/** * Initialize an EntitiesDescriptor. * * @param DOMElement|NULL $xml The XML element we should load. */ public function __construct(DOMElement $xml = NULL) { parent::__construct($xml); if ($xml === NULL) { return; } if ($xml->hasAttribute('ID')) { $this->ID = $xml->getAttribute('ID'); } if ($xml->hasAttribute('validUntil')) { $this->validUntil = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('validUntil')); } if ($xml->hasAttribute('cacheDuration')) { $this->cacheDuration = $xml->getAttribute('cacheDuration'); } if ($xml->hasAttribute('Name')) { $this->Name = $xml->getAttribute('Name'); } $this->Extensions = SAML2_XML_md_Extensions::getList($xml); foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:EntityDescriptor|./saml_metadata:EntitiesDescriptor') as $node) { if ($node->localName === 'EntityDescriptor') { $this->children[] = new SAML2_XML_md_EntityDescriptor($node); } else { $this->children[] = new SAML2_XML_md_EntitiesDescriptor($node); } } }
/** * Initialize a AffiliationDescriptor. * * @param DOMElement|NULL $xml The XML element we should load. * @throws Exception */ public function __construct(DOMElement $xml = NULL) { parent::__construct($xml); if ($xml === NULL) { return; } if (!$xml->hasAttribute('affiliationOwnerID')) { throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.'); } $this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID'); if ($xml->hasAttribute('ID')) { $this->ID = $xml->getAttribute('ID'); } if ($xml->hasAttribute('validUntil')) { $this->validUntil = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('validUntil')); } if ($xml->hasAttribute('cacheDuration')) { $this->cacheDuration = $xml->getAttribute('cacheDuration'); } $this->Extensions = SAML2_XML_md_Extensions::getList($xml); $this->AffiliateMember = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'AffiliateMember'); if (empty($this->AffiliateMember)) { throw new Exception('Missing AffiliateMember in AffiliationDescriptor.'); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) { $this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd); } }
public function testMarshallingOfSimpleRequest() { $document = new DOMDocument(); $document->loadXML(<<<AUTHNREQUEST <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_306f8ec5b618f361c70b6ffb1480eade" Version="2.0" IssueInstant="2004-12-05T09:21:59Z" Destination="https://idp.example.org/SAML2/SSO/Artifact" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifact"> <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer> </samlp:AuthnRequest> AUTHNREQUEST ); $authnRequest = new SAML2_AuthnRequest($document->documentElement); $expectedIssueInstant = SAML2_Utils::xsDateTimeToTimestamp('2004-12-05T09:21:59Z'); $this->assertEquals($expectedIssueInstant, $authnRequest->getIssueInstant()); $this->assertEquals('https://idp.example.org/SAML2/SSO/Artifact', $authnRequest->getDestination()); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', $authnRequest->getProtocolBinding()); $this->assertEquals('https://sp.example.com/SAML2/SSO/Artifact', $authnRequest->getAssertionConsumerServiceURL()); $this->assertEquals('https://sp.example.com/SAML2', $authnRequest->getIssuer()); }
/** * Constructor for SAML 2 logout request messages. * * @param DOMElement|NULL $xml The input message. * @throws Exception */ public function __construct(DOMElement $xml = NULL) { parent::__construct('LogoutRequest', $xml); $this->sessionIndexes = array(); if ($xml === NULL) { return; } if ($xml->hasAttribute('NotOnOrAfter')) { $this->notOnOrAfter = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('NotOnOrAfter')); } $nameId = SAML2_Utils::xpQuery($xml, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData'); if (empty($nameId)) { throw new Exception('Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.'); } elseif (count($nameId) > 1) { throw new Exception('More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.'); } $nameId = $nameId[0]; if ($nameId->localName === 'EncryptedData') { /* The NameID element is encrypted. */ $this->encryptedNameId = $nameId; } else { $this->nameId = SAML2_Utils::parseNameId($nameId); } $sessionIndexes = SAML2_Utils::xpQuery($xml, './saml_protocol:SessionIndex'); foreach ($sessionIndexes as $sessionIndex) { $this->sessionIndexes[] = trim($sessionIndex->textContent); } }
/** * Test xsDateTime format validity * * @dataProvider xsDateTimes */ public function testXsDateTimeToTimestamp($shouldPass, $time, $expectedTs = null) { try { $ts = SAML2_Utils::xsDateTimeToTimestamp($time); $this->assertTrue($shouldPass); $this->assertEquals($expectedTs, $ts); } catch (Exception $e) { $this->assertFalse($shouldPass); } }
/** * Create/parse a mdrpi:RegistrationInfo element. * * @param DOMElement|NULL $xml The XML element we should load. * @throws Exception */ public function __construct(DOMElement $xml = NULL) { if ($xml === NULL) { return; } if (!$xml->hasAttribute('registrationAuthority')) { throw new Exception('Missing required attribute "registrationAuthority" in mdrpi:RegistrationInfo element.'); } $this->registrationAuthority = $xml->getAttribute('registrationAuthority'); if ($xml->hasAttribute('registrationInstant')) { $this->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('registrationInstant')); } $this->RegistrationPolicy = SAML2_Utils::extractLocalizedStrings($xml, SAML2_XML_mdrpi_Common::NS_MDRPI, 'RegistrationPolicy'); }
/** * Create/parse a mdrpi:PublicationInfo element. * * @param DOMElement|NULL $xml The XML element we should load. * @throws Exception */ public function __construct(DOMElement $xml = NULL) { if ($xml === NULL) { return; } if (!$xml->hasAttribute('publisher')) { throw new Exception('Missing required attribute "publisher" in mdrpi:PublicationInfo element.'); } $this->publisher = $xml->getAttribute('publisher'); if ($xml->hasAttribute('creationInstant')) { $this->creationInstant = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('creationInstant')); } if ($xml->hasAttribute('publicationId')) { $this->publicationId = $xml->getAttribute('publicationId'); } $this->UsagePolicy = SAML2_Utils::extractLocalizedStrings($xml, SAML2_XML_mdrpi_Common::NS_MDRPI, 'UsagePolicy'); }
/** * Initialize (and parse) a SubjectConfirmationData element. * * @param DOMElement|NULL $xml The XML element we should load. */ public function __construct(DOMElement $xml = NULL) { if ($xml === NULL) { return; } if ($xml->hasAttribute('NotBefore')) { $this->NotBefore = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('NotBefore')); } if ($xml->hasAttribute('NotOnOrAfter')) { $this->NotOnOrAfter = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('NotOnOrAfter')); } if ($xml->hasAttribute('Recipient')) { $this->Recipient = $xml->getAttribute('Recipient'); } if ($xml->hasAttribute('InResponseTo')) { $this->InResponseTo = $xml->getAttribute('InResponseTo'); } if ($xml->hasAttribute('Address')) { $this->Address = $xml->getAttribute('Address'); } for ($n = $xml->firstChild; $n !== NULL; $n = $n->nextSibling) { if (!$n instanceof DOMElement) { continue; } if ($n->namespaceURI !== XMLSecurityDSig::XMLDSIGNS) { $this->info[] = new SAML2_XML_Chunk($n); continue; } switch ($n->localName) { case 'KeyInfo': $this->info[] = new SAML2_XML_ds_KeyInfo($n); break; default: $this->info[] = new SAML2_XML_Chunk($n); break; } } }
/** * Retrieve all entities as an EntitiesDescriptor. * * @return SAML2_XML_md_EntitiesDescriptor The entities. */ protected function getEntitiesDescriptor() { $ret = new SAML2_XML_md_EntitiesDescriptor(); $now = time(); // add RegistrationInfo extension if enabled if ($this->regInfo !== NULL) { $ri = new SAML2_XML_mdrpi_RegistrationInfo(); $ri->registrationInstant = $now; foreach ($this->regInfo as $riName => $riValues) { switch ($riName) { case 'authority': $ri->registrationAuthority = $riValues; break; case 'instant': $ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues); break; case 'policies': $ri->RegistrationPolicy = $riValues; break; } } $ret->Extensions[] = $ri; } foreach ($this->sources as $source) { $m = $source->getMetadata(); if ($m === NULL) { continue; } $ret->children[] = $m; } $ret->validUntil = $now + $this->validLength; return $ret; }
/** * Initialize a message. * * This constructor takes an optional parameter with a DOMElement. If this * parameter is given, the message will be initialized with data from that * XML element. * * If no XML element is given, the message is initialized with suitable * default values. * * @param string $tagName The tag name of the root element. * @param DOMElement|NULL $xml The input message. * @throws Exception */ protected function __construct($tagName, DOMElement $xml = NULL) { assert('is_string($tagName)'); $this->tagName = $tagName; $this->id = SAML2_Utils::getContainer()->generateId(); $this->issueInstant = time(); $this->certificates = array(); $this->validators = array(); if ($xml === NULL) { return; } if (!$xml->hasAttribute('ID')) { throw new Exception('Missing ID attribute on SAML message.'); } $this->id = $xml->getAttribute('ID'); if ($xml->getAttribute('Version') !== '2.0') { /* Currently a very strict check. */ throw new Exception('Unsupported version: ' . $xml->getAttribute('Version')); } $this->issueInstant = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant')); if ($xml->hasAttribute('Destination')) { $this->destination = $xml->getAttribute('Destination'); } if ($xml->hasAttribute('Consent')) { $this->consent = $xml->getAttribute('Consent'); } $issuer = SAML2_Utils::xpQuery($xml, './saml_assertion:Issuer'); if (!empty($issuer)) { $this->issuer = trim($issuer[0]->textContent); } /* Validate the signature element of the message. */ try { $sig = SAML2_Utils::validateElement($xml); if ($sig !== FALSE) { $this->certificates = $sig['Certificates']; $this->validators[] = array('Function' => array('SAML2_Utils', 'validateSignature'), 'Data' => $sig); } } catch (Exception $e) { /* Ignore signature validation errors. */ } $this->extensions = SAML2_XML_samlp_Extensions::getList($xml); }
/** * Parse AuthnStatement in assertion. * * @param DOMElement $xml The assertion XML element. * @throws Exception */ private function parseAuthnStatement(DOMElement $xml) { $authnStatements = SAML2_Utils::xpQuery($xml, './saml_assertion:AuthnStatement'); if (empty($authnStatements)) { $this->authnInstant = NULL; return; } elseif (count($authnStatements) > 1) { throw new Exception('More that one <saml:AuthnStatement> in <saml:Assertion> not supported.'); } $authnStatement = $authnStatements[0]; if (!$authnStatement->hasAttribute('AuthnInstant')) { throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.'); } $this->authnInstant = SAML2_Utils::xsDateTimeToTimestamp($authnStatement->getAttribute('AuthnInstant')); if ($authnStatement->hasAttribute('SessionNotOnOrAfter')) { $this->sessionNotOnOrAfter = SAML2_Utils::xsDateTimeToTimestamp($authnStatement->getAttribute('SessionNotOnOrAfter')); } if ($authnStatement->hasAttribute('SessionIndex')) { $this->sessionIndex = $authnStatement->getAttribute('SessionIndex'); } $this->parseAuthnContext($authnStatement); }
/** * Initialize an EntitiyDescriptor. * * @param DOMElement|NULL $xml The XML element we should load. * @throws Exception */ public function __construct(DOMElement $xml = NULL) { parent::__construct($xml); if ($xml === NULL) { return; } if (!$xml->hasAttribute('entityID')) { throw new Exception('Missing required attribute entityID on EntityDescriptor.'); } $this->entityID = $xml->getAttribute('entityID'); if ($xml->hasAttribute('ID')) { $this->ID = $xml->getAttribute('ID'); } if ($xml->hasAttribute('validUntil')) { $this->validUntil = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('validUntil')); } if ($xml->hasAttribute('cacheDuration')) { $this->cacheDuration = $xml->getAttribute('cacheDuration'); } $this->Extensions = SAML2_XML_md_Extensions::getList($xml); for ($node = $xml->firstChild; $node !== NULL; $node = $node->nextSibling) { if (!$node instanceof DOMElement) { continue; } if ($node->namespaceURI !== SAML2_Const::NS_MD) { continue; } switch ($node->localName) { case 'RoleDescriptor': $this->RoleDescriptor[] = new SAML2_XML_md_UnknownRoleDescriptor($node); break; case 'IDPSSODescriptor': $this->RoleDescriptor[] = new SAML2_XML_md_IDPSSODescriptor($node); break; case 'SPSSODescriptor': $this->RoleDescriptor[] = new SAML2_XML_md_SPSSODescriptor($node); break; case 'AuthnAuthorityDescriptor': $this->RoleDescriptor[] = new SAML2_XML_md_AuthnAuthorityDescriptor($node); break; case 'AttributeAuthorityDescriptor': $this->RoleDescriptor[] = new SAML2_XML_md_AttributeAuthorityDescriptor($node); break; case 'PDPDescriptor': $this->RoleDescriptor[] = new SAML2_XML_md_PDPDescriptor($node); break; } } $affiliationDescriptor = SAML2_Utils::xpQuery($xml, './saml_metadata:AffiliationDescriptor'); if (count($affiliationDescriptor) > 1) { throw new Exception('More than one AffiliationDescriptor in the entity.'); } elseif (!empty($affiliationDescriptor)) { $this->AffiliationDescriptor = new SAML2_XML_md_AffiliationDescriptor($affiliationDescriptor[0]); } if (empty($this->RoleDescriptor) && is_null($this->AffiliationDescriptor)) { throw new Exception('Must have either one of the RoleDescriptors or an AffiliationDescriptor in EntityDescriptor.'); } elseif (!empty($this->RoleDescriptor) && !is_null($this->AffiliationDescriptor)) { throw new Exception('AffiliationDescriptor cannot be combined with other RoleDescriptor elements in EntityDescriptor.'); } $organization = SAML2_Utils::xpQuery($xml, './saml_metadata:Organization'); if (count($organization) > 1) { throw new Exception('More than one Organization in the entity.'); } elseif (!empty($organization)) { $this->Organization = new SAML2_XML_md_Organization($organization[0]); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ContactPerson') as $cp) { $this->ContactPerson[] = new SAML2_XML_md_ContactPerson($cp); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AdditionalMetadataLocation') as $aml) { $this->AdditionalMetadataLocation[] = new SAML2_XML_md_AdditionalMetadataLocation($aml); } }
/** * Add extensions to the metadata. * * @param SimpleSAML_Configuration $metadata The metadata to get extensions from. * @param SAML2_XML_md_RoleDescriptor $e Reference to the element where the Extensions element should be included. */ private function addExtensions(SimpleSAML_Configuration $metadata, SAML2_XML_md_RoleDescriptor $e) { if ($metadata->hasValue('tags')) { $a = new SAML2_XML_saml_Attribute(); $a->Name = 'tags'; foreach ($metadata->getArray('tags') as $tag) { $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($tag); } $e->Extensions[] = $a; } if ($metadata->hasValue('hint.cidr')) { $a = new SAML2_XML_saml_Attribute(); $a->Name = 'hint.cidr'; foreach ($metadata->getArray('hint.cidr') as $hint) { $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($hint); } $e->Extensions[] = $a; } if ($metadata->hasValue('scope')) { foreach ($metadata->getArray('scope') as $scopetext) { $s = new SAML2_XML_shibmd_Scope(); $s->scope = $scopetext; // Check whether $ ^ ( ) * | \ are in a scope -> assume regex. if (1 === preg_match('/[\\$\\^\\)\\(\\*\\|\\\\]/', $scopetext)) { $s->regexp = true; } else { $s->regexp = false; } $e->Extensions[] = $s; } } if ($metadata->hasValue('EntityAttributes')) { $ea = new SAML2_XML_mdattr_EntityAttributes(); foreach ($metadata->getArray('EntityAttributes') as $attributeName => $attributeValues) { $a = new SAML2_XML_saml_Attribute(); $a->Name = $attributeName; $a->NameFormat = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'; // Attribute names that is not URI is prefixed as this: '{nameformat}name' if (preg_match('/^\\{(.*?)\\}(.*)$/', $attributeName, $matches)) { $a->Name = $matches[2]; $nameFormat = $matches[1]; if ($nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) { $a->NameFormat = $nameFormat; } } foreach ($attributeValues as $attributeValue) { $a->AttributeValue[] = new SAML2_XML_saml_AttributeValue($attributeValue); } $ea->children[] = $a; } $this->entityDescriptor->Extensions[] = $ea; } if ($metadata->hasValue('RegistrationInfo')) { $ri = new SAML2_XML_mdrpi_RegistrationInfo(); foreach ($metadata->getArray('RegistrationInfo') as $riName => $riValues) { switch ($riName) { case 'authority': $ri->registrationAuthority = $riValues; break; case 'instant': $ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues); break; case 'policies': $ri->RegistrationPolicy = $riValues; break; } } $this->entityDescriptor->Extensions[] = $ri; } if ($metadata->hasValue('UIInfo')) { $ui = new SAML2_XML_mdui_UIInfo(); foreach ($metadata->getArray('UIInfo') as $uiName => $uiValues) { switch ($uiName) { case 'DisplayName': $ui->DisplayName = $uiValues; break; case 'Description': $ui->Description = $uiValues; break; case 'InformationURL': $ui->InformationURL = $uiValues; break; case 'PrivacyStatementURL': $ui->PrivacyStatementURL = $uiValues; break; case 'Keywords': foreach ($uiValues as $lang => $keywords) { $uiItem = new SAML2_XML_mdui_Keywords(); $uiItem->lang = $lang; $uiItem->Keywords = $keywords; $ui->Keywords[] = $uiItem; } break; case 'Logo': foreach ($uiValues as $logo) { $uiItem = new SAML2_XML_mdui_Logo(); $uiItem->url = $logo['url']; $uiItem->width = $logo['width']; $uiItem->height = $logo['height']; if (isset($logo['lang'])) { $uiItem->lang = $logo['lang']; } $ui->Logo[] = $uiItem; } break; } } $e->Extensions[] = $ui; } if ($metadata->hasValue('DiscoHints')) { $dh = new SAML2_XML_mdui_DiscoHints(); foreach ($metadata->getArray('DiscoHints') as $dhName => $dhValues) { switch ($dhName) { case 'IPHint': $dh->IPHint = $dhValues; break; case 'DomainHint': $dh->DomainHint = $dhValues; break; case 'GeolocationHint': $dh->GeolocationHint = $dhValues; break; } } $e->Extensions[] = $dh; } }
/** * Initialize a RoleDescriptor. * * @param string $elementName The name of this element. * @param DOMElement|NULL $xml The XML element we should load. * @throws Exception */ protected function __construct($elementName, DOMElement $xml = NULL) { assert('is_string($elementName)'); parent::__construct($xml); $this->elementName = $elementName; if ($xml === NULL) { return; } if ($xml->hasAttribute('ID')) { $this->ID = $xml->getAttribute('ID'); } if ($xml->hasAttribute('validUntil')) { $this->validUntil = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('validUntil')); } if ($xml->hasAttribute('cacheDuration')) { $this->cacheDuration = $xml->getAttribute('cacheDuration'); } if (!$xml->hasAttribute('protocolSupportEnumeration')) { throw new Exception('Missing protocolSupportEnumeration attribute on ' . $xml->localName); } $this->protocolSupportEnumeration = preg_split('/[\\s]+/', $xml->getAttribute('protocolSupportEnumeration')); if ($xml->hasAttribute('errorURL')) { $this->errorURL = $xml->getAttribute('errorURL'); } $this->Extensions = SAML2_XML_md_Extensions::getList($xml); foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) { $this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd); } $organization = SAML2_Utils::xpQuery($xml, './saml_metadata:Organization'); if (count($organization) > 1) { throw new Exception('More than one Organization in the entity.'); } elseif (!empty($organization)) { $this->Organization = new SAML2_XML_md_Organization($organization[0]); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ContactPerson') as $cp) { $this->contactPersons[] = new SAML2_XML_md_ContactPerson($cp); } }
/** * Parse AuthnStatement in assertion. * * @param DOMElement $xml The assertion XML element. * @throws Exception */ private function parseAuthnStatement(DOMElement $xml) { $as = SAML2_Utils::xpQuery($xml, './saml_assertion:AuthnStatement'); if (empty($as)) { $this->authnInstant = NULL; return; } elseif (count($as) > 1) { throw new Exception('More that one <saml:AuthnStatement> in <saml:Assertion> not supported.'); } $as = $as[0]; if (!$as->hasAttribute('AuthnInstant')) { throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.'); } $this->authnInstant = SAML2_Utils::xsDateTimeToTimestamp($as->getAttribute('AuthnInstant')); if ($as->hasAttribute('SessionNotOnOrAfter')) { $this->sessionNotOnOrAfter = SAML2_Utils::xsDateTimeToTimestamp($as->getAttribute('SessionNotOnOrAfter')); } if ($as->hasAttribute('SessionIndex')) { $this->sessionIndex = $as->getAttribute('SessionIndex'); } $ac = SAML2_Utils::xpQuery($as, './saml_assertion:AuthnContext'); if (empty($ac)) { throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.'); } elseif (count($ac) > 1) { throw new Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.'); } $ac = $ac[0]; $accr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextClassRef'); if (empty($accr)) { $acdr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextDeclRef'); if (empty($acdr)) { throw new Exception('Neither <saml:AuthnContextClassRef> nor <saml:AuthnContextDeclRef> found in <saml:AuthnContext>.'); } elseif (count($accr) > 1) { throw new Exception('More than one <saml:AuthnContextDeclRef> in <saml:AuthnContext>.'); } $this->authnContext = trim($acdr[0]->textContent); } elseif (count($accr) > 1) { throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.'); } else { $this->authnContext = trim($accr[0]->textContent); } $this->AuthenticatingAuthority = SAML2_Utils::extractStrings($ac, SAML2_Const::NS_SAML, 'AuthenticatingAuthority'); }
