<?php $session = SimpleSAML_Session::getInstance(); SimpleSAML_Logger::debug('IdP Endpoint accessed....'); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $samlredir = new SAML2_HTTPRedirect(); $request = $samlredir->receive(); $entityid = $request->getIssuer(); error_log('Entity ID was [' . $entityid . ']'); $idpm = new sspmod_fedlab_IdPMetadata($config); $spm = new sspmod_fedlab_SPMetadata($entityid, TRUE); #$spm->debug(); $idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php'; $idpmetadata = array('entityid' => $idpentityid, 'certificate' => 'server.crt', 'privatekey' => 'server.pem'); $test = new sspmod_fedlab_BasicSPTest($idpmetadata, $spm->parsed, $entity, $initurl, $initslo, $attributeurl); $crawler = new sspmod_fedlab_SAMLCrawler(); $requestRaw = sspmod_fedlab_SAMLCrawler::getHTTPRedirectMessage(); echo '<h2>Request</h2>' . "\n"; echo '<textarea style="width: 90%; height: 300px">'; echo htmlspecialchars(SimpleSAML_Utilities::formatXMLString($requestRaw)); echo '</textarea>'; # print_r($request); $relaystate = NULL; if (isset($_REQUEST['RelayState'])) { $relaystate = $_REQUEST['RelayState']; } # createResponse($testrun, $request, $relayState = NULL) { $samlResponse = $test->createResponseP('idp', $request, $relaystate); echo '<h2>Prepared Response</h2>' . "\n"; echo '<textarea style="width: 90%; height: 300px">';
/** * This function requests a url with a GET request. * * @param $curl The curl handle which should be used. * @param $url The url which should be requested. * @param $parameters Associative array with parameters which should be appended to the url. * @return The content of the returned page. */ function getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10) { if (empty($url)) { throw new Exception('Trying to crawl an empty URL'); } if ($maxredirs < 0) { throw new Exception('Max redirection reached...'); } $p = ''; foreach ($parameters as $k => $v) { if ($p != '') { $p .= '&'; } $p .= urlencode($k) . '=' . urlencode($v); } switch ($type) { case 'post': curl_setopt($this->curl, CURLOPT_POSTFIELDS, $p); curl_setopt($this->curl, CURLOPT_POST, TRUE); break; case 'get': default: if (!empty($parameters)) { if (strpos($url, '?') === FALSE) { $url .= '?' . $p; } else { $url .= '&' . $p; } } curl_setopt($this->curl, CURLOPT_HTTPGET, TRUE); } curl_setopt($this->curl, CURLOPT_URL, $url); $this->log('Contacting URL [' . $url . ']'); $response = curl_exec($this->curl); if ($response === FALSE) { #echo('Failed to get url: ' . $url . "\n"); #echo('Curl error: ' . curl_error($curl) . "\n"); return FALSE; } $header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE); $result['header'] = substr($response, 0, $header_size); $result['body'] = substr($response, $header_size); $result['http_code'] = curl_getinfo($this->curl, CURLINFO_HTTP_CODE); $result['last_url'] = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL); $result['headerout'] = curl_getinfo($this->curl, CURLINFO_HEADER_OUT); // $this->log('header out :' . $result['headerout']); $info = curl_getinfo($this->curl); $headers = self::parseHeaders($result['header']); // error_log('headers: ' . var_export($headers, TRUE)); // error_log('headers raw: ' . var_export($result['header'], TRUE)); // error_log('info: ' . var_export($info, TRUE)); if (isset($headers['location'])) { $nexturl = $headers['location']; $this->log('Location header found [' . $nexturl . ']'); if (substr($nexturl, 0, 1) == '/') { if (preg_match('|(http(s)?://.*?)/|', $info['url'], $matches)) { $nexturl = $matches[1] . $nexturl; $this->log('Constructed new URL [' . $nexturl . ']'); } } # $url = $info['url']; $urlp = parse_url($nexturl); # echo '<p>Next url [' . $nexturl . ']'; // If next step is server; then look for AuthnRequest... #error_log('Location header query part: ' . $urlp['query']); $this->log('Next URL host is [' . (string) $urlp['host'] . '] comparing with my host [' . (string) SimpleSAML_Utilities::getSelfHost() . ']'); if (strcmp((string) $urlp['host'], (string) SimpleSAML_Utilities::getSelfHost()) == 0) { #echo "FOUND REQUEST"; #print_r($urlp['query']); $_SERVER['QUERY_STRING'] = $urlp['query']; $samlredir = new SAML2_HTTPRedirect(); if (strstr($urlp['query'], 'SAMLRequest=') || strstr($urlp['query'], 'SAMLResponse=')) { $result['RequestRaw'] = self::getHTTPRedirectMessage(); $result['Request'] = $samlredir->receive(); # $params = parse_str($urlp['query']); $result['RelayState'] = $result['Request']->getRelayState(); # $this->log('Parameters: ' . var_export($params, TRUE)); # if (isset($params['RelayState'])) $result['RelayState'] = $params['RelayState']; } return $result; } // Follow redirects return $this->getURLraw($nexturl, $parameters, $type, $maxredirs - 1); } return $result; }
/** * This function requests a url with a GET request. * * @param $curl The curl handle which should be used. * @param $url The url which should be requested. * @param $parameters Associative array with parameters which should be appended to the url. * @return The content of the returned page. */ function getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10, $cookies = NULL) { if (empty($url)) { throw new Exception('Trying to crawl an empty URL'); } if ($maxredirs < 0) { throw new Exception('Max redirection reached...'); } $p = ''; foreach ($parameters as $k => $v) { if ($p != '') { $p .= '&'; } $p .= urlencode($k) . '=' . urlencode($v); } switch ($type) { case 'post': curl_setopt($this->curl, CURLOPT_POSTFIELDS, $p); curl_setopt($this->curl, CURLOPT_POST, TRUE); break; case 'get': default: if (!empty($parameters)) { if (strpos($url, '?') === FALSE) { $url .= '?' . $p; } else { $url .= '&' . $p; } } curl_setopt($this->curl, CURLOPT_HTTPGET, TRUE); } curl_setopt($this->curl, CURLOPT_URL, $url); if (isset($cookies)) { $cookieline = join('; ', $cookies); curl_setopt($this->curl, CURLOPT_COOKIE, $cookieline); $this->log('Set cookies in request to [' . $cookieline . ']'); } $this->log('Contacting URL [' . $url . ']'); $response = curl_exec($this->curl); if ($response === FALSE) { #echo('Failed to get url: ' . $url . "\n"); #echo('Curl error: ' . curl_error($curl) . "\n"); $this->log('Error retrieving URL: ' . curl_error($this->curl)); return FALSE; } $header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE); $result['header'] = substr($response, 0, $header_size); $result['body'] = substr($response, $header_size); $result['http_code'] = curl_getinfo($this->curl, CURLINFO_HTTP_CODE); $result['last_url'] = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL); $result['headerout'] = curl_getinfo($this->curl, CURLINFO_HEADER_OUT); $result['setCookies'] = $this->parseCookiesFromHeader($result['header']); // $this->log('Header :' . $result['header']); if (!empty($result['setCookies'])) { $this->log('Cookies :' . var_export($result['setCookies'], TRUE)); } $info = curl_getinfo($this->curl); $headers = self::parseHeaders($result['header']); // error_log('headers: ' . var_export($headers, TRUE)); // error_log('headers raw: ' . var_export($result['header'], TRUE)); // error_log('info: ' . var_export($info, TRUE)); if (isset($headers['location'])) { $nexturl = $headers['location']; $this->log('Location header found [' . $nexturl . ']'); if (substr($nexturl, 0, 1) == '/') { if (preg_match('|(http(s)?://.*?)/|', $info['url'], $matches)) { $nexturl = $matches[1] . $nexturl; $this->log('Constructed new URL [' . $nexturl . ']'); } } # $url = $info['url']; $urlp = parse_url($nexturl); # echo '<p>Next url [' . $nexturl . ']'; // If next step is server; then look for AuthnRequest... #error_log('Location header query part: ' . $urlp['query']); $this->log('Next URL host is [' . (string) $urlp['host'] . '] comparing with my host [' . (string) SimpleSAML_Utilities::getSelfHost() . ']'); if (strcmp((string) $urlp['host'], (string) SimpleSAML_Utilities::getSelfHost()) == 0) { #echo "FOUND REQUEST"; #print_r($urlp['query']); $_SERVER['QUERY_STRING'] = $urlp['query']; $samlredir = new SAML2_HTTPRedirect(); if (strstr($urlp['query'], 'SAMLRequest=') || strstr($urlp['query'], 'SAMLResponse=')) { $result['RequestRaw'] = self::getHTTPRedirectMessage(); $result['Request'] = $samlredir->receive(); # $params = parse_str($urlp['query']); $result['RelayState'] = $result['Request']->getRelayState(); # $this->log('Parameters: ' . var_export($params, TRUE)); # if (isset($params['RelayState'])) $result['RelayState'] = $params['RelayState']; } return $result; } // Follow redirects return $this->getURLraw($nexturl, $parameters, $type, $maxredirs - 1, $cookies); } if (preg_match('/method="POST"/', $result['body'])) { $body = $result['body']; $action = null; if (preg_match('|action="(.*?)"|', $body, $matches)) { $action = $matches[1]; } $data = array(); if (preg_match_all('|type="hidden" name="([^"]*?)" value="([^"]*?)"|', $body, $matches, PREG_SET_ORDER)) { foreach ($matches as $m) { $data[$m[1]] = htmlspecialchars_decode($m[2]); } } foreach ($data as $k => $v) { error_log('key : ' . $k); error_log('value : ' . $v); } //error_log('WS-Fed Hack: ' . $result['body']); error_log('Action : ' . $action); if (empty($data) || empty($action)) { throw new Exception('Could not get WS-Fed Form data....'); } // getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10, $cookies = NULL) { $this->getURLraw($action, $data, 'post'); } $this->log('Accessed a page with neither a redirect nor a SAML message'); $this->log('body: ' . strip_tags($result['body'])); return $result; }