ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Private Attributes
SAML2\LogoutRequest Class Reference
+ Inheritance diagram for SAML2\LogoutRequest:
+ Collaboration diagram for SAML2\LogoutRequest:

Public Member Functions

 __construct (\DOMElement $xml=null)
 Constructor for SAML 2 logout request messages. More...
 
 getNotOnOrAfter ()
 Retrieve the expiration time of this request. More...
 
 setNotOnOrAfter ($notOnOrAfter)
 Set the expiration time of this request. More...
 
 isNameIdEncrypted ()
 Check whether the NameId is encrypted. More...
 
 encryptNameId (XMLSecurityKey $key)
 Encrypt the NameID in the LogoutRequest. More...
 
 decryptNameId (XMLSecurityKey $key, array $blacklist=array())
 Decrypt the NameID in the LogoutRequest. More...
 
 getNameId ()
 Retrieve the name identifier of the session that should be terminated. More...
 
 setNameId ($nameId)
 Set the name identifier of the session that should be terminated. More...
 
 getSessionIndexes ()
 Retrieve the SessionIndexes of the sessions that should be terminated. More...
 
 setSessionIndexes (array $sessionIndexes)
 Set the SessionIndexes of the sessions that should be terminated. More...
 
 getSessionIndex ()
 Retrieve the sesion index of the session that should be terminated. More...
 
 setSessionIndex ($sessionIndex)
 Set the sesion index of the session that should be terminated. More...
 
 toUnsignedXML ()
 Convert this logout request message to an XML element. More...
 
- Public Member Functions inherited from SAML2\Message
 addValidator ($function, $data)
 Add a method for validating this message. More...
 
 validate (XMLSecurityKey $key)
 Validate this message against a public key. More...
 
 getId ()
 Retrieve the identifier of this message. More...
 
 setId ($id)
 Set the identifier of this message. More...
 
 getIssueInstant ()
 Retrieve the issue timestamp of this message. More...
 
 setIssueInstant ($issueInstant)
 Set the issue timestamp of this message. More...
 
 getDestination ()
 Retrieve the destination of this message. More...
 
 setDestination ($destination)
 Set the destination of this message. More...
 
 setConsent ($consent)
 Set the given consent for this message. More...
 
 getConsent ()
 Set the given consent for this message. More...
 
 getIssuer ()
 Retrieve the issuer if this message. More...
 
 setIssuer ($issuer)
 Set the issuer of this message. More...
 
 isMessageConstructedWithSignature ()
 Query whether or not the message contained a signature at the root level when the object was constructed. More...
 
 getRelayState ()
 Retrieve the RelayState associated with this message. More...
 
 setRelayState ($relayState)
 Set the RelayState associated with this message. More...
 
 toUnsignedXML ()
 Convert this message to an unsigned XML document. More...
 
 toSignedXML ()
 Convert this message to a signed XML document. More...
 
 getSignatureKey ()
 Retrieve the private key we should use to sign the message. More...
 
 setSignatureKey (XMLSecurityKey $signatureKey=null)
 Set the private key we should use to sign the message. More...
 
 setCertificates (array $certificates)
 Set the certificates that should be included in the message. More...
 
 getCertificates ()
 Retrieve the certificates that are included in the message. More...
 
 getExtensions ()
 Retrieve the Extensions. More...
 
 setExtensions ($extensions)
 Set the Extensions. More...
 
 getSignatureMethod ()
 

Private Attributes

 $notOnOrAfter
 
 $encryptedNameId
 
 $nameId
 
 $sessionIndexes
 

Additional Inherited Members

- Static Public Member Functions inherited from SAML2\Message
static fromXML (\DOMElement $xml)
 Convert an XML element into a message. More...
 
- Protected Member Functions inherited from SAML2\Message
 __construct ($tagName, \DOMElement $xml=null)
 Initialize a message. More...
 
- Protected Attributes inherited from SAML2\Message
 $extensions
 
 $document
 
 $messageContainedSignatureUponConstruction = false
 

Detailed Description

Definition at line 13 of file LogoutRequest.php.

Constructor & Destructor Documentation

◆ __construct()

SAML2\LogoutRequest::__construct ( \DOMElement  $xml = null)

Constructor for SAML 2 logout request messages.

Parameters
\DOMElement | null$xmlThe input message.
Exceptions

Definition at line 51 of file LogoutRequest.php.

References $nameId, $sessionIndex, $xml, and array.

