ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | Private Attributes
SAML2\Message Class Reference

Base class for all SAML 2 messages. More...

+ Inheritance diagram for SAML2\Message:
+ Collaboration diagram for SAML2\Message:

Public Member Functions

 addValidator ($function, $data)
 Add a method for validating this message. More...
 
 validate (XMLSecurityKey $key)
 Validate this message against a public key. More...
 
 getId ()
 Retrieve the identifier of this message. More...
 
 setId ($id)
 Set the identifier of this message. More...
 
 getIssueInstant ()
 Retrieve the issue timestamp of this message. More...
 
 setIssueInstant ($issueInstant)
 Set the issue timestamp of this message. More...
 
 getDestination ()
 Retrieve the destination of this message. More...
 
 setDestination ($destination)
 Set the destination of this message. More...
 
 setConsent ($consent)
 Set the given consent for this message. More...
 
 getConsent ()
 Set the given consent for this message. More...
 
 getIssuer ()
 Retrieve the issuer if this message. More...
 
 setIssuer ($issuer)
 Set the issuer of this message. More...
 
 isMessageConstructedWithSignature ()
 Query whether or not the message contained a signature at the root level when the object was constructed. More...
 
 getRelayState ()
 Retrieve the RelayState associated with this message. More...
 
 setRelayState ($relayState)
 Set the RelayState associated with this message. More...
 
 toUnsignedXML ()
 Convert this message to an unsigned XML document. More...
 
 toSignedXML ()
 Convert this message to a signed XML document. More...
 
 getSignatureKey ()
 Retrieve the private key we should use to sign the message. More...
 
 setSignatureKey (XMLSecurityKey $signatureKey=null)
 Set the private key we should use to sign the message. More...
 
 setCertificates (array $certificates)
 Set the certificates that should be included in the message. More...
 
 getCertificates ()
 Retrieve the certificates that are included in the message. More...
 
 getExtensions ()
 Retrieve the Extensions. More...
 
 setExtensions ($extensions)
 Set the Extensions. More...
 
 getSignatureMethod ()
 

Static Public Member Functions

static fromXML (\DOMElement $xml)
 Convert an XML element into a message. More...
 

Protected Member Functions

 __construct ($tagName, \DOMElement $xml=null)
 Initialize a message. More...
 

Protected Attributes

 $extensions
 
 $document
 
 $messageContainedSignatureUponConstruction = false
 

Private Attributes

 $tagName
 
 $id
 
 $issueInstant
 
 $destination
 
 $consent = Constants::CONSENT_UNSPECIFIED
 
 $issuer
 
 $relayState
 
 $signatureKey
 
 $certificates
 
 $validators
 
 $signatureMethod
 

Detailed Description

Base class for all SAML 2 messages.

Implements what is common between the samlp:RequestAbstractType and samlp:StatusResponseType element types.

(PHPMD.ExcessiveClassComplexity)

Definition at line 18 of file Message.php.

Constructor & Destructor Documentation

◆ __construct()

SAML2\Message::__construct (   $tagName,
\DOMElement  $xml = null 
)
protected

Initialize a message.

This constructor takes an optional parameter with a . If this parameter is given, the message will be initialized with data from that XML element.

If no XML element is given, the message is initialized with suitable default values.

Parameters
string$tagNameThe tag name of the root element
\DOMElement | null$xmlThe input message
Exceptions

Definition at line 136 of file Message.php.

References $issuer, and $xml.

137  {
138  assert(is_string($tagName));
139  $this->tagName = $tagName;
140 
141  $this->id = Utils::getContainer()->generateId();
142  $this->issueInstant = Temporal::getTime();
143  $this->certificates = array();
144  $this->validators = array();
145 
146  if ($xml === null) {
147  return;
148  }
149 
150  if (!$xml->hasAttribute('ID')) {
151  throw new \Exception('Missing ID attribute on SAML message.');
152  }
153  $this->id = $xml->getAttribute('ID');
154 
155  if ($xml->getAttribute('Version') !== '2.0') {
156  /* Currently a very strict check. */
157  throw new \Exception('Unsupported version: '.$xml->getAttribute('Version'));
158  }
159 
160  $this->issueInstant = Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant'));
161 
162  if ($xml->hasAttribute('Destination')) {
163  $this->destination = $xml->getAttribute('Destination');
164  }
165 
166  if ($xml->hasAttribute('Consent')) {
167  $this->consent = $xml->getAttribute('Consent');
168  }
169 
170  $issuer = Utils::xpQuery($xml, './saml_assertion:Issuer');
171  if (!empty($issuer)) {
172  $this->issuer = new XML\saml\Issuer($issuer[0]);
173  if ($this->issuer->Format === Constants::NAMEID_ENTITY) {
174  $this->issuer = $this->issuer->value;
175  }
176  }
177 
178  $this->validateSignature($xml);
179 
180  $this->extensions = Extensions::getList($xml);
181  }
SAML2\Utilities\Temporal\getTime
static getTime()
Getter for getting the current timestamp.
Definition: Temporal.php:13
SAML2\Utils\xpQuery
static xpQuery(\DOMNode $node, $query)
Do an XPath query on an XML node.
Definition: Utils.php:191
SAML2\Utils\xsDateTimeToTimestamp
static xsDateTimeToTimestamp($time)
This function converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp...
Definition: Utils.php:721
$xml
$xml
Definition: fetch_windows_zones.php:11
SAML2\Constants\NAMEID_ENTITY
const NAMEID_ENTITY
Entity NameID format.
Definition: Constants.php:190
SAML2\XML\samlp\Extensions\getList
static getList(\DOMElement $parent)
Get a list of Extensions in the given element.
Definition: Extensions.php:22
SAML2\Utils\getContainer
static getContainer()
Definition: Utils.php:752

