public function validate()
{
$entityType = $this->_entityController->getEntity()->getType();
if ($entityType == 'saml20-idp') {
$idpMetadataConfig = $this->_loadExpandedMetadataConfig(SimpleSAML_Configuration::getConfig('module_janus.php')->getArray('metadatafields.saml20-idp'));
$this->_validate($idpMetadataConfig);
} else {
if ($entityType == 'saml20-sp') {
$spMetadataConfig = $this->_loadExpandedMetadataConfig(SimpleSAML_Configuration::getConfig('module_janus.php')->getArray('metadatafields.saml20-sp'));
$this->_validate($spMetadataConfig);
} else {
$_errors[] = 'Unknown Entity Type';
}
}
}
public function validate()
{
$entityType = $this->_entityController->getEntity()->getType();
$config = sspmod_janus_DiContainer::getInstance()->getConfig();
if ($entityType == 'saml20-idp') {
$idpMetadataConfig = $this->_loadExpandedMetadataConfig($config->getArray('metadatafields.saml20-idp'));
$this->_validate($idpMetadataConfig);
} else {
if ($entityType == 'saml20-sp') {
$spMetadataConfig = $this->_loadExpandedMetadataConfig($config->getArray('metadatafields.saml20-sp'));
$this->_validate($spMetadataConfig);
} else {
$_errors[] = 'Unknown Entity Type';
}
}
}
$session = SimpleSAML_Session::getInstance();
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$authSource = $janusConfig->getValue('auth', 'login-admin');
// Validate user
if (!$session->isValid($authSource)) {
SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php', array('selectedtab' => "'federation'")));
}
$entities = array();
$util = new sspmod_janus_AdminUtil();
$userController = new sspmod_janus_UserController($janusConfig);
$entities = array_merge($userController->searchEntitiesByType('saml20-idp'), $userController->searchEntitiesByType('saml20-sp'));
foreach ($entities as $entity) {
/**
* @var sspmod_janus_Entity $entity
*/
$entityId = $entity->getEid();
$entityController = new sspmod_janus_EntityController($janusConfig);
$entityController->setEntity($entityId);
$entityController->loadEntity();
$controllerEntity = $entityController->getEntity();
$entityType = $controllerEntity->getType();
if (!isset($entities[$entityType])) {
$entities[$entityType] = array();
}
$entities_info[$entityType][] = array('Id' => $controllerEntity->getEntityid(), 'Name' => $controllerEntity->getPrettyname(), 'WorkflowStatus' => $controllerEntity->getWorkflow(), 'MetadataUrl' => $controllerEntity->getMetadataURL(), 'Eid' => $controllerEntity->getEid());
}
ksort($entities_info);
$template = new SimpleSAML_XHTML_Template(SimpleSAML_Configuration::getInstance(), 'janus:show-entities-validation.php', 'janus:show-entities-validation');
$template->data['header'] = "Service Registry JANUS entities validation";
$template->data['entities'] = $entities_info;
$template->show();
$cert_allowed_warnings = $janus_config->getArray('cert.allowed.warnings', array());
$cert_time_limit = $janus_config->getInteger('notify.cert.expiring.before', 30);
}
$notify_meta_expiring_before = $janus_config->getInteger('notify.meta.expiring.before', 5);
$meta_time_limit = $now + $notify_meta_expiring_before * 86400;
$workflowstates = $janus_config->getValue('workflowstates');
foreach ($util->getEntities() as $entity) {
$entry = array();
$eid = $entity['eid'];
// Get Entity controller
$mcontroller = new sspmod_janus_EntityController($janus_config);
$mcontroller->setEntity($eid);
$mcontroller->loadEntity();
// Grab some basic fields
$metadata = $mcontroller->getMetadata();
$entity_id = $mcontroller->getEntity()->getEntityid();
$entity_type = $mcontroller->getEntity()->getType();
$prettyname = $mcontroller->getEntity()->getPrettyname();
$entity_workflow = $mcontroller->getEntity()->getWorkflow();
$metaArray = $mcontroller->getMetaArray();
$entry['entityid'] = $entity_id;
$entry['entitytype'] = $entity_type;
$entry['prettyname'] = $prettyname;
$entry['workflow'] = $entity_workflow;
// Check if the entity has all the required fields
$metadata_alowed = $janus_config->getArray('metadatafields.' . $entity_type, array());
$metadata_required = array();
foreach ($metadata_alowed as $k => $v) {
if (array_key_exists('required', $v) && $v['required'] === true) {
$metadata_required[] = $k;
}
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array("Not doing metadata_refresh");
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
$entityController = new sspmod_janus_EntityController($janusConfig);
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entity = $entityController->getEntity();
$entityId = $entity->getEntityId();
$metadataUrl = $entity->getMetadataURL();
$metadataCachingInfo = $entityController->getMetadataCaching();
if (empty($metadataUrl)) {
$cronLogger->with($entityId)->warn("No metadata url.");
continue;
}
$nextRun = time();
switch ($cronTag) {
case 'hourly':
$nextRun += 3600;
break;
case 'daily':
$nextRun += 24 * 60 * 60;
break;
case 'frequent':
$nextRun += 0;
// How often is frequent?