52  {
53  parent::__construct('LogoutRequest', $xml);
54 
55  $this->sessionIndexes = array();
56 
57  if ($xml === null) {
58  return;
59  }
60 
61  if ($xml->hasAttribute('NotOnOrAfter')) {
62  $this->notOnOrAfter = Utils::xsDateTimeToTimestamp($xml->getAttribute('NotOnOrAfter'));
63  }
64 
65  $nameId = Utils::xpQuery($xml, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
66  if (empty($nameId)) {
67  throw new \Exception('Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.');
68  } elseif (count($nameId) > 1) {
69  throw new \Exception('More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.');
70  }
71  $nameId = $nameId[0];
72  if ($nameId->localName === 'EncryptedData') {
73  /* The NameID element is encrypted. */
74  $this->encryptedNameId = $nameId;
75  } else {
76  $this->nameId = new XML\saml\NameID($nameId);
77  }
78 
79  $sessionIndexes = Utils::xpQuery($xml, './saml_protocol:SessionIndex');
80  foreach ($sessionIndexes as $sessionIndex) {
81  $this->sessionIndexes[] = trim($sessionIndex->textContent);
82  }
83  }
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
$xml
$xml
Definition: metadata.php:240
SAML2\Utils\xpQuery
static xpQuery(\DOMNode $node, $query)
Do an XPath query on an XML node.
Definition: Utils.php:191
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SAML2\Utils\xsDateTimeToTimestamp
static xsDateTimeToTimestamp($time)
This function converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp...
Definition: Utils.php:721

Member Function Documentation

◆ decryptNameId()

SAML2\LogoutRequest::decryptNameId ( XMLSecurityKey  $key,
array  $blacklist = array() 
)

Decrypt the NameID in the LogoutRequest.

Parameters
XMLSecurityKey$keyThe decryption key.
array$blacklistBlacklisted decryption algorithms.

Definition at line 156 of file LogoutRequest.php.

References $nameId.

157  {
158  if ($this->encryptedNameId === null) {
159  /* No NameID to decrypt. */
160 
161  return;
162  }
163 
164  $nameId = Utils::decryptElement($this->encryptedNameId, $key, $blacklist);
165  Utils::getContainer()->debugMessage($nameId, 'decrypt');
166  $this->nameId = new XML\saml\NameID($nameId);
167 
168  $this->encryptedNameId = null;
169  }
SAML2\Utils\decryptElement
static decryptElement(\DOMElement $encryptedData, XMLSecurityKey $inputKey, array $blacklist=array())
Decrypt an encrypted element.
Definition: Utils.php:558
$key
$key
Definition: croninfo.php:18
SAML2\Utils\getContainer
static getContainer()
Definition: Utils.php:752

◆ encryptNameId()

SAML2\LogoutRequest::encryptNameId ( XMLSecurityKey  $key)

Encrypt the NameID in the LogoutRequest.

Parameters
XMLSecurityKey$keyThe encryption key.

Definition at line 126 of file LogoutRequest.php.

References $nameId.

127  {
128  /* First create a XML representation of the NameID. */
129  $doc = DOMDocumentFactory::create();
130  $root = $doc->createElement('root');
131  $doc->appendChild($root);
132  $this->nameId->toXML($root);
133  $nameId = $root->firstChild;
134 
135  Utils::getContainer()->debugMessage($nameId, 'encrypt');
136 
137  /* Encrypt the NameID. */
138  $enc = new XMLSecEnc();
139  $enc->setNode($nameId);
140  $enc->type = XMLSecEnc::Element;
141 
142  $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
143  $symmetricKey->generateSessionKey();
144  $enc->encryptKey($key, $symmetricKey);
145 
146  $this->encryptedNameId = $enc->encryptNode($symmetricKey);
147  $this->nameId = null;
148  }
$key
$key
Definition: croninfo.php:18
SAML2\Utils\getContainer
static getContainer()
Definition: Utils.php:752

◆ getNameId()

SAML2\LogoutRequest::getNameId ( )

Retrieve the name identifier of the session that should be terminated.

Returns
The name identifier of the session that should be terminated.
Exceptions

Definition at line 177 of file LogoutRequest.php.

References $nameId.

178  {
179  if ($this->encryptedNameId !== null) {
180  throw new \Exception('Attempted to retrieve encrypted NameID without decrypting it first.');
181  }
182 
183  return $this->nameId;
184  }

◆ getNotOnOrAfter()

SAML2\LogoutRequest::getNotOnOrAfter ( )

Retrieve the expiration time of this request.

Returns
int|null The expiration time of this request.

Definition at line 90 of file LogoutRequest.php.

91  {
92  return $this->notOnOrAfter;
93  }

◆ getSessionIndex()

SAML2\LogoutRequest::getSessionIndex ( )

Retrieve the sesion index of the session that should be terminated.

Returns
string|null The sesion index of the session that should be terminated.

Definition at line 226 of file LogoutRequest.php.

227  {
228  if (empty($this->sessionIndexes)) {
229  return null;
230  }
231 
232  return $this->sessionIndexes[0];
233  }

◆ getSessionIndexes()

SAML2\LogoutRequest::getSessionIndexes ( )

Retrieve the SessionIndexes of the sessions that should be terminated.

Returns
array The SessionIndexes, or an empty array if all sessions should be terminated.

Definition at line 206 of file LogoutRequest.php.

207  {
208  return $this->sessionIndexes;
209  }

◆ isNameIdEncrypted()

SAML2\LogoutRequest::isNameIdEncrypted ( )

Check whether the NameId is encrypted.

Returns
true if the NameId is encrypted, false if not.

Definition at line 112 of file LogoutRequest.php.

113  {
114  if ($this->encryptedNameId !== null) {
115  return true;
116  }
117 
118  return false;
119  }

◆ setNameId()

SAML2\LogoutRequest::setNameId (   $nameId)

Set the name identifier of the session that should be terminated.

Parameters
\SAML2\XML\saml\NameID | array | null$nameIdThe name identifier of the session that should be terminated.

Definition at line 191 of file LogoutRequest.php.

References $nameId.

192  {
193  assert(is_array($nameId) || $nameId instanceof XML\saml\NameID);
194 
195  if (is_array($nameId)) {
196  $nameId = XML\saml\NameID::fromArray($nameId);
197  }
198  $this->nameId = $nameId;
199  }
SAML2\XML\saml\NameIDType\fromArray
static fromArray(array $nameId)
Create a object from an array with its contents.
Definition: NameIDType.php:87

◆ setNotOnOrAfter()

SAML2\LogoutRequest::setNotOnOrAfter (   $notOnOrAfter)

Set the expiration time of this request.

Parameters
int | null$notOnOrAfterThe expiration time of this request.

Definition at line 100 of file LogoutRequest.php.

101  {
102  assert(is_int($notOnOrAfter) || is_null($notOnOrAfter));
103 
104  $this->notOnOrAfter = $notOnOrAfter;
105  }

◆ setSessionIndex()

SAML2\LogoutRequest::setSessionIndex (   $sessionIndex)

Set the sesion index of the session that should be terminated.

Parameters
string | null$sessionIndexThe sesion index of the session that should be terminated.

Definition at line 240 of file LogoutRequest.php.

References $sessionIndex, and array.

241  {
242  assert(is_string($sessionIndex) || is_null($sessionIndex));
243 
244  if (is_null($sessionIndex)) {
245  $this->sessionIndexes = array();
246  } else {
247  $this->sessionIndexes = array($sessionIndex);
248  }
249  }
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ setSessionIndexes()

SAML2\LogoutRequest::setSessionIndexes ( array  $sessionIndexes)

Set the SessionIndexes of the sessions that should be terminated.

Parameters
array$sessionIndexesThe SessionIndexes, or an empty array if all sessions should be terminated.

Definition at line 216 of file LogoutRequest.php.

217  {
218  $this->sessionIndexes = $sessionIndexes;
219  }

◆ toUnsignedXML()

SAML2\LogoutRequest::toUnsignedXML ( )

Convert this logout request message to an XML element.

Returns
This logout request.

Definition at line 256 of file LogoutRequest.php.

References $sessionIndex.

257  {
258  $root = parent::toUnsignedXML();
259 
260  if ($this->notOnOrAfter !== null) {
261  $root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
262  }
263 
264  if ($this->encryptedNameId === null) {
265  $this->nameId->toXML($root);
266  } else {
267  $eid = $root->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:' . 'EncryptedID');
268  $root->appendChild($eid);
269  $eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, true));
270  }
271 
272  foreach ($this->sessionIndexes as $sessionIndex) {
273  Utils::addString($root, Constants::NS_SAMLP, 'SessionIndex', $sessionIndex);
274  }
275 
276  return $root;
277  }
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
SAML2\Utils\addString
static addString(\DOMElement $parent, $namespace, $name, $value)
Append string element.
Definition: Utils.php:635
SAML2\Constants\NS_SAMLP
const NS_SAMLP
The namespace for the SAML 2 protocol.
Definition: Constants.php:215
SAML2\Constants\NS_SAML
const NS_SAML
The namespace for the SAML 2 assertions.
Definition: Constants.php:220

Field Documentation

◆ $encryptedNameId

SAML2\LogoutRequest::$encryptedNameId
private

Definition at line 29 of file LogoutRequest.php.

◆ $nameId

SAML2\LogoutRequest::$nameId
private

Definition at line 36 of file LogoutRequest.php.

◆ $notOnOrAfter

SAML2\LogoutRequest::$notOnOrAfter
private

Definition at line 20 of file LogoutRequest.php.

◆ $sessionIndexes

SAML2\LogoutRequest::$sessionIndexes
private

Definition at line 43 of file LogoutRequest.php.

The documentation for this class was generated from the following file: