array('maxCache' => $maxCache, 'maxDuration' => $maxDuration));
$ssp_metadata = $ssp_metadata . "\n\n" . sspmod_janus_MetaExport::getFlatMetadata($entity['eid'], $entity['revisionid']);
if (empty($entityDescriptor)) {
$t = new SimpleSAML_XHTML_Template($config, 'janus:error.php', 'janus:error');
$t->data['header'] = 'JANUS';
$t->data['title'] = 'error_required_metadata_missing_header';
$t->data['error'] = 'error_required_metadata_missing_entity';
$t->data['error_data'] = array('%ENTITY%' => $entity['entityid']);
$t->data['extra_data'] = implode("\n", sspmod_janus_MetaExport::getError());
$t->show();
exit(0);
}
$entitiesDescriptor->appendChild($xml->importNode($entityDescriptor, TRUE));
}
/* Sign the metadata if enabled. */
if ($janus_config->getBoolean('sign.enable', FALSE)) {
$signer = new SimpleSAML_XML_Signer(array('privatekey' => $janus_config->getString('sign.privatekey'), 'privatekey_pass' => $janus_config->getString('sign.privatekey_pass', NULL), 'certificate' => $janus_config->getString('sign.certificate'), 'id' => 'ID'));
$signer->sign($entitiesDescriptor, $entitiesDescriptor, $entitiesDescriptor->firstChild);
}
if (isset($export_external)) {
$externalconfig = $janus_config->getArray('export.external');
if (array_key_exists($export_external, $externalconfig)) {
$externalconfig = $externalconfig[$export_external];
try {
// Ignore excluded entities
if (in_array($entity['entityid'], $md_options['exclude'])) {
continue;
}
// Get metadata for entity
// In XML
$entityDescriptor = sspmod_janus_MetaExport::getXMLMetadata($entity['eid'], $entity['revisionid'], array('maxCache' => $md_options['maxCache'], 'maxDuration' => $md_options['maxDuration']));
// In flat file
$ssp_metadata = $ssp_metadata . "\n\n" . sspmod_janus_MetaExport::getFlatMetadata($entity['eid'], $entity['revisionid']);
// Error handling
if (empty($entityDescriptor) || !$entityDescriptor) {
// Ignore errors
if ($md_options['ignore_errors']) {
continue;
} else {
$errors[$entity['entityid']] = sspmod_janus_MetaExport::getError();
}
} else {
// Append metadata to entitiesDescriptor
$entitiesDescriptor->appendChild($xml->importNode($entityDescriptor, TRUE));
}
}
// Display errors if any and ignore_errors is not set
if (count($errors) > 0 && !$md_options['ignore_errors']) {
$t = new SimpleSAML_XHTML_Template($config, 'janus:metadataexport.php', 'janus:metadataexport');
$t->data['allowed_mime'] = $allowed_mime;
$t->data['states'] = $janus_config->getArray('workflowstates');
$t->data['types'] = $util->getAllowedTypes();
$t->data['postprocessor'] = $janus_config->getArray('mdexport.postprocessor');
$t->data['error_type'] = 'error_type_required_metadata';
$t->data['errors'] = "";
private static function getMetadata($eid, $revision, $type = null, array $option = null)
{
assert('ctype_digit($eid)');
assert('ctype_digit($revision)');
$janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
if (!($entity = $entityController->setEntity($eid, $revision))) {
self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revision);
return false;
}
$metadata_raw = $entityController->getMetadata();
// Get metadata fields
$nm_mb = new sspmod_janus_MetadataFieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType()));
$metadatafields_required = $nm_mb->getMetadataFields();
// Get required metadata fields
$required = array();
foreach ($metadatafields_required as $mf) {
if (isset($mf->required) && $mf->required === true) {
$required[] = $mf->name;
}
}
// Get metadata to me tested
$metadata = array();
foreach ($metadata_raw as $k => $v) {
// Metadata field not defined
if (!isset($metadatafields_required[$v->getKey()])) {
continue;
}
// Value not set for metadata
if (is_string($v->getValue()) && $v->getValue() == '') {
continue;
}
// Compute is the default values is allowed
$default_allow = false;
if (isset($metadatafields_required[$v->getKey()]->default_allow) && is_bool($metadatafields_required[$v->getKey()]->default_allow)) {
$default_allow = $metadatafields_required[$v->getKey()]->default_allow;
}
/*
* Do not include metadata if value is set to default and default
* is not allowed.
*/
if (!$default_allow && (isset($metadatafields_required[$v->getKey()]->default) && $v->getValue() == $metadatafields_required[$v->getKey()]->default)) {
continue;
}
$metadata[] = $v->getKey();
}
// Compute missing metadata that is required
$missing_required = array_diff($required, $metadata);
$entityId = $entity->getEntityid();
if (!empty($missing_required)) {
SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityId);
self::$_error = $missing_required;
return false;
}
try {
$metaArray = $entityController->getMetaArray();
$metaArray['eid'] = $eid;
$blockedEntities = $entityController->getBlockedEntities();
$allowedEntities = $entityController->getAllowedEntities();
$disabledConsent = $entityController->getDisableConsent();
$metaFlat = '// Revision: ' . $entity->getRevisionid() . "\n";
$metaFlat .= var_export($entityId, TRUE) . ' => ' . var_export($metaArray, TRUE) . ',';
// Add authproc filter to block blocked entities
if (!empty($blockedEntities) || !empty($allowedEntities)) {
$metaFlat = substr($metaFlat, 0, -2);
if (!empty($allowedEntities)) {
$metaFlat .= " 'allowed' => array(\n";
$metaArray['allowed'] = array();
foreach ($allowedEntities as $allowedEntity) {
$metaFlat .= " '" . $allowedEntity['remoteentityid'] . "',\n";
$metaArray['allowed'][] = $allowedEntity['remoteentityid'];
}
$metaFlat .= " ),\n";
}
if (!empty($blockedEntities)) {
$metaFlat .= " 'blocked' => array(\n";
$metaArray['blocked'] = array();
foreach ($blockedEntities as $blockedEntity) {
$metaFlat .= " '" . $blockedEntity['remoteentityid'] . "',\n";
$metaArray['blocked'][] = $blockedEntity['remoteentityid'];
}
$metaFlat .= " ),\n";
}
$metaFlat .= '),';
}
// Add disable consent
if (!empty($disabledConsent)) {
$metaFlat = substr($metaFlat, 0, -2);
$metaFlat .= " 'consent.disable' => array(\n";
foreach ($disabledConsent as $key => $value) {
$metaFlat .= " '" . $key . "',\n";
}
$metaFlat .= " ),\n";
$metaFlat .= '),';
}
$maxCache = isset($option['maxCache']) ? $option['maxCache'] : null;
$maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null;
try {
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId, $maxCache, $maxDuration);
$metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray);
} catch (Exception $e) {
SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityId . ' - Error generating XML metadata - ' . var_export($e, true));
self::$_error = array('Error generating XML metadata - ' . $e->getMessage());
return false;
}
// Add organization info
if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) {
$metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL']));
}
// Add contact info
if (!empty($metaArray['contact'])) {
$metaBuilder->addContact('technical', $metaArray['contact']);
}
switch ($type) {
case self::XML:
return $metaBuilder->getEntityDescriptor();
case self::XMLREADABLE:
return $metaBuilder->getEntityDescriptorText();
case self::PHPARRAY:
return $metaArray;
case self::FLATFILE:
default:
return $metaFlat;
}
} catch (Exception $exception) {
$session = SimpleSAML_Session::getInstance();
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception);
return false;
}
}
$xml = new DOMDocument();
$entitiesDescriptor = $xml->createElementNS('urn:oasis:names:tc:SAML:2.0:metadata', 'EntitiesDescriptor');
$entitiesDescriptorName = $janus_config->getString('export.entitiesDescriptorName', 'Federation');
$entitiesDescriptor->setAttribute('Name', $entitiesDescriptorName);
if ($maxCache !== NULL) {
$entitiesDescriptor->setAttribute('cacheDuration', 'PT' . $maxCache . 'S');
}
if ($maxDuration !== NULL) {
$entitiesDescriptor->setAttribute('validUntil', SimpleSAML_Utilities::generateTimestamp(time() + $maxDuration));
}
$xml->appendChild($entitiesDescriptor);
foreach ($entities as $entity) {
if ($entity['entityid'] == $exclude_entityid) {
continue;
}
$entityDescriptor = sspmod_janus_MetaExport::getXMLMetadata($entity['eid'], $entity['revisionid'], array('maxCache' => $maxCache, 'maxDuration' => $maxDuration));
if (empty($entityDescriptor) || !$entityDescriptor) {
continue;
}
$entitiesDescriptor->appendChild($xml->importNode($entityDescriptor, TRUE));
}
/* Sign the metadata if enabled. */
if ($janus_config->getBoolean('sign.enable', FALSE)) {
$signer = new SimpleSAML_XML_Signer(array('privatekey' => $janus_config->getString('sign.privatekey'), 'privatekey_pass' => $janus_config->getString('sign.privatekey_pass', NULL), 'certificate' => $janus_config->getString('sign.certificate'), 'id' => 'ID'));
$signer->sign($entitiesDescriptor, $entitiesDescriptor, $entitiesDescriptor->firstChild);
}
header('Content-Type: application/xml');
header('Content-Disposition: attachment; filename="federation.xml"');
echo $xml->saveXML();
} catch (Exception $exception) {
$session = SimpleSAML_Session::getInstance();
