public function validate() { $entityType = $this->_entityController->getEntity()->getType(); if ($entityType == 'saml20-idp') { $idpMetadataConfig = $this->_loadExpandedMetadataConfig(SimpleSAML_Configuration::getConfig('module_janus.php')->getArray('metadatafields.saml20-idp')); $this->_validate($idpMetadataConfig); } else { if ($entityType == 'saml20-sp') { $spMetadataConfig = $this->_loadExpandedMetadataConfig(SimpleSAML_Configuration::getConfig('module_janus.php')->getArray('metadatafields.saml20-sp')); $this->_validate($spMetadataConfig); } else { $_errors[] = 'Unknown Entity Type'; } } }
public function validate() { $entityType = $this->_entityController->getEntity()->getType(); $config = sspmod_janus_DiContainer::getInstance()->getConfig(); if ($entityType == 'saml20-idp') { $idpMetadataConfig = $this->_loadExpandedMetadataConfig($config->getArray('metadatafields.saml20-idp')); $this->_validate($idpMetadataConfig); } else { if ($entityType == 'saml20-sp') { $spMetadataConfig = $this->_loadExpandedMetadataConfig($config->getArray('metadatafields.saml20-sp')); $this->_validate($spMetadataConfig); } else { $_errors[] = 'Unknown Entity Type'; } } }
$session = SimpleSAML_Session::getInstance(); $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $authSource = $janusConfig->getValue('auth', 'login-admin'); // Validate user if (!$session->isValid($authSource)) { SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php', array('selectedtab' => "'federation'"))); } $entities = array(); $util = new sspmod_janus_AdminUtil(); $userController = new sspmod_janus_UserController($janusConfig); $entities = array_merge($userController->searchEntitiesByType('saml20-idp'), $userController->searchEntitiesByType('saml20-sp')); foreach ($entities as $entity) { /** * @var sspmod_janus_Entity $entity */ $entityId = $entity->getEid(); $entityController = new sspmod_janus_EntityController($janusConfig); $entityController->setEntity($entityId); $entityController->loadEntity(); $controllerEntity = $entityController->getEntity(); $entityType = $controllerEntity->getType(); if (!isset($entities[$entityType])) { $entities[$entityType] = array(); } $entities_info[$entityType][] = array('Id' => $controllerEntity->getEntityid(), 'Name' => $controllerEntity->getPrettyname(), 'WorkflowStatus' => $controllerEntity->getWorkflow(), 'MetadataUrl' => $controllerEntity->getMetadataURL(), 'Eid' => $controllerEntity->getEid()); } ksort($entities_info); $template = new SimpleSAML_XHTML_Template(SimpleSAML_Configuration::getInstance(), 'janus:show-entities-validation.php', 'janus:show-entities-validation'); $template->data['header'] = "Service Registry JANUS entities validation"; $template->data['entities'] = $entities_info; $template->show();
$cert_allowed_warnings = $janus_config->getArray('cert.allowed.warnings', array()); $cert_time_limit = $janus_config->getInteger('notify.cert.expiring.before', 30); } $notify_meta_expiring_before = $janus_config->getInteger('notify.meta.expiring.before', 5); $meta_time_limit = $now + $notify_meta_expiring_before * 86400; $workflowstates = $janus_config->getValue('workflowstates'); foreach ($util->getEntities() as $entity) { $entry = array(); $eid = $entity['eid']; // Get Entity controller $mcontroller = new sspmod_janus_EntityController($janus_config); $mcontroller->setEntity($eid); $mcontroller->loadEntity(); // Grab some basic fields $metadata = $mcontroller->getMetadata(); $entity_id = $mcontroller->getEntity()->getEntityid(); $entity_type = $mcontroller->getEntity()->getType(); $prettyname = $mcontroller->getEntity()->getPrettyname(); $entity_workflow = $mcontroller->getEntity()->getWorkflow(); $metaArray = $mcontroller->getMetaArray(); $entry['entityid'] = $entity_id; $entry['entitytype'] = $entity_type; $entry['prettyname'] = $prettyname; $entry['workflow'] = $entity_workflow; // Check if the entity has all the required fields $metadata_alowed = $janus_config->getArray('metadatafields.' . $entity_type, array()); $metadata_required = array(); foreach ($metadata_alowed as $k => $v) { if (array_key_exists('required', $v) && $v['required'] === true) { $metadata_required[] = $k; }
public function runForCronTag($cronTag) { if (!$this->_isExecuteRequired($cronTag)) { return array("Not doing metadata_refresh"); } $cronLogger = new sspmod_janus_Cron_Logger(); try { $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $util = new sspmod_janus_AdminUtil(); $entities = $util->getEntities(); foreach ($entities as $partialEntity) { $entityController = new sspmod_janus_EntityController($janusConfig); $eid = $partialEntity['eid']; if (!$entityController->setEntity($eid)) { $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'."); continue; } $entityController->loadEntity(); $entity = $entityController->getEntity(); $entityId = $entity->getEntityId(); $metadataUrl = $entity->getMetadataURL(); $metadataCachingInfo = $entityController->getMetadataCaching(); if (empty($metadataUrl)) { $cronLogger->with($entityId)->warn("No metadata url."); continue; } $nextRun = time(); switch ($cronTag) { case 'hourly': $nextRun += 3600; break; case 'daily': $nextRun += 24 * 60 * 60; break; case 'frequent': $nextRun += 0; // How often is frequent? break; default: throw new Exception("Unknown cron tag '{$cronTag}'"); } if ($metadataCachingInfo['validUntil'] > $nextRun && $metadataCachingInfo['cacheUntil'] > $nextRun) { $cronLogger->with($entityId)->notice("Should not update, cache still valid."); continue; } $xml = @file_get_contents($metadataUrl); if (!$xml) { $cronLogger->with($entityId)->error("Failed import of entity. Bad URL '{$metadataUrl}'? "); continue; } $document = new DOMDocument(); if (!@$document->loadXML($xml)) { $cronLogger->with($entityId)->error("Failed import of entity. Invalid XML at '{$metadataUrl}'?"); continue; } $query = new DOMXPath($document); $nsFound = false; foreach ($query->query('namespace::*') as $node) { if ($node->nodeValue === "urn:oasis:names:tc:SAML:2.0:metadata") { $nsFound = true; break; } } if (!$nsFound) { $cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain SAML2 Metadata namespace?"); continue; } $query->registerNamespace('md', "urn:oasis:names:tc:SAML:2.0:metadata"); $entityDescriptorDomElement = $query->query("//md:EntityDescriptor[@entityID=\"{$entityId}\"]"); if ($entityDescriptorDomElement->length === 0) { $cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain an EntityDescriptor with entityId '{$entityId}'?"); continue; } $updated = false; if ($entity->getType() == 'saml20-sp') { $statusCode = $entityController->importMetadata20SP($xml, $updated); if ($statusCode !== 'status_metadata_parsed_ok') { $cronLogger->with($entityId)->error("Entity not updated"); } } else { if ($entity->getType() == 'saml20-idp') { $statusCode = $entityController->importMetadata20IdP($xml, $updated); if ($statusCode !== 'status_metadata_parsed_ok') { $cronLogger->with($entityId)->error("Entity not updated"); } } else { $cronLogger->with($entityId)->error("Failed import of entity. Wrong type"); } } if ($updated) { $this->_mailUpdatedMetaData($entity, $xml); $cronLogger->with($entityId)->notice("Entity updated"); $metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId); $entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']); } else { $cronLogger->with($entityId)->notice("Entity not updated, no changes required"); // Update metadata caching info (validUntil ) $metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId); $entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']); } } } catch (Exception $e) { $cronLogger->error($e->getMessage()); } if ($cronLogger->hasErrors()) { $this->_mailTechnicalContact($cronTag, $cronLogger); } return $cronLogger->getSummaryLines(); }
public function runForCronTag($cronTag) { if (!$this->_isExecuteRequired($cronTag)) { return array(); } $cronLogger = new sspmod_janus_Cron_Logger(); try { $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $srConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $rootCertificatesFile = $srConfig->getString('ca_bundle_file'); $util = new sspmod_janus_AdminUtil(); $entities = $util->getEntities(); foreach ($entities as $partialEntity) { try { $entityController = new sspmod_janus_EntityController($janusConfig); $eid = $partialEntity['eid']; if (!$entityController->setEntity($eid)) { $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'."); continue; } $entityController->loadEntity(); $entityId = $entityController->getEntity()->getEntityid(); $entityType = $entityController->getEntity()->getType(); try { try { $certificate = $entityController->getCertificate(); // @workaround // Since getCertificate() returns false when certificate does not exist following check is required to skip validation if (empty($certificate)) { throw new Exception('No certificate found'); } } catch (Exception $e) { if ($entityType === 'saml20-sp') { $cronLogger->with($entityId)->notice("SP does not have a certificate"); } else { if ($entityType === 'saml20-idp') { $cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?"); } } continue; } $validator = new sspmod_janus_OpenSsl_Certificate_Validator($certificate); $validator->setIgnoreSelfSigned(true); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->error($error); } sspmod_janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile); $chain = sspmod_janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate); $validator = new sspmod_janus_OpenSsl_Certificate_Chain_Validator($chain); $validator->setIgnoreSelfSigned(true); $validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->error($error); } } catch (Exception $e) { $cronLogger->with($entityId)->error($e->getMessage()); } } catch (Exception $e) { $cronLogger->error($e->getMessage() . $e->getTraceAsString()); } } } catch (Exception $e) { $cronLogger->error($e->getMessage() . $e->getTraceAsString()); } if ($cronLogger->hasErrors()) { $this->_mailTechnicalContact($cronTag, $cronLogger); } return $cronLogger->getSummaryLines(); }
/** * Retrieve all entity metadata for all entities of a certain type. * @param String $type Supported types: "saml20-idp" or "saml20-sp" * @param Array $keys optional list of metadata keys to retrieve. Retrieves all if blank * @param String $allowedEntityId if passed, returns only those entities that are * whitelisted against the given entity * @return Array Associative array of all metadata. The key of the array is the identifier */ protected static function _getEntities($type, $keys = array(), $allowedEntityId = NULL) { $econtroller = new sspmod_janus_EntityController(SimpleSAML_Configuration::getConfig('module_janus.php')); $ucontroller = new sspmod_janus_UserController(SimpleSAML_Configuration::getConfig('module_janus.php')); $entities = array(); if (isset($allowedEntityId)) { $econtroller->setEntity($allowedEntityId); $econtroller->loadEntity(); if ($econtroller->getEntity()->getAllowedAll() == "yes") { $entities = $ucontroller->searchEntitiesByType($type); } else { $allowedEntities = $econtroller->getAllowedEntities(); // Check the whitelist if (count($allowedEntities)) { foreach ($allowedEntities as $entityid => $data) { $entities[] = $data["remoteentityid"]; } } else { // Check the blacklist $blockedEntities = $econtroller->getBlockedEntities(); if (count($blockedEntities)) { $blockedEntityIds = array(); foreach ($blockedEntities as $entityid => $data) { $blockedEntityIds[] = $data["remoteentityid"]; } $all = $ucontroller->searchEntitiesByType($type); $list = array(); foreach ($all as $entity) { $list[] = $entity->getEntityId(); } // Return all entities that are not in the blacklist $entities = array_diff($list, $blockedEntityIds); } } } } else { $entities = $ucontroller->searchEntitiesByType($type); } $result = array(); foreach ($entities as $entity) { $data = self::_getMetadataForEntity($entity, NULL, $keys); // Add workflow state info for optional filtering at client side $data['workflowState'] = $entity->getWorkflow(); if (is_object($entity)) { $entityId = $entity->getEntityId(); } else { $entityId = $entity; } $result[$entityId] = $data; } return $result; }
function convert_stdobject_to_array($object) { $object = (array) $object; foreach ($object as $key => $value) { if (is_array($value) || is_object($value) && get_class($value) === 'stdClass') { $object[$key] = convert_stdobject_to_array($value); } } return $object; } try { $metaStdClass = json_decode($_POST['meta_json']); if ($metaStdClass) { $metaArray = convert_stdobject_to_array($metaStdClass); $metaArray = $mcontroller->arrayFlattenSep(':', $metaArray); if ($metaArray['entityid'] === $mcontroller->getEntity()->getEntityid()) { foreach ($metaArray as $key => $value) { if ($mcontroller->hasMetadata($key)) { echo "Updating: {$key}<br />" . PHP_EOL; $mcontroller->updateMetadata($key, $value); } else { echo "Adding: {$key}<br />" . PHP_EOL; $mcontroller->addMetadata($key, $value); } } $update = TRUE; $msg = 'status_metadata_parsed_ok'; } else { $msg = 'error_metadata_wrong_entity'; } } else {