$strict_cert_validation = $janus_config->getBoolean('cert.strict.validation', true); $cert_allowed_warnings = $janus_config->getArray('cert.allowed.warnings', array()); $cert_time_limit = $janus_config->getInteger('notify.cert.expiring.before', 30); } $notify_meta_expiring_before = $janus_config->getInteger('notify.meta.expiring.before', 5); $meta_time_limit = $now + $notify_meta_expiring_before * 86400; $workflowstates = $janus_config->getValue('workflowstates'); foreach ($util->getEntities() as $entity) { $entry = array(); $eid = $entity['eid']; // Get Entity controller $mcontroller = new sspmod_janus_EntityController($janus_config); $mcontroller->setEntity($eid); $mcontroller->loadEntity(); // Grab some basic fields $metadata = $mcontroller->getMetadata(); $entity_id = $mcontroller->getEntity()->getEntityid(); $entity_type = $mcontroller->getEntity()->getType(); $prettyname = $mcontroller->getEntity()->getPrettyname(); $entity_workflow = $mcontroller->getEntity()->getWorkflow(); $metaArray = $mcontroller->getMetaArray(); $entry['entityid'] = $entity_id; $entry['entitytype'] = $entity_type; $entry['prettyname'] = $prettyname; $entry['workflow'] = $entity_workflow; // Check if the entity has all the required fields $metadata_alowed = $janus_config->getArray('metadatafields.' . $entity_type, array()); $metadata_required = array(); foreach ($metadata_alowed as $k => $v) { if (array_key_exists('required', $v) && $v['required'] === true) { $metadata_required[] = $k;
private static function getMetadata($eid, $revision, $type = null, array $option = null) { assert('ctype_digit($eid)'); assert('ctype_digit($revision)'); $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php'); $econtroller = new sspmod_janus_EntityController($janus_config); if (!($entity = $econtroller->setEntity($eid, $revision))) { self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revisionid); return false; } $metadata_raw = $econtroller->getMetadata(); // Get metadata fields $nm_mb = new sspmod_janus_MetadatafieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType())); $metadatafields_required = $nm_mb->getMetadatafields(); // Get required metadata fields $required = array(); foreach ($metadatafields_required as $mf) { if (isset($mf->required) && $mf->required === true) { $required[] = $mf->name; } } // Get metadata to me tested $metadata = array(); foreach ($metadata_raw as $k => $v) { // Metadata field not defined if (!isset($metadatafields_required[$v->getKey()])) { continue; } // Value not set for metadata if (is_string($v->getValue()) && $v->getValue() == '') { continue; } // Compute is the default values is allowed $default_allow = false; if (isset($metadatafield_required[$v->getKey()]->default_allow) && is_bool($metadata_required[$v->getKey()]->default_allow)) { $default_allow = $metadata_required[$v->getKey()]->default_allow; } /* * Do not include metadata if value is set to default and default * is not allowed. */ if (!$default_allow && (isset($metadata_required[$v->getKey()]->default) && $v->getValue() == $metadata_required[$v->getKey()]->default)) { continue; } $metadata[] = $v->getKey(); } // Compute missing metadata that is required $missing_required = array_diff($required, $metadata); $entityid = $entity->getEntityid(); if (empty($missing_required)) { try { $metaArray = $econtroller->getMetaArray(); $metaArray['eid'] = $eid; $blocked_entities = $econtroller->getBlockedEntities(); $allowed_entities = $econtroller->getAllowedEntities(); $disable_consent = $econtroller->getDisableConsent(); $metaflat = '// Revision: ' . $entity->getRevisionid() . "\n"; $metaflat .= var_export($entityid, TRUE) . ' => ' . var_export($metaArray, TRUE) . ','; // Add authproc filter to block blocked entities if (!empty($blocked_entities) || !empty($allowed_entities)) { $metaflat = substr($metaflat, 0, -2); if (!empty($blocked_entities)) { $metaflat .= " 'blocked' => array(\n"; foreach ($blocked_entities as $bentity => $value) { $metaflat .= " '" . $bentity . "',\n"; } $metaflat .= " ),\n"; } if (!empty($allowed_entities)) { $metaflat .= " 'allowed' => array(\n"; foreach ($allowed_entities as $aentity => $value) { $metaflat .= " '" . $aentity . "',\n"; } $metaflat .= " ),\n"; } $metaflat .= '),'; } // Add disable consent if (!empty($disable_consent)) { $metaflat = substr($metaflat, 0, -2); $metaflat .= " 'consent.disable' => array(\n"; foreach ($disable_consent as $key => $value) { $metaflat .= " '" . $key . "',\n"; } $metaflat .= " ),\n"; $metaflat .= '),'; } $maxCache = isset($option['maxCache']) ? $option['maxCache'] : null; $maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null; try { $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityid, $maxCache, $maxDuration); $metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray); } catch (Exception $e) { SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityid . ' - Error generating XML metadata - ' . var_export($e, true)); self::$_error = array('Error generating XML metadata - ' . $e->getMessage()); return false; } // Add organization info if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) { $metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL'])); } // Add contact info if (!empty($metaArray['contact'])) { $metaBuilder->addContact('technical', $metaArray['contact']); } switch ($type) { case self::XML: return $metaBuilder->getEntityDescriptor(); case self::XMLREADABLE: return $metaBuilder->getEntityDescriptorText(); case self::PHPARRAY: return $metaArray; case self::FLATFILE: default: return $metaflat; } } catch (Exception $exception) { $session = SimpleSAML_Session::getInstance(); SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception); } } else { SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityid); self::$_error = $missing_required; return false; } }
protected static function _getMetadataForEntity($entity, $revisionid = NULL, $keys = array()) { $econtroller = new sspmod_janus_EntityController(SimpleSAML_Configuration::getConfig('module_janus.php')); /** @var $entity sspmod_janus_Entity */ $entity = $econtroller->setEntity($entity, $revisionid); if (!$entity->getWorkflow()) { return false; } $metadata = $econtroller->getMetadata(); $result = array(); foreach ($metadata as $meta) { if (count($keys) == 0 || in_array($meta->getKey(), $keys)) { $result[$meta->getKey()] = $meta->getValue(); } } return $result; }
$update = TRUE; $note .= 'Changed workflow: ' . $_POST['entity_workflow'] . '<br />'; $addresses[] = 'ENTITYUPDATE-' . $eid . '-CHANGESTATE-' . $_POST['entity_workflow']; } } // change ARPw if (isset($_POST['entity_arp']) && $guard->hasPermission('changearp', $entity->getWorkflow(), $user->getType())) { if ($entity->setArp($_POST['entity_arp'])) { $update = TRUE; $note .= 'Changed arp: ' . $_POST['entity_arp'] . '<br />'; $addresses[] = 'ENTITYUPDATE-' . $eid . '-CHANGEARP-' . $_POST['entity_arp']; } } // Change entity type if ($entity->setType($_POST['entity_type']) && $guard->hasPermission('changeentitytype', $entity->getWorkflow(), $user->getType())) { $old_metadata = $mcontroller->getMetadata(); // Get metadatafields for new type $nm_mb = new sspmod_janus_MetadatafieldBuilder($janus_config->getArray('metadatafields.' . $_POST['entity_type'])); $new_metadata = $nm_mb->getMetadatafields(); // Only remove fields specific to old type foreach ($old_metadata as $om) { if (!isset($new_metadata[$om->getKey()])) { $mcontroller->removeMetadata($om->getKey()); } } // Add all required fields for new type foreach ($new_metadata as $mf) { if (isset($mf->required) && $mf->required === true) { $mcontroller->addMetadata($mf->name, $mf->default); $update = true; }