protected function _mailTechnicalContact($tag, sspmod_janus_Cron_Logger $logger)
{
$errorHtml = $this->_getHtmlForMessages($logger->getNamespacedErrors(), 'errors');
$warningHtml = $this->_getHtmlForMessages($logger->getNamespacedWarnings(), 'warnings');
$noticeHtml = $this->_getHtmlForMessages($logger->getNamespacedNotices(), 'notices');
$config = SimpleSAML_Configuration::getInstance();
$time = date(DATE_RFC822);
$url = SimpleSAML_Utilities::selfURL();
$message = <<<MESSAGE
<h1>Cron report</h1>
<p>Cron ran at {$time}</p>
<p>URL: <tt>{$url}</tt></p>
<p>Tag: {$tag}</p>
<h2>Errors</h2>
{$errorHtml}
<h2>Warnings</h2>
{$warningHtml}
<h2>Notices</h2>
{$noticeHtml}
MESSAGE;
$toAddress = $config->getString('technicalcontact_email', '*****@*****.**');
if ($toAddress == '*****@*****.**') {
SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.');
} else {
$email = new SimpleSAML_XHTML_EMail($toAddress, 'JANUS cron report', '*****@*****.**');
$email->setBody($message);
$email->send();
}
}
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array("Not doing metadata_refresh");
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entity = $entityController->getEntity();
$entityId = $entity->getEntityId();
$metadataUrl = $entity->getMetadataURL();
$metadataCachingInfo = $entityController->getMetadataCaching();
if (empty($metadataUrl)) {
$cronLogger->with($entityId)->warn("No metadata url.");
continue;
}
$nextRun = time();
switch ($cronTag) {
case 'hourly':
$nextRun += 3600;
break;
case 'daily':
$nextRun += 24 * 60 * 60;
break;
case 'frequent':
$nextRun += 0;
// How often is frequent?
break;
default:
throw new Exception("Unknown cron tag '{$cronTag}'");
}
if ($metadataCachingInfo['validUntil'] > $nextRun && $metadataCachingInfo['cacheUntil'] > $nextRun) {
$cronLogger->with($entityId)->notice("Should not update, cache still valid.");
continue;
}
$xml = @file_get_contents($metadataUrl);
if (!$xml) {
$cronLogger->with($entityId)->error("Failed import of entity. Bad URL '{$metadataUrl}'? ");
continue;
}
$document = new DOMDocument();
if (!@$document->loadXML($xml)) {
$cronLogger->with($entityId)->error("Failed import of entity. Invalid XML at '{$metadataUrl}'?");
continue;
}
$query = new DOMXPath($document);
$nsFound = false;
foreach ($query->query('namespace::*') as $node) {
if ($node->nodeValue === "urn:oasis:names:tc:SAML:2.0:metadata") {
$nsFound = true;
break;
}
}
if (!$nsFound) {
$cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain SAML2 Metadata namespace?");
continue;
}
$query->registerNamespace('md', "urn:oasis:names:tc:SAML:2.0:metadata");
$entityDescriptorDomElement = $query->query("//md:EntityDescriptor[@entityID=\"{$entityId}\"]");
if ($entityDescriptorDomElement->length === 0) {
$cronLogger->with($entityId)->error("Failed import of entity. Metadata at '{$metadataUrl}' does not contain an EntityDescriptor with entityId '{$entityId}'?");
continue;
}
$updated = false;
if ($entity->getType() == 'saml20-sp') {
$statusCode = $entityController->importMetadata20SP($xml, $updated);
if ($statusCode !== 'status_metadata_parsed_ok') {
$cronLogger->with($entityId)->error("Entity not updated");
}
} else {
if ($entity->getType() == 'saml20-idp') {
$statusCode = $entityController->importMetadata20IdP($xml, $updated);
if ($statusCode !== 'status_metadata_parsed_ok') {
$cronLogger->with($entityId)->error("Entity not updated");
}
} else {
$cronLogger->with($entityId)->error("Failed import of entity. Wrong type");
}
}
if ($updated) {
$entity->setParent($entity->getRevisionid());
$entityController->saveEntity();
$cronLogger->with($entityId)->notice("Entity updated");
$metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId);
$entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']);
} else {
$cronLogger->with($entityId)->notice("Entity not updated, no changes required");
// Update metadata caching info (validUntil )
$metadataCachingInfo = $this->_getMetaDataCachingInfo($xml, $entityId);
$entityController->setMetadataCaching($metadataCachingInfo['validUntil'], $metadataCachingInfo['cacheUntil']);
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array();
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$srConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$rootCertificatesFile = $srConfig->getString('ca_bundle_file');
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
