ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Static Public Member Functions
SimpleSAML\Utils\XML Class Reference
+ Collaboration diagram for SimpleSAML\Utils\XML:

Static Public Member Functions

static checkSAMLMessage ($message, $type)
 This function performs some sanity checks on XML documents, and optionally validates them against their schema if the 'validatexml' debugging option is enabled. More...
 
static debugSAMLMessage ($message, $type)
 Helper function to log SAML messages that we send or receive. More...
 
static formatXMLString ($xml, $indentBase='')
 Format an XML string. More...
 
static isDOMNodeOfType (\DOMNode $element, $name, $nsURI)
 This function checks if the DOMElement has the correct localName and namespaceURI. More...
 

Detailed Description

Definition at line 13 of file XML.php.

Member Function Documentation

◆ checkSAMLMessage()

static SimpleSAML\Utils\XML::checkSAMLMessage (   $message,
  $type 
)
static

This function performs some sanity checks on XML documents, and optionally validates them against their schema if the 'validatexml' debugging option is enabled.

A warning will be printed to the log if validation fails.

Parameters
string$messageThe SAML document we want to check.
string$typeThe type of document. Can be one of:
  • 'saml20'
  • 'saml11'
  • 'saml-meta'
Exceptions

Definition at line 35 of file XML.php.

References Sabre\VObject\$debug, $message, $result, $type, SimpleSAML_Configuration\getInstance(), and SimpleSAML\Logger\warning().

Referenced by SimpleSAML\Bindings\Shib13\HTTPPost\decodeResponse(), SimpleSAML\Bindings\Shib13\HTTPPost\sendResponse(), and SimpleSAML_Utilities\validateXMLDocument().

36  {
37  $allowed_types = array('saml20', 'saml11', 'saml-meta');
38  if (!(is_string($message) && in_array($type, $allowed_types, true))) {
39  throw new \InvalidArgumentException('Invalid input parameters.');
40  }
41 
42  // a SAML message should not contain a doctype-declaration
43  if (strpos($message, '<!DOCTYPE') !== false) {
44  throw new \SimpleSAML_Error_Exception('XML contained a doctype declaration.');
45  }
46 
47  // see if debugging is enabled for XML validation
48  $debug = \SimpleSAML_Configuration::getInstance()->getArrayize('debug', array('validatexml' => false));
49  $enabled = \SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatexml', false);
50 
51  if (!(in_array('validatexml', $debug, true) // implicitly enabled
52  || (array_key_exists('validatexml', $debug) && $debug['validatexml'] === true) // explicitly enabled
53  // TODO: deprecate this option and remove it in 2.0
54  || $enabled // old 'debug.validatexml' configuration option
55  )) {
56  // XML validation is disabled
57  return;
58  }
59 
60  $result = true;
61  switch ($type) {
62  case 'saml11':
63  $result = self::isValid($message, 'oasis-sstc-saml-schema-protocol-1.1.xsd');
64  break;
65  case 'saml20':
66  $result = self::isValid($message, 'saml-schema-protocol-2.0.xsd');
67  break;
68  case 'saml-meta':
69  $result = self::isValid($message, 'saml-schema-metadata-2.0.xsd');
70  }
71  if ($result !== true) {
72  Logger::warning($result);
73  }
74  }
$result
$result
Definition: CleanUpTest.php:463
$type
$type
Definition: proxy_ylocal.php:10
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ debugSAMLMessage()

static SimpleSAML\Utils\XML::debugSAMLMessage (   $message,
  $type 
)
static

Helper function to log SAML messages that we send or receive.

Parameters
string | \DOMElement$messageThe message, as an string containing the XML or an XML element.
string$typeWhether this message is sent or received, encrypted or decrypted. The following values are supported:
  • 'in': for messages received.
  • 'out': for outgoing messages.
  • 'decrypt': for decrypted messages.
  • 'encrypt': for encrypted messages.
Exceptions

Definition at line 94 of file XML.php.

References Sabre\VObject\$debug, $i, $message, $root, $type, SimpleSAML\Logger\debug(), and SimpleSAML_Configuration\getInstance().

Referenced by SimpleSAML_Utilities\debugMessage(), SimpleSAML\Bindings\Shib13\HTTPPost\decodeResponse(), SimpleSAML\Bindings\Shib13\Artifact\extractResponse(), and SimpleSAML\Bindings\Shib13\HTTPPost\sendResponse().

