/**
* Initialize the output.
*
* @param SimpleSAML_Configuration $config The configuration for this output.
*/
public function __construct(SimpleSAML_Configuration $config)
{
$logLevel = $config->getString('level', 'notice');
$this->logger = array('SimpleSAML_Logger', $logLevel);
if (!is_callable($this->logger)) {
throw new Exception('Invalid log level: ' . var_export($logLevel, TRUE));
}
}
/**
* Initialize the output.
*
* @param SimpleSAML_Configuration $config The configuration for this output.
*/
public function __construct(SimpleSAML_Configuration $config)
{
$this->logDir = $config->getPathValue('directory');
if ($this->logDir === NULL) {
throw new Exception('Missing "directory" option for core:File');
}
if (!is_dir($this->logDir)) {
throw new Exception('Could not find log directory: ' . var_export($this->logDir, TRUE));
}
}
/**
* Build a new logging handler based on syslog.
*/
public function __construct(\SimpleSAML_Configuration $config)
{
$facility = $config->getInteger('logging.facility', defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER);
$processname = $config->getString('logging.processname', 'SimpleSAMLphp');
// Setting facility to LOG_USER (only valid in Windows), enable log level rewrite on windows systems
if (System::getOS() === System::WINDOWS) {
$this->isWindows = true;
$facility = LOG_USER;
}
openlog($processname, LOG_PID, $facility);
}
/**
* Initialize this EntitySource.
*
* @param SimpleSAML_Configuration $config The configuration.
*/
public function __construct(sspmod_aggregator2_Aggregator $aggregator, SimpleSAML_Configuration $config)
{
$this->logLoc = 'aggregator2:' . $aggregator->getId() . ': ';
$this->aggregator = $aggregator;
$this->url = $config->getString('url');
$this->sslCAFile = $config->getString('ssl.cafile', NULL);
if ($this->sslCAFile === NULL) {
$this->sslCAFile = $aggregator->getCAFile();
}
$this->certificate = $config->getString('cert', NULL);
$this->cacheId = sha1($this->url);
$this->cacheTag = sha1(serialize($config));
}
public function __construct(array $config)
{
if (!is_string($config['directory'])) {
throw new Exception('Invalid directory option in config.');
}
$conf = new SimpleSAML_Configuration(array(), '');
$path = $conf->resolvePath($config['directory']);
if (!is_dir($path)) {
throw new Exception('Invalid storage directory [' . $path . '].');
}
if (!is_writable($path)) {
throw new Exception('Storage directory [' . $path . '] is not writable.');
}
$this->directory = preg_replace('/\\/$/', '', $path) . '/';
}
public function __construct(\SimpleSAML_Configuration $config)
{
$storeConfig = $config->getValue('ticketstore', array('directory' => 'ticketcache'));
if (!is_string($storeConfig['directory'])) {
throw new Exception('Invalid directory option in config.');
}
$path = $config->resolvePath($storeConfig['directory']);
if (!is_dir($path)) {
throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
}
if (!is_writable($path)) {
throw new Exception('Directory for CAS Server ticket storage [' . $path . '] is not writable. ');
}
$this->pathToTicketDirectory = preg_replace('/\\/$/', '', $path);
}
/**
* Retrieve our singleton instance.
*
* @return SimpleSAML_Store|false The data store, or false if it isn't enabled.
*/
public static function getInstance()
{
if (self::$instance !== null) {
return self::$instance;
}
$config = SimpleSAML_Configuration::getInstance();
$storeType = $config->getString('store.type', null);
if ($storeType === null) {
$storeType = $config->getString('session.handler', 'phpsession');
}
switch ($storeType) {
case 'phpsession':
// we cannot support advanced features with the PHP session store
self::$instance = false;
break;
case 'memcache':
self::$instance = new SimpleSAML_Store_Memcache();
break;
case 'sql':
self::$instance = new SimpleSAML_Store_SQL();
break;
default:
// datastore from module
$className = SimpleSAML_Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store');
self::$instance = new $className();
}
return self::$instance;
}
/**
* Constructor for the metadata signer.
