Added parsing of attribute list and name and description in AttributeConsumerService element. improved expire handling...

andreassolberg · andreassolberg · commit 61870d59037d · 2009-02-20T12:06:30.000Z
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1288 44740490-163a-0410-bde0-09ae8108e29a
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -39,7 +39,9 @@ public function __construct($entityId, $maxCache = NULL, $maxDuration = NULL) {
 		$this->maxDuration = $maxDuration;
 
 		$this->document = new DOMDocument();
+		
 		$this->entityDescriptor = $this->createElement('EntityDescriptor');
+#		$this->entityDescriptor->setAttribute('xmlns:xml', 'http://www.w3.org/XML/1998/namespace');
 		$this->entityDescriptor->setAttribute('entityID', $entityId);
 		
 		$this->document->appendChild($this->entityDescriptor);
@@ -228,9 +230,9 @@ public function addMetadataSP20($metadata) {
 		$e->setAttribute('protocolSupportEnumeration', 'urn:oasis:names:tc:SAML:2.0:protocol');
 		
 		
-		$this->addExtensions($metadata);
+#		$this->addExtensions($metadata);
 
-		$this->addCertificate($e, $metadata);
+#		$this->addCertificate($e, $metadata);
 
 		if (array_key_exists('SingleLogoutService', $metadata)) {
 			$t = $this->createElement('SingleLogoutService');
@@ -258,7 +260,8 @@ public function addMetadataSP20($metadata) {
 			$e->appendChild($t);
 		}
 
-		if (array_key_exists('name', $metadata) || array_key_exists('attributes', $metadata)) {
+
+		if ( array_key_exists('name', $metadata) || array_key_exists('attributes', $metadata)) {
 			/**
 			 * Add an AttributeConsumingService element with information as name and description and list
 			 * of requested attributes
@@ -308,7 +311,7 @@ public function addMetadataSP20($metadata) {
 
 		$this->entityDescriptor->appendChild($e);
 		
-		$this->addOrganizationInfo($metadata);
+#		$this->addOrganizationInfo($metadata);
 		
 		if (array_key_exists('contacts', $metadata) && is_array($metadata['contacts']) ) {
 			foreach($metadata['contacts'] AS $contact) {
@@ -349,9 +352,9 @@ public function addMetadataIdP20($metadata) {
 			$e->setAttribute('WantAuthnRequestSigned', 'true');
 		}
 		
-		$this->addExtensions($metadata);
+#		$this->addExtensions($metadata);
 
-		$this->addCertificate($e, $metadata);
+#		$this->addCertificate($e, $metadata);
 
 		if (array_key_exists('SingleLogoutService', $metadata)) {
 			$t = $this->createElement('SingleLogoutService');
@@ -380,7 +383,7 @@ public function addMetadataIdP20($metadata) {
 		
 		$this->entityDescriptor->appendChild($e);
 		
-		$this->addOrganizationInfo($metadata);
+#		$this->addOrganizationInfo($metadata);
 		
 		if (array_key_exists('contacts', $metadata) && is_array($metadata['contacts']) ) {
 			foreach($metadata['contacts'] AS $contact) {
@@ -415,7 +418,7 @@ public function addMetadataSP11($metadata) {
 		$e = $this->createElement('SPSSODescriptor');
 		$e->setAttribute('protocolSupportEnumeration', 'urn:oasis:names:tc:SAML:1.1:protocol');
 
-		$this->addCertificate($e, $metadata);
+#		$this->addCertificate($e, $metadata);
 
 		if (array_key_exists('NameIDFormat', $metadata)) {
 			$t = $this->createElement('NameIDFormat');
@@ -446,7 +449,7 @@ public function addMetadataIdP11($metadata) {
 		$e = $this->createElement('IDPSSODescriptor');
 		$e->setAttribute('protocolSupportEnumeration', 'urn:oasis:names:tc:SAML:1.1:protocol');
 
-		$this->addCertificate($e, $metadata);
+#		$this->addCertificate($e, $metadata);
 
 		if (array_key_exists('NameIDFormat', $metadata)) {
 			$t = $this->createElement('NameIDFormat');
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -618,6 +618,9 @@ public function getMetadata20SP() {
 			$ret['NameIDFormat'] = $spd['nameIDFormats'][0];
 		}
 
+		if (array_key_exists('attributes', $spd)) {
+			$ret['attributes'] = $spd['attributes'];
+		}
 
 		/* Add certificate data. Only the first valid certificate will be added. */
 		foreach($spd['keys'] as $key) {
@@ -818,6 +821,13 @@ private function processSPSSODescriptor($element, $expireTime) {
 			$sp['assertionConsumerServices'][] = self::parseAssertionConsumerService($child);
 		}
 
+		/* Find all the attributes and SP name... */
+		#$sp['attributes'] = array();
+		$attcs = SimpleSAML_Utilities::getDOMChildren($element, 'AttributeConsumingService', '@md');
+		if (count($attcs) > 0) {
+			self::parseAttributeConsumerService($attcs[0], &$sp);
+		}
+		
 
 		$this->spDescriptors[] = $sp;
 	}
@@ -973,6 +983,37 @@ private static function parseAssertionConsumerService($element) {
 	}
 
 
+	/**
+	 * This function parses AttributeConsumerService elements.
+	 */
+	private static function parseAttributeConsumerService($element, &$sp) {
+		assert('$element instanceof DOMElement');
+		assert('is_array($sp)');
+				
+		$elements = SimpleSAML_Utilities::getDOMChildren($element, 'ServiceName', '@md');
+		foreach($elements AS $child) {
+			$language = $child->getAttributeNS('http://www.w3.org/XML/1998/namespace', 'lang');
+			if(empty($language)) $language = 'en';
+			$sp['name'][$language] = SimpleSAML_Utilities::getDOMText($child);
+		}
+		
+		$elements = SimpleSAML_Utilities::getDOMChildren($element, 'ServiceDescription', '@md');
+		foreach($elements AS $child) {
+			$language = $child->getAttributeNS('http://www.w3.org/XML/1998/namespace', 'lang');
+			if(empty($language)) $language = 'en';
+			$sp['description'][$language] = SimpleSAML_Utilities::getDOMText($child);
+		}
+		
+		$elements = SimpleSAML_Utilities::getDOMChildren($element, 'RequestedAttribute', '@md');
+		foreach($elements AS $child) {
+			$attrname = $child->getAttribute('Name');
+			if (!array_key_exists('attributes', $sp)) $sp['attributes'] = array();
+			$sp['attributes'][] = $attrname;
+		}	
+
+	}
+
+
 	/**
 	 * This function parses SingleLogoutService elements.
 	 *
diff --git a/modules/metarefresh/hooks/hook_cron.php b/modules/metarefresh/hooks/hook_cron.php
@@ -23,10 +23,11 @@ function metarefresh_hook_cron(&$croninfo) {
 			if (!in_array($croninfo['tag'], $set['cron'])) continue;
 	
 			SimpleSAML_Logger::info('cron [metarefresh]: Executing set [' . $setkey . ']');
-	
-			$maxcache = NULL; if (array_key_exists('maxcache', $set)) $maxcache = $set['maxcache'];
-			$maxduration = NULL; if (array_key_exists('maxduration', $set)) $maxcache = $set['maxduration'];
-			$metaloader = new sspmod_metarefresh_MetaLoader($maxcache, $maxduration);		
+				
+			$expire = NULL;
+			if (array_key_exists('expireAfter', $set)) $expire = time() + $set['expireAfter'];
+			
+			$metaloader = new sspmod_metarefresh_MetaLoader($expire);		
 			
 			foreach($set['sources'] AS $source) {
 				SimpleSAML_Logger::debug('cron [metarefresh]: In set [' . $setkey . '] loading source ['  . $source['src'] . ']');
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
@@ -9,18 +9,16 @@ class sspmod_metarefresh_MetaLoader {
 
 	private $metadata;
 
-	private $maxcache;
-	private $maxduration;
+	private $expire;
 
 	/**
 	 * Constructor
 	 *
 	 * @param array $sources 	Sources...
 	 * @param 
 	 */
-	public function __construct($maxcache = NULL, $maxduration = NULL) {
-		$this->maxcache = $maxcache;
-		$this->maxduration = $maxduration;
+	public function __construct($expire = NULL) {
+		$this->expire = $expire;
 		
 		$this->metadata = array();
 	}
@@ -41,7 +39,7 @@ public function loadSource($source) {
 					continue;
 				}
 			}
-	
+			
 			// TODO: $ca is always null
 			if($ca !== NULL) {
 				if(!$entity->validateCA($ca)) {
@@ -52,12 +50,10 @@ public function loadSource($source) {
 			$template = NULL;
 			if (array_key_exists('template', $source)) $template = $source['template'];
 			
-			$expireDuration = time() + min($this->maxcache, $this->maxduration);
-	
-			$this->addMetadata($source['src'], $entity->getMetadata1xSP(), 'shib13-sp-remote', $template, $expireDuration);
-			$this->addMetadata($source['src'], $entity->getMetadata1xIdP(), 'shib13-idp-remote', $template, $expireDuration);
-			$this->addMetadata($source['src'], $entity->getMetadata20SP(), 'saml20-sp-remote', $template, $expireDuration);
-			$this->addMetadata($source['src'], $entity->getMetadata20IdP(), 'saml20-idp-remote', $template, $expireDuration);
+			$this->addMetadata($source['src'], $entity->getMetadata1xSP(), 'shib13-sp-remote', $template);
+			$this->addMetadata($source['src'], $entity->getMetadata1xIdP(), 'shib13-idp-remote', $template);
+			$this->addMetadata($source['src'], $entity->getMetadata20SP(), 'saml20-sp-remote', $template);
+			$this->addMetadata($source['src'], $entity->getMetadata20IdP(), 'saml20-idp-remote', $template);
 		}
 	}
 
@@ -100,7 +96,7 @@ public function dumpMetadataStdOut() {
 	 * @param $metadata The metadata.
 	 * @param $type The metadata type.
 	 */
-	private function addMetadata($filename, $metadata, $type, $template = NULL, $expireDuration) {
+	private function addMetadata($filename, $metadata, $type, $template = NULL) {
 	
 		if($metadata === NULL) {
 			return;
@@ -118,12 +114,23 @@ private function addMetadata($filename, $metadata, $type, $template = NULL, $exp
 			$this->metadata[$type] = array();
 		}
 		
-		if (!array_key_exists('expire', $metadata)) {
-			$metadata['expire'] = $expireDuration;
-		} else {
-			if ($expireDuration < $metadata['expire'])
-				$metadata['expire'] = $expireDuration;				
+		// If expire is defined in constructor...
+		if (!empty($this->expire)) {
+			
+			// If expire is already in metadata
+			if (array_key_exists('expire', $metadata)) {
+			
+				// Override metadata expire with more restrictive global config-
+				if ($this->expire < $metadata['expire'])
+					$metadata['expire'] = $this->expire;		
+					
+			// If expire is not already in metadata use global config
+			} else {
+				$metadata['expire'] = $this->expire;			
+			}
 		}
+		
+
 	
 		$this->metadata[$type][] = array('filename' => $filename, 'metadata' => $metadata);
 	}
