/** * Initialize a AffiliationDescriptor. * * @param DOMElement|NULL $xml The XML element we should load. */ public function __construct(DOMElement $xml = NULL) { parent::__construct($xml); if ($xml === NULL) { return; } if (!$xml->hasAttribute('affiliationOwnerID')) { throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.'); } $this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID'); if ($xml->hasAttribute('ID')) { $this->ID = $xml->getAttribute('ID'); } if ($xml->hasAttribute('validUntil')) { $this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil')); } if ($xml->hasAttribute('cacheDuration')) { $this->cacheDuration = $xml->getAttribute('cacheDuration'); } $this->Extensions = SAML2_XML_md_Extensions::getList($xml); $this->AffiliateMember = SAML2_Utils::extractStrings($xml, './saml_metadata:AffiliateMember'); if (empty($this->AffiliateMember)) { throw new Exception('Missing AffiliateMember in AffiliationDescriptor.'); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) { $this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd); } }
/** * Test retrieval of a string value for a given node. */ public function testExtractString() { $document = SAML2_DOMDocumentFactory::fromString('<root xmlns="' . SAML2_Const::NS_MD . '">' . '<somenode>value1</somenode>' . '<somenode>value2</somenode>' . '</root>'); $stringValues = SAML2_Utils::extractStrings($document->firstChild, SAML2_Const::NS_MD, 'somenode'); $this->assertTrue(count($stringValues) === 2); $this->assertEquals('value1', $stringValues[0]); $this->assertEquals('value2', $stringValues[1]); }
/** * Create a DiscoHints element. * * @param DOMElement|NULL $xml The XML element we should load. */ public function __construct(DOMElement $xml = NULL) { if ($xml === NULL) { return; } $this->IPHint = SAML2_Utils::extractStrings($xml, self::NS, 'IPHint'); $this->DomainHint = SAML2_Utils::extractStrings($xml, self::NS, 'DomainHint'); $this->GeolocationHint = SAML2_Utils::extractStrings($xml, self::NS, 'GeolocationHint'); foreach (SAML2_Utils::xpQuery($xml, "./*[namespace-uri()!='" . self::NS . "']") as $node) { $this->children[] = new SAML2_XML_Chunk($node); } }
/** * Initialize an IDPSSODescriptor. * * @param DOMElement|NULL $xml The XML element we should load. * @throws Exception */ public function __construct(DOMElement $xml = NULL) { parent::__construct('md:PDPDescriptor', $xml); if ($xml === NULL) { return; } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AuthzService') as $ep) { $this->AuthzService[] = new SAML2_XML_md_EndpointType($ep); } if (empty($this->AuthzService)) { throw new Exception('Must have at least one AuthzService in PDPDescriptor.'); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) { $this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($ep); } $this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat'); }
/** * Initialize a SSODescriptor. * * @param string $elementName The name of this element. * @param DOMElement|NULL $xml The XML element we should load. */ protected function __construct($elementName, DOMElement $xml = NULL) { assert('is_string($elementName)'); parent::__construct($elementName, $xml); if ($xml === NULL) { return; } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ArtifactResolutionService') as $ep) { $this->ArtifactResolutionService[] = new SAML2_XML_md_IndexedEndpointType($ep); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:SingleLogoutService') as $ep) { $this->SingleLogoutService[] = new SAML2_XML_md_EndpointType($ep); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:ManageNameIDService') as $ep) { $this->ManageNameIDService[] = new SAML2_XML_md_EndpointType($ep); } $this->NameIDFormat = SAML2_Utils::extractStrings($xml, SAML2_Const::NS_MD, 'NameIDFormat'); }
/** * Initialize an IDPSSODescriptor. * * @param DOMElement|NULL $xml The XML element we should load. */ public function __construct(DOMElement $xml = NULL) { parent::__construct('md:AttributeAuthorityDescriptor', $xml); if ($xml === NULL) { return; } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AttributeService') as $ep) { $this->AttributeService[] = new SAML2_XML_md_EndpointType($ep); } if (empty($this->AttributeService)) { throw new Exception('Must have at least one AttributeService in AttributeAuthorityDescriptor.'); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) { $this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($airs); } $this->NameIDFormat = SAML2_Utils::extractStrings($xml, './saml_metadata:NameIDFormat'); $this->AttributeProfile = SAML2_Utils::extractStrings($xml, './saml_metadata:AttributeProfile'); foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute') as $a) { $this->Attribute[] = new SAML2_XML_saml_Attribute($a); } }
/** * Initialize an IDPSSODescriptor. * * @param DOMElement|NULL $xml The XML element we should load. */ public function __construct(DOMElement $xml = NULL) { parent::__construct('md:IDPSSODescriptor', $xml); if ($xml === NULL) { return; } $this->WantAuthnRequestsSigned = SAML2_Utils::parseBoolean($xml, 'WantAuthnRequestsSigned', NULL); foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:SingleSignOnService') as $ep) { $this->SingleSignOnService[] = new SAML2_XML_md_EndpointType($ep); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:NameIDMappingService') as $ep) { $this->NameIDMappingService[] = new SAML2_XML_md_EndpointType($ep); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:AssertionIDRequestService') as $ep) { $this->AssertionIDRequestService[] = new SAML2_XML_md_EndpointType($airs); } $this->AttributeProfile = SAML2_Utils::extractStrings($xml, './saml_metadata:AttributeProfile'); foreach (SAML2_Utils::xpQuery($xml, './saml_assertion:Attribute') as $a) { $this->Attribute[] = new SAML2_XML_saml_Attribute($a); } }
/** * Parse AuthnStatement in assertion. * * @param DOMElement $xml The assertion XML element. */ private function parseAuthnStatement(DOMElement $xml) { $as = SAML2_Utils::xpQuery($xml, './saml_assertion:AuthnStatement'); if (empty($as)) { $this->authnInstant = NULL; return; } elseif (count($as) > 1) { throw new Exception('More that one <saml:AuthnStatement> in <saml:Assertion> not supported.'); } $as = $as[0]; $this->authnStatement = array(); if (!$as->hasAttribute('AuthnInstant')) { throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.'); } $this->authnInstant = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('AuthnInstant')); if ($as->hasAttribute('SessionNotOnOrAfter')) { $this->sessionNotOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('SessionNotOnOrAfter')); } if ($as->hasAttribute('SessionIndex')) { $this->sessionIndex = $as->getAttribute('SessionIndex'); } $ac = SAML2_Utils::xpQuery($as, './saml_assertion:AuthnContext'); if (empty($ac)) { throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.'); } elseif (count($ac) > 1) { throw new Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.'); } $ac = $ac[0]; $accr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextClassRef'); if (empty($accr)) { $acdr = SAML2_Utils::xpQuery($ac, './saml_assertion:AuthnContextDeclRef'); if (empty($acdr)) { throw new Exception('Neither <saml:AuthnContextClassRef> nor <saml:AuthnContextDeclRef> found in <saml:AuthnContext>.'); } elseif (count($accr) > 1) { throw new Exception('More than one <saml:AuthnContextDeclRef> in <saml:AuthnContext>.'); } $this->authnContext = trim($acdr[0]->textContent); } elseif (count($accr) > 1) { throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.'); } else { $this->authnContext = trim($accr[0]->textContent); } $this->AuthenticatingAuthority = SAML2_Utils::extractStrings($ac, SAML2_Const::NS_SAML, 'AuthenticatingAuthority'); }
/** * Parse AuthnContext in AuthnStatement. * * @param DOMElement $authnStatementEl * @throws Exception */ private function parseAuthnContext(DOMElement $authnStatementEl) { // Get the AuthnContext element $authnContexts = SAML2_Utils::xpQuery($authnStatementEl, './saml_assertion:AuthnContext'); if (count($authnContexts) > 1) { throw new Exception('More than one <saml:AuthnContext> in <saml:AuthnStatement>.'); } elseif (empty($authnContexts)) { throw new Exception('Missing required <saml:AuthnContext> in <saml:AuthnStatement>.'); } $authnContextEl = $authnContexts[0]; // Get the AuthnContextDeclRef (if available) $authnContextDeclRefs = SAML2_Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextDeclRef'); if (count($authnContextDeclRefs) > 1) { throw new Exception('More than one <saml:AuthnContextDeclRef> found?'); } elseif (count($authnContextDeclRefs) === 1) { $this->setAuthnContextDeclRef(trim($authnContextDeclRefs[0]->textContent)); } // Get the AuthnContextDecl (if available) $authnContextDecls = SAML2_Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextDecl'); if (count($authnContextDecls) > 1) { throw new Exception('More than one <saml:AuthnContextDecl> found?'); } elseif (count($authnContextDecls) === 1) { $this->setAuthnContextDecl(new SAML2_XML_Chunk($authnContextDecls[0])); } // Get the AuthnContextClassRef (if available) $authnContextClassRefs = SAML2_Utils::xpQuery($authnContextEl, './saml_assertion:AuthnContextClassRef'); if (count($authnContextClassRefs) > 1) { throw new Exception('More than one <saml:AuthnContextClassRef> in <saml:AuthnContext>.'); } elseif (count($authnContextClassRefs) === 1) { $this->setAuthnContextClassRef(trim($authnContextClassRefs[0]->textContent)); } // Constraint from XSD: MUST have one of the three if (empty($this->authnContextClassRef) && empty($this->authnContextDecl) && empty($this->authnContextDeclRef)) { throw new Exception('Missing either <saml:AuthnContextClassRef> or <saml:AuthnContextDeclRef> or <saml:AuthnContextDecl>'); } $this->AuthenticatingAuthority = SAML2_Utils::extractStrings($authnContextEl, SAML2_Const::NS_SAML, 'AuthenticatingAuthority'); }