ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes
sspmod_cdc_Server Class Reference
+ Collaboration diagram for sspmod_cdc_Server:

Public Member Functions

 __construct ($domain)
 Initialize a CDC server. More...
 
 sendRequest (array $request)
 Send a request to this CDC server. More...
 
 getResponse ()
 Parse and validate response received from a CDC server. More...
 
 setCDC (array $list)
 Build a CDC cookie string. More...
 

Static Public Member Functions

static processRequest ()
 Parse and process a CDC request. More...
 

Private Member Functions

 handleRequest (array $request)
 Handle a parsed CDC requst. More...
 
 handleAppend (array $request)
 Handle an append request. More...
 
 handleDelete (array $request)
 Handle a delete request. More...
 
 handleRead (array $request)
 Handle a read request. More...
 
 validate ($parameter)
 Helper function for validating the signature on a CDC message. More...
 
 send ($to, $parameter, array $message)
 Helper function for sending CDC messages. More...
 
 calcSignature ($rawMessage)
 Calculate the signature on the given message. More...
 
 getCDC ()
 Get the IdP entities saved in the common domain cookie. More...
 

Static Private Member Functions

static get ($parameter)
 Helper function for parsing and validating a CDC message. More...
 

Private Attributes

 $domain
 
 $server
 
 $key
 
 $cookieLifetime
 The lifetime of our cookie, in seconds. More...
 

Detailed Description

Definition at line 8 of file Server.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_cdc_Server::__construct (   $domain)

Initialize a CDC server.

Parameters
string$domainThe domain we are a server for.

Definition at line 49 of file Server.php.

49 {
50 assert('is_string($domain)');
51
52 $cdcConfig = SimpleSAML_Configuration::getConfig('module_cdc.php');
53 $config = $cdcConfig->getConfigItem($domain, NULL);
54
55 if ($config === NULL) {
56 throw new SimpleSAML_Error_Exception('Unknown CDC domain: ' . var_export($domain, TRUE));
57 }
58
59 $this->domain = $domain;
60 $this->server = $config->getString('server');
61 $this->key = $config->getString('key');
62 $this->cookieLifetime = $config->getInteger('cookie.lifetime', 0);
63
64 if ($this->key === 'ExampleSharedKey') {
65 throw new SimpleSAML_Error_Exception('Key for CDC domain ' . var_export($domain, TRUE) . ' not changed from default.');
66 }
67 }
SimpleSAML_Configuration\getConfig
static getConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:209
SimpleSAML_Error_Exception
Definition: Exception.php:13
sspmod_cdc_Server\$domain
$domain
Definition: Server.php:15

References $config, $domain, and SimpleSAML_Configuration\getConfig().

+ Here is the call graph for this function:

Member Function Documentation

◆ calcSignature()

sspmod_cdc_Server::calcSignature (   $rawMessage)
private

Calculate the signature on the given message.

Parameters
string$rawMessageThe base64-encoded message.
Returns
string The signature.

Definition at line 342 of file Server.php.

342 {
343 assert('is_string($rawMessage)');
344
345 return sha1($this->key . $rawMessage . $this->key);
346 }

Referenced by send(), and validate().

+ Here is the caller graph for this function:

◆ get()

static sspmod_cdc_Server::get (   $parameter)
staticprivate

Helper function for parsing and validating a CDC message.

Parameters
string$parameterThe name of the query parameter.
Returns
array|NULL The response, or NULL if no response is received.

Definition at line 242 of file Server.php.

