protected function _loadEntityMetadata($entityId)
{
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$entityController = new sspmod_janus_EntityController($janusConfig);
$entityController->setEntity($entityId);
$entityController->loadEntity();
$this->_entityMetadata = $entityController->getMetaArray();
}
protected function _loadEntity($entityId)
{
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$entityController = new sspmod_janus_EntityController($janusConfig);
$entityController->setEntity($entityId);
$entityController->loadEntity();
$this->_entityController = $entityController;
return $entityController ? true : false;
}
protected function _loadEntityCertificate($entityId)
{
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$entityController = new sspmod_janus_EntityController($janusConfig);
$entityController->setEntity($entityId);
$entityController->loadEntity();
try {
$certificate = $entityController->getCertificate();
} catch (Exception $e) {
$this->_response->Errors[] = "Certificate data invalid!";
return false;
}
if (!$certificate) {
$this->_response->Warnings[] = "No certificate data for this entity";
return false;
}
$this->_certificate = $certificate;
return true;
}
$entityid = $entity->item(0)->getAttribute('entityID');
$query = '/md:EntityDescriptor/md:SPSSODescriptor';
$sp = $xpath->query($query);
if ($sp->length > 0) {
$type = 'saml20-sp';
}
$query = '/md:EntityDescriptor/md:IDPSSODescriptor';
$idp = $xpath->query($query);
if ($idp->length > 0) {
$type = 'saml20-idp';
}
$msg = $mcontrol->createNewEntity($entityid, $type);
if (is_int($msg)) {
$econtroller = new sspmod_janus_EntityController($janus_config);
$econtroller->setEntity((string) $msg);
$econtroller->loadEntity();
$pm->subscribe($user->getUid(), 'ENTITYUPDATE-' . $msg);
$directlink = SimpleSAML_Module::getModuleURL('janus/editentity.php', array('eid' => $msg));
$pm->post('New entity created', 'Permalink: <a href="' . $directlink . '">' . $directlink . '</a><br /><br />A new entity has been created.<br />Entityid: ' . $_POST['entityid'] . '<br />Entity type: ' . $_POST['entitytype'], 'ENTITYCREATE', $user->getUid());
$msg = 'text_entity_created';
if ($type == 'saml20-sp') {
$msg = $econtroller->importMetadata20SP($_POST['metadata_xml'], $update);
} else {
if ($type == 'saml20-idp') {
$msg = $econtroller->importMetadata20IdP($_POST['metadata_xml'], $update);
} else {
$msg = 'error_metadata_not_import';
}
}
$econtroller->saveEntity();
SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('selectedtab' => $selectedtab));
$session = SimpleSAML_Session::getInstance();
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$authSource = $janusConfig->getValue('auth', 'login-admin');
// Validate user
if (!$session->isValid($authSource)) {
SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php', array('selectedtab' => "'federation'")));
}
$entities = array();
$util = new sspmod_janus_AdminUtil();
$userController = new sspmod_janus_UserController($janusConfig);
$entities = array_merge($userController->searchEntitiesByType('saml20-idp'), $userController->searchEntitiesByType('saml20-sp'));
foreach ($entities as $entity) {
/**
* @var sspmod_janus_Entity $entity
*/
$entityId = $entity->getEid();
$entityController = new sspmod_janus_EntityController($janusConfig);
$entityController->setEntity($entityId);
$entityController->loadEntity();
$controllerEntity = $entityController->getEntity();
$entityType = $controllerEntity->getType();
if (!isset($entities[$entityType])) {
$entities[$entityType] = array();
}
$entities_info[$entityType][] = array('Id' => $controllerEntity->getEntityid(), 'Name' => $controllerEntity->getPrettyname(), 'WorkflowStatus' => $controllerEntity->getWorkflow(), 'MetadataUrl' => $controllerEntity->getMetadataURL(), 'Eid' => $controllerEntity->getEid());
}
ksort($entities_info);
$template = new SimpleSAML_XHTML_Template(SimpleSAML_Configuration::getInstance(), 'janus:show-entities-validation.php', 'janus:show-entities-validation');
$template->data['header'] = "Service Registry JANUS entities validation";
$template->data['entities'] = $entities_info;
$template->show();
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array("Not doing metadata_refresh");
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
$entityController = new sspmod_janus_EntityController($janusConfig);
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entity = $entityController->getEntity();
$entityId = $entity->getEntityId();
$metadataUrl = $entity->getMetadataURL();
$metadataCachingInfo = $entityController->getMetadataCaching();
if (empty($metadataUrl)) {
$cronLogger->with($entityId)->warn("No metadata url.");
continue;
}
$nextRun = time();
switch ($cronTag) {
case 'hourly':
$nextRun += 3600;
break;
case 'daily':
$nextRun += 24 * 60 * 60;
break;
case 'frequent':
$nextRun += 0;
// How often is frequent?
