ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
LogoutRequest.php
Go to the documentation of this file.
1 <?php
2 
3 namespace SAML2;
4 
5 use RobRichards\XMLSecLibs\XMLSecEnc;
6 use RobRichards\XMLSecLibs\XMLSecurityKey;
7 
13 class LogoutRequest extends Request
14 {
20  private $notOnOrAfter;
21 
29  private $encryptedNameId;
30 
36  private $nameId;
37 
43  private $sessionIndexes;
44 
51  public function __construct(\DOMElement $xml = null)
52  {
53  parent::__construct('LogoutRequest', $xml);
54 
55  $this->sessionIndexes = array();
56 
57  if ($xml === null) {
58  return;
59  }
60 
61  if ($xml->hasAttribute('NotOnOrAfter')) {
62  $this->notOnOrAfter = Utils::xsDateTimeToTimestamp($xml->getAttribute('NotOnOrAfter'));
63  }
64 
65  $nameId = Utils::xpQuery($xml, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
66  if (empty($nameId)) {
67  throw new \Exception('Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.');
68  } elseif (count($nameId) > 1) {
69  throw new \Exception('More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.');
70  }
71  $nameId = $nameId[0];
72  if ($nameId->localName === 'EncryptedData') {
73  /* The NameID element is encrypted. */
74  $this->encryptedNameId = $nameId;
75  } else {
76  $this->nameId = new XML\saml\NameID($nameId);
77  }
78 
79  $sessionIndexes = Utils::xpQuery($xml, './saml_protocol:SessionIndex');
80  foreach ($sessionIndexes as $sessionIndex) {
81  $this->sessionIndexes[] = trim($sessionIndex->textContent);
82  }
83  }
84 
90  public function getNotOnOrAfter()
91  {
92  return $this->notOnOrAfter;
93  }
94 
100  public function setNotOnOrAfter($notOnOrAfter)
101  {
102  assert(is_int($notOnOrAfter) || is_null($notOnOrAfter));
103 
104  $this->notOnOrAfter = $notOnOrAfter;
105  }
106 
112  public function isNameIdEncrypted()
113  {
114  if ($this->encryptedNameId !== null) {
115  return true;
116  }
117 
118  return false;
119  }
120 
126  public function encryptNameId(XMLSecurityKey $key)
127  {
128  /* First create a XML representation of the NameID. */
129  $doc = DOMDocumentFactory::create();
130  $root = $doc->createElement('root');
131  $doc->appendChild($root);
132  $this->nameId->toXML($root);
133  $nameId = $root->firstChild;
134 
135  Utils::getContainer()->debugMessage($nameId, 'encrypt');
136 
137  /* Encrypt the NameID. */
138  $enc = new XMLSecEnc();
139  $enc->setNode($nameId);
140  $enc->type = XMLSecEnc::Element;
141 
142  $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
143  $symmetricKey->generateSessionKey();
144  $enc->encryptKey($key, $symmetricKey);
145 
146  $this->encryptedNameId = $enc->encryptNode($symmetricKey);
147  $this->nameId = null;
148  }
149 
156  public function decryptNameId(XMLSecurityKey $key, array $blacklist = array())
157  {
158  if ($this->encryptedNameId === null) {
159  /* No NameID to decrypt. */
160 
161  return;
162  }
163 
164  $nameId = Utils::decryptElement($this->encryptedNameId, $key, $blacklist);
165  Utils::getContainer()->debugMessage($nameId, 'decrypt');
166  $this->nameId = new XML\saml\NameID($nameId);
167 
168  $this->encryptedNameId = null;
169  }
170 
177  public function getNameId()
178  {
179  if ($this->encryptedNameId !== null) {
180  throw new \Exception('Attempted to retrieve encrypted NameID without decrypting it first.');
181  }
182 
183  return $this->nameId;
184  }
185 
191  public function setNameId($nameId)
192  {
193  assert(is_array($nameId) || $nameId instanceof XML\saml\NameID);
194 
195  if (is_array($nameId)) {
196  $nameId = XML\saml\NameID::fromArray($nameId);
197  }
198  $this->nameId = $nameId;
199  }
200 
206  public function getSessionIndexes()
207  {
208  return $this->sessionIndexes;
209  }
210 
216  public function setSessionIndexes(array $sessionIndexes)
217  {
218  $this->sessionIndexes = $sessionIndexes;
219  }
220 
226  public function getSessionIndex()
227  {
228  if (empty($this->sessionIndexes)) {
229  return null;
230  }
231 
232  return $this->sessionIndexes[0];
233  }
234 
240  public function setSessionIndex($sessionIndex)
241  {
242  assert(is_string($sessionIndex) || is_null($sessionIndex));
243 
244  if (is_null($sessionIndex)) {
245  $this->sessionIndexes = array();
246  } else {
247  $this->sessionIndexes = array($sessionIndex);
248  }
249  }
250 
256  public function toUnsignedXML()
257  {
258  $root = parent::toUnsignedXML();
259 
260  if ($this->notOnOrAfter !== null) {
261  $root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
262  }
263 
264  if ($this->encryptedNameId === null) {
265  $this->nameId->toXML($root);
266  } else {
267  $eid = $root->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:' . 'EncryptedID');
268  $root->appendChild($eid);
269  $eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, true));
270  }
271 
272  foreach ($this->sessionIndexes as $sessionIndex) {
273  Utils::addString($root, Constants::NS_SAMLP, 'SessionIndex', $sessionIndex);
274  }
275 
276  return $root;
277  }
278 }
SAML2\LogoutRequest\getNotOnOrAfter
getNotOnOrAfter()
Retrieve the expiration time of this request.
Definition: LogoutRequest.php:90
SAML2\LogoutRequest\decryptNameId
decryptNameId(XMLSecurityKey $key, array $blacklist=array())
Decrypt the NameID in the LogoutRequest.
Definition: LogoutRequest.php:156
SAML2\LogoutRequest\setSessionIndex
setSessionIndex($sessionIndex)
Set the sesion index of the session that should be terminated.
Definition: LogoutRequest.php:240
SAML2\LogoutRequest\getNameId
getNameId()
Retrieve the name identifier of the session that should be terminated.
Definition: LogoutRequest.php:177
SAML2\LogoutRequest\toUnsignedXML
toUnsignedXML()
Convert this logout request message to an XML element.
Definition: LogoutRequest.php:256
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
SAML2\LogoutRequest\setSessionIndexes
setSessionIndexes(array $sessionIndexes)
Set the SessionIndexes of the sessions that should be terminated.
Definition: LogoutRequest.php:216
$nameId
$nameId
Definition: saml2-acs.php:138
SAML2\LogoutRequest\encryptNameId
encryptNameId(XMLSecurityKey $key)
Encrypt the NameID in the LogoutRequest.
Definition: LogoutRequest.php:126
SAML2\LogoutRequest\setNotOnOrAfter
setNotOnOrAfter($notOnOrAfter)
Set the expiration time of this request.
Definition: LogoutRequest.php:100
SAML2\LogoutRequest\isNameIdEncrypted
isNameIdEncrypted()
Check whether the NameId is encrypted.
Definition: LogoutRequest.php:112
$root
$root
Definition: sabredav.php:45
SAML2\LogoutRequest\getSessionIndex
getSessionIndex()
Retrieve the sesion index of the session that should be terminated.
Definition: LogoutRequest.php:226
SAML2\LogoutRequest\getSessionIndexes
getSessionIndexes()
Retrieve the SessionIndexes of the sessions that should be terminated.
Definition: LogoutRequest.php:206
$xml
$xml
Definition: fetch_windows_zones.php:11
SAML2\LogoutRequest\__construct
__construct(\DOMElement $xml=null)
Constructor for SAML 2 logout request messages.
Definition: LogoutRequest.php:51
SAML2\LogoutRequest\setNameId
setNameId($nameId)
Set the name identifier of the session that should be terminated.
Definition: LogoutRequest.php:191
$key
$key
Definition: croninfo.php:18