ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
LogoutRequest.php
Go to the documentation of this file.
1<?php
2
3namespace SAML2;
4
5use RobRichards\XMLSecLibs\XMLSecEnc;
6use RobRichards\XMLSecLibs\XMLSecurityKey;
7
13class LogoutRequest extends Request
14{
20 private $notOnOrAfter;
21
29 private $encryptedNameId;
30
36 private $nameId;
37
43 private $sessionIndexes;
44
51 public function __construct(\DOMElement $xml = null)
52 {
53 parent::__construct('LogoutRequest', $xml);
54
55 $this->sessionIndexes = array();
56
57 if ($xml === null) {
58 return;
59 }
60
61 if ($xml->hasAttribute('NotOnOrAfter')) {
62 $this->notOnOrAfter = Utils::xsDateTimeToTimestamp($xml->getAttribute('NotOnOrAfter'));
63 }
64
65 $nameId = Utils::xpQuery($xml, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
66 if (empty($nameId)) {
67 throw new \Exception('Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.');
68 } elseif (count($nameId) > 1) {
69 throw new \Exception('More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.');
70 }
71 $nameId = $nameId[0];
72 if ($nameId->localName === 'EncryptedData') {
73 /* The NameID element is encrypted. */
74 $this->encryptedNameId = $nameId;
75 } else {
76 $this->nameId = new XML\saml\NameID($nameId);
77 }
78
79 $sessionIndexes = Utils::xpQuery($xml, './saml_protocol:SessionIndex');
80 foreach ($sessionIndexes as $sessionIndex) {
81 $this->sessionIndexes[] = trim($sessionIndex->textContent);
82 }
83 }
84
90 public function getNotOnOrAfter()
91 {
92 return $this->notOnOrAfter;
93 }
94
100 public function setNotOnOrAfter($notOnOrAfter)
101 {
102 assert(is_int($notOnOrAfter) || is_null($notOnOrAfter));
103
104 $this->notOnOrAfter = $notOnOrAfter;
105 }
106
112 public function isNameIdEncrypted()
113 {
114 if ($this->encryptedNameId !== null) {
115 return true;
116 }
117
118 return false;
119 }
120
126 public function encryptNameId(XMLSecurityKey $key)
127 {
128 /* First create a XML representation of the NameID. */
129 $doc = DOMDocumentFactory::create();
130 $root = $doc->createElement('root');
131 $doc->appendChild($root);
132 $this->nameId->toXML($root);
133 $nameId = $root->firstChild;
134
135 Utils::getContainer()->debugMessage($nameId, 'encrypt');
136
137 /* Encrypt the NameID. */
138 $enc = new XMLSecEnc();
139 $enc->setNode($nameId);
140 $enc->type = XMLSecEnc::Element;
141
142 $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
143 $symmetricKey->generateSessionKey();
144 $enc->encryptKey($key, $symmetricKey);
145
146 $this->encryptedNameId = $enc->encryptNode($symmetricKey);
147 $this->nameId = null;
148 }
149
156 public function decryptNameId(XMLSecurityKey $key, array $blacklist = array())
157 {
158 if ($this->encryptedNameId === null) {
159 /* No NameID to decrypt. */
160
161 return;
162 }
163
164 $nameId = Utils::decryptElement($this->encryptedNameId, $key, $blacklist);
165 Utils::getContainer()->debugMessage($nameId, 'decrypt');
166 $this->nameId = new XML\saml\NameID($nameId);
167
168 $this->encryptedNameId = null;
169 }
170
177 public function getNameId()
178 {
179 if ($this->encryptedNameId !== null) {
180 throw new \Exception('Attempted to retrieve encrypted NameID without decrypting it first.');
181 }
182
183 return $this->nameId;
184 }
185
191 public function setNameId($nameId)
192 {
193 assert(is_array($nameId) || $nameId instanceof XML\saml\NameID);
194
195 if (is_array($nameId)) {
196 $nameId = XML\saml\NameID::fromArray($nameId);
197 }
198 $this->nameId = $nameId;
199 }
200
