private static function getMetadata($eid, $revision, $type = null, array $option = null) { assert('ctype_digit($eid)'); assert('ctype_digit($revision)'); $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php'); $econtroller = new sspmod_janus_EntityController($janus_config); if (!($entity = $econtroller->setEntity($eid, $revision))) { self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revisionid); return false; } $metadata_raw = $econtroller->getMetadata(); // Get metadata fields $nm_mb = new sspmod_janus_MetadatafieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType())); $metadatafields_required = $nm_mb->getMetadatafields(); // Get required metadata fields $required = array(); foreach ($metadatafields_required as $mf) { if (isset($mf->required) && $mf->required === true) { $required[] = $mf->name; } } // Get metadata to me tested $metadata = array(); foreach ($metadata_raw as $k => $v) { // Metadata field not defined if (!isset($metadatafields_required[$v->getKey()])) { continue; } // Value not set for metadata if (is_string($v->getValue()) && $v->getValue() == '') { continue; } // Compute is the default values is allowed $default_allow = false; if (isset($metadatafield_required[$v->getKey()]->default_allow) && is_bool($metadata_required[$v->getKey()]->default_allow)) { $default_allow = $metadata_required[$v->getKey()]->default_allow; } /* * Do not include metadata if value is set to default and default * is not allowed. */ if (!$default_allow && (isset($metadata_required[$v->getKey()]->default) && $v->getValue() == $metadata_required[$v->getKey()]->default)) { continue; } $metadata[] = $v->getKey(); } // Compute missing metadata that is required $missing_required = array_diff($required, $metadata); $entityid = $entity->getEntityid(); if (empty($missing_required)) { try { $metaArray = $econtroller->getMetaArray(); $metaArray['eid'] = $eid; $blocked_entities = $econtroller->getBlockedEntities(); $allowed_entities = $econtroller->getAllowedEntities(); $disable_consent = $econtroller->getDisableConsent(); $metaflat = '// Revision: ' . $entity->getRevisionid() . "\n"; $metaflat .= var_export($entityid, TRUE) . ' => ' . var_export($metaArray, TRUE) . ','; // Add authproc filter to block blocked entities if (!empty($blocked_entities) || !empty($allowed_entities)) { $metaflat = substr($metaflat, 0, -2); if (!empty($blocked_entities)) { $metaflat .= " 'blocked' => array(\n"; foreach ($blocked_entities as $bentity => $value) { $metaflat .= " '" . $bentity . "',\n"; } $metaflat .= " ),\n"; } if (!empty($allowed_entities)) { $metaflat .= " 'allowed' => array(\n"; foreach ($allowed_entities as $aentity => $value) { $metaflat .= " '" . $aentity . "',\n"; } $metaflat .= " ),\n"; } $metaflat .= '),'; } // Add disable consent if (!empty($disable_consent)) { $metaflat = substr($metaflat, 0, -2); $metaflat .= " 'consent.disable' => array(\n"; foreach ($disable_consent as $key => $value) { $metaflat .= " '" . $key . "',\n"; } $metaflat .= " ),\n"; $metaflat .= '),'; } $maxCache = isset($option['maxCache']) ? $option['maxCache'] : null; $maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null; try { $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityid, $maxCache, $maxDuration); $metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray); } catch (Exception $e) { SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityid . ' - Error generating XML metadata - ' . var_export($e, true)); self::$_error = array('Error generating XML metadata - ' . $e->getMessage()); return false; } // Add organization info if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) { $metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL'])); } // Add contact info if (!empty($metaArray['contact'])) { $metaBuilder->addContact('technical', $metaArray['contact']); } switch ($type) { case self::XML: return $metaBuilder->getEntityDescriptor(); case self::XMLREADABLE: return $metaBuilder->getEntityDescriptorText(); case self::PHPARRAY: return $metaArray; case self::FLATFILE: default: return $metaflat; } } catch (Exception $exception) { $session = SimpleSAML_Session::getInstance(); SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception); } } else { SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityid); self::$_error = $missing_required; return false; } }
protected static function _checkIdPMetadataIsConnectionAllowed(array $data, $revisionId = NULL) { $idpcontroller = new sspmod_janus_EntityController(SimpleSAML_Configuration::getConfig('module_janus.php')); $idpcontroller->setEntity($data['idpentityid'], $revisionId); if ($idpcontroller->getAllowedAll() != "yes") { $idpblocked = $idpcontroller->getBlockedEntities(); if (count($idpblocked) && !array_key_exists($data['spentityid'], $idpblocked)) { return true; } $idpallowed = $idpcontroller->getAllowedEntities(); if (count($idpallowed) && array_key_exists($data['spentityid'], $idpallowed)) { return true; } return false; } return true; }
$note .= 'Existing entity removed: ' . $entityid . '<br/>'; } } } } else { if (count($mcontroller->getBlockedEntities())) { // There were blocked entities but they were no longer posted; we should clear them all $mcontroller->clearBlockedEntities(); $update = TRUE; } } } if ($guard->hasPermission('blockremoteentity', $entity->getWorkflow(), $user->getType())) { if (isset($_POST['addAllowed'])) { $mcontroller->setAllowedAll('no'); $current = array_keys($mcontroller->getAllowedEntities()); // Add the ones that are selected foreach ($_POST['addAllowed'] as $key) { if ($mcontroller->addAllowedEntity($key)) { $update = TRUE; $note .= 'Remote entity added: ' . $key . '<br />'; } } // Remove the ones that were, but are now no longer selected foreach ($current as $entityid) { if (!in_array($entityid, $_POST['addAllowed'])) { if ($mcontroller->removeAllowedEntity($entityid)) { $update = TRUE; $note .= 'Existing entity removed: ' . $entityid . '<br/>'; } }