/**
* Convert this AdditionalMetadataLocation to XML.
*
* @param DOMElement $parent The element we should append to.
* @return DOMElement This AdditionalMetadataLocation-element.
*/
public function toXML(DOMElement $parent)
{
assert('is_string($this->namespace)');
assert('is_string($this->location)');
$e = SAML2_Utils::addString($parent, SAML2_Const::NS_MD, 'md:AdditionalMetadataLocation', $this->location);
$e->setAttribute('namespace', $this->namespace);
return $e;
}
/**
* Test adding an element with a string value.
*/
public function testAddString()
{
$document = SAML2_DOMDocumentFactory::fromString('<root/>');
SAML2_Utils::addString($document->firstChild, 'testns', 'ns:somenode', 'value');
$this->assertEquals('<root><ns:somenode xmlns:ns="testns">value</ns:somenode></root>', $document->saveXML($document->firstChild));
$document->loadXML('<ns:root xmlns:ns="testns"/>');
SAML2_Utils::addString($document->firstChild, 'testns', 'ns:somenode', 'value');
$this->assertEquals('<ns:root xmlns:ns="testns"><ns:somenode>value</ns:somenode></ns:root>', $document->saveXML($document->firstChild));
}
/**
* Convert this IDPList to XML.
*
* @param DOMElement $parent The element we should append this element to.
*/
public function toXML(DOMElement $parent)
{
assert('is_array($this->IDPEntry)');
assert('!empty($this->IDPEntry)');
assert('is_string($this->GetComplete) || is_null($this->GetComplete)');
$doc = $parent->ownerDocument;
$e = $doc->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:IDPList');
$parent->appendChild($e);
foreach ($this->IDPEntry as $ie) {
$ie->toXML($e);
}
if ($this->GetComplete !== NULL) {
SAML2_Utils::addString($e, SAML2_Const::NS_SAMLP, 'samlp:GetComplete', $this->GetComplete);
}
return $e;
}
/**
* Convert status response message to an XML element.
*
* @return DOMElement This status response.
*/
public function toUnsignedXML()
{
$root = parent::toUnsignedXML();
if ($this->inResponseTo !== NULL) {
$root->setAttribute('InResponseTo', $this->inResponseTo);
}
if ($this->extensions !== NULL) {
if ($this->extensions === TRUE) {
$ee = $this->document->createElementNS('http://rnd.feide.no/fedlab-ns', 'UnknownExtension');
} else {
$ee = $this->extensions;
}
$extensions = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Extensions');
$extensions->appendChild($ee);
$root->appendChild($extensions);
}
$status = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Status');
$root->appendChild($status);
$statusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode');
$statusCode->setAttribute('Value', $this->status['Code']);
$status->appendChild($statusCode);
if (!is_null($this->status['SubCode'])) {
$subStatusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode');
$subStatusCode->setAttribute('Value', $this->status['SubCode']);
$statusCode->appendChild($subStatusCode);
}
if (!is_null($this->status['Message'])) {
SAML2_Utils::addString($status, SAML2_Const::NS_SAMLP, 'StatusMessage', $this->status['Message']);
}
return $root;
}
/**
* Convert this authentication request to an XML element.
*
* @return DOMElement This authentication request.
*/
public function toUnsignedXML()
{
$root = parent::toUnsignedXML();
if ($this->forceAuthn) {
$root->setAttribute('ForceAuthn', 'true');
}
if ($this->isPassive) {
$root->setAttribute('IsPassive', 'true');
}
if ($this->assertionConsumerServiceIndex !== NULL) {
$root->setAttribute('AssertionConsumerServiceIndex', $this->assertionConsumerServiceIndex);
} else {
if ($this->assertionConsumerServiceURL !== NULL) {
$root->setAttribute('AssertionConsumerServiceURL', $this->assertionConsumerServiceURL);
}
if ($this->protocolBinding !== NULL) {
$root->setAttribute('ProtocolBinding', $this->protocolBinding);
}
}
if ($this->attributeConsumingServiceIndex !== NULL) {
$root->setAttribute('AttributeConsumingServiceIndex', $this->attributeConsumingServiceIndex);
}
if (!empty($this->nameIdPolicy)) {
$nameIdPolicy = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'NameIDPolicy');
if (array_key_exists('Format', $this->nameIdPolicy)) {
