Collaboration diagram for sspmod_cdc_Server:

Public Member Functions
	__construct ($domain)
	Initialize a CDC server. More...

	sendRequest (array $request)
	Send a request to this CDC server. More...

	getResponse ()
	Parse and validate response received from a CDC server. More...

	setCDC (array $list)
	Build a CDC cookie string. More...

Static Public Member Functions
static	processRequest ()
	Parse and process a CDC request. More...

Private Member Functions
	handleRequest (array $request)
	Handle a parsed CDC requst. More...

	handleAppend (array $request)
	Handle an append request. More...

	handleDelete (array $request)
	Handle a delete request. More...

	handleRead (array $request)
	Handle a read request. More...

	validate ($parameter)
	Helper function for validating the signature on a CDC message. More...

	send ($to, $parameter, array $message)
	Helper function for sending CDC messages. More...

	calcSignature ($rawMessage)
	Calculate the signature on the given message. More...

	getCDC ()
	Get the IdP entities saved in the common domain cookie. More...

Static Private Member Functions
static	get ($parameter)
	Helper function for parsing and validating a CDC message. More...

Private Attributes
	$domain

	$server

	$key

	$cookieLifetime
	The lifetime of our cookie, in seconds. More...

Detailed Description

Definition at line 8 of file Server.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_cdc_Server::__construct ( $domain )

Initialize a CDC server.

Parameters

string $domain The domain we are a server for.

Definition at line 49 of file Server.php.

References $config, $domain, and SimpleSAML_Configuration\getConfig().

                                              {
                 assert('is_string($domain)');
 
                 $cdcConfig = SimpleSAML_Configuration::getConfig('module_cdc.php');
                 $config = $cdcConfig->getConfigItem($domain, NULL);
 
                 if ($config === NULL) {
                         throw new SimpleSAML_Error_Exception('Unknown CDC domain: ' . var_export($domain, TRUE));
                 }
 
                 $this->domain = $domain;
                 $this->server = $config->getString('server');
                 $this->key = $config->getString('key');
                 $this->cookieLifetime = $config->getInteger('cookie.lifetime', 0);
 
                 if ($this->key === 'ExampleSharedKey') {
                         throw new SimpleSAML_Error_Exception('Key for CDC domain ' . var_export($domain, TRUE) . ' not changed from default.');
                 }
         }

Here is the call graph for this function:

Member Function Documentation

◆ calcSignature()

sspmod_cdc_Server::calcSignature ( $rawMessage )

private

Calculate the signature on the given message.

Parameters

string $rawMessage The base64-encoded message.

Returns: string The signature.

Definition at line 342 of file Server.php.

Referenced by send(), and validate().

                                                     {
                 assert('is_string($rawMessage)');
 
                 return sha1($this->key . $rawMessage . $this->key);
         }

Here is the caller graph for this function:

◆ get()

static sspmod_cdc_Server::get ( $parameter )

staticprivate

Helper function for parsing and validating a CDC message.

Parameters

string $parameter The name of the query parameter.

Returns: array|NULL The response, or NULL if no response is received.

Definition at line 242 of file Server.php.

References $message, $timestamp, string, and time.

                                                 {
                 assert('is_string($parameter)');
 
                 if (!isset($_REQUEST[$parameter])) {
                         return NULL;
                 }
                 $message = (string)$_REQUEST[$parameter];
 
                 $message = @base64_decode($message);
                 if ($message === FALSE) {
                         throw new SimpleSAML_Error_BadRequest('Error base64-decoding CDC message.');
                 }
 
                 $message = @json_decode($message, TRUE);
                 if ($message === FALSE) {
                         throw new SimpleSAML_Error_BadRequest('Error json-decoding CDC message.');
                 }
 
                 if (!isset($message['timestamp'])) {
                         throw new SimpleSAML_Error_BadRequest('Missing timestamp in CDC message.');
                 }
                 $timestamp = (int)$message['timestamp'];
 
                 if ($timestamp + 60 < time()) {
                         throw new SimpleSAML_Error_BadRequest('CDC signature has expired.');
                 }
                 if ($timestamp - 60 > time()) {
                         throw new SimpleSAML_Error_BadRequest('CDC signature from the future.');
                 }
 
                 if (!isset($message['domain'])) {
                         throw new SimpleSAML_Error_BadRequest('Missing domain in CDC message.');
                 }
 
                 return $message;
         }

◆ getCDC()

sspmod_cdc_Server::getCDC ( )

private

Get the IdP entities saved in the common domain cookie.

Returns: array List of IdP entities.

Definition at line 354 of file Server.php.

References $_COOKIE, $idp, $ret, array, string, and SimpleSAML\Logger\warning().

Referenced by handleAppend(), and handleRead().

                                   {
 
                 if (!isset($_COOKIE['_saml_idp'])) {
                         return array();
                 }
 
                 $ret = (string)$_COOKIE['_saml_idp'];
                 $ret = explode(' ', $ret);
                 foreach ($ret as &$idp) {
                         $idp = base64_decode($idp);
                         if ($idp === FALSE) {
                                 // Not properly base64 encoded
                                 SimpleSAML\Logger::warning('CDC - Invalid base64-encoding of CDC entry.');
                                 return array();
                         }
                 }
 
                 return $ret;
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getResponse()

sspmod_cdc_Server::getResponse ( )

Parse and validate response received from a CDC server.

Returns: array|NULL The response, or NULL if no response is received.

Definition at line 89 of file Server.php.

References $response, and validate().

                                       {
 
                 $response = self::get('CDCResponse');
                 if ($response === NULL) {
                         return NULL;
                 }
 
                 if ($response['domain'] !== $this->domain) {
                         throw new SimpleSAML_Error_Exception('Response received from wrong domain.');
                 }
 
                 $this->validate('CDCResponse');
 
                 return $response;
         }

Here is the call graph for this function:

◆ handleAppend()

sspmod_cdc_Server::handleAppend ( array $request )

private

Handle an append request.

Parameters

array $request The request.

Returns: array The response.

Definition at line 179 of file Server.php.

References $list, getCDC(), setCDC(), and string.

Referenced by handleRequest().

                                                       {
 
                 if (!isset($request['entityID'])) {
                         throw new SimpleSAML_Error_BadRequest('Missing entityID in append request.');
                 }
                 $entityID = (string)$request['entityID'];
 
                 $list = $this->getCDC();
 
                 $prevIndex = array_search($entityID, $list, TRUE);
                 if ($prevIndex !== FALSE) {
                         unset($list[$prevIndex]);
                 }
                 $list[] = $entityID;
 
                 $this->setCDC($list);
 
                 return 'ok';
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handleDelete()

sspmod_cdc_Server::handleDelete ( array $request )

private

Handle a delete request.

Parameters

array $request The request.

Returns: array The response.

Definition at line 206 of file Server.php.

References $params, array, and SimpleSAML\Utils\HTTP\setCookie().

Referenced by handleRequest().

                                                       {
                 $params = array(
                         'path' => '/',
                         'domain' => '.' . $this->domain,
                         'secure' => TRUE,
                         'httponly' => FALSE,
                 );
 
         \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', NULL, $params, FALSE);
                 return 'ok';
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handleRead()

sspmod_cdc_Server::handleRead ( array $request )

private

Handle a read request.

Parameters

array $request The request.

Returns: array The response.

Definition at line 225 of file Server.php.

References $list, array, and getCDC().

Referenced by handleRequest().

                                                     {
 
                 $list = $this->getCDC();
 
                 return array(
                         'status' => 'ok',
                         'cdc' => $list,
                 );
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handleRequest()

sspmod_cdc_Server::handleRequest ( array $request )

private

Handle a parsed CDC requst.

Parameters

array $request

Definition at line 129 of file Server.php.

References $domain, $response, array, handleAppend(), handleDelete(), handleRead(), SimpleSAML\Logger\info(), send(), and string.

                                                        {
 
                 if (!isset($request['op'])) {
                         throw new SimpleSAML_Error_BadRequest('Missing "op" in CDC request.');
                 }
                 $op = (string)$request['op'];
 
                 SimpleSAML\Logger::info('Received CDC request with "op": ' . var_export($op, TRUE));
 
                 if (!isset($request['return'])) {
                         throw new SimpleSAML_Error_BadRequest('Missing "return" in CDC request.');
                 }
                 $return = (string)$request['return'];
 
                 switch ($op) {
                 case 'append':
                         $response = $this->handleAppend($request);
                         break;
                 case 'delete':
                         $response = $this->handleDelete($request);
                         break;
                 case 'read':
                         $response = $this->handleRead($request);
                         break;
                 default:
                         $response = 'unknown-op';
                 }
 
                 if (is_string($response)) {
                         $response = array(
                                 'status' => $response,
                         );
                 }
 
                 $response['op'] = $op;
                 if (isset($request['id'])) {
                         $response['id'] = (string)$request['id'];
                 }
                 $response['domain'] = $this->domain;
 
                 $this->send($return, 'CDCResponse', $response);
         }

Here is the call graph for this function:

◆ processRequest()

static sspmod_cdc_Server::processRequest ( )

static

Parse and process a CDC request.

Definition at line 109 of file Server.php.

References $domain, and $server.

                                                 {
                 $request = self::get('CDCRequest');
                 if ($request === NULL) {
                         throw new SimpleSAML_Error_BadRequest('Missing "CDCRequest" parameter.');
                 }
 
                 $domain = $request['domain'];
                 $server = new sspmod_cdc_Server($domain);
 
                 $server->validate('CDCRequest');
 
                 $server->handleRequest($request);
         }

◆ send()

sspmod_cdc_Server::send	(		$to,
			$parameter,
		array	$message
	)

private

Helper function for sending CDC messages.

Parameters

string	$to	The URL the message should be delivered to.
string	$parameter	The query parameter the message should be sent in.
array	$message	The CDC message.

Definition at line 312 of file Server.php.

References $params, $url, array, calcSignature(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), SimpleSAML\Utils\HTTP\submitPOSTData(), and time.

Referenced by handleRequest(), and sendRequest().

                                                                {
                 assert('is_string($to)');
                 assert('is_string($parameter)');
 
                 $message['timestamp'] = time();
                 $message = json_encode($message);
                 $message = base64_encode($message);
 
                 $signature = $this->calcSignature($message);
 
                 $params = array(
                         $parameter => $message,
                         'Signature' => $signature,
                 );
 
                 $url = \SimpleSAML\Utils\HTTP::addURLParameters($to, $params);
                 if (strlen($url) < 2048) {
                         \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
                 } else {
                         \SimpleSAML\Utils\HTTP::submitPOSTData($to, $params);
                 }
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ sendRequest()

sspmod_cdc_Server::sendRequest ( array $request )

Send a request to this CDC server.

Parameters

array $request The CDC request.

Definition at line 75 of file Server.php.

References $domain, and send().

                                                     {
                 assert('isset($request["return"])');
                 assert('isset($request["op"])');
 
                 $request['domain'] = $this->domain;
                 $this->send($this->server, 'CDCRequest', $request);
         }

Here is the call graph for this function:

◆ setCDC()

sspmod_cdc_Server::setCDC ( array $list )

Build a CDC cookie string.

Parameters

array $list The list of IdPs.

Returns: string The CDC cookie value.

Definition at line 381 of file Server.php.

References $params, array, and SimpleSAML\Utils\HTTP\setCookie().

Referenced by handleAppend().

                                      {
 
                 foreach ($list as &$value) {
                         $value = base64_encode($value);
                 }
 
                 $cookie = implode(' ', $list);
 
                 while (strlen($cookie) > 4000) {
                         // The cookie is too long. Remove the oldest elements until it is short enough
                         $tmp = explode(' ', $cookie, 2);
                         if (count($tmp) === 1) {
                                 /*
                                  * We are left with a single entityID whose base64
                                  * representation is too long to fit in a cookie.
                                  */
                                 break;
                         }
                         $cookie = $tmp[1];
                 }
 
                 $params = array(
                         'lifetime' => $this->cookieLifetime,
                         'path' => '/',
                         'domain' => '.' . $this->domain,
                         'secure' => TRUE,
                         'httponly' => FALSE,
                 );
 
         \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', $cookie, $params, FALSE);
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ validate()

sspmod_cdc_Server::validate ( $parameter )

private

Helper function for validating the signature on a CDC message.

Will throw an exception if the message is invalid.

Parameters

string $parameter The name of the query parameter.

Definition at line 287 of file Server.php.

References $message, calcSignature(), and string.

Referenced by getResponse().

                                               {
                 assert('is_string($parameter)');
                 assert('isset($_REQUEST[$parameter])');
 
                 $message = (string)$_REQUEST[$parameter];
 
                 if (!isset($_REQUEST['Signature'])) {
                         throw new SimpleSAML_Error_BadRequest('Missing Signature on CDC message.');
                 }
                 $signature = (string)$_REQUEST['Signature'];
 
                 $cSignature = $this->calcSignature($message);
                 if ($signature !== $cSignature) {
                         throw new SimpleSAML_Error_BadRequest('Invalid signature on CDC message.');
                 }
         }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

◆ $cookieLifetime

sspmod_cdc_Server::$cookieLifetime

private

The lifetime of our cookie, in seconds.

If this is 0, the cookie will expire when the browser is closed.

Parameters

int

Definition at line 41 of file Server.php.

◆ $domain

sspmod_cdc_Server::$domain

private

Definition at line 15 of file Server.php.

Referenced by __construct(), handleRequest(), processRequest(), and sendRequest().

◆ $key

sspmod_cdc_Server::$key

private

Definition at line 31 of file Server.php.

◆ $server

sspmod_cdc_Server::$server

private

Definition at line 23 of file Server.php.

Referenced by processRequest().

The documentation for this class was generated from the following file:

libs/composer/vendor/simplesamlphp/simplesamlphp/modules/cdc/lib/Server.php

Public Member Functions

Static Public Member Functions

Private Member Functions

Static Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ calcSignature()

◆ get()

◆ getCDC()

◆ getResponse()

◆ handleAppend()

◆ handleDelete()

◆ handleRead()

◆ handleRequest()

◆ processRequest()

◆ send()

◆ sendRequest()

◆ setCDC()

◆ validate()

Field Documentation

◆ $cookieLifetime

◆ $domain

◆ $key

◆ $server