Member Function Documentation

◆ addValidator()

SAML2\Message::addValidator (   $function,
  $data 
)

Add a method for validating this message.

This function is used by the HTTP-Redirect binding, to make it possible to check the signature against the one included in the query string.

Parameters
callback$functionThe function which should be called
mixed$dataThe data that should be included as the first parameter to the function

Definition at line 225 of file Message.php.

References $data.

Referenced by SAML2\SOAPClient\addSSLValidator().

226  {
227  assert(is_callable($function));
228 
229  $this->validators[] = array(
230  'Function' => $function,
231  'Data' => $data,
232  );
233  }
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

◆ fromXML()

static SAML2\Message::fromXML ( \DOMElement  $xml)
static

Convert an XML element into a message.

Parameters
\DOMElement$xmlThe root XML element
Returns
The message
Exceptions

Definition at line 562 of file Message.php.

563  {
564  if ($xml->namespaceURI !== Constants::NS_SAMLP) {
565  throw new \Exception('Unknown namespace of SAML message: '.var_export($xml->namespaceURI, true));
566  }
567 
568  switch ($xml->localName) {
569  case 'AttributeQuery':
570  return new AttributeQuery($xml);
571  case 'AuthnRequest':
572  return new AuthnRequest($xml);
573  case 'LogoutResponse':
574  return new LogoutResponse($xml);
575  case 'LogoutRequest':
576  return new LogoutRequest($xml);
577  case 'Response':
578  return new Response($xml);
579  case 'ArtifactResponse':
580  return new ArtifactResponse($xml);
581  case 'ArtifactResolve':
582  return new ArtifactResolve($xml);
583  default:
584  throw new \Exception('Unknown SAML message: '.var_export($xml->localName, true));
585  }
586  }
SAML2\Constants\NS_SAMLP
const NS_SAMLP
The namespace for the SAML 2 protocol.
Definition: Constants.php:220
$xml
$xml
Definition: fetch_windows_zones.php:11

◆ getCertificates()

SAML2\Message::getCertificates ( )

Retrieve the certificates that are included in the message.

Returns
array An array of certificates

Implements SAML2\SignedElement.

Definition at line 548 of file Message.php.

References $certificates.

549  {
550  return $this->certificates;
551  }

◆ getConsent()

SAML2\Message::getConsent ( )

Set the given consent for this message.

Most likely (though not required) a value of rn:oasis:names:tc:SAML:2.0:consent.

See also
Returns
string Consent

Definition at line 365 of file Message.php.

366  {
367  return $this->consent;
368  }

◆ getDestination()

SAML2\Message::getDestination ( )

Retrieve the destination of this message.

Returns
string|null The destination of this message, or NULL if no destination is given

Definition at line 323 of file Message.php.

References $destination.

Referenced by SAML2\SOAP\getOutputToSend(), SAML2\HTTPRedirect\getRedirectURL(), SAML2\HTTPArtifact\getRedirectURL(), SAML2\HTTPPost\send(), SAML2\SOAPClient\send(), and SAML2\Response\Validation\ConstraintValidator\DestinationMatches\validate().

324  {
325  return $this->destination;
326  }
+ Here is the caller graph for this function:

◆ getExtensions()

SAML2\Message::getExtensions ( )

Retrieve the Extensions.

Returns

Definition at line 593 of file Message.php.

594  {
595  return $this->extensions;
596  }

◆ getId()

SAML2\Message::getId ( )

Retrieve the identifier of this message.

Returns
string The identifier of this message

Definition at line 279 of file Message.php.

References $id.

Referenced by SAML2\Response\Processor\verifySignature().

280  {
281  return $this->id;
282  }
+ Here is the caller graph for this function:

◆ getIssueInstant()

SAML2\Message::getIssueInstant ( )

Retrieve the issue timestamp of this message.

Returns
int The issue timestamp of this message, as an UNIX timestamp

Definition at line 301 of file Message.php.

302  {
303  return $this->issueInstant;
304  }

◆ getIssuer()

SAML2\Message::getIssuer ( )

Retrieve the issuer if this message.

Returns
string||null The issuer of this message, or NULL if no issuer is given

Definition at line 375 of file Message.php.

References $issuer.

