ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
ProcessorBuilder.php
Go to the documentation of this file.
1<?php
2
3namespace SAML2\Assertion;
4
5use Psr\Log\LoggerInterface;
6use SAML2\Assertion\Transformer\DecodeBase64Transformer;
7use SAML2\Assertion\Transformer\NameIdDecryptionTransformer;
8use SAML2\Assertion\Transformer\TransformerChain;
9use SAML2\Assertion\Validation\AssertionValidator;
10use SAML2\Assertion\Validation\ConstraintValidator\NotBefore;
11use SAML2\Assertion\Validation\ConstraintValidator\NotOnOrAfter;
12use SAML2\Assertion\Validation\ConstraintValidator\SessionNotOnOrAfter;
13use SAML2\Assertion\Validation\ConstraintValidator\SpIsValidAudience;
14use SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationMethod;
15use SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationNotBefore;
16use SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationNotOnOrAfter;
17use SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationRecipientMatches;
18use SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationResponseToMatches;
19use SAML2\Assertion\Validation\SubjectConfirmationValidator;
20use SAML2\Certificate\PrivateKeyLoader;
21use SAML2\Configuration\Destination;
22use SAML2\Configuration\IdentityProvider;
23use SAML2\Configuration\ServiceProvider;
24use SAML2\Response;
25use SAML2\Signature\Validator;
26
34class ProcessorBuilder
35{
36 public static function build(
37 LoggerInterface $logger,
38 Validator $signatureValidator,
39 Destination $currentDestination,
40 IdentityProvider $identityProvider,
41 ServiceProvider $serviceProvider,
42 Response $response
43 ) {
44 $keyloader = new PrivateKeyLoader();
45 $decrypter = new Decrypter($logger, $identityProvider, $serviceProvider, $keyloader);
46 $assertionValidator = self::createAssertionValidator($identityProvider, $serviceProvider);
47 $subjectConfirmationValidator = self::createSubjectConfirmationValidator(
48 $identityProvider,
49 $serviceProvider,
50 $currentDestination,
51 $response
52 );
53
54 $transformerChain = self::createAssertionTransformerChain(
55 $logger,
56 $keyloader,
57 $identityProvider,
58 $serviceProvider
59 );
60
61 return new Processor(
62 $decrypter,
63 $signatureValidator,
64 $assertionValidator,
65 $subjectConfirmationValidator,
66 $transformerChain,
67 $identityProvider,
68 $logger
69 );
70 }
71
72 private static function createAssertionValidator(
73 IdentityProvider $identityProvider,
74 ServiceProvider $serviceProvider
75 ) {
76 $validator = new AssertionValidator($identityProvider, $serviceProvider);
77 $validator->addConstraintValidator(new NotBefore());
78 $validator->addConstraintValidator(new NotOnOrAfter());
79 $validator->addConstraintValidator(new SessionNotOnOrAfter());
80 $validator->addConstraintValidator(new SpIsValidAudience());
81
82 return $validator;
83 }
84
85 private static function createSubjectConfirmationValidator(
86 IdentityProvider $identityProvider,
87 ServiceProvider $serviceProvider,
88 Destination $currentDestination,
89 Response $response
90 ) {
91 $validator = new SubjectConfirmationValidator($identityProvider, $serviceProvider);
92 $validator->addConstraintValidator(
93 new SubjectConfirmationMethod()
94 );
95 $validator->addConstraintValidator(
96 new SubjectConfirmationNotBefore()
97 );
98 $validator->addConstraintValidator(
99 new SubjectConfirmationNotOnOrAfter()
100 );
101 $validator->addConstraintValidator(
102 new SubjectConfirmationRecipientMatches(
103 $currentDestination
104 )
105 );
106 $validator->addConstraintValidator(
107 new SubjectConfirmationResponseToMatches(
108 $response
109 )
110 );
111
112 return $validator;
113 }
114
115 private static function createAssertionTransformerChain(
116 LoggerInterface $logger,
117 PrivateKeyLoader $keyloader,
118 IdentityProvider $identityProvider,
119 ServiceProvider $serviceProvider
120 ) {
121 $chain = new TransformerChain($identityProvider, $serviceProvider);
122 $chain->addTransformerStep(new DecodeBase64Transformer());
123 $chain->addTransformerStep(
124 new NameIdDecryptionTransformer($logger, $keyloader)
125 );
126
127 return $chain;
128 }
129}
NotOnOrAfter
$sc SubjectConfirmationData NotOnOrAfter
Definition: attributeserver.php:77
php
An exception for terminatinating execution or to throw for unit testing.
SAML2\Assertion\ProcessorBuilder
Simple Builder that allows to build a new Assertion Processor.
Definition: ProcessorBuilder.php:35
SAML2\Assertion\ProcessorBuilder\createSubjectConfirmationValidator
static createSubjectConfirmationValidator(IdentityProvider $identityProvider, ServiceProvider $serviceProvider, Destination $currentDestination, Response $response)
Definition: ProcessorBuilder.php:85
SAML2\Assertion\ProcessorBuilder\createAssertionTransformerChain
static createAssertionTransformerChain(LoggerInterface $logger, PrivateKeyLoader $keyloader, IdentityProvider $identityProvider, ServiceProvider $serviceProvider)
Definition: ProcessorBuilder.php:115
SAML2\Assertion\ProcessorBuilder\createAssertionValidator
static createAssertionValidator(IdentityProvider $identityProvider, ServiceProvider $serviceProvider)
Definition: ProcessorBuilder.php:72
SAML2\Assertion\ProcessorBuilder\build
static build(LoggerInterface $logger, Validator $signatureValidator, Destination $currentDestination, IdentityProvider $identityProvider, ServiceProvider $serviceProvider, Response $response)
Definition: ProcessorBuilder.php:36
SAML2\Assertion\Processor
@SuppressWarnings(PHPMD.CouplingBetweenObjects) - due to all the named exceptions
Definition: Processor.php:22
SAML2\Configuration\Destination
Value Object representing the current destination.
Definition: Destination.php:11
SAML2\Configuration\IdentityProvider
Basic configuration wrapper.
Definition: IdentityProvider.php:12
SAML2\Configuration\ServiceProvider
Basic Configuration Wrapper.
Definition: ServiceProvider.php:14
SAML2\Signature\Validator
Signature Validator.
Definition: Validator.php:15
Psr\Log\LoggerInterface
Describes a logger instance.
Definition: LoggerInterface.php:21
$response
$response
Definition: proxy_ylocal.php:39