break;
default:
throw new Exception("Unknown cron tag '{$cronTag}'");
}
if ($metadataCachingInfo['validUntil'] > $nextRun && $metadataCachingInfo['cacheUntil'] > $nextRun) {
$cronLogger->with($entityId)->notice("Should not update, cache still valid.");
continue;
}
$xml = @file_get_contents($metadataUrl);
if (!$xml) {
$cronLogger->with($entityId)->error("Failed import of entity. Bad URL '{$metadataUrl}'? ");
continue;
}
$document = new DOMDocument();
if (!@$document->loadXML($xml)) {
$cronLogger->with($entityId)->error("Failed import of entity. Invalid XML at '{$metadataUrl}'?");
continue;
}
$query = new DOMXPath($document);
$nsFound = false;
foreach ($query->query('namespace::*') as $node) {
if ($node->nodeValue === "urn:oasis:names:tc:SAML:2.0:metadata") {
$nsFound = true;
break;
}
}
if (!$nsFound) {
$cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain SAML2 Metadata namespace?");
continue;
}
$query->registerNamespace('md', "urn:oasis:names:tc:SAML:2.0:metadata");
$entityDescriptorDomElement = $query->query("//md:EntityDescriptor[@entityID=\"{$entityId}\"]");
if ($entityDescriptorDomElement->length === 0) {
$cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain an EntityDescriptor with entityId '{$entityId}'?");
continue;
}
$updated = false;
if ($entity->getType() == 'saml20-sp') {
$statusCode = $entityController->importMetadata20SP($xml, $updated);
if ($statusCode !== 'status_metadata_parsed_ok') {
$cronLogger->with($entityId)->error("Entity not updated");
}
} else {
if ($entity->getType() == 'saml20-idp') {
$statusCode = $entityController->importMetadata20IdP($xml, $updated);
if ($statusCode !== 'status_metadata_parsed_ok') {
$cronLogger->with($entityId)->error("Entity not updated");
}
} else {
$cronLogger->with($entityId)->error("Failed import of entity. Wrong type");
}
}
if ($updated) {
$this->_mailUpdatedMetaData($entity, $xml);
$cronLogger->with($entityId)->notice("Entity updated");
$metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId);
$entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']);
} else {
$cronLogger->with($entityId)->notice("Entity not updated, no changes required");
// Update metadata caching info (validUntil )
$metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId);
$entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']);
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array();
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$srConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$rootCertificatesFile = $srConfig->getString('ca_bundle_file');
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
try {
$entityController = new sspmod_janus_EntityController($janusConfig);
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entityId = $entityController->getEntity()->getEntityid();
$entityType = $entityController->getEntity()->getType();
try {
try {
$certificate = $entityController->getCertificate();
// @workaround
// Since getCertificate() returns false when certificate does not exist following check is required to skip validation
if (empty($certificate)) {
throw new Exception('No certificate found');
}
} catch (Exception $e) {
if ($entityType === 'saml20-sp') {
$cronLogger->with($entityId)->notice("SP does not have a certificate");
} else {
if ($entityType === 'saml20-idp') {
$cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?");
}
}
continue;
}
$validator = new sspmod_janus_OpenSsl_Certificate_Validator($certificate);
$validator->setIgnoreSelfSigned(true);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->error($error);
}
sspmod_janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile);
$chain = sspmod_janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate);
$validator = new sspmod_janus_OpenSsl_Certificate_Chain_Validator($chain);
$validator->setIgnoreSelfSigned(true);
$validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->error($error);
}
} catch (Exception $e) {
$cronLogger->with($entityId)->error($e->getMessage());
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage() . $e->getTraceAsString());
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage() . $e->getTraceAsString());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
/**
* Delete the ARP identified by the aid.
*
* @return PDOStatement|false The statement or false on error.
*/
public function delete()
{
if (empty($this->_aid)) {
SimpleSAML_Logger::error('JANUS:ARP:delete - aid needs to be set.');
return false;
}
$deleteStatement = $this->execute('UPDATE ' . self::$prefix . 'arp SET
`deleted` = ?
WHERE `aid` = ?;', array(date('c'), $this->_aid));
if ($deleteStatement === false) {
return false;
}
// Get all entities with the just removed ARP
$st = $this->execute('SELECT eid
FROM ' . self::$prefix . 'entity
WHERE `arp` = ?;', array($this->_aid));
if (!$st) {
return $deleteStatement;
}
$janus_config = SimpleSAML_Configuration::getConfig('module_janus.php');
$controller = new sspmod_janus_EntityController($janus_config);
// Remove the ARP from all entities
$entity_rows = $st->fetchAll();
foreach ($entity_rows as $entity_row) {
$controller->setEntity($entity_row['eid']);
$controller->loadEntity();
$controller->setArp('0');
$controller->saveEntity();
}
return $deleteStatement;
}
/**
* Retrieve all entity metadata for all entities of a certain type.
* @param String $type Supported types: "saml20-idp" or "saml20-sp"
* @param Array $keys optional list of metadata keys to retrieve. Retrieves all if blank
* @param String $allowedEntityId if passed, returns only those entities that are
* whitelisted against the given entity
* @return Array Associative array of all metadata. The key of the array is the identifier
*/
protected static function _getEntities($type, $keys = array(), $allowedEntityId = NULL)
{
$econtroller = new sspmod_janus_EntityController(SimpleSAML_Configuration::getConfig('module_janus.php'));
$ucontroller = new sspmod_janus_UserController(SimpleSAML_Configuration::getConfig('module_janus.php'));
$entities = array();
if (isset($allowedEntityId)) {
$econtroller->setEntity($allowedEntityId);
$econtroller->loadEntity();
if ($econtroller->getEntity()->getAllowedAll() == "yes") {
$entities = $ucontroller->searchEntitiesByType($type);
} else {
$allowedEntities = $econtroller->getAllowedEntities();
// Check the whitelist
if (count($allowedEntities)) {
foreach ($allowedEntities as $entityid => $data) {
$entities[] = $data["remoteentityid"];
}
} else {
// Check the blacklist
$blockedEntities = $econtroller->getBlockedEntities();
if (count($blockedEntities)) {
$blockedEntityIds = array();
foreach ($blockedEntities as $entityid => $data) {
$blockedEntityIds[] = $data["remoteentityid"];
}
$all = $ucontroller->searchEntitiesByType($type);
$list = array();
foreach ($all as $entity) {
$list[] = $entity->getEntityId();
}
// Return all entities that are not in the blacklist
$entities = array_diff($list, $blockedEntityIds);
}
}
}
} else {
$entities = $ucontroller->searchEntitiesByType($type);
}
$result = array();
foreach ($entities as $entity) {
$data = self::_getMetadataForEntity($entity, NULL, $keys);
// Add workflow state info for optional filtering at client side
$data['workflowState'] = $entity->getWorkflow();
if (is_object($entity)) {
$entityId = $entity->getEntityId();
} else {
$entityId = $entity;
}
$result[$entityId] = $data;
}
return $result;
}
throw new SimpleSAML_Error_Exception('eid and revisionid parameter must be set');
}
}
// Revisin id has been set. Fetch the correct version of the entity
if ($revisionid > -1) {
if (!($entity = $mcontroller->setEntity($eid, $revisionid))) {
throw new SimpleSAML_Error_Exception('Error in setEntity');
}
} else {
// Revision not set, get latest
if (!($entity = $mcontroller->setEntity($eid))) {
throw new SimpleSAML_Error_Exception('Error in setEntity');
}
}
// load entity
$mcontroller->loadEntity();
// Check if user is allowed to se entity
$guard = new sspmod_janus_UIguard($janus_config->getArray('access', array()));
$allowedUsers = $mcontroller->getUsers();
if (!(array_key_exists($userid, $allowedUsers) || $guard->hasPermission('allentities', null, $user->getType(), TRUE))) {
SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php'));
}
$et = new SimpleSAML_XHTML_Template($config, 'janus:editentity.php', 'janus:editentity');
$language = $et->getLanguage();
$update = FALSE;
$note = '';
if (!empty($_POST)) {
// Array for collecting addresses to notify
$addresses = array();
// Change entityID
if (isset($_POST['entityid']) && $guard->hasPermission('changeentityid', $entity->getWorkflow(), $user->getType())) {
