* @version SVN: $Id: metalisting.php 655 2011-03-03 09:35:25Z jach@wayf.dk $ * @link http://code.google.com/p/janus-ssp/ */ $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php'); $metaentries = array('saml20-idp' => array(), 'saml20-sp' => array(), 'shib13-idp' => array(), 'shib13-sp' => array()); $now = time(); $util = new sspmod_janus_AdminUtil(); if (SimpleSAML_Module::isModuleEnabled('x509')) { $strict_cert_validation = $janus_config->getBoolean('cert.strict.validation', true); $cert_allowed_warnings = $janus_config->getArray('cert.allowed.warnings', array()); $cert_time_limit = $janus_config->getInteger('notify.cert.expiring.before', 30); } $notify_meta_expiring_before = $janus_config->getInteger('notify.meta.expiring.before', 5); $meta_time_limit = $now + $notify_meta_expiring_before * 86400; $workflowstates = $janus_config->getValue('workflowstates'); foreach ($util->getEntities() as $entity) { $entry = array(); $eid = $entity['eid']; // Get Entity controller $mcontroller = new sspmod_janus_EntityController($janus_config); $mcontroller->setEntity($eid); $mcontroller->loadEntity(); // Grab some basic fields $metadata = $mcontroller->getMetadata(); $entity_id = $mcontroller->getEntity()->getEntityid(); $entity_type = $mcontroller->getEntity()->getType(); $prettyname = $mcontroller->getEntity()->getPrettyname(); $entity_workflow = $mcontroller->getEntity()->getWorkflow(); $metaArray = $mcontroller->getMetaArray(); $entry['entityid'] = $entity_id; $entry['entitytype'] = $entity_type;
public function runForCronTag($cronTag) { if (!$this->_isExecuteRequired($cronTag)) { return array(); } $cronLogger = new sspmod_janus_Cron_Logger(); try { $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $srConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $rootCertificatesFile = $srConfig->getString('ca_bundle_file'); $util = new sspmod_janus_AdminUtil(); $entities = $util->getEntities(); foreach ($entities as $partialEntity) { try { $entityController = new sspmod_janus_EntityController($janusConfig); $eid = $partialEntity['eid']; if (!$entityController->setEntity($eid)) { $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'."); continue; } $entityController->loadEntity(); $entityId = $entityController->getEntity()->getEntityid(); $entityType = $entityController->getEntity()->getType(); try { try { $certificate = $entityController->getCertificate(); // @workaround // Since getCertificate() returns false when certificate does not exist following check is required to skip validation if (empty($certificate)) { throw new Exception('No certificate found'); } } catch (Exception $e) { if ($entityType === 'saml20-sp') { $cronLogger->with($entityId)->notice("SP does not have a certificate"); } else { if ($entityType === 'saml20-idp') { $cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?"); } } continue; } $validator = new sspmod_janus_OpenSsl_Certificate_Validator($certificate); $validator->setIgnoreSelfSigned(true); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->error($error); } sspmod_janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile); $chain = sspmod_janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate); $validator = new sspmod_janus_OpenSsl_Certificate_Chain_Validator($chain); $validator->setIgnoreSelfSigned(true); $validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->error($error); } } catch (Exception $e) { $cronLogger->with($entityId)->error($e->getMessage()); } } catch (Exception $e) { $cronLogger->error($e->getMessage() . $e->getTraceAsString()); } } } catch (Exception $e) { $cronLogger->error($e->getMessage() . $e->getTraceAsString()); } if ($cronLogger->hasErrors()) { $this->_mailTechnicalContact($cronTag, $cronLogger); } return $cronLogger->getSummaryLines(); }
public function runForCronTag($cronTag) { if (!$this->_isExecuteRequired($cronTag)) { return array("Not doing metadata_refresh"); } $cronLogger = new sspmod_janus_Cron_Logger(); try { $janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig(); $util = new sspmod_janus_AdminUtil(); $entities = $util->getEntities(); foreach ($entities as $partialEntity) { $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); $eid = $partialEntity['eid']; if (!$entityController->setEntity($eid)) { $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'."); continue; } $entityController->loadEntity(); $entity = $entityController->getEntity(); $entityId = $entity->getEntityId(); $metadataUrl = $entity->getMetadataURL(); $metadataCachingInfo = $entityController->getMetadataCaching(); if (empty($metadataUrl)) { $cronLogger->with($entityId)->warn("No metadata url."); continue; } $nextRun = time(); switch ($cronTag) { case 'hourly': $nextRun += 3600; break; case 'daily': $nextRun += 24 * 60 * 60; break; case 'frequent': $nextRun += 0; // How often is frequent? break; default: throw new Exception("Unknown cron tag '{$cronTag}'"); } if ($metadataCachingInfo['validUntil'] > $nextRun && $metadataCachingInfo['cacheUntil'] > $nextRun) { $cronLogger->with($entityId)->notice("Should not update, cache still valid."); continue; } $xml = @file_get_contents($metadataUrl); if (!$xml) { $cronLogger->with($entityId)->error("Failed import of entity. Bad URL '{$metadataUrl}'? "); continue; } $document = new DOMDocument(); if (!@$document->loadXML($xml)) { $cronLogger->with($entityId)->error("Failed import of entity. Invalid XML at '{$metadataUrl}'?"); continue; } $query = new DOMXPath($document); $nsFound = false; foreach ($query->query('namespace::*') as $node) { if ($node->nodeValue === "urn:oasis:names:tc:SAML:2.0:metadata") { $nsFound = true; break; } } if (!$nsFound) { $cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain SAML2 Metadata namespace?"); continue; } $query->registerNamespace('md', "urn:oasis:names:tc:SAML:2.0:metadata"); $entityDescriptorDomElement = $query->query("//md:EntityDescriptor[@entityID=\"{$entityId}\"]"); if ($entityDescriptorDomElement->length === 0) { $cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain an EntityDescriptor with entityId '{$entityId}'?"); continue; } $updated = false; if ($entity->getType() == 'saml20-sp') { $statusCode = $entityController->importMetadata20SP($xml, $updated); if ($statusCode !== 'status_metadata_parsed_ok') { $cronLogger->with($entityId)->error("Entity not updated"); } } else { if ($entity->getType() == 'saml20-idp') { $statusCode = $entityController->importMetadata20IdP($xml, $updated); if ($statusCode !== 'status_metadata_parsed_ok') { $cronLogger->with($entityId)->error("Entity not updated"); } } else { $cronLogger->with($entityId)->error("Failed import of entity. Wrong type"); } } if ($updated) { $entity->setParent($entity->getRevisionid()); $entityController->saveEntity(); $cronLogger->with($entityId)->notice("Entity updated"); $metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId); $entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']); } else { $cronLogger->with($entityId)->notice("Entity not updated, no changes required"); // Update metadata caching info (validUntil ) $metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId); $entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']); } } } catch (Exception $e) { $cronLogger->error($e->getMessage()); } if ($cronLogger->hasErrors()) { $this->_mailTechnicalContact($cronTag, $cronLogger); } return $cronLogger->getSummaryLines(); }
public function runForCronTag($cronTag) { if (!$this->_isExecuteRequired($cronTag)) { return array(); } $cronLogger = new sspmod_janus_Cron_Logger(); try { $janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig(); $util = new sspmod_janus_AdminUtil(); $entities = $util->getEntities(); foreach ($entities as $partialEntity) { $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); $eid = $partialEntity['eid']; if (!$entityController->setEntity($eid)) { $cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'."); continue; } $entityController->loadEntity(); $entityId = $entityController->getEntity()->getEntityid(); $entityMetadata = $entityController->getMetaArray(); foreach ($this->_endpointMetadataFields as $endPointMetaKey) { if (!isset($entityMetadata[$endPointMetaKey])) { // This entity does not have this binding continue; } foreach ($entityMetadata[$endPointMetaKey] as $index => $binding) { $key = $endPointMetaKey . ':' . $index; if (!isset($binding['Location']) || trim($binding['Location']) === "") { $cronLogger->with($entityId)->with($key)->error("Binding has no Location?"); continue; } try { $sslUrl = new Janus_OpenSsl_Url($binding['Location']); } catch (Exception $e) { $cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is not a valid URL"); continue; } if (!$sslUrl->isHttps()) { $cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is not HTTPS"); continue; } $connectSuccess = $sslUrl->connect(); if (!$connectSuccess) { $cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is unreachable"); continue; } if (!$sslUrl->isCertificateValidForUrlHostname()) { $urlHostName = $sslUrl->getHostName(); $validHostNames = $sslUrl->getServerCertificate()->getValidHostNames(); $cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Certificate does not match the hostname '{$urlHostName}' (instead it matches " . implode(', ', $validHostNames) . ")"); } $urlChain = $sslUrl->getServerCertificateChain(); $validator = new Janus_OpenSsl_Certificate_Chain_Validator($urlChain); $validator->validate(); $validatorWarnings = $validator->getWarnings(); $validatorErrors = $validator->getErrors(); foreach ($validatorWarnings as $warning) { $cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->warn($warning); } foreach ($validatorErrors as $error) { $cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error($error); } } } } } catch (Exception $e) { $cronLogger->error($e->getMessage()); } if ($cronLogger->hasErrors()) { $this->_mailTechnicalContact($cronTag, $cronLogger); } return $cronLogger->getSummaryLines(); }