95  {
96  if (!(is_string($type) && (is_string($message) || $message instanceof \DOMElement))) {
97  throw new \InvalidArgumentException('Invalid input parameters.');
98  }
99 
100  // see if debugging is enabled for SAML messages
101  $debug = \SimpleSAML_Configuration::getInstance()->getArrayize('debug', array('saml' => false));
102 
103  if (!(in_array('saml', $debug, true) // implicitly enabled
104  || (array_key_exists('saml', $debug) && $debug['saml'] === true) // explicitly enabled
105  // TODO: deprecate the old style and remove it in 2.0
106  || (array_key_exists(0, $debug) && $debug[0] === true) // old style 'debug'
107  )) {
108  // debugging messages is disabled
109  return;
110  }
111 
112  if ($message instanceof \DOMElement) {
113  $message = $message->ownerDocument->saveXML($message);
114  }
115 
116  switch ($type) {
117  case 'in':
118  Logger::debug('Received message:');
119  break;
120  case 'out':
121  Logger::debug('Sending message:');
122  break;
123  case 'decrypt':
124  Logger::debug('Decrypted message:');
125  break;
126  case 'encrypt':
127  Logger::debug('Encrypted message:');
128  break;
129  default:
130  assert(false);
131  }
132 
133  $str = self::formatXMLString($message);
134  foreach (explode("\n", $str) as $line) {
135  Logger::debug($line);
136  }
137  }
$type
$type
Definition: proxy_ylocal.php:10
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ formatXMLString()

static SimpleSAML\Utils\XML::formatXMLString (   $xml,
  $indentBase = '' 
)
static

Format an XML string.

This function formats an XML string using the formatDOMElement() function.

Parameters
string$xmlAn XML string which should be formatted.
string$indentBaseOptional indentation which should be applied to all the output. Optional, defaults to ''.
Returns
string The formatted string.
Exceptions

Definition at line 246 of file XML.php.

References $i, $ret, $txt, $xml, and SAML2\DOMDocumentFactory\fromString().

Referenced by SimpleSAML_Utilities\formatXMLString().

247  {
248  if (!is_string($xml) || !is_string($indentBase)) {
249  throw new \InvalidArgumentException('Invalid input parameters');
250  }
251 
252  try {
253  $doc = \SAML2\DOMDocumentFactory::fromString($xml);
254  } catch (\Exception $e) {
255  throw new \DOMException('Error parsing XML string.');
256  }
257 
258  $root = $doc->firstChild;
259  self::formatDOMElement($root, $indentBase);
260 
261  return $doc->saveXML($root);
262  }
$root
$root
Definition: sabredav.php:45
$xml
$xml
Definition: fetch_windows_zones.php:11
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isDOMNodeOfType()

static SimpleSAML\Utils\XML::isDOMNodeOfType ( \DOMNode  $element,
  $name,
  $nsURI 
)
static

This function checks if the DOMElement has the correct localName and namespaceURI.

We also define the following shortcuts for namespaces:

  • '': 'http://www.w3.org/2000/09/xmldsig#'
  • '': 'urn:oasis:names:tc:SAML:2.0:metadata'
  • '': 'urn:oasis:names:tc:SAML:1.0:assertion'
  • '': 'urn:oasis:names:tc:SAML:profiles:v1metadata'
  • '': 'urn:oasis:names:tc:SAML:1.0:protocol'
  • '': 'urn:oasis:names:tc:SAML:2.0:assertion'
  • '': 'urn:oasis:names:tc:SAML:2.0:protocol'
Parameters
\DOMNode$elementThe element we should check.
string$nameThe local name the element should have.
string$nsURIThe namespaceURI the element should have.
Returns
boolean True if both namespace and local name matches, false otherwise.
Exceptions

Definition at line 357 of file XML.php.

References $config, $errors, $name, $res, $xml, SimpleSAML\XML\Errors\begin(), SimpleSAML\XML\Errors\end(), SimpleSAML\XML\Errors\formatErrors(), SAML2\DOMDocumentFactory\fromString(), and SimpleSAML_Configuration\getInstance().

Referenced by SimpleSAML\Bindings\Shib13\Artifact\extractResponse(), and SimpleSAML_Utilities\isDOMElementOfType().

358  {
359  if (!is_string($name) || !is_string($nsURI) || strlen($nsURI) === 0) {
360  // most likely a comment-node
361  return false;
362  }
363 
364  // check if the namespace is a shortcut, and expand it if it is
365  if ($nsURI[0] === '@') {
366  // the defined shortcuts
367  $shortcuts = array(
368  '@ds' => 'http://www.w3.org/2000/09/xmldsig#',
369  '@md' => 'urn:oasis:names:tc:SAML:2.0:metadata',
370  '@saml1' => 'urn:oasis:names:tc:SAML:1.0:assertion',
371  '@saml1md' => 'urn:oasis:names:tc:SAML:profiles:v1metadata',
372  '@saml1p' => 'urn:oasis:names:tc:SAML:1.0:protocol',
373  '@saml2' => 'urn:oasis:names:tc:SAML:2.0:assertion',
374  '@saml2p' => 'urn:oasis:names:tc:SAML:2.0:protocol',
375  '@shibmd' => 'urn:mace:shibboleth:metadata:1.0',
376  );
377 
378  // check if it is a valid shortcut
379  if (!array_key_exists($nsURI, $shortcuts)) {
380  throw new \InvalidArgumentException('Unknown namespace shortcut: '.$nsURI);
381  }
382 
383  // expand the shortcut
384  $nsURI = $shortcuts[$nsURI];
385  }
386  if ($element->localName !== $name) {
387  return false;
388  }
389  if ($element->namespaceURI !== $nsURI) {
390  return false;
391  }
392  return true;
393  }
$name
$name
Definition: client_example.php:35
+ Here is the call graph for this function:
+ Here is the caller graph for this function:
The documentation for this class was generated from the following file: