d2/d8a/SOAPClient_8php_source.html

 <?php

 namespace SAML2;

 use RobRichards\XMLSecLibs\XMLSecurityKey;
 use SAML2\Exception\RuntimeException;
 use SimpleSAML_Configuration;
 use SimpleSAML_Utilities;

 class SOAPClient
 {
     const START_SOAP_ENVELOPE = '<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Header/><soap-env:Body>';
     const END_SOAP_ENVELOPE = '</soap-env:Body></soap-env:Envelope>';

     public function send(Message $msg, SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata = null)
     {
         $issuer = $msg->getIssuer();

         $ctxOpts = array(
             'ssl' => array(
                 'capture_peer_cert' => true,
                 'allow_self_signed' => true
             ),
         );

         // Determine if we are going to do a MutualSSL connection between the IdP and SP  - Shoaib
         if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
             $cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
             if ($cert !== false) {
                 $ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert(
                     $srcMetadata->getString('saml.SOAPClient.certificate')
                 );
                 if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
                     $ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
                 }
             }
         } else {
             /* Use the SP certificate and privatekey if it is configured. */
             $privateKey = SimpleSAML_Utilities::loadPrivateKey($srcMetadata);
             $publicKey = SimpleSAML_Utilities::loadPublicKey($srcMetadata);
             if ($privateKey !== null && $publicKey !== null && isset($publicKey['PEM'])) {
                 $keyCertData = $privateKey['PEM'] . $publicKey['PEM'];
                 $file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($keyCertData) . '.pem';
                 if (!file_exists($file)) {
                     SimpleSAML_Utilities::writeFile($file, $keyCertData);
                 }
                 $ctxOpts['ssl']['local_cert'] = $file;
                 if (isset($privateKey['password'])) {
                     $ctxOpts['ssl']['passphrase'] = $privateKey['password'];
                 }
             }
         }

         // do peer certificate verification
         if ($dstMetadata !== null) {
             $peerPublicKeys = $dstMetadata->getPublicKeys('signing', true);
             $certData = '';
             foreach ($peerPublicKeys as $key) {
                 if ($key['type'] !== 'X509Certificate') {
                     continue;
                 }
                 $certData .= "-----BEGIN CERTIFICATE-----\n" .
                     chunk_split($key['X509Certificate'], 64) .
                     "-----END CERTIFICATE-----\n";
             }
             $peerCertFile = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.pem';
             if (!file_exists($peerCertFile)) {
                 SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
             }
             // create ssl context
             $ctxOpts['ssl']['verify_peer'] = true;
             $ctxOpts['ssl']['verify_depth'] = 1;
             $ctxOpts['ssl']['cafile'] = $peerCertFile;
         }

         if ($srcMetadata->hasValue('saml.SOAPClient.stream_context.ssl.peer_name')) {
             $ctxOpts['ssl']['peer_name'] = $srcMetadata->getString('saml.SOAPClient.stream_context.ssl.peer_name');
         }

         $context = stream_context_create($ctxOpts);
         if ($context === null) {
             throw new \Exception('Unable to create SSL stream context');
         }

         $options = array(
             'uri' => $issuer,
             'location' => $msg->getDestination(),
             'stream_context' => $context,
         );

         if ($srcMetadata->hasValue('saml.SOAPClient.proxyhost')) {
             $options['proxy_host'] = $srcMetadata->getValue('saml.SOAPClient.proxyhost');
         }

         if ($srcMetadata->hasValue('saml.SOAPClient.proxyport')) {
             $options['proxy_port'] = $srcMetadata->getValue('saml.SOAPClient.proxyport');
         }

         $x = new \SoapClient(null, $options);

         // Add soap-envelopes
         $request = $msg->toSignedXML();
         $request = self::START_SOAP_ENVELOPE . $request->ownerDocument->saveXML($request) . self::END_SOAP_ENVELOPE;

         Utils::getContainer()->debugMessage($request, 'out');

         $action = 'http://www.oasis-open.org/committees/security';
         $version = '1.1';
         $destination = $msg->getDestination();

         /* Perform SOAP Request over HTTP */
         $soapresponsexml = $x->__doRequest($request, $destination, $action, $version);
         if ($soapresponsexml === null || $soapresponsexml === "") {
             throw new \Exception('Empty SOAP response, check peer certificate.');
         }

         Utils::getContainer()->debugMessage($soapresponsexml, 'in');

         // Convert to SAML2\Message (\DOMElement)
         try {
             $dom = DOMDocumentFactory::fromString($soapresponsexml);
         } catch (RuntimeException $e) {
             throw new \Exception('Not a SOAP response.', 0, $e);
         }

         $soapfault = $this->getSOAPFault($dom);
         if (isset($soapfault)) {
             throw new \Exception($soapfault);
         }
         //Extract the message from the response
         $samlresponse = Utils::xpQuery($dom->firstChild, '/soap-env:Envelope/soap-env:Body/*[1]');
         $samlresponse = Message::fromXML($samlresponse[0]);

         /* Add validator to message which uses the SSL context. */
         self::addSSLValidator($samlresponse, $context);

         Utils::getContainer()->getLogger()->debug("Valid ArtifactResponse received from IdP");

         return $samlresponse;
     }

     private static function addSSLValidator(Message $msg, $context)
     {
         $options = stream_context_get_options($context);
         if (!isset($options['ssl']['peer_certificate'])) {
             return;
         }

         //$out = '';
         //openssl_x509_export($options['ssl']['peer_certificate'], $out);

         $key = openssl_pkey_get_public($options['ssl']['peer_certificate']);
         if ($key === false) {
             Utils::getContainer()->getLogger()->warning('Unable to get public key from peer certificate.');

             return;
         }

         $keyInfo = openssl_pkey_get_details($key);
         if ($keyInfo === false) {
             Utils::getContainer()->getLogger()->warning('Unable to get key details from public key.');

             return;
         }

         if (!isset($keyInfo['key'])) {
             Utils::getContainer()->getLogger()->warning('Missing key in public key details.');

             return;
         }

         $msg->addValidator(array('\SAML2\SOAPClient', 'validateSSL'), $keyInfo['key']);
     }

     public static function validateSSL($data, XMLSecurityKey $key)
     {
         assert(is_string($data));

         $keyInfo = openssl_pkey_get_details($key->key);
         if ($keyInfo === false) {
             throw new \Exception('Unable to get key details from XMLSecurityKey.');
         }

         if (!isset($keyInfo['key'])) {
             throw new \Exception('Missing key in public key details.');
         }

         if ($keyInfo['key'] !== $data) {
             Utils::getContainer()->getLogger()->debug('Key on SSL connection did not match key we validated against.');

             return;
         }

         Utils::getContainer()->getLogger()->debug('Message validated based on SSL certificate.');
     }

     /*
      * Extracts the SOAP Fault from SOAP message
      * @param $soapmessage Soap response needs to be type DOMDocument
      * @return $soapfaultstring string|null
      */
     private function getSOAPFault($soapMessage)
     {
         $soapFault = Utils::xpQuery($soapMessage->firstChild, '/soap-env:Envelope/soap-env:Body/soap-env:Fault');

         if (empty($soapFault)) {
             /* No fault. */

             return null;
         }
         $soapFaultElement = $soapFault[0];
         // There is a fault element but we haven't found out what the fault string is
         $soapFaultString = "Unknown fault string found";
         // find out the fault string
         $faultStringElement =   Utils::xpQuery($soapFaultElement, './soap-env:faultstring') ;
         if (!empty($faultStringElement)) {
             return $faultStringElement[0]->textContent;
         }

         return $soapFaultString;
     }
 }
SimpleSAML_Utilities\resolveCert
static resolveCert($path)
Definition: Utilities.php:457

$context
$context
Definition: webdav.php:25

$action
$action
Definition: consentAdmin.php:140

$request
foreach($paths as $path) $request
Definition: asyncclient.php:32

SAML2
Definition: ArtifactResolve.php:3

SimpleSAML_Configuration\hasValue
hasValue($name)
Check whether a key in the configuration exists or not.
Definition: Configuration.php:457

$destination
$destination
Definition: saml2-logout.php:50

PHPMailer\PHPMailer\$options
$options
Definition: get_oauth_token.php:91

SAML2\Message\getIssuer
getIssuer()
Retrieve the issuer if this message.
Definition: Message.php:375

SAML2\Message\toSignedXML
toSignedXML()
Convert this message to a signed XML document.
Definition: Message.php:481

SimpleSAML_Configuration\getValue
getValue($name, $default=null)
Retrieve a configuration option set in config.php.
Definition: Configuration.php:433

XMLSecurityKey

SAML2\SOAPClient
Definition: SOAPClient.php:16

SimpleSAML_Utilities\getTempDir
static getTempDir()
Definition: Utilities.php:611

SimpleSAML_Utilities\writeFile
static writeFile($filename, $data, $mode=0600)
Definition: Utilities.php:602

SimpleSAML_Utilities\loadPublicKey
static loadPublicKey(SimpleSAML_Configuration $metadata, $required=false, $prefix='')
Definition: Utilities.php:466

SAML2\Message
Base class for all SAML 2 messages.
Definition: Message.php:18

$version
$version
Definition: build.php:27

RobRichards\XMLSecLibs\XMLSecurityKey
xmlseclibs.php
Definition: XMLSecurityKey.php:47

SimpleSAML_Configuration

RuntimeException

SAML2\SOAPClient\addSSLValidator
static addSSLValidator(Message $msg, $context)
Add a signature validator based on a SSL context.
Definition: SOAPClient.php:163

$issuer
catch(Exception $e) if(!($request instanceof \SAML2\ArtifactResolve)) $issuer
Definition: ArtifactResolutionService.php:48

RuntimeException

SimpleSAML_Configuration\getString
getString($name, $default=self::REQUIRED_OPTION)
This function retrieves a string configuration option.
Definition: Configuration.php:702

SAML2\SOAPClient\validateSSL
static validateSSL($data, XMLSecurityKey $key)
Validate a SOAP message against the certificate on the SSL connection.
Definition: SOAPClient.php:203

php

SAML2\Message\getDestination
getDestination()
Retrieve the destination of this message.
Definition: Message.php:323

SAML2\SOAPClient\send
send(Message $msg, SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata=null)
This function sends the SOAP message to the service location and returns SOAP response.
Definition: SOAPClient.php:30

SimpleSAML_Utilities\loadPrivateKey
static loadPrivateKey(SimpleSAML_Configuration $metadata, $required=false, $prefix='')
Definition: Utilities.php:475

$key
$key
Definition: croninfo.php:18

$x
$x
Definition: complexTest.php:9

SAML2\SOAPClient\getSOAPFault
getSOAPFault($soapMessage)
Definition: SOAPClient.php:230

SAML2\Message\addValidator
addValidator($function, $data)
Add a method for validating this message.
Definition: Message.php:225

$data
$data
Definition: bench.php:6

SimpleSAML_Utilities