public static function checkDateConditions($start = NULL, $end = NULL) { $currentTime = time(); if (!empty($start)) { $startTime = SAML2_Utils::xsDateTimeToTimestamp($start); /* Allow for a 10 minute difference in Time */ if ($startTime < 0 || $startTime - 600 > $currentTime) { return FALSE; } } if (!empty($end)) { $endTime = SAML2_Utils::xsDateTimeToTimestamp($end); if ($endTime < 0 || $endTime <= $currentTime) { return FALSE; } } return TRUE; }
/** * Check if we are currently between the given date & time conditions. * * Note that this function allows a 10-minute leap from the initial time as marked by $start. * * @param string|null $start A SAML2 timestamp marking the start of the period to check. Defaults to null, in which * case there's no limitations in the past. * @param string|null $end A SAML2 timestamp marking the end of the period to check. Defaults to null, in which * case there's no limitations in the future. * * @return bool True if the current time belongs to the period specified by $start and $end. False otherwise. * * @see \SAML2_Utils::xsDateTimeToTimestamp. * * @author Andreas Solberg, UNINETT AS <*****@*****.**> * @author Olav Morken, UNINETT AS <*****@*****.**> */ protected static function checkDateConditions($start = null, $end = null) { $currentTime = time(); if (!empty($start)) { $startTime = \SAML2_Utils::xsDateTimeToTimestamp($start); // allow for a 10 minute difference in time if ($startTime < 0 || $startTime - 600 > $currentTime) { return false; } } if (!empty($end)) { $endTime = \SAML2_Utils::xsDateTimeToTimestamp($end); if ($endTime < 0 || $endTime <= $currentTime) { return false; } } return true; }
public function getMetadataDocument() { // Get metadata entries $entities = $this->getSources(); $maxDuration = $this->getMaxDuration(); $reconstruct = $this->getReconstruct(); $entitiesDescriptor = new SAML2_XML_md_EntitiesDescriptor(); $entitiesDescriptor->Name = $this->id; $entitiesDescriptor->validUntil = time() + $maxDuration; // add RegistrationInfo extension if enabled if ($this->gConfig->hasValue('RegistrationInfo')) { $ri = new SAML2_XML_mdrpi_RegistrationInfo(); foreach ($this->gConfig->getArray('RegistrationInfo') as $riName => $riValues) { switch ($riName) { case 'authority': $ri->registrationAuthority = $riValues; break; case 'instant': $ri->registrationInstant = SAML2_Utils::xsDateTimeToTimestamp($riValues); break; case 'policies': $ri->RegistrationPolicy = $riValues; break; } } $entitiesDescriptor->Extensions[] = $ri; } /* Build EntityDescriptor elements for them. */ foreach ($entities as $entity => $sets) { $entityDescriptor = NULL; foreach ($sets as $set => $metadata) { if (!array_key_exists('entityDescriptor', $metadata)) { /* One of the sets doesn't contain an EntityDescriptor element. */ $entityDescriptor = FALSE; break; } if ($entityDescriptor == NULL) { /* First EntityDescriptor elements. */ $entityDescriptor = $metadata['entityDescriptor']; continue; } assert('is_string($entityDescriptor)'); if ($entityDescriptor !== $metadata['entityDescriptor']) { /* Entity contains multiple different EntityDescriptor elements. */ $entityDescriptor = FALSE; break; } } if (is_string($entityDescriptor) && !$reconstruct) { /* All metadata sets for the entity contain the same entity descriptor. Use that one. */ $tmp = new DOMDocument(); $tmp->loadXML(base64_decode($entityDescriptor)); $entitiesDescriptor->children[] = new SAML2_XML_md_EntityDescriptor($tmp->documentElement); } else { $tmp = new SimpleSAML_Metadata_SAMLBuilder($entity, $maxDuration, $maxDuration); $orgmeta = NULL; foreach ($sets as $set => $metadata) { $tmp->addMetadata($set, $metadata); $orgmeta = $metadata; } $tmp->addOrganizationInfo($orgmeta); $entitiesDescriptor->children[] = $tmp->getEntityDescriptor(); } } $document = $entitiesDescriptor->toXML(); // sign the metadata if enabled if ($this->shouldSign()) { $signer = new SimpleSAML_XML_Signer($this->getSigningInfo()); $signer->sign($document, $document, $document->firstChild); } return $document; }