*
* You can pass an list of options as key-value pairs in the array. This allows you to initialize
* a metadata signer in one call.
*
* The following keys are recognized:
* - privatekey The file with the private key, relative to the cert-directory.
* - privatekey_pass The passphrase for the private key.
* - certificate The file with the certificate, relative to the cert-directory.
* - privatekey_array The private key, as an array returned from SimpleSAML_Utilities::loadPrivateKey.
* - publickey_array The public key, as an array returned from SimpleSAML_Utilities::loadPublicKey.
* - id The name of the ID attribute.
*
* @param $options Associative array with options for the constructor. Defaults to an empty array.
*/
public function __construct($options = array())
{
assert('is_array($options)');
if (self::$certDir === FALSE) {
$config = SimpleSAML_Configuration::getInstance();
self::$certDir = $config->getPathValue('certdir', 'cert/');
}
$this->idAttrName = FALSE;
$this->privateKey = FALSE;
$this->certificate = FALSE;
$this->extraCertificates = array();
if (array_key_exists('privatekey', $options)) {
$pass = NULL;
if (array_key_exists('privatekey_pass', $options)) {
$pass = $options['privatekey_pass'];
}
$this->loadPrivateKey($options['privatekey'], $pass);
}
if (array_key_exists('certificate', $options)) {
$this->loadCertificate($options['certificate']);
}
if (array_key_exists('privatekey_array', $options)) {
$this->loadPrivateKeyArray($options['privatekey_array']);
}
if (array_key_exists('publickey_array', $options)) {
$this->loadPublicKeyArray($options['publickey_array']);
}
if (array_key_exists('id', $options)) {
$this->setIdAttribute($options['id']);
}
}
/**
* Hook to do sanitycheck
*
* @param array &$hookinfo hookinfo
*/
function core_hook_sanitycheck(&$hookinfo)
{
assert('is_array($hookinfo)');
assert('array_key_exists("errors", $hookinfo)');
assert('array_key_exists("info", $hookinfo)');
$config = SimpleSAML_Configuration::getInstance();
if ($config->getString('auth.adminpassword', '123') === '123') {
$hookinfo['errors'][] = '[core] Password in config.php is not set properly';
} else {
$hookinfo['info'][] = '[core] Password in config.php is set properly';
}
if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') {
$hookinfo['errors'][] = '[core] In config.php technicalcontact_email is not set properly';
} else {
$hookinfo['info'][] = '[core] In config.php technicalcontact_email is set properly';
}
if (version_compare(phpversion(), '5.3', '>=')) {
$hookinfo['info'][] = '[core] You are running PHP version ' . phpversion() . '. Great.';
} else {
$hookinfo['errors'][] = '[core] You are running PHP version ' . phpversion() . '. SimpleSAMLphp requires version >= 5.3. Please upgrade!';
}
$info = array();
$mihookinfo = array('info' => &$info);
$availmodules = SimpleSAML_Module::getModules();
SimpleSAML_Module::callHooks('moduleinfo', $mihookinfo);
foreach ($info as $mi => $i) {
if (isset($i['dependencies']) && is_array($i['dependencies'])) {
foreach ($i['dependencies'] as $dep) {
if (!in_array($dep, $availmodules)) {
$hookinfo['errors'][] = '[core] Module dependency not met: ' . $mi . ' requires ' . $dep;
}
}
}
}
}
/**
* Send a response to the SP.
*
* @param array $state The authentication state.