242 {
243 assert('is_string($parameter)');
244
245 if (!isset($_REQUEST[$parameter])) {
246 return NULL;
247 }
248 $message = (string)$_REQUEST[$parameter];
249
250 $message = @base64_decode($message);
251 if ($message === FALSE) {
252 throw new SimpleSAML_Error_BadRequest('Error base64-decoding CDC message.');
253 }
254
255 $message = @json_decode($message, TRUE);
256 if ($message === FALSE) {
257 throw new SimpleSAML_Error_BadRequest('Error json-decoding CDC message.');
258 }
259
260 if (!isset($message['timestamp'])) {
261 throw new SimpleSAML_Error_BadRequest('Missing timestamp in CDC message.');
262 }
263 $timestamp = (int)$message['timestamp'];
264
265 if ($timestamp + 60 < time()) {
266 throw new SimpleSAML_Error_BadRequest('CDC signature has expired.');
267 }
268 if ($timestamp - 60 > time()) {
269 throw new SimpleSAML_Error_BadRequest('CDC signature from the future.');
270 }
271
272 if (!isset($message['domain'])) {
273 throw new SimpleSAML_Error_BadRequest('Missing domain in CDC message.');
274 }
275
276 return $message;
277 }
$timestamp
foreach($mandatory_scripts as $file) $timestamp
Definition: buildRTE.php:81
SimpleSAML_Error_BadRequest
Definition: BadRequest.php:12
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34

References $message, and $timestamp.

Referenced by getResponse(), and processRequest().

+ Here is the caller graph for this function:

◆ getCDC()

sspmod_cdc_Server::getCDC ( )
private

Get the IdP entities saved in the common domain cookie.

Returns
array List of IdP entities.

Definition at line 354 of file Server.php.

354 {
355
356 if (!isset($_COOKIE['_saml_idp'])) {
357 return array();
358 }
359
360 $ret = (string)$_COOKIE['_saml_idp'];
361 $ret = explode(' ', $ret);
362 foreach ($ret as &$idp) {
363 $idp = base64_decode($idp);
364 if ($idp === FALSE) {
365 // Not properly base64 encoded
366 SimpleSAML\Logger::warning('CDC - Invalid base64-encoding of CDC entry.');
367 return array();
368 }
369 }
370
371 return $ret;
372 }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
$ret
$ret
Definition: parser.php:6
$idp
$idp
Definition: prp.php:13

References $_COOKIE, $idp, $ret, and SimpleSAML\Logger\warning().

Referenced by handleAppend(), and handleRead().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getResponse()

sspmod_cdc_Server::getResponse ( )

Parse and validate response received from a CDC server.

Returns
array|NULL The response, or NULL if no response is received.

Definition at line 89 of file Server.php.

89 {
90
91 $response = self::get('CDCResponse');
92 if ($response === NULL) {
93 return NULL;
94 }
95
96 if ($response['domain'] !== $this->domain) {
97 throw new SimpleSAML_Error_Exception('Response received from wrong domain.');
98 }
99
100 $this->validate('CDCResponse');
101
102 return $response;
103 }
sspmod_cdc_Server\get
static get($parameter)
Helper function for parsing and validating a CDC message.
Definition: Server.php:242
sspmod_cdc_Server\validate
validate($parameter)
Helper function for validating the signature on a CDC message.
Definition: Server.php:287
$response
$response
Definition: proxy_ylocal.php:39

References $response, get(), and validate().

+ Here is the call graph for this function:

◆ handleAppend()

sspmod_cdc_Server::handleAppend ( array  $request)
private

Handle an append request.

Parameters
array$requestThe request.
Returns
array The response.

Definition at line 179 of file Server.php.

179 {
180
181 if (!isset($request['entityID'])) {
182 throw new SimpleSAML_Error_BadRequest('Missing entityID in append request.');
183 }
184 $entityID = (string)$request['entityID'];
185
186 $list = $this->getCDC();
187
188 $prevIndex = array_search($entityID, $list, TRUE);
189 if ($prevIndex !== FALSE) {
190 unset($list[$prevIndex]);
191 }
192 $list[] = $entityID;
193
194 $this->setCDC($list);
195
196 return 'ok';
197 }
sspmod_cdc_Server\getCDC
getCDC()
Get the IdP entities saved in the common domain cookie.
Definition: Server.php:354
sspmod_cdc_Server\setCDC
setCDC(array $list)
Build a CDC cookie string.
Definition: Server.php:381
$list
if(isset($_REQUEST['delete'])) $list
Definition: registry.php:41

References $list, getCDC(), and setCDC().

Referenced by handleRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleDelete()

sspmod_cdc_Server::handleDelete ( array  $request)
private

Handle a delete request.

Parameters
array$requestThe request.
Returns
array The response.

Definition at line 206 of file Server.php.

206 {
207 $params = array(
208 'path' => '/',
209 'domain' => '.' . $this->domain,
210 'secure' => TRUE,
211 'httponly' => FALSE,
212 );
213
214 \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', NULL, $params, FALSE);
215 return 'ok';
216 }
SimpleSAML\Utils\HTTP\setCookie
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
Definition: HTTP.php:1107
$params
$params
Definition: disable.php:11

References $params, and SimpleSAML\Utils\HTTP\setCookie().

Referenced by handleRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleRead()

sspmod_cdc_Server::handleRead ( array  $request)
private

Handle a read request.

Parameters
array$requestThe request.
Returns
array The response.

Definition at line 225 of file Server.php.

225 {
226
227 $list = $this->getCDC();
228
229 return array(
230 'status' => 'ok',
231 'cdc' => $list,
232 );
233 }

References $list, and getCDC().

Referenced by handleRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleRequest()

sspmod_cdc_Server::handleRequest ( array  $request)
private

Handle a parsed CDC requst.

Parameters
array$request

Definition at line 129 of file Server.php.

129 {
130
131 if (!isset($request['op'])) {
132 throw new SimpleSAML_Error_BadRequest('Missing "op" in CDC request.');
133 }
134 $op = (string)$request['op'];
135
136 SimpleSAML\Logger::info('Received CDC request with "op": ' . var_export($op, TRUE));
137
138 if (!isset($request['return'])) {
139 throw new SimpleSAML_Error_BadRequest('Missing "return" in CDC request.');
140 }
141 $return = (string)$request['return'];
142
143 switch ($op) {
144 case 'append':
145 $response = $this->handleAppend($request);
146 break;
147 case 'delete':
148 $response = $this->handleDelete($request);
149 break;
150 case 'read':
151 $response = $this->handleRead($request);
152 break;
153 default:
154 $response = 'unknown-op';
155 }
156
157 if (is_string($response)) {
158 $response = array(
159 'status' => $response,
160 );
161 }
162
163 $response['op'] = $op;
164 if (isset($request['id'])) {
165 $response['id'] = (string)$request['id'];
166 }
167 $response['domain'] = $this->domain;
168
169 $this->send($return, 'CDCResponse', $response);
170 }
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
sspmod_cdc_Server\handleAppend
handleAppend(array $request)
Handle an append request.
Definition: Server.php:179
sspmod_cdc_Server\send
send($to, $parameter, array $message)
Helper function for sending CDC messages.
Definition: Server.php:312
sspmod_cdc_Server\handleRead
handleRead(array $request)
Handle a read request.
Definition: Server.php:225
sspmod_cdc_Server\handleDelete
handleDelete(array $request)
Handle a delete request.
Definition: Server.php:206

References $domain, $response, handleAppend(), handleDelete(), handleRead(), SimpleSAML\Logger\info(), and send().

+ Here is the call graph for this function:

◆ processRequest()

static sspmod_cdc_Server::processRequest ( )
static

Parse and process a CDC request.

Definition at line 109 of file Server.php.

109 {
110 $request = self::get('CDCRequest');
111 if ($request === NULL) {
112 throw new SimpleSAML_Error_BadRequest('Missing "CDCRequest" parameter.');
113 }
114
115 $domain = $request['domain'];
116 $server = new sspmod_cdc_Server($domain);
117
118 $server->validate('CDCRequest');
119
120 $server->handleRequest($request);
121 }
sspmod_cdc_Server
Definition: Server.php:8
sspmod_cdc_Server\$server
$server
Definition: Server.php:23

References $domain, $server, and get().

+ Here is the call graph for this function:

◆ send()

sspmod_cdc_Server::send (   $to,
  $parameter,
array  $message 
)
private

Helper function for sending CDC messages.

Parameters
string$toThe URL the message should be delivered to.
string$parameterThe query parameter the message should be sent in.
array$messageThe CDC message.

Definition at line 312 of file Server.php.

312 {
313 assert('is_string($to)');
314 assert('is_string($parameter)');
315
316 $message['timestamp'] = time();
317 $message = json_encode($message);
318 $message = base64_encode($message);
319
320 $signature = $this->calcSignature($message);
321
322 $params = array(
323 $parameter => $message,
324 'Signature' => $signature,
325 );
326
327 $url = \SimpleSAML\Utils\HTTP::addURLParameters($to, $params);
328 if (strlen($url) < 2048) {
329 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
330 } else {
331 \SimpleSAML\Utils\HTTP::submitPOSTData($to, $params);
332 }
333 }
SimpleSAML\Utils\HTTP\submitPOSTData
static submitPOSTData($destination, $data)
Submit a POST form to a specific destination.
Definition: HTTP.php:1205
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
sspmod_cdc_Server\calcSignature
calcSignature($rawMessage)
Calculate the signature on the given message.
Definition: Server.php:342
$url
$url
Definition: proxy_ylocal.php:28

References $message, $params, $url, calcSignature(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML\Utils\HTTP\submitPOSTData().

Referenced by handleRequest(), and sendRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ sendRequest()

sspmod_cdc_Server::sendRequest ( array  $request)

Send a request to this CDC server.

Parameters
array$requestThe CDC request.

Definition at line 75 of file Server.php.

75 {
76 assert('isset($request["return"])');
77 assert('isset($request["op"])');
78
79 $request['domain'] = $this->domain;
80 $this->send($this->server, 'CDCRequest', $request);
81 }

References $domain, and send().

+ Here is the call graph for this function:

◆ setCDC()

sspmod_cdc_Server::setCDC ( array  $list)

Build a CDC cookie string.

Parameters
array$listThe list of IdPs.
Returns
string The CDC cookie value.

Definition at line 381 of file Server.php.

381 {
382
383 foreach ($list as &$value) {
384 $value = base64_encode($value);
385 }
386
387 $cookie = implode(' ', $list);
388
389 while (strlen($cookie) > 4000) {
390 // The cookie is too long. Remove the oldest elements until it is short enough
391 $tmp = explode(' ', $cookie, 2);
392 if (count($tmp) === 1) {
393 /*
394 * We are left with a single entityID whose base64
395 * representation is too long to fit in a cookie.
396 */
397 break;
398 }
399 $cookie = $tmp[1];
400 }
401
402 $params = array(
403 'lifetime' => $this->cookieLifetime,
404 'path' => '/',
405 'domain' => '.' . $this->domain,
406 'secure' => TRUE,
407 'httponly' => FALSE,
408 );
409
410 \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', $cookie, $params, FALSE);
411 }

References $list, $params, and SimpleSAML\Utils\HTTP\setCookie().

Referenced by handleAppend().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ validate()

sspmod_cdc_Server::validate (   $parameter)
private

Helper function for validating the signature on a CDC message.

Will throw an exception if the message is invalid.

Parameters
string$parameterThe name of the query parameter.

Definition at line 287 of file Server.php.

287 {
288 assert('is_string($parameter)');
289 assert('isset($_REQUEST[$parameter])');
290
291 $message = (string)$_REQUEST[$parameter];
292
293 if (!isset($_REQUEST['Signature'])) {
294 throw new SimpleSAML_Error_BadRequest('Missing Signature on CDC message.');
295 }
296 $signature = (string)$_REQUEST['Signature'];
297
298 $cSignature = $this->calcSignature($message);
299 if ($signature !== $cSignature) {
300 throw new SimpleSAML_Error_BadRequest('Invalid signature on CDC message.');
301 }
302 }

References $message, and calcSignature().

Referenced by getResponse().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $cookieLifetime

sspmod_cdc_Server::$cookieLifetime
private

The lifetime of our cookie, in seconds.

If this is 0, the cookie will expire when the browser is closed.

Parameters
int

Definition at line 41 of file Server.php.

◆ $domain

sspmod_cdc_Server::$domain
private

Definition at line 15 of file Server.php.

Referenced by __construct(), handleRequest(), processRequest(), and sendRequest().

◆ $key

sspmod_cdc_Server::$key
private

Definition at line 31 of file Server.php.

◆ $server

sspmod_cdc_Server::$server
private

Definition at line 23 of file Server.php.

Referenced by processRequest().

The documentation for this class was generated from the following file: