53 parent::__construct(
'LogoutRequest',
$xml);
55 $this->sessionIndexes = array();
61 if (
$xml->hasAttribute(
'NotOnOrAfter')) {
62 $this->notOnOrAfter = Utils::xsDateTimeToTimestamp(
$xml->getAttribute(
'NotOnOrAfter'));
65 $nameId = Utils::xpQuery(
$xml,
'./saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
67 throw new \Exception(
'Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.');
69 throw new \Exception(
'More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.');
72 if (
$nameId->localName ===
'EncryptedData') {
74 $this->encryptedNameId =
$nameId;
79 $sessionIndexes = Utils::xpQuery(
$xml,
'./saml_protocol:SessionIndex');
92 return $this->notOnOrAfter;
102 assert(is_int($notOnOrAfter) || is_null($notOnOrAfter));
104 $this->notOnOrAfter = $notOnOrAfter;
114 if ($this->encryptedNameId !==
null) {
129 $doc = DOMDocumentFactory::create();
130 $root = $doc->createElement(
'root');
131 $doc->appendChild(
$root);
132 $this->nameId->toXML(
$root);
135 Utils::getContainer()->debugMessage(
$nameId,
'encrypt');
140 $enc->type = XMLSecEnc::Element;
143 $symmetricKey->generateSessionKey();
144 $enc->encryptKey(
$key, $symmetricKey);
146 $this->encryptedNameId = $enc->encryptNode($symmetricKey);
147 $this->nameId =
null;
158 if ($this->encryptedNameId ===
null) {
164 $nameId = Utils::decryptElement($this->encryptedNameId,
$key, $blacklist);
165 Utils::getContainer()->debugMessage(
$nameId,
'decrypt');
168 $this->encryptedNameId =
null;
179 if ($this->encryptedNameId !==
null) {
180 throw new \Exception(
'Attempted to retrieve encrypted NameID without decrypting it first.');
208 return $this->sessionIndexes;
218 $this->sessionIndexes = $sessionIndexes;
228 if (empty($this->sessionIndexes)) {
232 return $this->sessionIndexes[0];
245 $this->sessionIndexes = array();
258 $root = parent::toUnsignedXML();
260 if ($this->notOnOrAfter !==
null) {
261 $root->setAttribute(
'NotOnOrAfter', gmdate(
'Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
264 if ($this->encryptedNameId ===
null) {
265 $this->nameId->toXML(
$root);
267 $eid =
$root->ownerDocument->createElementNS(Constants::NS_SAML,
'saml:' .
'EncryptedID');
268 $root->appendChild($eid);
269 $eid->appendChild(
$root->ownerDocument->importNode($this->encryptedNameId,
true));
An exception for terminatinating execution or to throw for unit testing.
toUnsignedXML()
Convert this logout request message to an XML element.
encryptNameId(XMLSecurityKey $key)
Encrypt the NameID in the LogoutRequest.
getNotOnOrAfter()
Retrieve the expiration time of this request.
getSessionIndexes()
Retrieve the SessionIndexes of the sessions that should be terminated.
getSessionIndex()
Retrieve the sesion index of the session that should be terminated.
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameID in the LogoutRequest.
getNameId()
Retrieve the name identifier of the session that should be terminated.
setNotOnOrAfter($notOnOrAfter)
Set the expiration time of this request.
setSessionIndex($sessionIndex)
Set the sesion index of the session that should be terminated.
setSessionIndexes(array $sessionIndexes)
Set the SessionIndexes of the sessions that should be terminated.
__construct(\DOMElement $xml=null)
Constructor for SAML 2 logout request messages.
isNameIdEncrypted()
Check whether the NameId is encrypted.
setNameId($nameId)
Set the name identifier of the session that should be terminated.