try {
$entityController = new sspmod_janus_EntityController($janusConfig);
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entityId = $entityController->getEntity()->getEntityid();
$entityType = $entityController->getEntity()->getType();
try {
try {
$certificate = $entityController->getCertificate();
// @workaround
// Since getCertificate() returns false when certificate does not exist following check is required to skip validation
if (empty($certificate)) {
throw new Exception('No certificate found');
}
} catch (Exception $e) {
if ($entityType === 'saml20-sp') {
$cronLogger->with($entityId)->notice("SP does not have a certificate");
} else {
if ($entityType === 'saml20-idp') {
$cronLogger->with($entityId)->warn("Unable to create certificate object, certData missing?");
}
}
continue;
}
$validator = new sspmod_janus_OpenSsl_Certificate_Validator($certificate);
$validator->setIgnoreSelfSigned(true);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->error($error);
}
sspmod_janus_OpenSsl_Certificate_Chain_Factory::loadRootCertificatesFromFile($rootCertificatesFile);
$chain = sspmod_janus_OpenSsl_Certificate_Chain_Factory::createFromCertificateIssuerUrl($certificate);
$validator = new sspmod_janus_OpenSsl_Certificate_Chain_Validator($chain);
$validator->setIgnoreSelfSigned(true);
$validator->setTrustedRootCertificateAuthorityFile($rootCertificatesFile);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->error($error);
}
} catch (Exception $e) {
$cronLogger->with($entityId)->error($e->getMessage());
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage() . $e->getTraceAsString());
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage() . $e->getTraceAsString());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
public function runForCronTag($cronTag)
{
if (!$this->_isExecuteRequired($cronTag)) {
return array();
}
$cronLogger = new sspmod_janus_Cron_Logger();
try {
$janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
$util = new sspmod_janus_AdminUtil();
$entities = $util->getEntities();
foreach ($entities as $partialEntity) {
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$eid = $partialEntity['eid'];
if (!$entityController->setEntity($eid)) {
$cronLogger->with($eid)->error("Failed import of entity. Wrong eid '{$eid}'.");
continue;
}
$entityController->loadEntity();
$entityId = $entityController->getEntity()->getEntityid();
$entityMetadata = $entityController->getMetaArray();
foreach ($this->_endpointMetadataFields as $endPointMetaKey) {
if (!isset($entityMetadata[$endPointMetaKey])) {
// This entity does not have this binding
continue;
}
foreach ($entityMetadata[$endPointMetaKey] as $index => $binding) {
$key = $endPointMetaKey . ':' . $index;
if (!isset($binding['Location']) || trim($binding['Location']) === "") {
$cronLogger->with($entityId)->with($key)->error("Binding has no Location?");
continue;
}
try {
$sslUrl = new Janus_OpenSsl_Url($binding['Location']);
} catch (Exception $e) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is not a valid URL");
continue;
}
if (!$sslUrl->isHttps()) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is not HTTPS");
continue;
}
$connectSuccess = $sslUrl->connect();
if (!$connectSuccess) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Endpoint is unreachable");
continue;
}
if (!$sslUrl->isCertificateValidForUrlHostname()) {
$urlHostName = $sslUrl->getHostName();
$validHostNames = $sslUrl->getServerCertificate()->getValidHostNames();
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error("Certificate does not match the hostname '{$urlHostName}' (instead it matches " . implode(', ', $validHostNames) . ")");
}
$urlChain = $sslUrl->getServerCertificateChain();
$validator = new Janus_OpenSsl_Certificate_Chain_Validator($urlChain);
$validator->validate();
$validatorWarnings = $validator->getWarnings();
$validatorErrors = $validator->getErrors();
foreach ($validatorWarnings as $warning) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->warn($warning);
}
foreach ($validatorErrors as $error) {
$cronLogger->with($entityId)->with($key)->with($sslUrl->getUrl())->error($error);
}
}
}
}
} catch (Exception $e) {
$cronLogger->error($e->getMessage());
}
if ($cronLogger->hasErrors()) {
$this->_mailTechnicalContact($cronTag, $cronLogger);
}
return $cronLogger->getSummaryLines();
}
