function enableEntity($params)
{
if (!isset($params['eid'])) {
return FALSE;
}
$eid = $params['eid'];
$util = new sspmod_janus_AdminUtil();
$util->enableEntity($eid);
return array('eid' => $eid);
}
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array("Not doing metadata_refresh");
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entity = $entityController->getEntity();
$entityId = $entity->getEntityId();
$metadataUrl = $entity->getMetadataURL();
$metadataCachingInfo = $entityController->getMetadataCaching();
if (empty($metadataUrl)) {
$cronLogger->with($entityId)->warn("No metadata url.");
continue;
}
$nextRun = time();
switch ($cronTag) {
case 'hourly':
$nextRun += 3600;
break;
case 'daily':
$nextRun += 24 * 60 * 60;
break;
case 'frequent':
$nextRun += 0;
// How often is frequent?
break;
default:
throw new Exception("Unknown cron tag '{$cronTag}'");
}
if ($metadataCachingInfo['validUntil'] > $nextRun && $metadataCachingInfo['cacheUntil'] > $nextRun) {
$cronLogger->with($entityId)->notice("Should not update, cache still valid.");
continue;
}
$xml = @file_get_contents($metadataUrl);
if (!$xml) {
$cronLogger->with($entityId)->error("Failed import of entity. Bad URL '{$metadataUrl}'? ");
continue;
}
$document = new DOMDocument();
if (!@$document->loadXML($xml)) {
$cronLogger->with($entityId)->error("Failed import of entity. Invalid XML at '{$metadataUrl}'?");
continue;
}
$query = new DOMXPath($document);
$nsFound = false;
foreach ($query->query('namespace::*') as $node) {
if ($node->nodeValue === "urn:oasis:names:tc:SAML:2.0:metadata") {
$nsFound = true;
break;
}
}
if (!$nsFound) {
$cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain SAML2 Metadata namespace?");
continue;
}
$query->registerNamespace('md', "urn:oasis:names:tc:SAML:2.0:metadata");
$entityDescriptorDomElement = $query->query("//md:EntityDescriptor[@entityID=\"{$entityId}\"]");
if ($entityDescriptorDomElement->length === 0) {
$cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain an EntityDescriptor with entityId '{$entityId}'?");
continue;
}
$updated = false;
if ($entity->getType() == 'saml20-sp') {
$statusCode = $entityController->importMetadata20SP($xml, $updated);
if ($statusCode !== 'status_metadata_parsed_ok') {
$cronLogger->with($entityId)->error("Entity not updated");
}
} else {
if ($entity->getType() == 'saml20-idp') {
$statusCode = $entityController->importMetadata20IdP($xml, $updated);
if ($statusCode !== 'status_metadata_parsed_ok') {
$cronLogger->with($entityId)->error("Entity not updated");
}
} else {
$cronLogger->with($entityId)->error("Failed import of entity. Wrong type");
}
}
if ($updated) {
$entity->setParent($entity->getRevisionid());
$entityController->saveEntity();
$cronLogger->with($entityId)->notice("Entity updated");
$metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId);
$entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']);
} else {
$cronLogger->with($entityId)->notice("Entity not updated, no changes required");
// Update metadata caching info (validUntil )
$metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId);
$entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']);
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
*
* You should have received a copy of the GNU Lesser General Public License
* along with JANUS. If not, see <http://www.gnu.org/licenses/>.
*
* @category SimpleSAMLphp
* @package JANUS
* @author Sixto Martín, <*****@*****.**>
* @author Jacob Christiansen <*****@*****.**>
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
* @version SVN: $Id: metalisting.php 655 2011-03-03 09:35:25Z jach@wayf.dk $
* @link http://code.google.com/p/janus-ssp/
*/
$janus_config = SimpleSAML_Configuration::getConfig('module_janus.php');
$metaentries = array('saml20-idp' => array(), 'saml20-sp' => array(), 'shib13-idp' => array(), 'shib13-sp' => array());
$now = time();
$util = new sspmod_janus_AdminUtil();
if (SimpleSAML_Module::isModuleEnabled('x509')) {
$strict_cert_validation = $janus_config->getBoolean('cert.strict.validation', true);
$cert_allowed_warnings = $janus_config->getArray('cert.allowed.warnings', array());
$cert_time_limit = $janus_config->getInteger('notify.cert.expiring.before', 30);
}
$notify_meta_expiring_before = $janus_config->getInteger('notify.meta.expiring.before', 5);
$meta_time_limit = $now + $notify_meta_expiring_before * 86400;
$workflowstates = $janus_config->getValue('workflowstates');
foreach ($util->getEntities() as $entity) {
$entry = array();
$eid = $entity['eid'];
// Get Entity controller
$mcontroller = new sspmod_janus_EntityController($janus_config);
$mcontroller->setEntity($eid);
$mcontroller->loadEntity();
$this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/scripts/theme-crimson_editor.js"></script>' . "\n";
$this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/scripts/jquery.tablesorter.min.js"></script>' . "\n";
$this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/scripts/jquery.tablesorter.widgets.min.js"></script>' . "\n";
$this->data['head'] .= '
<style type="text/css">
li, ul {
list-style: none;
margin: 0 0 0 10px;
}
ul {
margin: 0;
}
</style>';
$this->includeAtTemplateBase('includes/header.php');
$util = new sspmod_janus_AdminUtil();
$wfstate = $this->data['entity_state'];
$states = $janus_config->getArray('workflowstates');
/** @var sspmod_janus_Entity $entity */
$entity = $this->data['entity'];
/** @var \Symfony\Component\Security\Core\SecurityContext $securityContext */
$securityContext = $this->data['security.context'];
// @todo Define these in some sort of form helper class
define('JANUS_FORM_ELEMENT_CHECKED', 'checked="checked"');
define('JANUS_FORM_ELEMENT_DISABLED', 'disabled="disabled"');
?>
<form id="mainform" method="post" action="<?php
echo SimpleSAML_Utilities::selfURLNoQuery();
?>
" data-revision-required="<?php
echo $janus_config->getBoolean('revision.notes.required', false);
}
if(e.which == 67 && isCtrl == true) {
\$("#options").toggle("fast");
\$("#options input[name='entityid']").focus();
return false;
}
});
JAVASCRIPT_SUBTAB_ADMIN_ENTITIES;
}
/* END TAB ADMIN ENTITIES JS ******************************************************************************************/
}
/* END TAB ADMIN JS ***************************************************************************************************/
if (!IS_AJAX) {
$this->includeAtTemplateBase('includes/header.php');
}
$util = new sspmod_janus_AdminUtil();
if (!IS_AJAX) {
// @todo: improve this workaround and make the form reload the ajax tab
// Build urls for tabs with search and pass optional searchparameters
$entitiesUrl = DASHBOARD_URL . '/' . TAB_AJAX_CONTENT_PREFIX . 'entities';
if (!empty($_GET)) {
switch ($this->data['selectedtab']) {
case SELECTED_TAB_ENTITIES:
$entitiesUrl .= '?' . http_build_query($_GET);
break;
}
}
?>
<div id="tabdiv">
<h1><?php
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array();
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$srConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$rootCertificatesFile = $srConfig->getString('ca_bundle_file');
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
try {
$entityController = new sspmod_janus_EntityController($janusConfig);
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entityId = $entityController->getEntity()->getEntityid();
$entityType = $entityController->getEntity()->getType();
try {
try {
$certificate = $entityController->getCertificate();
// @workaround
// Since getCertificate() returns false when certificate does not exist following check is required to skip validation
if (empty($certificate)) {
throw new Exception('No certificate found');
}
} catch (Exception $e) {
if ($entityType === 'saml20-sp') {
$cronLogger->with($entityId)->notice("SP does not have a certificate");
} else {
if ($entityType === 'saml20-idp') {
$cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?");
}
}
continue;
}
$validator = new sspmod_janus_OpenSsl_Certificate_Validator($certificate);
$validator->setIgnoreSelfSigned(true);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->error($error);
}
sspmod_janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile);
$chain = sspmod_janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate);
$validator = new sspmod_janus_OpenSsl_Certificate_Chain_Validator($chain);
$validator->setIgnoreSelfSigned(true);
$validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->error($error);
}
} catch (Exception $e) {
$cronLogger->with($entityId)->error($e->getMessage());
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage() . $e->getTraceAsString());
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage() . $e->getTraceAsString());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
}).keydown(function (e) {
if(e.which == 17) isCtrl=true;
if(e.which == 83 && isCtrl == true) {
$("#search").toggle("fast");
$("#search input[name=\'q\']").focus();
return false;
}
if(e.which == 67 && isCtrl == true) {
$("#options").toggle("fast");
$("#options input[name=\'entityid\']").focus();
return false;
}
});
</script>';
$this->includeAtTemplateBase('includes/header.php');
$util = new sspmod_janus_AdminUtil();
?>
<div id="tabdiv">
<h1><?php
echo $this->t('text_dashboard') . ' for ' . $this->data['user']->getUserid();
?>
</h1>
<!-- TABS -->
<ul>
<li><a href="#userdata"><?php
echo $this->t('tab_user_data_header');
?>
</a></li>
<li><a href="#entities"><?php
echo $this->t('tab_entities_header');
// Get type filter
$export_type = null;
if (isset($_GET['type'])) {
if (is_array($_GET['type'])) {
$export_type = $_GET['type'];
} else {
$export_type = array($_GET['type']);
}
}
// Get external
$export_external = null;
if (isset($_GET['external']) && $_GET['external'] != 'null') {
$export_external = $_GET['external'];
}
// Create a AdminUtil object
$util = new sspmod_janus_AdminUtil();
// Show UI
if (!isset($export_state) && !isset($export_type)) {
// Init session
$session = SimpleSAML_Session::getInstance();
// Get data from config
$authsource = $janus_config->getValue('auth', 'login-admin');
$useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
// Only valid users are allowed to se UI
if ($session->isValid($authsource)) {
$attributes = $session->getAttributes();
// Check if userid exists
if (!isset($attributes[$useridattr])) {
throw new Exception('User ID is missing');
}
$userid = $attributes[$useridattr][0];
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array();
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entityId = $entityController->getEntity()->getEntityid();
$entityMetadata = $entityController->getMetaArray();
foreach ($this->_endpointMetadataFields as $endPointMetaKey) {
if (!isset($entityMetadata[$endPointMetaKey])) {
// This entity does not have this binding
continue;
}
foreach ($entityMetadata[$endPointMetaKey] as $index => $binding) {
$key = $endPointMetaKey . ':' . $index;
if (!isset($binding['Location']) || trim($binding['Location']) === "") {
$cronLogger->with($entityId)->with($key)->error("Binding has no Location?");
continue;
}
try {
$sslUrl = new Janus_OpenSsl_Url($binding['Location']);
} catch (Exception $e) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is not a valid URL");
continue;
}
if (!$sslUrl->isHttps()) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is not HTTPS");
continue;
}
$connectSuccess = $sslUrl->connect();
if (!$connectSuccess) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is unreachable");
continue;
}
if (!$sslUrl->isCertificateValidForUrlHostname()) {
$urlHostName = $sslUrl->getHostName();
$validHostNames = $sslUrl->getServerCertificate()->getValidHostNames();
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Certificate does not match the hostname '{$urlHostName}' (instead it matches " . implode(', ', $validHostNames) . ")");
}
$urlChain = $sslUrl->getServerCertificateChain();
$validator = new Janus_OpenSsl_Certificate_Chain_Validator($urlChain);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error($error);
}
}
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
}
function check_uri($uri)
{
if (preg_match('/^[a-z][a-z0-9+-\\.]*:.+$/i', $uri) == 1) {
return TRUE;
}
return FALSE;
}
// Get Entity controller
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
// Get the user
$user = new sspmod_janus_User();
$user->setUserid($loggedInUsername);
$user->load(sspmod_janus_User::USERID_LOAD);
// Get Admin util which we use to retrieve entities
$adminUtil = new sspmod_janus_AdminUtil();
// @todo move to separate class
// Function to fix up PHP's messing up POST input containing dots, etc.
function getRealPOST()
{
$vars = array();
$input = file_get_contents("php://input");
if (!empty($input)) {
$pairs = explode("&", $input);
foreach ($pairs as $pair) {
$nv = explode("=", $pair);
$name = urldecode($nv[0]);
$value = urldecode($nv[1]);
$name = explode('[', $name);
if (count($name) > 1) {
$subkey = substr($name[1], 0, -1);
<?php
require __DIR__ . '/_includes.php';
// Get configuration
$session = SimpleSAML_Session::getInstance();
$config = SimpleSAML_Configuration::getInstance();
$janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$util = new sspmod_janus_AdminUtil();
$access = false;
$user = null;
// Validate user
if ($session->isValid($janus_config->getValue('auth'))) {
$useridattr = $janus_config->getValue('useridattr');
$attributes = $session->getAttributes();
// Check if userid exists
if (!isset($attributes[$useridattr])) {
throw new Exception('User ID is missing');
}
$userid = $attributes[$useridattr][0];
// Get the user
$user = new sspmod_janus_User();
$user->setUserid($userid);
$user->load(sspmod_janus_User::USERID_LOAD);
// Check for permission
$securityContext = sspmod_janus_DiContainer::getInstance()->getSecurityContext();
if ($securityContext->isGranted('exportallentities')) {
$access = true;
}
}
// Get default options
$md_options['types'] = array();
$aggregators = $janus_config->getArray('aggregators', null);
$id = null;
if (isset($_GET['id'])) {
$id = $_GET['id'];
} else {
$session = SimpleSAML_Session::getInstance();
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'AGGREGATORID', $exception);
}
$export_state = $aggregators[$id]['state'];
$export_type = $aggregators[$id]['type'];
$exclude_entityid = null;
if (isset($_GET['exclude_entityid'])) {
$exclude_entityid = $_GET['exclude_entityid'];
}
// Create a AdminUtil object
$util = new sspmod_janus_AdminUtil();
// Generate metadata
try {
$maxCache = $janus_config->getValue('maxCache', NULL);
$maxDuration = $janus_config->getValue('maxDuration', NULL);
$entities = $util->getEntitiesByStateType($export_state, $export_type);
$xml = new DOMDocument();
$entitiesDescriptor = $xml->createElementNS('urn:oasis:names:tc:SAML:2.0:metadata', 'EntitiesDescriptor');
$entitiesDescriptorName = $janus_config->getString('export.entitiesDescriptorName', 'Federation');
$entitiesDescriptor->setAttribute('Name', $entitiesDescriptorName);
if ($maxCache !== NULL) {
$entitiesDescriptor->setAttribute('cacheDuration', 'PT' . $maxCache . 'S');
}
if ($maxDuration !== NULL) {
$entitiesDescriptor->setAttribute('validUntil', SimpleSAML_Utilities::generateTimestamp(time() + $maxDuration));
}
/**
* Create new entity with parsed entityid
*
* Create a new entity and give the user access to the entity.
*
* @param string $entityid Entity id for the new entity
* @param string $type Entity type
* @param string $metadataUrl The -optional- metadata url for the new entity
*
* @return sspmod_janus_Entity|bool Returns the entity or false on error.
* @since Method available since Release 1.0.0
*/
public function createNewEntity($entityid, $type, $metadataUrl = null)
{
assert('is_string($entityid)');
assert('is_string($type)');
if ($this->isEntityIdInUse($entityid, $errorMessage)) {
return $errorMessage;
}
$startstate = $this->_config->getString('workflowstate.default');
// Instantiate a new entity
$entity = new sspmod_janus_Entity($this->_config, true);
$entity->setEntityid($entityid);
$entity->setWorkflow($startstate);
$entity->setType($type);
$entity->setUser($this->_user->getUid());
$entity->setRevisionnote('Entity created.');
if ($metadataUrl) {
$entity->setMetadataURL($metadataUrl);
}
$entity->save(array());
$adminUtil = new sspmod_janus_AdminUtil();
$adminUtil->addUserToEntity($entity->getEid(), $this->_user->getUid());
$ec = sspmod_janus_DiContainer::getInstance()->getEntityController();
$ec->setEntity($entity);
$update = false;
// Get metadatafields for new type
$nm_mb = new sspmod_janus_MetadataFieldBuilder($this->_config->getArray('metadatafields.' . $type));
$metadatafields = $nm_mb->getMetadataFields();
// Add all required fileds
foreach ($metadatafields as $mf) {
if (isset($mf->required) && $mf->required === true) {
$ec->addMetadata($mf->name, $mf->default);
$update = true;
}
}
if ($update === true) {
$ec->saveEntity();
}
// Reset list of entities
$this->_entities = null;
$this->_loadEntities();
return $entity->getEid();
}
{
if (preg_match('/^[a-z][a-z0-9+-\\.]*:.+$/i', $uri) == 1) {
return TRUE;
}
return FALSE;
}
// Get metadata to present remote entitites
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
// Get Entity controller
$mcontroller = new sspmod_janus_EntityController($janus_config);
// Get the user
$user = new sspmod_janus_User($janus_config->getValue('store'));
$user->setUserid($userid);
$user->load(sspmod_janus_User::USERID_LOAD);
// Get Admin util which we use to retrieve entities
$autil = new sspmod_janus_AdminUtil();
// Function to fix up PHP's messing up POST input containing dots, etc.
function getRealPOST()
{
$vars = array();
$input = file_get_contents("php://input");
if (!empty($input)) {
$pairs = explode("&", $input);
foreach ($pairs as $pair) {
$nv = explode("=", $pair);
$name = urldecode($nv[0]);
$value = urldecode($nv[1]);
$name = explode('[', $name);
if (count($name) > 1) {
$subkey = substr($name[1], 0, -1);
if (empty($subkey)) {