$nameIdPolicy->setAttribute('Format', $this->nameIdPolicy['Format']);
}
if (array_key_exists('SPNameQualifier', $this->nameIdPolicy)) {
$nameIdPolicy->setAttribute('SPNameQualifier', $this->nameIdPolicy['SPNameQualifier']);
}
if (array_key_exists('AllowCreate', $this->nameIdPolicy) && $this->nameIdPolicy['AllowCreate']) {
$nameIdPolicy->setAttribute('AllowCreate', 'true');
}
$root->appendChild($nameIdPolicy);
}
$rac = $this->requestedAuthnContext;
if (!empty($rac) && !empty($rac['AuthnContextClassRef'])) {
$e = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'RequestedAuthnContext');
$root->appendChild($e);
if (isset($rac['Comparison']) && $rac['Comparison'] !== 'exact') {
$e->setAttribute('Comparison', $rac['Comparison']);
}
foreach ($rac['AuthnContextClassRef'] as $accr) {
SAML2_Utils::addString($e, SAML2_Const::NS_SAML, 'AuthnContextClassRef', $accr);
}
}
if (!empty($this->extensions)) {
SAML2_XML_samlp_Extensions::addList($root, $this->extensions);
}
if ($this->ProxyCount !== NULL || count($this->IDPList) > 0 || count($this->RequesterID) > 0) {
$scoping = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Scoping');
$root->appendChild($scoping);
if ($this->ProxyCount !== NULL) {
$scoping->setAttribute('ProxyCount', $this->ProxyCount);
}
if (count($this->IDPList) > 0) {
$idplist = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPList');
foreach ($this->IDPList as $provider) {
$idpEntry = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'IDPEntry');
$idpEntry->setAttribute('ProviderID', $provider);
$idplist->appendChild($idpEntry);
}
$scoping->appendChild($idplist);
}
if (count($this->RequesterID) > 0) {
SAML2_Utils::addStrings($scoping, SAML2_Const::NS_SAMLP, 'RequesterID', FALSE, $this->RequesterID);
}
}
return $root;
}
/**
* Convert the attribute query message to an XML element.
*
* @return DOMElement This attribute query.
*/
public function toUnsignedXML()
{
$root = parent::toUnsignedXML();
foreach ($this->attributes as $name => $values) {
$attribute = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:Attribute');
$root->appendChild($attribute);
$attribute->setAttribute('Name', $name);
if ($this->nameFormat !== SAML2_Const::NAMEFORMAT_UNSPECIFIED) {
$attribute->setAttribute('NameFormat', $this->nameFormat);
}
foreach ($values as $value) {
if (is_string($value)) {
$type = 'xs:string';
} elseif (is_int($value)) {
$type = 'xs:integer';
} else {
$type = NULL;
}
$attributeValue = SAML2_Utils::addString($attribute, SAML2_Const::NS_SAML, 'saml:AttributeValue', $value);
if ($type !== NULL) {
$attributeValue->setAttributeNS(SAML2_Const::NS_XSI, 'xsi:type', $type);
}
}
}
return $root;
}
/**
* Convert this KeyName element to XML.
*
* @param DOMElement $parent The element we should append this KeyName element to.
* @return DOMElement
*/
public function toXML(DOMElement $parent)
{
assert('is_string($this->name)');
return SAML2_Utils::addString($parent, XMLSecurityDSig::XMLDSIGNS, 'ds:KeyName', $this->name);
}
/**
* Create a NameID element.
*
* The NameId array can have the following elements: 'Value', 'Format',
* 'NameQualifier, 'SPNameQualifier'
*
* Only the 'Value'-element is required.
*
* @param DOMElement $node The DOM node we should append the NameId to.
* @param array $nameId The name identifier.
*/
public static function addNameId(DOMElement $node, array $nameId)
{
assert('array_key_exists("Value", $nameId)');
$xml = SAML2_Utils::addString($node, SAML2_Const::NS_SAML, 'saml:NameID', $nameId['Value']);
if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== NULL) {
$xml->setAttribute('NameQualifier', $nameId['NameQualifier']);
}
if (array_key_exists('SPNameQualifier', $nameId) && $nameId['SPNameQualifier'] !== NULL) {
$xml->setAttribute('SPNameQualifier', $nameId['SPNameQualifier']);
}
if (array_key_exists('Format', $nameId) && $nameId['Format'] !== NULL) {
$xml->setAttribute('Format', $nameId['Format']);
}
}
/**
* Convert this message to an unsigned XML document.
*
* This method does not sign the resulting XML document.
*
* @return DOMElement The root element of the DOM tree.
*/
public function toUnsignedXML()
{
$this->document = new DOMDocument();
$root = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'samlp:' . $this->tagName);
$this->document->appendChild($root);
/* Ugly hack to add another namespace declaration to the root element. */
$root->setAttributeNS(SAML2_Const::NS_SAML, 'saml:tmp', 'tmp');
$root->removeAttributeNS(SAML2_Const::NS_SAML, 'tmp');
$root->setAttribute('ID', $this->id);
$root->setAttribute('Version', '2.0');
$root->setAttribute('IssueInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->issueInstant));
if ($this->destination !== NULL) {
$root->setAttribute('Destination', $this->destination);
}
if ($this->consent !== NULL && $this->consent !== SAML2_Const::CONSENT_UNSPECIFIED) {
$root->setAttribute('Consent', $this->consent);
}
if ($this->issuer !== NULL) {
SAML2_Utils::addString($root, SAML2_Const::NS_SAML, 'saml:Issuer', $this->issuer);
}
if (!empty($this->extensions)) {
SAML2_XML_samlp_Extensions::addList($root, $this->extensions);
}
return $root;
}
/**
* Convert this logout request message to an XML element.
*
* @return DOMElement This logout request.
*/
public function toUnsignedXML()
{
$root = parent::toUnsignedXML();
SAML2_Utils::addNameId($root, $this->nameId);
$root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', time() + 3600));
if ($this->sessionIndex !== NULL) {
if (is_array($this->sessionIndex)) {
foreach ($this->sessionIndex as $si) {
SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $si);
}
} elseif (is_string($this->sessionIndex)) {
SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $this->sessionIndex);
}
}
return $root;
}
/**
* Convert this ContactPerson to XML.
*
* @param DOMElement $parent The element we should add this contact to.
* @return DOMElement The new ContactPerson-element.
*/
public function toXML(DOMElement $parent)
{
assert('is_string($this->contactType)');
assert('is_array($this->Extensions)');
assert('is_null($this->Company) || is_string($this->Company)');
assert('is_null($this->GivenName) || is_string($this->GivenName)');
assert('is_null($this->SurName) || is_string($this->SurName)');
assert('is_array($this->EmailAddress)');
assert('is_array($this->TelephoneNumber)');
$doc = $parent->ownerDocument;
$e = $doc->createElementNS(SAML2_Const::NS_MD, 'md:ContactPerson');
$parent->appendChild($e);
$e->setAttribute('contactType', $this->contactType);
SAML2_XML_md_Extensions::addList($e, $this->Extensions);
if (isset($this->Company)) {
SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:Company', $this->Company);
}
if (isset($this->GivenName)) {
SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:GivenName', $this->GivenName);
}
if (isset($this->SurName)) {
SAML2_Utils::addString($e, SAML2_Const::NS_MD, 'md:SurName', $this->SurName);
}
if (!empty($this->EmailAddress)) {
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:EmailAddress', FALSE, $this->EmailAddress);
}
if (!empty($this->TelephoneNumber)) {
SAML2_Utils::addStrings($e, SAML2_Const::NS_MD, 'md:TelephoneNumber', FALSE, $this->TelephoneNumber);
}
return $e;
}
/**
* Convert status response message to an XML element.
*
* @return DOMElement This status response.
*/
public function toUnsignedXML()
{
$root = parent::toUnsignedXML();
if ($this->inResponseTo !== NULL) {
$root->setAttribute('InResponseTo', $this->inResponseTo);
}
$status = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'Status');
$root->appendChild($status);
$statusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode');
$statusCode->setAttribute('Value', $this->status['Code']);
$status->appendChild($statusCode);
if (!is_null($this->status['SubCode'])) {
$subStatusCode = $this->document->createElementNS(SAML2_Const::NS_SAMLP, 'StatusCode');
$subStatusCode->setAttribute('Value', $this->status['SubCode']);
$statusCode->appendChild($subStatusCode);
}
if (!is_null($this->status['Message'])) {
SAML2_Utils::addString($status, SAML2_Const::NS_SAMLP, 'StatusMessage', $this->status['Message']);
}
return $root;
}
/**
* Convert this logout request message to an XML element.
*
* @return DOMElement This logout request.
*/
public function toUnsignedXML()
{
$root = parent::toUnsignedXML();
if ($this->notOnOrAfter !== NULL) {
$root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', $this->notOnOrAfter));
}
if ($this->encryptedNameId === NULL) {
SAML2_Utils::addNameId($root, $this->nameId);
} else {
$eid = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedID');
$root->appendChild($eid);
$eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, TRUE));
}
foreach ($this->sessionIndexes as $sessionIndex) {
SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $sessionIndex);
}
return $root;
}
/**
* Convert this logout request message to an XML element.
*
* @return DOMElement This logout request.
*/
public function toUnsignedXML()
{
$root = parent::toUnsignedXML();
SAML2_Utils::addNameId($root, $this->nameId);
if ($this->sessionIndex !== NULL) {
if (is_array($this->sessionIndex)) {
foreach ($this->sessionIndex as $si) {
SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $si);
}
} elseif (is_string($this->sessionIndex)) {
SAML2_Utils::addString($root, SAML2_Const::NS_SAMLP, 'SessionIndex', $this->sessionIndex);
}
}
return $root;
}
/**
* Add a AuthnStatement-node to the assertion.
*
* @param DOMElement $root The assertion element we should add the authentication statement to.
*/
private function addAuthnStatement(DOMElement $root)
{
if ($this->authnInstant === NULL || $this->authnContextClassRef === NULL && $this->authnContextDecl === NULL && $this->authnContextDeclRef === NULL) {
/* No authentication context or AuthnInstant => no authentication statement. */
return;
}
$document = $root->ownerDocument;
$authnStatementEl = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnStatement');
$root->appendChild($authnStatementEl);
$authnStatementEl->setAttribute('AuthnInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->authnInstant));
if ($this->sessionNotOnOrAfter !== NULL) {
$authnStatementEl->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', $this->sessionNotOnOrAfter));
}
if ($this->sessionIndex !== NULL) {
$authnStatementEl->setAttribute('SessionIndex', $this->sessionIndex);
}
$authnContextEl = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnContext');
$authnStatementEl->appendChild($authnContextEl);
if (!empty($this->authnContextClassRef)) {
SAML2_Utils::addString($authnContextEl, SAML2_Const::NS_SAML, 'saml:AuthnContextClassRef', $this->authnContextClassRef);
}
if (!empty($this->authnContextDecl)) {
$this->authnContextDecl->toXML($authnContextEl);
}
if (!empty($this->authnContextDeclRef)) {
SAML2_Utils::addString($authnContextEl, SAML2_Const::NS_SAML, 'saml:AuthnContextDeclRef', $this->authnContextDeclRef);
}
SAML2_Utils::addStrings($authnContextEl, SAML2_Const::NS_SAML, 'saml:AuthenticatingAuthority', FALSE, $this->AuthenticatingAuthority);
}
/**
* Add a AuthnStatement-node to the assertion.
*
* @param DOMElement $root The assertion element we should add the authentication statement to.
*/
private function addAuthnStatement(DOMElement $root)
{
if ($this->authnContext === NULL || $this->authnInstant === NULL) {
/* No authentication context or AuthnInstant => no authentication statement. */
return;
}
$document = $root->ownerDocument;
$as = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnStatement');
$root->appendChild($as);
$as->setAttribute('AuthnInstant', gmdate('Y-m-d\\TH:i:s\\Z', $this->authnInstant));
if ($this->sessionNotOnOrAfter !== NULL) {
$as->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\\TH:i:s\\Z', $this->sessionNotOnOrAfter));
}
if ($this->sessionIndex !== NULL) {
$as->setAttribute('SessionIndex', $this->sessionIndex);
}
$ac = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnContext');
$as->appendChild($ac);
SAML2_Utils::addString($ac, SAML2_Const::NS_SAML, 'saml:AuthnContextClassRef', $this->authnContext);
SAML2_Utils::addStrings($ac, SAML2_Const::NS_SAML, 'saml:AuthenticatingAuthority', false, $this->AuthenticatingAuthority);
}
/**
* Convert this ECP Request to XML.
*
* @param DOMElement $parent The element we should append this element to.
*/
public function toXML(DOMElement $parent)
{
assert('is_string($this->ProviderName) || is_null($this->ProviderName)');
assert('is_bool($this->IsPassive) || is_null($this->IsPassive)');
assert('is_string($this->Issuer)');
assert('is_null($this->IDPList) || $this->IDPList instanceof SAML2_XML_samlp_IDPList');
$doc = $parent->ownerDocument;
$e = $doc->createElementNS(SAML2_Const::NS_ECP, 'ecp:Request');
$parent->appendChild($e);
$e->setAttributeNS(SAML2_Const::NS_SOAP, 'SOAP-ENV:mustUnderstand', '1');
$e->setAttributeNS(SAML2_Const::NS_SOAP, 'SOAP-ENV:actor', 'http://schemas.xmlsoap.org/soap/actor/next');
if ($this->ProviderName !== NULL) {
$e->setAttribute('ProviderName', $this->ProviderName);
}
if ($this->IsPassive === TRUE) {
$e->setAttribute('IsPassive', 'true');
} elseif ($this->IsPassive === FALSE) {
$e->setAttribute('IsPassive', 'false');
}
SAML2_Utils::addString($e, SAML2_Const::NS_SAML, 'saml:Issuer', $this->Issuer);
if ($this->IDPList !== NULL) {
$this->IDPList->toXML($e);
}
return $e;
}
