Skip to content

Commit

Permalink
Format code to PSR-2
Browse files Browse the repository at this point in the history
  • Loading branch information
Frank Tamás committed Jan 15, 2016
1 parent 79f46e9 commit 23c09dc
Show file tree
Hide file tree
Showing 2 changed files with 149 additions and 157 deletions.
186 changes: 90 additions & 96 deletions lib/Auth/Process/PersistentNameID.php
View file
Original file line number Diff line number Diff line change
@@ -1,103 +1,97 @@
<?php

/**
* Authproc filter to generate a persistent NameID.
* Authproc filter to generate a persistent NameID using the same algorithm as Shibboleth IdP does.
*
* @package simpleSAMLphp
* @version $Id$
*/
class sspmod_shib2idpnameid_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGenerator {

/**
* Which attribute contains the unique identifier of the user.
*
* @var string
*/
private $attribute;


/**
* Initialize this filter, parse configuration.
*
* @param array $config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
public function __construct($config, $reserved) {
parent::__construct($config, $reserved);
assert('is_array($config)');

$this->format = SAML2_Const::NAMEID_PERSISTENT;

if (!isset($config['attribute'])) {
throw new SimpleSAML_Error_Exception('PersistentNameID: Missing required option \'attribute\'.');
}
$this->attribute = $config['attribute'];
}


/**
* Get the NameID value.
*
* @return string|NULL The NameID value.
*/
protected function getValue(array &$state) {

if (!isset($state['Destination']['entityid'])) {
SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.');
return NULL;
}
$spEntityId = $state['Destination']['entityid'];

if (!isset($state['Source']['entityid'])) {
SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.');
return NULL;
}
$idpEntityId = $state['Source']['entityid'];

if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
return NULL;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
return NULL;
}
$uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */
$uid = $uid[0];

$secretSalt = SimpleSAML_Utilities::getSecretSalt();

$uidData = $spEntityId . '!' . $uid . '!' . $secretSalt;
#$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
#$uidData .= strlen($spEntityId) . ':' . $spEntityId;
#$uidData .= strlen($uid) . ':' . $uid;
#$uidData .= $secretSalt;

$uid = base64_encode( hash ('sha1', $uidData, true ) );

//$uid = hash('sha1', $uidData);

/* Convert the targeted ID to a SAML 2.0 name identifier element. */
$nameId = array(
'Format' => SAML2_Const::NAMEID_PERSISTENT,
'Value' => $uid,
);

if (isset($state['Source']['entityid'])) {
$nameId['NameQualifier'] = $state['Source']['entityid'];
}
if (isset($state['Destination']['entityid'])) {
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}

$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);

SAML2_Utils::addNameId($root, $nameId);
$uid = $doc->saveXML($root->firstChild);

$state['Attributes']['eduPersonTargetedID'] = array($uid);
}

class sspmod_shib2idpnameid_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGenerator
{
/**
* Which attribute contains the unique identifier of the user.
*
* @var string
*/
private $attribute;

/**
* Initialize this filter, parse configuration.
*
* @param array $config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
public function __construct($config, $reserved)
{
parent::__construct($config, $reserved);
assert('is_array($config)');

$this->format = SAML2_Const::NAMEID_PERSISTENT;

if (!isset($config['attribute'])) {
throw new SimpleSAML_Error_Exception('PersistentNameID: Missing required option \'attribute\'.');
}
$this->attribute = $config['attribute'];
}

/**
* Get the NameID value.
*
* @return string|NULL The NameID value.
*/
protected function getValue(array &$state)
{
if (!isset($state['Destination']['entityid'])) {
SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.');

return;
}
$spEntityId = $state['Destination']['entityid'];

if (!isset($state['Source']['entityid'])) {
SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.');

return;
}
$idpEntityId = $state['Source']['entityid'];

if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
SimpleSAML_Logger::warning('Missing attribute '.var_export($this->attribute, true).' on user - not generating persistent NameID.');

return;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
SimpleSAML_Logger::warning('More than one value in attribute '.var_export($this->attribute, true).' on user - not generating persistent NameID.');

return;
}
$uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */
$uid = $uid[0];

$secretSalt = SimpleSAML_Utilities::getSecretSalt();

$uidData = $spEntityId.'!'.$uid.'!'.$secretSalt;
$uid = base64_encode(hash('sha1', $uidData, true));

// Convert the targeted ID to a SAML 2.0 name identifier element.
$nameId = array(
'Format' => SAML2_Const::NAMEID_PERSISTENT,
'Value' => $uid,
);

if (isset($state['Source']['entityid'])) {
$nameId['NameQualifier'] = $state['Source']['entityid'];
}
if (isset($state['Destination']['entityid'])) {
$nameId['SPNameQualifier'] = $state['Destination']['entityid'];
}

$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);

SAML2_Utils::addNameId($root, $nameId);
$uid = $doc->saveXML($root->firstChild);

$state['Attributes']['eduPersonTargetedID'] = array($uid);
}
}
120 changes: 59 additions & 61 deletions lib/Auth/Process/PersistentNameID2TargetedID.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,77 +3,75 @@
/**
* Authproc filter to create the eduPersonTargetedID attribute from the persistent NameID.
*
* @package simpleSAMLphp
* @version $Id$
*/
class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Auth_ProcessingFilter {
class sspmod_saml_Auth_Process_PersistentNameID2TargetedID extends SimpleSAML_Auth_ProcessingFilter
{
/**
* The attribute we should save the NameID in.
*
* @var string
*/
private $attribute;

/**
* The attribute we should save the NameID in.
*
* @var string
*/
private $attribute;
/**
* Whether we should insert it as an saml:NameID element.
*
* @var bool
*/
private $nameId;

/**
* Initialize this filter, parse configuration.
*
* @param array $config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
public function __construct($config, $reserved)
{
parent::__construct($config, $reserved);
assert('is_array($config)');

/**
* Whether we should insert it as an saml:NameID element.
*
* @var boolean
*/
private $nameId;
if (isset($config['attribute'])) {
$this->attribute = (string) $config['attribute'];
} else {
$this->attribute = 'eduPersonTargetedID';
}

if (isset($config['nameId'])) {
$this->nameId = (bool) $config['nameId'];
} else {
$this->nameId = true;
}
}

/**
* Initialize this filter, parse configuration.
*
* @param array $config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
public function __construct($config, $reserved) {
parent::__construct($config, $reserved);
assert('is_array($config)');
/**
* Store a NameID to attribute.
*
* @param array &$state The request state.
*/
public function process(&$state)
{
assert('is_array($state)');

if (isset($config['attribute'])) {
$this->attribute = (string)$config['attribute'];
} else {
$this->attribute = 'eduPersonTargetedID';
}
if (!isset($state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT])) {
SimpleSAML_Logger::warning('Unable to generate eduPersonTargetedID because no persistent NameID was available.');

if (isset($config['nameId'])) {
$this->nameId = (bool)$config['nameId'];
} else {
$this->nameId = TRUE;
}
}
return;
}

$nameID = $state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT];

/**
* Store a NameID to attribute.
*
* @param array &$state The request state.
*/
public function process(&$state) {
assert('is_array($state)');

if (!isset($state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT])) {
SimpleSAML_Logger::warning('Unable to generate eduPersonTargetedID because no persistent NameID was available.');
return;
}

$nameID = $state['saml:NameID'][SAML2_Const::NAMEID_PERSISTENT];

if ($this->nameId) {
$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $nameID);
$value = $doc->saveXML($root->firstChild);
} else {
$value = $nameID['Value'];
}

$state['Attributes'][$this->attribute] = array($value);
}
if ($this->nameId) {
$doc = new DOMDocument();
$root = $doc->createElement('root');
$doc->appendChild($root);
SAML2_Utils::addNameId($root, $nameID);
$value = $doc->saveXML($root->firstChild);
} else {
$value = $nameID['Value'];
}

$state['Attributes'][$this->attribute] = array($value);
}
}

0 comments on commit 23c09dc

Please sign in to comment.