206 public function getSessionIndexes()
207 {
208 return $this->sessionIndexes;
209 }
210
216 public function setSessionIndexes(array $sessionIndexes)
217 {
218 $this->sessionIndexes = $sessionIndexes;
219 }
220
226 public function getSessionIndex()
227 {
228 if (empty($this->sessionIndexes)) {
229 return null;
230 }
231
232 return $this->sessionIndexes[0];
233 }
234
240 public function setSessionIndex($sessionIndex)
241 {
242 assert(is_string($sessionIndex) || is_null($sessionIndex));
243
244 if (is_null($sessionIndex)) {
245 $this->sessionIndexes = array();
246 } else {
247 $this->sessionIndexes = array($sessionIndex);
248 }
249 }
250
256 public function toUnsignedXML()
257 {
258 $root = parent::toUnsignedXML();
259
260 if ($this->notOnOrAfter !== null) {
261 $root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
262 }
263
264 if ($this->encryptedNameId === null) {
265 $this->nameId->toXML($root);
266 } else {
267 $eid = $root->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:' . 'EncryptedID');
268 $root->appendChild($eid);
269 $eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, true));
270 }
271
272 foreach ($this->sessionIndexes as $sessionIndex) {
273 Utils::addString($root, Constants::NS_SAMLP, 'SessionIndex', $sessionIndex);
274 }
275
276 return $root;
277 }
278}
php
An exception for terminatinating execution or to throw for unit testing.
SAML2\LogoutRequest\toUnsignedXML
toUnsignedXML()
Convert this logout request message to an XML element.
Definition: LogoutRequest.php:256
SAML2\LogoutRequest\encryptNameId
encryptNameId(XMLSecurityKey $key)
Encrypt the NameID in the LogoutRequest.
Definition: LogoutRequest.php:126
SAML2\LogoutRequest\getNotOnOrAfter
getNotOnOrAfter()
Retrieve the expiration time of this request.
Definition: LogoutRequest.php:90
SAML2\LogoutRequest\getSessionIndexes
getSessionIndexes()
Retrieve the SessionIndexes of the sessions that should be terminated.
Definition: LogoutRequest.php:206
SAML2\LogoutRequest\getSessionIndex
getSessionIndex()
Retrieve the sesion index of the session that should be terminated.
Definition: LogoutRequest.php:226
SAML2\LogoutRequest\decryptNameId
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameID in the LogoutRequest.
Definition: LogoutRequest.php:156
SAML2\LogoutRequest\getNameId
getNameId()
Retrieve the name identifier of the session that should be terminated.
Definition: LogoutRequest.php:177
SAML2\LogoutRequest\setNotOnOrAfter
setNotOnOrAfter($notOnOrAfter)
Set the expiration time of this request.
Definition: LogoutRequest.php:100
SAML2\LogoutRequest\setSessionIndex
setSessionIndex($sessionIndex)
Set the sesion index of the session that should be terminated.
Definition: LogoutRequest.php:240
SAML2\LogoutRequest\setSessionIndexes
setSessionIndexes(array $sessionIndexes)
Set the SessionIndexes of the sessions that should be terminated.
Definition: LogoutRequest.php:216
SAML2\LogoutRequest\__construct
__construct(\DOMElement $xml=null)
Constructor for SAML 2 logout request messages.
Definition: LogoutRequest.php:51
SAML2\LogoutRequest\isNameIdEncrypted
isNameIdEncrypted()
Check whether the NameId is encrypted.
Definition: LogoutRequest.php:112
SAML2\LogoutRequest\setNameId
setNameId($nameId)
Set the name identifier of the session that should be terminated.
Definition: LogoutRequest.php:191
$key
$key
Definition: croninfo.php:18
$xml
$xml
Definition: metadata.php:240
$nameId
$nameId
Definition: saml2-acs.php:138
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139