break;
default:
throw new Exception("Unknown cron tag '{$cronTag}'");
}
if ($metadataCachingInfo['validUntil'] > $nextRun && $metadataCachingInfo['cacheUntil'] > $nextRun) {
$cronLogger->with($entityId)->notice("Should not update, cache still valid.");
continue;
}
$xml = @file_get_contents($metadataUrl);
if (!$xml) {
$cronLogger->with($entityId)->error("Failed import of entity. Bad URL '{$metadataUrl}'? ");
continue;
}
$document = new DOMDocument();
if (!@$document->loadXML($xml)) {
$cronLogger->with($entityId)->error("Failed import of entity. Invalid XML at '{$metadataUrl}'?");
continue;
}
$query = new DOMXPath($document);
$nsFound = false;
foreach ($query->query('namespace::*') as $node) {
if ($node->nodeValue === "urn:oasis:names:tc:SAML:2.0:metadata") {
$nsFound = true;
break;
}
}
if (!$nsFound) {
$cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain SAML2 Metadata namespace?");
continue;
}
$query->registerNamespace('md', "urn:oasis:names:tc:SAML:2.0:metadata");
$entityDescriptorDomElement = $query->query("//md:EntityDescriptor[@entityID=\"{$entityId}\"]");
if ($entityDescriptorDomElement->length === 0) {
$cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain an EntityDescriptor with entityId '{$entityId}'?");
continue;
}
$updated = false;
if ($entity->getType() == 'saml20-sp') {
$statusCode = $entityController->importMetadata20SP($xml, $updated);
if ($statusCode !== 'status_metadata_parsed_ok') {
$cronLogger->with($entityId)->error("Entity not updated");
}
} else {
if ($entity->getType() == 'saml20-idp') {
$statusCode = $entityController->importMetadata20IdP($xml, $updated);
if ($statusCode !== 'status_metadata_parsed_ok') {
$cronLogger->with($entityId)->error("Entity not updated");
}
} else {
$cronLogger->with($entityId)->error("Failed import of entity. Wrong type");
}
}
if ($updated) {
$this->_mailUpdatedMetaData($entity, $xml);
$cronLogger->with($entityId)->notice("Entity updated");
$metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId);
$entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']);
} else {
$cronLogger->with($entityId)->notice("Entity not updated, no changes required");
// Update metadata caching info (validUntil )
$metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId);
$entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']);
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array();
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$srConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$rootCertificatesFile = $srConfig->getString('ca_bundle_file');
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
try {
$entityController = new sspmod_janus_EntityController($janusConfig);
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entityId = $entityController->getEntity()->getEntityid();
$entityType = $entityController->getEntity()->getType();
try {
try {
$certificate = $entityController->getCertificate();
// @workaround
// Since getCertificate() returns false when certificate does not exist following check is required to skip validation
if (empty($certificate)) {
throw new Exception('No certificate found');
}
} catch (Exception $e) {
if ($entityType === 'saml20-sp') {
$cronLogger->with($entityId)->notice("SP does not have a certificate");
} else {
if ($entityType === 'saml20-idp') {
$cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?");
}
}
continue;
}
$validator = new sspmod_janus_OpenSsl_Certificate_Validator($certificate);
$validator->setIgnoreSelfSigned(true);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->error($error);
}
sspmod_janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile);
$chain = sspmod_janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate);
$validator = new sspmod_janus_OpenSsl_Certificate_Chain_Validator($chain);
$validator->setIgnoreSelfSigned(true);
$validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->error($error);
}
} catch (Exception $e) {
$cronLogger->with($entityId)->error($e->getMessage());
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage() . $e->getTraceAsString());
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage() . $e->getTraceAsString());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
/**
* Retrieve all entity metadata for all entities of a certain type.
* @param String $type Supported types: "saml20-idp" or "saml20-sp"
* @param Array $keys optional list of metadata keys to retrieve. Retrieves all if blank
* @param String $allowedEntityId if passed, returns only those entities that are
* whitelisted against the given entity
* @return Array Associative array of all metadata. The key of the array is the identifier
*/
protected static function _getEntities($type, $keys = array(), $allowedEntityId = NULL)
{
$econtroller = new sspmod_janus_EntityController(SimpleSAML_Configuration::getConfig('module_janus.php'));
$ucontroller = new sspmod_janus_UserController(SimpleSAML_Configuration::getConfig('module_janus.php'));
$entities = array();
if (isset($allowedEntityId)) {
$econtroller->setEntity($allowedEntityId);
$econtroller->loadEntity();
if ($econtroller->getEntity()->getAllowedAll() == "yes") {
$entities = $ucontroller->searchEntitiesByType($type);
} else {
$allowedEntities = $econtroller->getAllowedEntities();
// Check the whitelist
if (count($allowedEntities)) {
foreach ($allowedEntities as $entityid => $data) {
$entities[] = $data["remoteentityid"];
}
} else {
// Check the blacklist
$blockedEntities = $econtroller->getBlockedEntities();
if (count($blockedEntities)) {
$blockedEntityIds = array();
foreach ($blockedEntities as $entityid => $data) {
$blockedEntityIds[] = $data["remoteentityid"];
}
$all = $ucontroller->searchEntitiesByType($type);
$list = array();
foreach ($all as $entity) {
$list[] = $entity->getEntityId();
}
// Return all entities that are not in the blacklist
$entities = array_diff($list, $blockedEntityIds);
}
}
}
} else {
$entities = $ucontroller->searchEntitiesByType($type);
}
$result = array();
foreach ($entities as $entity) {
$data = self::_getMetadataForEntity($entity, NULL, $keys);
// Add workflow state info for optional filtering at client side
$data['workflowState'] = $entity->getWorkflow();
if (is_object($entity)) {
$entityId = $entity->getEntityId();
} else {
$entityId = $entity;
}
$result[$entityId] = $data;
}
return $result;
}
function convert_stdobject_to_array($object)
{
$object = (array) $object;
foreach ($object as $key => $value) {
if (is_array($value) || is_object($value) && get_class($value) === 'stdClass') {
$object[$key] = convert_stdobject_to_array($value);
}
}
return $object;
}
try {
$metaStdClass = json_decode($_POST['meta_json']);
if ($metaStdClass) {
$metaArray = convert_stdobject_to_array($metaStdClass);
$metaArray = $mcontroller->arrayFlattenSep(':', $metaArray);
if ($metaArray['entityid'] === $mcontroller->getEntity()->getEntityid()) {
foreach ($metaArray as $key => $value) {
if ($mcontroller->hasMetadata($key)) {
echo "Updating: {$key}<br />" . PHP_EOL;
$mcontroller->updateMetadata($key, $value);
} else {
echo "Adding: {$key}<br />" . PHP_EOL;
$mcontroller->addMetadata($key, $value);
}
}
$update = TRUE;
$msg = 'status_metadata_parsed_ok';
} else {
$msg = 'error_metadata_wrong_entity';
}
} else {
