$strict_cert_validation = $janus_config->getBoolean('cert.strict.validation', true);
$cert_allowed_warnings = $janus_config->getArray('cert.allowed.warnings', array());
$cert_time_limit = $janus_config->getInteger('notify.cert.expiring.before', 30);
}
$notify_meta_expiring_before = $janus_config->getInteger('notify.meta.expiring.before', 5);
$meta_time_limit = $now + $notify_meta_expiring_before * 86400;
$workflowstates = $janus_config->getValue('workflowstates');
foreach ($util->getEntities() as $entity) {
$entry = array();
$eid = $entity['eid'];
// Get Entity controller
$mcontroller = new sspmod_janus_EntityController($janus_config);
$mcontroller->setEntity($eid);
$mcontroller->loadEntity();
// Grab some basic fields
$metadata = $mcontroller->getMetadata();
$entity_id = $mcontroller->getEntity()->getEntityid();
$entity_type = $mcontroller->getEntity()->getType();
$prettyname = $mcontroller->getEntity()->getPrettyname();
$entity_workflow = $mcontroller->getEntity()->getWorkflow();
$metaArray = $mcontroller->getMetaArray();
$entry['entityid'] = $entity_id;
$entry['entitytype'] = $entity_type;
$entry['prettyname'] = $prettyname;
$entry['workflow'] = $entity_workflow;
// Check if the entity has all the required fields
$metadata_alowed = $janus_config->getArray('metadatafields.' . $entity_type, array());
$metadata_required = array();
foreach ($metadata_alowed as $k => $v) {
if (array_key_exists('required', $v) && $v['required'] === true) {
$metadata_required[] = $k;
private static function getMetadata($eid, $revision, $type = null, array $option = null)
{
assert('ctype_digit($eid)');
assert('ctype_digit($revision)');
$janus_config = SimpleSAML_Configuration::getConfig('module_janus.php');
$econtroller = new sspmod_janus_EntityController($janus_config);
if (!($entity = $econtroller->setEntity($eid, $revision))) {
self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revisionid);
return false;
}
$metadata_raw = $econtroller->getMetadata();
// Get metadata fields
$nm_mb = new sspmod_janus_MetadatafieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType()));
$metadatafields_required = $nm_mb->getMetadatafields();
// Get required metadata fields
$required = array();
foreach ($metadatafields_required as $mf) {
if (isset($mf->required) && $mf->required === true) {
$required[] = $mf->name;
}
}
// Get metadata to me tested
$metadata = array();
foreach ($metadata_raw as $k => $v) {
// Metadata field not defined
if (!isset($metadatafields_required[$v->getKey()])) {
continue;
}
// Value not set for metadata
if (is_string($v->getValue()) && $v->getValue() == '') {
continue;
}
// Compute is the default values is allowed
$default_allow = false;
if (isset($metadatafield_required[$v->getKey()]->default_allow) && is_bool($metadata_required[$v->getKey()]->default_allow)) {
$default_allow = $metadata_required[$v->getKey()]->default_allow;
}
/*
* Do not include metadata if value is set to default and default
* is not allowed.
*/
if (!$default_allow && (isset($metadata_required[$v->getKey()]->default) && $v->getValue() == $metadata_required[$v->getKey()]->default)) {
continue;
}
$metadata[] = $v->getKey();
}
// Compute missing metadata that is required
$missing_required = array_diff($required, $metadata);
$entityid = $entity->getEntityid();
if (empty($missing_required)) {
try {
$metaArray = $econtroller->getMetaArray();
$metaArray['eid'] = $eid;
$blocked_entities = $econtroller->getBlockedEntities();
$allowed_entities = $econtroller->getAllowedEntities();
$disable_consent = $econtroller->getDisableConsent();
$metaflat = '// Revision: ' . $entity->getRevisionid() . "\n";
$metaflat .= var_export($entityid, TRUE) . ' => ' . var_export($metaArray, TRUE) . ',';
// Add authproc filter to block blocked entities
if (!empty($blocked_entities) || !empty($allowed_entities)) {
$metaflat = substr($metaflat, 0, -2);
if (!empty($blocked_entities)) {
$metaflat .= " 'blocked' => array(\n";
foreach ($blocked_entities as $bentity => $value) {
$metaflat .= " '" . $bentity . "',\n";
}
$metaflat .= " ),\n";
}
if (!empty($allowed_entities)) {
$metaflat .= " 'allowed' => array(\n";
foreach ($allowed_entities as $aentity => $value) {
$metaflat .= " '" . $aentity . "',\n";
}
$metaflat .= " ),\n";
}
$metaflat .= '),';
}
// Add disable consent
if (!empty($disable_consent)) {
$metaflat = substr($metaflat, 0, -2);
$metaflat .= " 'consent.disable' => array(\n";
foreach ($disable_consent as $key => $value) {
$metaflat .= " '" . $key . "',\n";
}
$metaflat .= " ),\n";
$metaflat .= '),';
}
$maxCache = isset($option['maxCache']) ? $option['maxCache'] : null;
$maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null;
try {
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityid, $maxCache, $maxDuration);
$metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray);
} catch (Exception $e) {
SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityid . ' - Error generating XML metadata - ' . var_export($e, true));
self::$_error = array('Error generating XML metadata - ' . $e->getMessage());
return false;
}
// Add organization info
if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) {
$metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL']));
}
// Add contact info
if (!empty($metaArray['contact'])) {
$metaBuilder->addContact('technical', $metaArray['contact']);
}
switch ($type) {
case self::XML:
return $metaBuilder->getEntityDescriptor();
case self::XMLREADABLE:
return $metaBuilder->getEntityDescriptorText();
case self::PHPARRAY:
return $metaArray;
case self::FLATFILE:
default:
return $metaflat;
}
} catch (Exception $exception) {
$session = SimpleSAML_Session::getInstance();
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception);
}
} else {
SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityid);
self::$_error = $missing_required;
return false;
}
}
protected static function _getMetadataForEntity($entity, $revisionid = NULL, $keys = array())
{
$econtroller = new sspmod_janus_EntityController(SimpleSAML_Configuration::getConfig('module_janus.php'));
/** @var $entity sspmod_janus_Entity */
$entity = $econtroller->setEntity($entity, $revisionid);
if (!$entity->getWorkflow()) {
return false;
}
$metadata = $econtroller->getMetadata();
$result = array();
foreach ($metadata as $meta) {
if (count($keys) == 0 || in_array($meta->getKey(), $keys)) {
$result[$meta->getKey()] = $meta->getValue();
}
}
return $result;
}
$update = TRUE;
$note .= 'Changed workflow: ' . $_POST['entity_workflow'] . '<br />';
$addresses[] = 'ENTITYUPDATE-' . $eid . '-CHANGESTATE-' . $_POST['entity_workflow'];
}
}
// change ARPw
if (isset($_POST['entity_arp']) && $guard->hasPermission('changearp', $entity->getWorkflow(), $user->getType())) {
if ($entity->setArp($_POST['entity_arp'])) {
$update = TRUE;
$note .= 'Changed arp: ' . $_POST['entity_arp'] . '<br />';
$addresses[] = 'ENTITYUPDATE-' . $eid . '-CHANGEARP-' . $_POST['entity_arp'];
}
}
// Change entity type
if ($entity->setType($_POST['entity_type']) && $guard->hasPermission('changeentitytype', $entity->getWorkflow(), $user->getType())) {
$old_metadata = $mcontroller->getMetadata();
// Get metadatafields for new type
$nm_mb = new sspmod_janus_MetadatafieldBuilder($janus_config->getArray('metadatafields.' . $_POST['entity_type']));
$new_metadata = $nm_mb->getMetadatafields();
// Only remove fields specific to old type
foreach ($old_metadata as $om) {
if (!isset($new_metadata[$om->getKey()])) {
$mcontroller->removeMetadata($om->getKey());
}
}
// Add all required fields for new type
foreach ($new_metadata as $mf) {
if (isset($mf->required) && $mf->required === true) {
$mcontroller->addMetadata($mf->name, $mf->default);
$update = true;
}
