diff --git a/src/IdP/ADFS.php b/src/IdP/ADFS.php index 790205d..4125c7d 100644 --- a/src/IdP/ADFS.php +++ b/src/IdP/ADFS.php @@ -232,170 +232,6 @@ private static function postResponse(string $wreply, string $wresult, ?string $w } - /** - * Get the metadata of a given hosted ADFS IdP. - * - * @param string $entityid The entity ID of the hosted ADFS IdP whose metadata we want to fetch. - * @param \SimpleSAML\Metadata\MetaDataStorageHandler $handler Optionally the metadata storage to use, - * if omitted the configured handler will be used. - * @return array - * - * @throws \SimpleSAML\Error\Exception - * @throws \SimpleSAML\Error\MetadataNotFound - */ - public static function getHostedMetadata(string $entityid, MetaDataStorageHandler $handler = null): array - { - $cryptoUtils = new Utils\Crypto(); - - $globalConfig = Configuration::getInstance(); - if ($handler === null) { - $handler = MetaDataStorageHandler::getMetadataHandler($globalConfig); - } - $config = $handler->getMetaDataConfig($entityid, 'adfs-idp-hosted'); - - $host = Module::getModuleURL('adfs/idp/prp.php'); - - // configure endpoints - $ssob = $handler->getGenerated('SingleSignOnServiceBinding', 'adfs-idp-hosted', $host); - $slob = $handler->getGenerated('SingleLogoutServiceBinding', 'adfs-idp-hosted', $host); - $ssol = $handler->getGenerated('SingleSignOnService', 'adfs-idp-hosted', $host); - $slol = $handler->getGenerated('SingleLogoutService', 'adfs-idp-hosted', $host); - - $sso = []; - if (is_array($ssob)) { - foreach ($ssob as $binding) { - $sso[] = [ - 'Binding' => $binding, - 'Location' => $ssol, - ]; - } - } else { - $sso[] = [ - 'Binding' => $ssob, - 'Location' => $ssol, - ]; - } - - $slo = []; - if (is_array($slob)) { - foreach ($slob as $binding) { - $slo[] = [ - 'Binding' => $binding, - 'Location' => $slol, - ]; - } - } else { - $slo[] = [ - 'Binding' => $slob, - 'Location' => $slol, - ]; - } - - - $metadata = [ - 'metadata-set' => 'adfs-idp-hosted', - 'entityid' => $entityid, - 'SingleSignOnService' => $sso, - 'SingleLogoutService' => $slo, - 'NameIDFormat' => $config->getOptionalArrayizeString('NameIDFormat', [C::NAMEID_TRANSIENT]), - 'contacts' => [], - ]; - - // add certificates - $keys = []; - $certInfo = $cryptoUtils->loadPublicKey($config, false, 'new_'); - $hasNewCert = false; - if ($certInfo !== null) { - $keys[] = [ - 'type' => 'X509Certificate', - 'signing' => true, - 'encryption' => true, - 'X509Certificate' => $certInfo['certData'], - 'prefix' => 'new_', - ]; - $hasNewCert = true; - } - - /** @var array $certInfo */ - $certInfo = $cryptoUtils->loadPublicKey($config, true); - $keys[] = [ - 'type' => 'X509Certificate', - 'signing' => true, - 'encryption' => $hasNewCert === false, - 'X509Certificate' => $certInfo['certData'], - 'prefix' => '', - ]; - - if ($config->hasValue('https.certificate')) { - /** @var array $httpsCert */ - $httpsCert = $cryptoUtils->loadPublicKey($config, true, 'https.'); - $keys[] = [ - 'type' => 'X509Certificate', - 'signing' => true, - 'encryption' => false, - 'X509Certificate' => $httpsCert['certData'], - 'prefix' => 'https.', - ]; - } - $metadata['keys'] = $keys; - - // add organization information - if ($config->hasValue('OrganizationName')) { - $metadata['OrganizationName'] = $config->getLocalizedString('OrganizationName'); - $metadata['OrganizationDisplayName'] = $config->getOptionalLocalizedString( - 'OrganizationDisplayName', - $metadata['OrganizationName'], - ); - - if (!$config->hasValue('OrganizationURL')) { - throw new Error\Exception('If OrganizationName is set, OrganizationURL must also be set.'); - } - $metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL'); - } - - // add scope - if ($config->hasValue('scope')) { - $metadata['scope'] = $config->getArray('scope'); - } - - // add extensions - if ($config->hasValue('EntityAttributes')) { - $metadata['EntityAttributes'] = $config->getArray('EntityAttributes'); - - // check for entity categories - if (Utils\Config\Metadata::isHiddenFromDiscovery($metadata)) { - $metadata['hide.from.discovery'] = true; - } - } - - if ($config->hasValue('UIInfo')) { - $metadata['UIInfo'] = $config->getArray('UIInfo'); - } - - if ($config->hasValue('DiscoHints')) { - $metadata['DiscoHints'] = $config->getArray('DiscoHints'); - } - - if ($config->hasValue('RegistrationInfo')) { - $metadata['RegistrationInfo'] = $config->getArray('RegistrationInfo'); - } - - // add contact information - $globalConfig = Configuration::getInstance(); - $email = $globalConfig->getOptionalString('technicalcontact_email', null); - if ($email !== null && $email !== 'na@example.org') { - $contact = [ - 'emailAddress' => $email, - 'givenName' => $globalConfig->getOptionalString('technicalcontact_name', null), - 'contactType' => 'technical', - ]; - $metadata['contacts'][] = Utils\Config\Metadata::getContact($contact); - } - - return $metadata; - } - - /** * @param array $state * @throws \Exception