dc/db3/HTTPRedirect_8php_source.html

<?php


namespace SAML2;


use RobRichards\XMLSecLibs\XMLSecurityKey;


class HTTPRedirect extends Binding

{

    const DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE';


    public function getRedirectURL(Message $message)

    {

        if ($this->destination === null) {

            $destination = $message->getDestination();

        } else {

            $destination = $this->destination;

        }


        $relayState = $message->getRelayState();


        $key = $message->getSignatureKey();


        $msgStr = $message->toUnsignedXML();

        $msgStr = $msgStr->ownerDocument->saveXML($msgStr);


        Utils::getContainer()->debugMessage($msgStr, 'out');


        $msgStr = gzdeflate($msgStr);

        $msgStr = base64_encode($msgStr);


        /* Build the query string. */


        if ($message instanceof Request) {

            $msg = 'SAMLRequest=';

        } else {

            $msg = 'SAMLResponse=';

        }

        $msg .= urlencode($msgStr);


        if ($relayState !== null) {

            $msg .= '&RelayState=' . urlencode($relayState);

        }


        if ($key !== null) {

            /* Add the signature. */

            $msg .= '&SigAlg=' . urlencode($key->type);


            $signature = $key->signData($msg);

            $msg .= '&Signature=' . urlencode(base64_encode($signature));

        }


        if (strpos($destination, '?') === false) {

            $destination .= '?' . $msg;

        } else {

            $destination .= '&' . $msg;

        }


        return $destination;

    }


    public function send(Message $message)

    {

        $destination = $this->getRedirectURL($message);

        Utils::getContainer()->getLogger()->debug('Redirect to ' . strlen($destination) . ' byte URL: ' . $destination);

        Utils::getContainer()->redirect($destination);

    }


    public function receive()

    {

        $data = self::parseQuery();

        if (array_key_exists('SAMLRequest', $data)) {

            $message = $data['SAMLRequest'];

        } elseif (array_key_exists('SAMLResponse', $data)) {

            $message = $data['SAMLResponse'];

        } else {

            throw new \Exception('Missing SAMLRequest or SAMLResponse parameter.');

        }


        if (isset($data['SAMLEncoding']) && $data['SAMLEncoding'] !== self::DEFLATE) {

            throw new \Exception('Unknown SAMLEncoding: ' . var_export($data['SAMLEncoding'], true));

        }


        $message = base64_decode($message);

        if ($message === false) {

            throw new \Exception('Error while base64 decoding SAML message.');

        }


        $message = gzinflate($message);

        if ($message === false) {

            throw new \Exception('Error while inflating SAML message.');

        }


        Utils::getContainer()->debugMessage($message, 'in');

        $document = DOMDocumentFactory::fromString($message);

        $xml      = $document->firstChild;

        $message  = Message::fromXML($xml);


        if (array_key_exists('RelayState', $data)) {

            $message->setRelayState($data['RelayState']);

        }


        if (!array_key_exists('Signature', $data)) {

            return $message;

        }


        if (!array_key_exists('SigAlg', $data)) {

            throw new \Exception('Missing signature algorithm.');

        }


        $signData = array(

            'Signature' => $data['Signature'],

            'SigAlg'    => $data['SigAlg'],

            'Query'     => $data['SignedQuery'],

        );


        $message->addValidator(array(get_class($this), 'validateSignature'), $signData);


        return $message;

    }


    private static function parseQuery()

    {

        /*

         * Parse the query string. We need to do this ourself, so that we get access

         * to the raw (urlencoded) values. This is required because different software

         * can urlencode to different values.

         */

        $data = array();

        $relayState = '';

        $sigAlg = '';

        $sigQuery = '';

        foreach (explode('&', $_SERVER['QUERY_STRING']) as $e) {

            $tmp = explode('=', $e, 2);

            $name = $tmp[0];

            if (count($tmp) === 2) {

                $value = $tmp[1];

            } else {

                /* No value for this parameter. */

                $value = '';

            }

            $name = urldecode($name);

            $data[$name] = urldecode($value);


            switch ($name) {

                case 'SAMLRequest':

                case 'SAMLResponse':

                    $sigQuery = $name . '=' . $value;

                    break;

                case 'RelayState':

                    $relayState = '&RelayState=' . $value;

                    break;

                case 'SigAlg':

                    $sigAlg = '&SigAlg=' . $value;

                    break;

            }

        }


        $data['SignedQuery'] = $sigQuery . $relayState . $sigAlg;


        return $data;

    }


    public static function validateSignature(array $data, XMLSecurityKey $key)

    {

        assert(array_key_exists("Query", $data));

        assert(array_key_exists("SigAlg", $data));

        assert(array_key_exists("Signature", $data));


        $query = $data['Query'];

        $sigAlg = $data['SigAlg'];

        $signature = $data['Signature'];


        $signature = base64_decode($signature);


        if ($key->type !== XMLSecurityKey::RSA_SHA1) {

            throw new \Exception('Invalid key type for validating signature on query string.');

        }

        if ($key->type !== $sigAlg) {

            $key = Utils::castKey($key, $sigAlg);

        }


        if ($key->verifySignature($query, $signature) !== 1) {

            throw new \Exception('Unable to validate signature on query string.');

        }

    }

}

php
An exception for terminatinating execution or to throw for unit testing.

RobRichards\XMLSecLibs\XMLSecurityKey
xmlseclibs.php
Definition: XMLSecurityKey.php:48

SAML2\Binding
Definition: Binding.php:11

SAML2\HTTPRedirect
Definition: HTTPRedirect.php:13

SAML2\HTTPRedirect\getRedirectURL
getRedirectURL(Message $message)
Create the redirect URL for a message.
Definition: HTTPRedirect.php:22

SAML2\HTTPRedirect\validateSignature
static validateSignature(array $data, XMLSecurityKey $key)
Validate the signature on a HTTP-Redirect message.
Definition: HTTPRedirect.php:210

SAML2\HTTPRedirect\parseQuery
static parseQuery()
Helper function to parse query data.
Definition: HTTPRedirect.php:159

SAML2\HTTPRedirect\receive
receive()
Receive a SAML 2 message sent using the HTTP-Redirect binding.
Definition: HTTPRedirect.php:97

SAML2\HTTPRedirect\send
send(Message $message)
Send a SAML 2 message using the HTTP-Redirect binding.
Definition: HTTPRedirect.php:79

SAML2\Message
Base class for all SAML 2 messages.
Definition: Message.php:19

SAML2\Request
Definition: Request.php:15

$key
$key
Definition: croninfo.php:18

$name
if($format !==null) $name
Definition: metadata.php:146

$xml
$xml
Definition: metadata.php:240

$message
catch(Exception $e) $message
Definition: saml2-logout.php:34

$destination
$destination
Definition: saml2-logout.php:50

$relayState
$relayState
Definition: logout-iframe-post.php:14

SAML2
Definition: ArtifactResolve.php:3

$query
$query
Definition: proxy_ylocal.php:13

$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

$data
$data
Definition: test-settings.sample.php:14