<?php
$session = SimpleSAML_Session::getInstance();
SimpleSAML_Logger::debug('IdP Endpoint accessed....');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$samlredir = new SAML2_HTTPRedirect();
$request = $samlredir->receive();
$entityid = $request->getIssuer();
error_log('Entity ID was [' . $entityid . ']');
$idpm = new sspmod_fedlab_IdPMetadata($config);
$spm = new sspmod_fedlab_SPMetadata($entityid, TRUE);
#$spm->debug();
$idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php';
$idpmetadata = array('entityid' => $idpentityid, 'certificate' => 'server.crt', 'privatekey' => 'server.pem');
$test = new sspmod_fedlab_BasicSPTest($idpmetadata, $spm->parsed, $entity, $initurl, $initslo, $attributeurl);
$crawler = new sspmod_fedlab_SAMLCrawler();
$requestRaw = sspmod_fedlab_SAMLCrawler::getHTTPRedirectMessage();
echo '<h2>Request</h2>' . "\n";
echo '<textarea style="width: 90%; height: 300px">';
echo htmlspecialchars(SimpleSAML_Utilities::formatXMLString($requestRaw));
echo '</textarea>';
# print_r($request);
$relaystate = NULL;
if (isset($_REQUEST['RelayState'])) {
$relaystate = $_REQUEST['RelayState'];
}
# createResponse($testrun, $request, $relayState = NULL) {
$samlResponse = $test->createResponseP('idp', $request, $relaystate);
echo '<h2>Prepared Response</h2>' . "\n";
echo '<textarea style="width: 90%; height: 300px">';
/**
* This function requests a url with a GET request.
*
* @param $curl The curl handle which should be used.
* @param $url The url which should be requested.
* @param $parameters Associative array with parameters which should be appended to the url.
* @return The content of the returned page.
*/
function getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10)
{
if (empty($url)) {
throw new Exception('Trying to crawl an empty URL');
}
if ($maxredirs < 0) {
throw new Exception('Max redirection reached...');
}
$p = '';
foreach ($parameters as $k => $v) {
if ($p != '') {
$p .= '&';
}
$p .= urlencode($k) . '=' . urlencode($v);
}
switch ($type) {
case 'post':
curl_setopt($this->curl, CURLOPT_POSTFIELDS, $p);
curl_setopt($this->curl, CURLOPT_POST, TRUE);
break;
case 'get':
default:
if (!empty($parameters)) {
if (strpos($url, '?') === FALSE) {
$url .= '?' . $p;
} else {
$url .= '&' . $p;
}
}
curl_setopt($this->curl, CURLOPT_HTTPGET, TRUE);
}
curl_setopt($this->curl, CURLOPT_URL, $url);
$this->log('Contacting URL [' . $url . ']');
$response = curl_exec($this->curl);
if ($response === FALSE) {
#echo('Failed to get url: ' . $url . "\n");
#echo('Curl error: ' . curl_error($curl) . "\n");
return FALSE;
}
$header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE);
$result['header'] = substr($response, 0, $header_size);
$result['body'] = substr($response, $header_size);
$result['http_code'] = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
$result['last_url'] = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL);
$result['headerout'] = curl_getinfo($this->curl, CURLINFO_HEADER_OUT);
// $this->log('header out :' . $result['headerout']);
$info = curl_getinfo($this->curl);
$headers = self::parseHeaders($result['header']);
// error_log('headers: ' . var_export($headers, TRUE));
// error_log('headers raw: ' . var_export($result['header'], TRUE));
// error_log('info: ' . var_export($info, TRUE));
if (isset($headers['location'])) {
$nexturl = $headers['location'];
$this->log('Location header found [' . $nexturl . ']');
if (substr($nexturl, 0, 1) == '/') {
if (preg_match('|(http(s)?://.*?)/|', $info['url'], $matches)) {
$nexturl = $matches[1] . $nexturl;
$this->log('Constructed new URL [' . $nexturl . ']');
}
}
# $url = $info['url'];
$urlp = parse_url($nexturl);
# echo '<p>Next url [' . $nexturl . ']';
// If next step is server; then look for AuthnRequest...
#error_log('Location header query part: ' . $urlp['query']);
$this->log('Next URL host is [' . (string) $urlp['host'] . '] comparing with my host [' . (string) SimpleSAML_Utilities::getSelfHost() . ']');
if (strcmp((string) $urlp['host'], (string) SimpleSAML_Utilities::getSelfHost()) == 0) {
#echo "FOUND REQUEST";
#print_r($urlp['query']);
$_SERVER['QUERY_STRING'] = $urlp['query'];
$samlredir = new SAML2_HTTPRedirect();
if (strstr($urlp['query'], 'SAMLRequest=') || strstr($urlp['query'], 'SAMLResponse=')) {
$result['RequestRaw'] = self::getHTTPRedirectMessage();
$result['Request'] = $samlredir->receive();
# $params = parse_str($urlp['query']);
$result['RelayState'] = $result['Request']->getRelayState();
# $this->log('Parameters: ' . var_export($params, TRUE));
# if (isset($params['RelayState'])) $result['RelayState'] = $params['RelayState'];
}
return $result;
}
// Follow redirects
return $this->getURLraw($nexturl, $parameters, $type, $maxredirs - 1);
}
return $result;
}
/**
* This function requests a url with a GET request.
*
* @param $curl The curl handle which should be used.
* @param $url The url which should be requested.
* @param $parameters Associative array with parameters which should be appended to the url.
* @return The content of the returned page.
*/
function getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10, $cookies = NULL)
{
if (empty($url)) {
throw new Exception('Trying to crawl an empty URL');
}
if ($maxredirs < 0) {
throw new Exception('Max redirection reached...');
}
$p = '';
foreach ($parameters as $k => $v) {
if ($p != '') {
$p .= '&';
}
$p .= urlencode($k) . '=' . urlencode($v);
}
switch ($type) {
case 'post':
curl_setopt($this->curl, CURLOPT_POSTFIELDS, $p);
curl_setopt($this->curl, CURLOPT_POST, TRUE);
break;
case 'get':
default:
if (!empty($parameters)) {
if (strpos($url, '?') === FALSE) {
$url .= '?' . $p;
} else {
$url .= '&' . $p;
}
}
curl_setopt($this->curl, CURLOPT_HTTPGET, TRUE);
}
curl_setopt($this->curl, CURLOPT_URL, $url);
if (isset($cookies)) {
$cookieline = join('; ', $cookies);
curl_setopt($this->curl, CURLOPT_COOKIE, $cookieline);
$this->log('Set cookies in request to [' . $cookieline . ']');
}
$this->log('Contacting URL [' . $url . ']');
$response = curl_exec($this->curl);
if ($response === FALSE) {
#echo('Failed to get url: ' . $url . "\n");
#echo('Curl error: ' . curl_error($curl) . "\n");
$this->log('Error retrieving URL: ' . curl_error($this->curl));
return FALSE;
}
$header_size = curl_getinfo($this->curl, CURLINFO_HEADER_SIZE);
$result['header'] = substr($response, 0, $header_size);
$result['body'] = substr($response, $header_size);
$result['http_code'] = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
$result['last_url'] = curl_getinfo($this->curl, CURLINFO_EFFECTIVE_URL);
$result['headerout'] = curl_getinfo($this->curl, CURLINFO_HEADER_OUT);
$result['setCookies'] = $this->parseCookiesFromHeader($result['header']);
// $this->log('Header :' . $result['header']);
if (!empty($result['setCookies'])) {
$this->log('Cookies :' . var_export($result['setCookies'], TRUE));
}
$info = curl_getinfo($this->curl);
$headers = self::parseHeaders($result['header']);
// error_log('headers: ' . var_export($headers, TRUE));
// error_log('headers raw: ' . var_export($result['header'], TRUE));
// error_log('info: ' . var_export($info, TRUE));
if (isset($headers['location'])) {
$nexturl = $headers['location'];
$this->log('Location header found [' . $nexturl . ']');
if (substr($nexturl, 0, 1) == '/') {
if (preg_match('|(http(s)?://.*?)/|', $info['url'], $matches)) {
$nexturl = $matches[1] . $nexturl;
$this->log('Constructed new URL [' . $nexturl . ']');
}
}
# $url = $info['url'];
$urlp = parse_url($nexturl);
# echo '<p>Next url [' . $nexturl . ']';
// If next step is server; then look for AuthnRequest...
#error_log('Location header query part: ' . $urlp['query']);
$this->log('Next URL host is [' . (string) $urlp['host'] . '] comparing with my host [' . (string) SimpleSAML_Utilities::getSelfHost() . ']');
if (strcmp((string) $urlp['host'], (string) SimpleSAML_Utilities::getSelfHost()) == 0) {
#echo "FOUND REQUEST";
#print_r($urlp['query']);
$_SERVER['QUERY_STRING'] = $urlp['query'];
$samlredir = new SAML2_HTTPRedirect();
if (strstr($urlp['query'], 'SAMLRequest=') || strstr($urlp['query'], 'SAMLResponse=')) {
$result['RequestRaw'] = self::getHTTPRedirectMessage();
$result['Request'] = $samlredir->receive();
# $params = parse_str($urlp['query']);
$result['RelayState'] = $result['Request']->getRelayState();
# $this->log('Parameters: ' . var_export($params, TRUE));
# if (isset($params['RelayState'])) $result['RelayState'] = $params['RelayState'];
}
return $result;
}
// Follow redirects
return $this->getURLraw($nexturl, $parameters, $type, $maxredirs - 1, $cookies);
}
if (preg_match('/method="POST"/', $result['body'])) {
$body = $result['body'];
$action = null;
if (preg_match('|action="(.*?)"|', $body, $matches)) {
$action = $matches[1];
}
$data = array();
if (preg_match_all('|type="hidden" name="([^"]*?)" value="([^"]*?)"|', $body, $matches, PREG_SET_ORDER)) {
foreach ($matches as $m) {
$data[$m[1]] = htmlspecialchars_decode($m[2]);
}
}
foreach ($data as $k => $v) {
error_log('key : ' . $k);
error_log('value : ' . $v);
}
//error_log('WS-Fed Hack: ' . $result['body']);
error_log('Action : ' . $action);
if (empty($data) || empty($action)) {
throw new Exception('Could not get WS-Fed Form data....');
}
// getURLraw($url, $parameters = array(), $type = 'get', $maxredirs = 10, $cookies = NULL) {
$this->getURLraw($action, $data, 'post');
}
$this->log('Accessed a page with neither a redirect nor a SAML message');
$this->log('body: ' . strip_tags($result['body']));
return $result;
}
