SAML2\Utils Class Reference

Collaboration diagram for SAML2\Utils:

Static Public Member Functions
static	castKey (XMLSecurityKey $key, $algorithm, $type='public')
	Helper function to convert a XMLSecurityKey to the correct algorithm. More...
static	xpQuery (\DOMNode $node, $query)
	Do an XPath query on an XML node. More...
static	parseBoolean (\DOMElement $node, $attributeName, $default=null)
	Parse a boolean attribute. More...
static	addNameId (\DOMElement $node, array $nameId)
	Create a NameID element. More...
static	parseNameId (\DOMElement $xml)
	Parse a NameID element. More...
static	insertSignature (XMLSecurityKey $key, array $certificates, \DOMElement $root, \DOMNode $insertBefore=null)
	Insert a Signature-node. More...
static	decryptElement (\DOMElement $encryptedData, XMLSecurityKey $inputKey, array $blacklist=array())
	Decrypt an encrypted element. More...
static	extractLocalizedStrings (\DOMElement $parent, $namespaceURI, $localName)
	Extract localized strings from a set of nodes. More...
static	extractStrings (\DOMElement $parent, $namespaceURI, $localName)
	Extract strings from a set of nodes. More...
static	addString (\DOMElement $parent, $namespace, $name, $value)
	Append string element. More...
static	addStrings (\DOMElement $parent, $namespace, $name, $localized, array $values)
	Append string elements. More...
static	createKeyDescriptor ($x509Data)
	Create a KeyDescriptor with the given certificate. More...
static	xsDateTimeToTimestamp ($time)
	This function converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp. More...
static	getContainer ()

Detailed Description

Definition at line 20 of file Utils.php.

Member Function Documentation

addNameId()

static SAML2\Utils::addNameId ( \DOMElement  $node, array  $nameId  )

static

Create a NameID element.

The NameId array can have the following elements: 'Value', 'Format', 'NameQualifier, 'SPNameQualifier' and 'SPProviderID'.

Only the 'Value'-element is required.

Parameters

\DOMElement	$node	The DOM node we should append the NameId to.
array	$nameId	The name identifier.

Deprecated:

Please use objects instead: $nameId = new (); $nameId->value = $value; ... $nameId->toXML($node);

Definition at line 314 of file Utils.php.

    {
        assert(array_key_exists("Value", $nameId));

        $nid = new XML\saml\NameID();

        $nid->value = $nameId['Value'];

        if (array_key_exists('NameQualifier', $nameId) && $nameId['NameQualifier'] !== null) {
            $nid->NameQualifier = $nameId['NameQualifier'];
        }
        if (array_key_exists('SPNameQualifier', $nameId) && $nameId['SPNameQualifier'] !== null) {
            $nid->SPNameQualifier = $nameId['SPNameQualifier'];
        }
        if (array_key_exists('Format', $nameId) && $nameId['Format'] !== null) {
            $nid->Format = $nameId['Format'];
        }

        $nid->toXML($node);
    }

addString()

static SAML2\Utils::addString ( \DOMElement  $parent,   $namespace,   $name,   $value  )

static

Append string element.

Parameters

\DOMElement	$parent	The parent element we should append the new nodes to.
string	$namespace	The namespace of the created element.
string	$name	The name of the created element.
string	$value	The value of the element.

Returns

The generated element.

Definition at line 635 of file Utils.php.

References $n, $name, and $namespace.

Referenced by SAML2\XML\ds\KeyName\toXML(), SAML2\XML\ds\X509Certificate\toXML(), SAML2\XML\md\AdditionalMetadataLocation\toXML(), and SAML2\XML\md\ContactPerson\toXML().

    {
        assert(is_string($namespace));
        assert(is_string($name));
        assert(is_string($value));

        $doc = $parent->ownerDocument;

        $n = $doc->createElementNS($namespace, $name);
        $n->appendChild($doc->createTextNode($value));
        $parent->appendChild($n);

        return $n;
    }

Here is the caller graph for this function:

addStrings()

static SAML2\Utils::addStrings ( \DOMElement  $parent,   $namespace,   $name,   $localized, array  $values  )

static

Append string elements.