*/
public static function sendResponse(array $state)
{
assert('isset($state["Attributes"])');
assert('isset($state["SPMetadata"])');
assert('isset($state["saml:shire"])');
assert('array_key_exists("saml:target", $state)');
// Can be NULL
$spMetadata = $state["SPMetadata"];
$spEntityId = $spMetadata['entityid'];
$spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']');
SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE));
$attributes = $state['Attributes'];
$shire = $state['saml:shire'];
$target = $state['saml:target'];
$idp = SimpleSAML_IdP::getByState($state);
$idpMetadata = $idp->getConfig();
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml1');
if (isset($state['saml:AuthnRequestReceivedAt'])) {
$statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt'];
}
SimpleSAML_Stats::log('saml:idp:Response', $statsData);
// Generate and send response.
$ar = new SimpleSAML_XML_Shib13_AuthnResponse();
$authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes);
$httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata);
$httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire);
}
/**
* Retrieve our singleton instance.
*
* @return SimpleSAML_Store|FALSE The datastore, or FALSE if it isn't enabled.
*/
public static function getInstance()
{
if (self::$instance !== NULL) {
return self::$instance;
}
$config = SimpleSAML_Configuration::getInstance();
$storeType = $config->getString('store.type', NULL);
if ($storeType === NULL) {
$storeType = $config->getString('session.handler', 'phpsession');
}
switch ($storeType) {
case 'phpsession':
/* We cannot support advanced features with the PHP session store. */
self::$instance = FALSE;
break;
case 'memcache':
self::$instance = new SimpleSAML_Store_Memcache();
break;
case 'sql':
self::$instance = new SimpleSAML_Store_SQL();
break;
default:
if (strpos($storeType, ':') === FALSE) {
throw new SimpleSAML_Error_Exception('Unknown datastore type: ' . var_export($storeType, TRUE));
}
/* Datastore from module. */
$className = SimpleSAML_Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store');
self::$instance = new $className();
}
return self::$instance;
}
protected function createLogoutResponse($testrun, $logoutRequest, $logoutRelayState)
{
$this->log($testrun, 'Creating response with relaystate [' . $logoutRelayState . ']');
$idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata);
$spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata);
// Get SingleLogoutService URL
$consumerURLf = $spMetadata->getDefaultEndpoint('SingleLogoutService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'));
$consumerURL = $consumerURLf['Location'];
/* Create an send response. */
$response = sspmod_saml2_Message::buildLogoutResponse($idpMetadata, $spMetadata);
$response->setRelayState($logoutRequest->getRelayState());
$response->setInResponseTo($logoutRequest->getId());
$keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE);
$certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE);
$privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$privateKey->loadKey($keyArray['PEM'], FALSE);
$response->setSignatureKey($privateKey);
if ($certArray === NULL) {
throw new Exception('No certificates found. [1]');
}
if (!array_key_exists('PEM', $certArray)) {
throw new Exception('No certificates found. [2]');
}
$response->setCertificates(array($certArray['PEM']));
#$this->tweakResponse($testrun, $response);
$msgStr = $response->toUnsignedXML();
#$this->tweakResponseDOM($testrun, $msgStr);
$msgStr = $msgStr->ownerDocument->saveXML($msgStr);
# echo '<pre>'; echo(htmlspecialchars($msgStr)); exit;
# $msgStr = base64_encode($msgStr);
# $msgStr = htmlspecialchars($msgStr);
return array('url' => $consumerURL, 'Response' => $msgStr, 'ResponseObj' => $response, 'RelayState' => $logoutRelayState);
}
/**
* Hook to do santity checks
*
* @param array &$hookinfo hookinfo
*/
function statistics_hook_sanitycheck(&$hookinfo)
{
assert('is_array($hookinfo)');
assert('array_key_exists("errors", $hookinfo)');
assert('array_key_exists("info", $hookinfo)');
try {
$statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php');
} catch (Exception $e) {
$hookinfo['errors'][] = '[statistics] Could not get configuration: ' . $e->getMessage();
return;
}
$statdir = $statconfig->getValue('statdir');
$inputfile = $statconfig->getValue('inputfile');
if (file_exists($statdir)) {
$hookinfo['info'][] = '[statistics] Statistics dir [' . $statdir . '] exists';
if (is_writable($statdir)) {
$hookinfo['info'][] = '[statistics] Statistics dir [' . $statdir . '] is writable';
} else {
$hookinfo['errors'][] = '[statistics] Statistics dir [' . $statdir . '] is not writable';
}
} else {
$hookinfo['errors'][] = '[statistics] Statistics dir [' . $statdir . '] does not exists';
}
if (file_exists($inputfile)) {
$hookinfo['info'][] = '[statistics] Input file [' . $inputfile . '] exists';
} else {
$hookinfo['errors'][] = '[statistics] Input file [' . $inputfile . '] does not exists';
}
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config The configuration of the module
*
* @throws Exception If the KRB5 extension is not installed or active.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
if (!extension_loaded('krb5')) {
throw new Exception('KRB5 Extension not installed');
}
// call the parent constructor first, as required by the interface
parent::__construct($info, $config);
$config = SimpleSAML_Configuration::loadFromArray($config);
$this->backend = $config->getString('fallback');
$this->hostname = $config->getString('hostname');
$this->port = $config->getInteger('port', 389);
$this->referrals = $config->getBoolean('referrals', true);
$this->enableTLS = $config->getBoolean('enable_tls', false);
$this->debugLDAP = $config->getBoolean('debugLDAP', false);
$this->timeout = $config->getInteger('timeout', 30);
$this->keytab = $config->getString('keytab');
$this->base = $config->getArrayizeString('base');
$this->attr = $config->getString('attr', 'uid');
$this->subnet = $config->getArray('subnet', null);
$this->admin_user = $config->getString('adminUser', null);
$this->admin_pw = $config->getString('adminPassword', null);
$this->attributes = $config->getArray('attributes', null);
}
public function process(&$state)
{
assert('is_array($state)');
if (empty($state['Expire']) || empty($state['Authority'])) {
return;
}
$now = time();
$delta = $state['Expire'] - $now;
$globalConfig = SimpleSAML_Configuration::getInstance();
$sessionDuration = $globalConfig->getInteger('session.duration', 8 * 60 * 60);
/* Extend only if half of session duration already passed */
if ($delta >= $sessionDuration * 0.5) {
return;
}
/* Update authority expire time */
$session = SimpleSAML_Session::getSessionFromRequest();
$session->setAuthorityExpire($state['Authority']);
/* Update session cookies duration */
/* If remember me is active */
$rememberMeExpire = $session->getRememberMeExpire();
if (!empty($state['RememberMe']) && $rememberMeExpire !== NULL && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) {
$session->setRememberMeExpire();
return;
}
/* Or if session lifetime is more than zero */
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$cookieParams = $sessionHandler->getCookieParams();
if ($cookieParams['lifetime'] > 0) {
$session->updateSessionCookies();
}
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
/* Parse configuration. */
$config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE));
$this->servers = $config->getArray('servers', array());
/* For backwards compatibility. */
if (empty($this->servers)) {
$this->hostname = $config->getString('hostname');
$this->port = $config->getIntegerRange('port', 1, 65535, 1812);
$this->secret = $config->getString('secret');
$this->servers[] = array('hostname' => $this->hostname, 'port' => $this->port, 'secret' => $this->secret);
}
$this->timeout = $config->getInteger('timeout', 5);
$this->retries = $config->getInteger('retries', 3);
$this->usernameAttribute = $config->getString('username_attribute', NULL);
$this->nasIdentifier = $config->getString('nas_identifier', isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost');
$this->vendor = $config->getInteger('attribute_vendor', NULL);
if ($this->vendor !== NULL) {
$this->vendorType = $config->getInteger('attribute_vendor_type');
}
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
// Call the parent constructor first, as required by the interface
parent::__construct($info, $config);
$cfgHelper = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE));
$this->orgs = array();
$this->ldapOrgs = array();
foreach ($config as $name => $value) {
if ($name === 'username_organization_method') {
$usernameOrgMethod = $cfgHelper->getValueValidate('username_organization_method', array('none', 'allow', 'force'));
$this->setUsernameOrgMethod($usernameOrgMethod);
continue;
}
if ($name === 'include_organization_in_username') {
$this->includeOrgInUsername = $cfgHelper->getBoolean('include_organization_in_username', FALSE);
continue;
}
$orgCfg = $cfgHelper->getArray($name);
$orgId = $name;
if (array_key_exists('description', $orgCfg)) {
$this->orgs[$orgId] = $orgCfg['description'];
} else {
$this->orgs[$orgId] = $orgId;
}
$orgCfg = new sspmod_ldap_ConfigHelper($orgCfg, 'Authentication source ' . var_export($this->authId, TRUE) . ', organization ' . var_export($orgId, TRUE));
$this->ldapOrgs[$orgId] = $orgCfg;
}
}
protected function __construct()
{
/* Call the parent constructor in case it should become
* necessary in the future.