Parameters

\DOMElement	$parent	The parent element we should append the new nodes to.
string	$namespace	The namespace of the created elements
string	$name	The name of the created elements
bool	$localized	Whether the strings are localized, and should include the xml:lang attribute.
array	$values	The values we should create the elements from.

Definition at line 659 of file Utils.php.

References $index, $n, $name, and $namespace.

Referenced by SAML2\XML\mdrpi\RegistrationInfo\toXML(), SAML2\XML\mdui\DiscoHints\toXML(), SAML2\XML\md\AuthnAuthorityDescriptor\toXML(), SAML2\XML\md\PDPDescriptor\toXML(), SAML2\XML\mdrpi\PublicationInfo\toXML(), SAML2\XML\md\Organization\toXML(), SAML2\XML\md\SSODescriptorType\toXML(), SAML2\XML\md\AttributeConsumingService\toXML(), SAML2\XML\md\AttributeAuthorityDescriptor\toXML(), SAML2\XML\mdui\UIInfo\toXML(), SAML2\XML\md\IDPSSODescriptor\toXML(), SAML2\XML\md\AffiliationDescriptor\toXML(), and SAML2\XML\md\ContactPerson\toXML().

    {
        assert(is_string($namespace));
        assert(is_string($name));
        assert(is_bool($localized));

        $doc = $parent->ownerDocument;

        foreach ($values as $index => $value) {
            $n = $doc->createElementNS($namespace, $name);
            $n->appendChild($doc->createTextNode($value));
            if ($localized) {
                $n->setAttribute('xml:lang', $index);
            }
            $parent->appendChild($n);
        }
    }

Here is the caller graph for this function:

castKey()

static SAML2\Utils::castKey ( XMLSecurityKey  $key,   $algorithm,   $type = 'public'  )

static

Helper function to convert a XMLSecurityKey to the correct algorithm.

Parameters

XMLSecurityKey	$key	The key.
string	$algorithm	The desired algorithm.
string	$type	Public or private key, defaults to public.

Returns

XMLSecurityKey The new key.

Exceptions

Definition at line 112 of file Utils.php.

References $algo, $info, $key, $type, and array.

    {
        assert(is_string($algorithm));
        assert($type === "public" || $type === "private");

        // do nothing if algorithm is already the type of the key
        if ($key->type === $algorithm) {
            return $key;
        }

        if (!in_array($algorithm, array(
            XMLSecurityKey::RSA_1_5,
            XMLSecurityKey::RSA_SHA1,
            XMLSecurityKey::RSA_SHA256,
            XMLSecurityKey::RSA_SHA384,
            XMLSecurityKey::RSA_SHA512
        ))) {
            throw new \Exception('Unsupported signing algorithm.');
        }

        $keyInfo = openssl_pkey_get_details($key->key);
        if ($keyInfo === false) {
            throw new \Exception('Unable to get key details from XMLSecurityKey.');
        }
        if (!isset($keyInfo['key'])) {
            throw new \Exception('Missing key in public key details.');
        }

        $newKey = new XMLSecurityKey($algorithm, array('type'=>$type));
        $newKey->loadKey($keyInfo['key']);

        return $newKey;
    }

createKeyDescriptor()

static SAML2\Utils::createKeyDescriptor (   $x509Data )

static

Create a KeyDescriptor with the given certificate.

Parameters

string

$x509Data

The certificate, as a base64-encoded DER data.

Returns

The keydescriptor.

Definition at line 683 of file Utils.php.

    {
        assert(is_string($x509Data));

        $x509Certificate = new X509Certificate();
        $x509Certificate->certificate = $x509Data;

        $x509Data = new X509Data();
        $x509Data->data[] = $x509Certificate;

        $keyInfo = new KeyInfo();
        $keyInfo->info[] = $x509Data;

        $keyDescriptor = new KeyDescriptor();
        $keyDescriptor->KeyInfo = $keyInfo;

        return $keyDescriptor;
    }

decryptElement()

static SAML2\Utils::decryptElement ( \DOMElement  $encryptedData, XMLSecurityKey  $inputKey, array  $blacklist = array()  )

static

Decrypt an encrypted element.

Parameters

\DOMElement	$encryptedData	The encrypted data.
XMLSecurityKey	$inputKey	The decryption key.
array	$blacklist	Blacklisted decryption algorithms.

Returns

The decrypted element.

Exceptions

Definition at line 558 of file Utils.php.

    {
        try {
            return self::doDecryptElement($encryptedData, $inputKey, $blacklist);
        } catch (\Exception $e) {
            /*
             * Something went wrong during decryption, but for security
             * reasons we cannot tell the user what failed.
             */
            Utils::getContainer()->getLogger()->error('Decryption failed: ' . $e->getMessage());
            throw new \Exception('Failed to decrypt XML element.', 0, $e);
        }
    }

extractLocalizedStrings()

static SAML2\Utils::extractLocalizedStrings ( \DOMElement  $parent,   $namespaceURI,   $localName  )

static

Extract localized strings from a set of nodes.

Parameters

\DOMElement	$parent	The element that contains the localized strings.
string	$namespaceURI	The namespace URI the localized strings should have.
string	$localName	The localName of the localized strings.

Returns

array Localized strings.

Definition at line 580 of file Utils.php.

References $ret, and array.

Referenced by SAML2\XML\mdrpi\RegistrationInfo\__construct(), SAML2\XML\md\Organization\__construct(), SAML2\XML\mdrpi\PublicationInfo\__construct(), SAML2\XML\md\AttributeConsumingService\__construct(), and SAML2\XML\mdui\UIInfo\__construct().

    {
        assert(is_string($namespaceURI));
        assert(is_string($localName));

        $ret = array();
        for ($node = $parent->firstChild; $node !== null; $node = $node->nextSibling) {
            if ($node->namespaceURI !== $namespaceURI || $node->localName !== $localName) {
                continue;
            }

            if ($node->hasAttribute('xml:lang')) {
                $language = $node->getAttribute('xml:lang');
            } else {
                $language = 'en';
            }
            $ret[$language] = trim($node->textContent);
        }

        return $ret;
    }

Here is the caller graph for this function:

extractStrings()

static SAML2\Utils::extractStrings ( \DOMElement  $parent,   $namespaceURI,   $localName  )

static

Extract strings from a set of nodes.

Parameters

\DOMElement	$parent	The element that contains the localized strings.
string	$namespaceURI	The namespace URI the string elements should have.
string	$localName	The localName of the string elements.

Returns

array The string values of the various nodes.

Definition at line 610 of file Utils.php.

References $ret, and array.

Referenced by SAML2\XML\md\AuthnAuthorityDescriptor\__construct(), SAML2\XML\md\PDPDescriptor\__construct(), SAML2\XML\mdui\DiscoHints\__construct(), SAML2\XML\md\SSODescriptorType\__construct(), SAML2\XML\md\AttributeAuthorityDescriptor\__construct(), SAML2\XML\md\IDPSSODescriptor\__construct(), and SAML2\XML\md\AffiliationDescriptor\__construct().

    {
        assert(is_string($namespaceURI));
        assert(is_string($localName));

        $ret = array();
        for ($node = $parent->firstChild; $node !== null; $node = $node->nextSibling) {
            if ($node->namespaceURI !== $namespaceURI || $node->localName !== $localName) {
                continue;
            }
            $ret[] = trim($node->textContent);
        }

        return $ret;
    }

Here is the caller graph for this function:

getContainer()

static SAML2\Utils::getContainer ( )

static

Returns

Definition at line 752 of file Utils.php.

    {
        return ContainerSingleton::getInstance();
    }

insertSignature()

static SAML2\Utils::insertSignature ( XMLSecurityKey  $key, array  $certificates, \DOMElement  $root, \DOMNode  $insertBefore = null  )

static

Insert a Signature-node.

Parameters

XMLSecurityKey	$key	The key we should use to sign the message.
array	$certificates	The certificates we should add to the signature node.
\DOMElement	$root	The XML node we should sign.
\DOMNode	$insertBefore	The XML element we should insert the signature element before.

Definition at line 364 of file Utils.php.

References $certificate, $type, $xml, array, RobRichards\XMLSecLibs\XMLSecurityKey\getAlgorithm(), and RobRichards\XMLSecLibs\XMLSecurityKey\getSymmetricKeySize().

      {
        $objXMLSecDSig = new XMLSecurityDSig();
        $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);

        switch ($key->type) {
            case XMLSecurityKey::RSA_SHA256:
                $type = XMLSecurityDSig::SHA256;
                break;
            case XMLSecurityKey::RSA_SHA384:
                $type = XMLSecurityDSig::SHA384;
                break;
            case XMLSecurityKey::RSA_SHA512:
                $type = XMLSecurityDSig::SHA512;
                break;
            default:
                $type = XMLSecurityDSig::SHA1;
        }

        $objXMLSecDSig->addReferenceList(
            array($root),
            $type,
            array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
            array('id_name' => 'ID', 'overwrite' => false)
        );

        $objXMLSecDSig->sign($key);

        foreach ($certificates as $certificate) {
            $objXMLSecDSig->add509Cert($certificate, true);
        }

        $objXMLSecDSig->insertSignature($root, $insertBefore);
    }

Here is the call graph for this function:

parseBoolean()

static SAML2\Utils::parseBoolean ( \DOMElement  $node,   $attributeName,   $default = null  )

static

Parse a boolean attribute.

Parameters

\DOMElement	$node	The element we should fetch the attribute from.
string	$attributeName	The name of the attribute.
mixed	$default	The value that should be returned if the attribute doesn't exist.

Returns

bool|mixed The value of the attribute, or $default if the attribute doesn't exist.

Exceptions

Definition at line 276 of file Utils.php.

Referenced by SAML2\XML\md\RequestedAttribute\__construct(), SAML2\XML\md\IndexedEndpointType\__construct(), SAML2\XML\shibmd\Scope\__construct(), SAML2\XML\md\SPSSODescriptor\__construct(), SAML2\XML\md\AttributeConsumingService\__construct(), and SAML2\XML\md\IDPSSODescriptor\__construct().

    {
        assert(is_string($attributeName));

        if (!$node->hasAttribute($attributeName)) {
            return $default;
        }
        $value = $node->getAttribute($attributeName);
        switch (strtolower($value)) {
            case '0':
            case 'false':
                return false;
            case '1':
            case 'true':
                return true;
            default:
                throw new \Exception('Invalid value of boolean attribute ' . var_export($attributeName, true) . ': ' . var_export($value, true));
        }
    }

Here is the caller graph for this function:

parseNameId()

static SAML2\Utils::parseNameId ( \DOMElement  $xml )

static

Parse a NameID element.

Parameters

\DOMElement

$xml

The DOM element we should parse.

Returns

array The parsed name identifier.

Deprecated:

Please use objects instead: $nameId = new ($xml);

Definition at line 343 of file Utils.php.

References $ret, and array.

    {
        $ret = array('Value' => trim($xml->textContent));

        foreach (array('NameQualifier', 'SPNameQualifier', 'SPProvidedID', 'Format') as $attr) {
            if ($xml->hasAttribute($attr)) {
                $ret[$attr] = $xml->getAttribute($attr);
            }
        }

        return $ret;
    }

xpQuery()

static SAML2\Utils::xpQuery ( \DOMNode  $node,   $query  )

static

Do an XPath query on an XML node.

Parameters

\DOMNode	$node	The XML node.
string	$query	The query.

Returns

[] Array with matching DOM nodes.

Definition at line 191 of file Utils.php.

References $i, $query, $results, $ret, and array.

Referenced by SAML2\XML\mdattr\EntityAttributes\__construct(), SAML2\XML\saml\SubjectConfirmation\__construct(), SAML2\XML\md\KeyDescriptor\__construct(), SAML2\XML\md\AuthnAuthorityDescriptor\__construct(), SAML2\XML\md\PDPDescriptor\__construct(), SAML2\XML\mdui\DiscoHints\__construct(), SAML2\XML\saml\Attribute\__construct(), SAML2\XML\md\SPSSODescriptor\__construct(), SAML2\XML\md\SSODescriptorType\__construct(), SAML2\XML\md\AttributeConsumingService\__construct(), SAML2\XML\md\EntitiesDescriptor\__construct(), SAML2\XML\md\AttributeAuthorityDescriptor\__construct(), SAML2\XML\mdui\UIInfo\__construct(), SAML2\XML\md\IDPSSODescriptor\__construct(), SAML2\XML\md\AffiliationDescriptor\__construct(), SAML2\XML\md\EntityDescriptor\__construct(), SAML2\XML\md\RoleDescriptor\__construct(), SAML2\XML\samlp\Extensions\getList(), SAML2\XML\md\Extensions\getList(), and SAML2\XML\md\ContactPerson\getStringElements().

    {
        assert(is_string($query));
        static $xpCache = null;

        if ($node instanceof \DOMDocument) {
            $doc = $node;
        } else {
            $doc = $node->ownerDocument;
        }

        if ($xpCache === null || !$xpCache->document->isSameNode($doc)) {
            $xpCache = new \DOMXPath($doc);
            $xpCache->registerNamespace('soap-env', Constants::NS_SOAP);
            $xpCache->registerNamespace('saml_protocol', Constants::NS_SAMLP);
            $xpCache->registerNamespace('saml_assertion', Constants::NS_SAML);
            $xpCache->registerNamespace('saml_metadata', Constants::NS_MD);
            $xpCache->registerNamespace('ds', XMLSecurityDSig::XMLDSIGNS);
            $xpCache->registerNamespace('xenc', XMLSecEnc::XMLENCNS);
        }

        $results = $xpCache->query($query, $node);
        $ret = array();
        for ($i = 0; $i < $results->length; $i++) {
            $ret[$i] = $results->item($i);
        }

        return $ret;
    }

Here is the caller graph for this function:

xsDateTimeToTimestamp()

static SAML2\Utils::xsDateTimeToTimestamp (   $time )

static

This function converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp.

The sub-second part is ignored.

Andreas comments: I got this timestamp from Shibboleth 1.3 IdP: 2008-01-17T11:28:03.577Z Therefore I added to possibility to have microseconds to the format. Added: (.\d{1,3})? to the regex.

Note that we always require a 'Z' timezone for the dateTime to be valid. This is not in the SAML spec but that's considered to be a bug in the spec. See https://github.com/simplesamlphp/saml2/pull/36 for some background.

Parameters

string

$time

The time we should convert.

Returns

int Converted to a unix timestamp.

Exceptions

Definition at line 721 of file Utils.php.

References $time, and array.

Referenced by SAML2\XML\mdrpi\RegistrationInfo\__construct(), SAML2\XML\mdrpi\PublicationInfo\__construct(), SAML2\XML\md\EntitiesDescriptor\__construct(), SAML2\XML\saml\SubjectConfirmationData\__construct(), SAML2\XML\md\AffiliationDescriptor\__construct(), SAML2\XML\md\EntityDescriptor\__construct(), SAML2\XML\md\RoleDescriptor\__construct(), SimpleSAML_Metadata_SAMLBuilder\addExtensions(), SimpleSAML_Utilities\checkDateConditions(), and SimpleSAML\XML\Shib13\AuthnResponse\checkDateConditions().

    {
        $matches = array();

        // We use a very strict regex to parse the timestamp.
        $regex = '/^(\\d\\d\\d\\d)-(\\d\\d)-(\\d\\d)T(\\d\\d):(\\d\\d):(\\d\\d)(?:\\.\\d{1,9})?Z$/D';
        if (preg_match($regex, $time, $matches) == 0) {
            throw new \Exception(
                'Invalid SAML2 timestamp passed to xsDateTimeToTimestamp: ' . $time
            );
        }

        // Extract the different components of the time from the  matches in the regex.
        // intval will ignore leading zeroes in the string.
        $year   = intval($matches[1]);
        $month  = intval($matches[2]);
        $day    = intval($matches[3]);
        $hour   = intval($matches[4]);
        $minute = intval($matches[5]);
        $second = intval($matches[6]);

        // We use gmmktime because the timestamp will always be given
        //in UTC.
        $ts = gmmktime($hour, $minute, $second, $month, $day, $year);

        return $ts;
    }

Here is the caller graph for this function:

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/saml2/src/SAML2/Utils.php