*/
parent::__construct();
/* Initialize the php session handling.
*
* If session_id() returns a blank string, then we need
* to call session start. Otherwise the session is already
* started, and we should avoid calling session_start().
*/
if (session_id() === '') {
$config = SimpleSAML_Configuration::getInstance();
$cookiepath = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/';
session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS());
$cookiename = $config->getString('session.phpsession.cookiename', NULL);
if (!empty($cookiename)) {
session_name($cookiename);
}
$savepath = $config->getString('session.phpsession.savepath', NULL);
if (!empty($savepath)) {
session_save_path($savepath);
}
if (!array_key_exists(session_name(), $_COOKIE)) {
/* Session cookie unset - session id not set. Generate new (secure) session id. */
session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16)));
}
session_start();
}
}
/**
* Test the SimpleSAML\Utils\Time::initTimezone() method.
*
* @covers SimpleSAML\Utils\Time::initTimezone
*/
public function testInitTimezone()
{
$tz = 'UTC';
$os = @date_default_timezone_get();
if ($os === 'UTC') {
// avoid collisions
$tz = 'Europe/Oslo';
}
// test guessing timezone from the OS
\SimpleSAML_Configuration::loadFromArray(array('timezone' => null), '[ARRAY]', 'simplesaml');
@Time::initTimezone();
$this->assertEquals($os, @date_default_timezone_get());
// clear initialization
$c = new \ReflectionProperty('\\SimpleSAML\\Utils\\Time', 'tz_initialized');
$c->setAccessible(true);
$c->setValue(false);
// test unknown timezone
\SimpleSAML_Configuration::loadFromArray(array('timezone' => 'INVALID'), '[ARRAY]', 'simplesaml');
try {
@Time::initTimezone();
$this->fail('Failed to recognize an invalid timezone.');
} catch (\SimpleSAML_Error_Exception $e) {
$this->assertEquals('Invalid timezone set in the "timezone" option in config.php.', $e->getMessage());
}
// test a valid timezone
\SimpleSAML_Configuration::loadFromArray(array('timezone' => $tz), '[ARRAY]', 'simplesaml');
@Time::initTimezone();
$this->assertEquals($tz, @date_default_timezone_get());
// make sure initialization happens only once
\SimpleSAML_Configuration::loadFromArray(array('timezone' => 'Europe/Madrid'), '[ARRAY]', 'simplesaml');
@Time::initTimezone();
$this->assertEquals($tz, @date_default_timezone_get());
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
// Call the parent constructor first, as required by the interface
parent::__construct($info, $config);
// Parse configuration.
$config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, true));
$this->servers = $config->getArray('servers', array());
/* For backwards compatibility. */
if (empty($this->servers)) {
$this->hostname = $config->getString('hostname');
$this->port = $config->getIntegerRange('port', 1, 65535, 1812);
$this->secret = $config->getString('secret');
$this->servers[] = array('hostname' => $this->hostname, 'port' => $this->port, 'secret' => $this->secret);
}
$this->timeout = $config->getInteger('timeout', 5);
$this->retries = $config->getInteger('retries', 3);
$this->realm = $config->getString('realm', null);
$this->usernameAttribute = $config->getString('username_attribute', null);
$this->nasIdentifier = $config->getString('nas_identifier', \SimpleSAML\Utils\HTTP::getSelfHost());
$this->vendor = $config->getInteger('attribute_vendor', null);
if ($this->vendor !== null) {
$this->vendorType = $config->getInteger('attribute_vendor_type');
}
}
/**
* Hook to run a cron job.
*
* @param array &$croninfo Output
*/
function statistics_hook_cron(&$croninfo)
{
assert('is_array($croninfo)');
assert('array_key_exists("summary", $croninfo)');
assert('array_key_exists("tag", $croninfo)');
$statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php');
if (is_null($statconfig->getValue('cron_tag', NULL))) {
return;
}
if ($statconfig->getValue('cron_tag', NULL) !== $croninfo['tag']) {
return;
}
$maxtime = $statconfig->getInteger('time_limit', NULL);
if ($maxtime) {
set_time_limit($maxtime);
}
try {
$aggregator = new sspmod_statistics_Aggregator();
$results = $aggregator->aggregate();
if (empty($results)) {
SimpleSAML\Logger::notice('Output from statistics aggregator was empty.');
} else {
$aggregator->store($results);
}
} catch (Exception $e) {
$message = 'Loganalyzer threw exception: ' . $e->getMessage();
SimpleSAML\Logger::warning($message);
$croninfo['summary'][] = $message;
}
}
/**
* Notifies managing contact about updated metadata of entity
*
* @param sspmod_janus_Entity $entity
* @param string $metadataXml
* @return void
*/
protected function _mailUpdatedMetaData(sspmod_janus_Entity $entity, $metadataXml)
{
$config = SimpleSAML_Configuration::getInstance();
$time = date(DATE_RFC822);
$entityName = $entity->getPrettyname();
$entityId = $entity->getEntityId();
$message = <<<MESSAGE
<h1>Metadata Change detected</h1>
<p>Cron ran at {$time}</p>
<p>Name: {$entityName}</p>
<p>EntityId: {$entityId}</p>
MESSAGE;
$toAddress = $config->getString('managingcontact_email');
if (empty($toAddress)) {
SimpleSAML_Logger::error('Cron - Could not send email. [managingcontact_email] not set in config.');
}
$fromAddress = '*****@*****.**';
$subject = "Metadata Change detected for entity " . $entity->getPrettyname() . " (" . $entity->getEntityId() . "])";
$email = new SimpleSAML_XHTML_EMail($toAddress, $subject, $fromAddress);
$email->setBody($message);
// Add gzipped metadata
$attachmentContent = gzencode($metadataXml);
$attachmentFileName = 'metadata-' . $entityName . '.xml.gz';
$email->addAttachment($attachmentContent, $attachmentFileName, 'application/zip');
$email->send();
}
/**
* Determine whether a module is enabled.
*
* Will return false if the given module doesn't exists.
*
* @param string $module Name of the module
*
* @return bool True if the given module is enabled, false otherwise.
*
* @throws Exception If module.enable is set and is not boolean.
*/
public static function isModuleEnabled($module)
{
$moduleDir = self::getModuleDir($module);
if (!is_dir($moduleDir)) {
return false;
}
$globalConfig = SimpleSAML_Configuration::getOptionalConfig();
$moduleEnable = $globalConfig->getArray('module.enable', array());
if (isset($moduleEnable[$module])) {
if (is_bool($moduleEnable[$module]) === true) {
return $moduleEnable[$module];
}
throw new Exception("Invalid module.enable value for for the module {$module}");
}
if (assert_options(ASSERT_ACTIVE) && !file_exists($moduleDir . '/default-enable') && !file_exists($moduleDir . '/default-disable')) {
SimpleSAML_Logger::error("Missing default-enable or default-disable file for the module {$module}");
}
if (file_exists($moduleDir . '/enable')) {
return true;
}
if (!file_exists($moduleDir . '/disable') && file_exists($moduleDir . '/default-enable')) {
return true;
}
return false;
}
/**
* Hook to inject HTML content into all pages...
*
* @param array &$hookinfo hookinfo
*/
function portal_hook_htmlinject(&$hookinfo)
{
assert('is_array($hookinfo)');
assert('array_key_exists("pre", $hookinfo)');
assert('array_key_exists("post", $hookinfo)');
assert('array_key_exists("page", $hookinfo)');
$links = array('links' => array());
SimpleSAML_Module::callHooks('frontpage', $links);
$portalConfig = SimpleSAML_Configuration::getOptionalConfig('module_portal.php');
$allLinks = array();
foreach ($links as $ls) {
$allLinks = array_merge($allLinks, $ls);
}
$pagesets = $portalConfig->getValue('pagesets', array(array('frontpage_welcome', 'frontpage_config', 'frontpage_auth', 'frontpage_federation')));
SimpleSAML_Module::callHooks('portalextras', $pagesets);
$portal = new sspmod_portal_Portal($allLinks, $pagesets);
if (!$portal->isPortalized($hookinfo['page'])) {
return;
}
// Include jquery UI CSS files in header.
$hookinfo['jquery']['css'] = TRUE;
$hookinfo['jquery']['version'] = '1.6';
// Header
$hookinfo['pre'][] = '<div id="portalmenu" class="ui-tabs ui-widget ui-widget-content ui-corner-all">' . $portal->getMenu($hookinfo['page']) . '<div id="portalcontent" class="ui-tabs-panel ui-widget-content ui-corner-bottom">';
// Footer
$hookinfo['post'][] = '</div></div>';
}
private function loadAttributeMap($attributemap)
{
$config = SimpleSAML_Configuration::getInstance();
include $config->getPathValue('attributemap', 'attributemap/') . $attributemap . '.php';
$this->attributes = $attributemap;
# print_r($attributemap); exit;
}
public function validate()
{
assert('$this->dom instanceof DOMDocument');
if ($this->messageValidated) {
/* This message was validated externally. */
return TRUE;
}
/* Validate the signature. */
$this->validator = new SimpleSAML_XML_Validator($this->dom, array('ResponseID', 'AssertionID'));
// Get the issuer of the response.
$issuer = $this->getIssuer();
/* Get the metadata of the issuer. */
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$md = $metadata->getMetaData($issuer, 'shib13-idp-remote');
if (array_key_exists('certFingerprint', $md)) {
/* Get fingerprint for the certificate of the issuer. */
$issuerFingerprint = $md['certFingerprint'];
/* Validate the fingerprint. */
$this->validator->validateFingerprint($issuerFingerprint);
} elseif (array_key_exists('caFile', $md)) {
/* Validate against CA. */
$globalConfig = SimpleSAML_Configuration::getInstance();
$this->validator->validateCA($globalConfig->getPathValue('certdir', 'cert/') . $md['caFile']);
} else {
throw new Exception('Required field [certFingerprint] or [caFile] in Shibboleth 1.3 IdP Remote metadata was not found for identity provider [' . $issuer . ']. Please add a fingerprint and try again. You can add a dummy fingerprint first, and then an error message will be printed with the real fingerprint.');
}
return true;
}
/**
* Initialize the timezone.
*
* This function should be called before any calls to date().
*
* @author Olav Morken, UNINETT AS <*****@*****.**>
*/
public static function initTimezone()
{
static $initialized = false;
if ($initialized) {
return;
}
$initialized = true;
$globalConfig = \SimpleSAML_Configuration::getInstance();
$timezone = $globalConfig->getString('timezone', null);
if ($timezone !== null) {
if (!date_default_timezone_set($timezone)) {
throw new \SimpleSAML_Error_Exception('Invalid timezone set in the "timezone" option in config.php.');
}
return;
}
// we don't have a timezone configured
/*
* The date_default_timezone_get() function is likely to cause a warning.
* Since we have a custom error handler which logs the errors with a backtrace,
* this error will be logged even if we prefix the function call with '@'.
* Instead we temporarily replace the error handler.
*/
set_error_handler(function () {
return true;
});
$serverTimezone = date_default_timezone_get();
restore_error_handler();
// set the timezone to the default
date_default_timezone_set($serverTimezone);
}
function getMenu($thispage)
{
$config = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($config, 'sanitycheck:check.tpl.php');
$tabset = $this->getTabset($thispage);
$logininfo = $this->getLoginInfo($t, $thispage);
$text = '';
$text .= '<ul class="tabset_tabs ui-tabs-nav ui-helper-reset ui-helper-clearfix ui-widget-header ui-corner-all">';
foreach ($this->pages as $pageid => $page) {
if (isset($tabset) && !in_array($pageid, $tabset, TRUE)) {
continue;
}
$name = 'uknown';
if (isset($page['text'])) {
$name = $page['text'];
}
if (isset($page['shorttext'])) {
$name = $page['shorttext'];
}
if (!isset($page['href'])) {
$text .= '<li class="ui-state-default ui-corner-top ui-tabs-selected ui-state-active"><a href="#">' . $t->t($name) . '</a></li>';
} else {
if ($pageid === $thispage) {
$text .= '<li class="ui-state-default ui-corner-top ui-tabs-selected ui-state-active"><a href="#">' . $t->t($name) . '</a></li>';
} else {
$text .= '<li class="ui-state-default ui-corner-top"><a href="' . $page['href'] . '">' . $t->t($name) . '</a></li>';
}
}
}
$text .= '</ul>';
if (!empty($logininfo)) {
$text .= '<p class="logininfo" style="text-align: right; margin: 0px">' . $logininfo . '</p>';
}
return $text;
}
/**
* Hook to run a cron job.
*
* @param array &$croninfo Output
*/
function sanitycheck_hook_cron(&$croninfo)
{
assert('is_array($croninfo)');
assert('array_key_exists("summary", $croninfo)');
assert('array_key_exists("tag", $croninfo)');
SimpleSAML_Logger::info('cron [sanitycheck]: Running cron in cron tag [' . $croninfo['tag'] . '] ');
try {
$sconfig = SimpleSAML_Configuration::getOptionalConfig('config-sanitycheck.php');
$cronTag = $sconfig->getString('cron_tag', NULL);
if ($cronTag === NULL || $cronTag !== $croninfo['tag']) {
return;
}
$info = array();
$errors = array();
$hookinfo = array('info' => &$info, 'errors' => &$errors);
SimpleSAML_Module::callHooks('sanitycheck', $hookinfo);
if (count($errors) > 0) {
foreach ($errors as $err) {
$croninfo['summary'][] = 'Sanitycheck error: ' . $err;
}
}
} catch (Exception $e) {
$croninfo['summary'][] = 'Error executing sanity check: ' . $e->getMessage();
}
}
/**
* Build a new logging handler based on files.
*/
public function __construct(\SimpleSAML_Configuration $config)
{
// get the metadata handler option from the configuration
$this->logFile = $config->getPathValue('loggingdir', 'log/') . $config->getString('logging.logfile', 'simplesamlphp.log');
$this->processname = $config->getString('logging.processname', 'SimpleSAMLphp');
if (@file_exists($this->logFile)) {
if (!@is_writeable($this->logFile)) {
throw new \Exception("Could not write to logfile: " . $this->logFile);
}
} else {
if (!@touch($this->logFile)) {
throw new \Exception("Could not create logfile: " . $this->logFile . " The logging directory is not writable for the web server user.");
}
}
\SimpleSAML\Utils\Time::initTimezone();
}