Referenced by SAML2\HTTPArtifact\getRedirectURL(), and SAML2\SOAPClient\send().

376  {
377  if (is_string($this->issuer) || $this->issuer instanceof XML\saml\Issuer) {
378  return $this->issuer;
379  }
380 
381  return null;
382  }
+ Here is the caller graph for this function:

◆ getRelayState()

SAML2\Message::getRelayState ( )

Retrieve the RelayState associated with this message.

Returns
string|null The RelayState, or NULL if no RelayState is given

Definition at line 411 of file Message.php.

References $relayState.

Referenced by SAML2\HTTPRedirect\getRedirectURL(), SAML2\HTTPArtifact\getRedirectURL(), and SAML2\HTTPPost\send().

412  {
413  return $this->relayState;
414  }
+ Here is the caller graph for this function:

◆ getSignatureKey()

SAML2\Message::getSignatureKey ( )

Retrieve the private key we should use to sign the message.

Returns
XMLSecurityKey|null The key, or NULL if no key is specified

Implements SAML2\SignedElement.

Definition at line 514 of file Message.php.

Referenced by SAML2\HTTPRedirect\getRedirectURL().

515  {
516  return $this->signatureKey;
517  }
+ Here is the caller graph for this function:

◆ getSignatureMethod()

SAML2\Message::getSignatureMethod ( )
Returns
null|string

Definition at line 613 of file Message.php.

614  {
615  return $this->signatureMethod;
616  }

◆ isMessageConstructedWithSignature()

SAML2\Message::isMessageConstructedWithSignature ( )

Query whether or not the message contained a signature at the root level when the object was constructed.

Returns
bool

Definition at line 401 of file Message.php.

Referenced by SAML2\Response\Processor\verifySignature().

402  {
403  return $this->messageContainedSignatureUponConstruction;
404  }
SAML2\Message\$messageContainedSignatureUponConstruction
$messageContainedSignatureUponConstruction
Definition: Message.php:100
+ Here is the caller graph for this function:

◆ setCertificates()

SAML2\Message::setCertificates ( array  $certificates)

Set the certificates that should be included in the message.

The certificates should be strings with the PEM encoded data.

Parameters
array$certificatesAn array of certificates

Implements SAML2\SignedElement.

Definition at line 538 of file Message.php.

References $certificates.

539  {
540  $this->certificates = $certificates;
541  }

◆ setConsent()

SAML2\Message::setConsent (   $consent)

Set the given consent for this message.

Most likely (though not required) a value of rn:oasis:names:tc:SAML:2.0:consent.

See also
Parameters
string$consent

Definition at line 349 of file Message.php.

350  {
351  assert(is_string($consent));
352 
353  $this->consent = $consent;
354  }

◆ setDestination()

SAML2\Message::setDestination (   $destination)

Set the destination of this message.

Parameters
string | null$destinationThe new destination of this message

Definition at line 333 of file Message.php.

References $destination.

334  {
335  assert(is_string($destination) || is_null($destination));
336 
337  $this->destination = $destination;
338  }

◆ setExtensions()

SAML2\Message::setExtensions (   $extensions)

Set the Extensions.

Parameters
array | null$extensionsThe Extensions

Definition at line 603 of file Message.php.

604  {
605  assert(is_array($extensions) || is_null($extensions));
606 
607  $this->extensions = $extensions;
608  }

◆ setId()

SAML2\Message::setId (   $id)

Set the identifier of this message.

Parameters
string$idThe new identifier of this message

Definition at line 289 of file Message.php.

References $id.

290  {
291  assert(is_string($id));
292 
293  $this->id = $id;
294  }

◆ setIssueInstant()

SAML2\Message::setIssueInstant (   $issueInstant)

Set the issue timestamp of this message.

Parameters
int$issueInstantThe new issue timestamp of this message, as an UNIX timestamp

Definition at line 311 of file Message.php.

312  {
313  assert(is_int($issueInstant));
314 
315  $this->issueInstant = $issueInstant;
316  }

◆ setIssuer()

SAML2\Message::setIssuer (   $issuer)

Set the issuer of this message.

Parameters
string | \SAML2\XML\saml\Issuer | null$issuerThe new issuer of this message

Definition at line 389 of file Message.php.

References $issuer.

390  {
391  assert(is_string($issuer) || $issuer instanceof XML\saml\Issuer || is_null($issuer));
392 
393  $this->issuer = $issuer;
394  }

◆ setRelayState()

SAML2\Message::setRelayState (   $relayState)

Set the RelayState associated with this message.

Parameters
string | null$relayStateThe new RelayState

Definition at line 421 of file Message.php.

References $relayState.

422  {
423  assert(is_string($relayState) || is_null($relayState));
424 
425  $this->relayState = $relayState;
426  }

◆ setSignatureKey()

SAML2\Message::setSignatureKey ( XMLSecurityKey  $signatureKey = null)

Set the private key we should use to sign the message.

If the key is null, the message will be sent unsigned.

Parameters
XMLSecurityKey | null$signatureKey

Implements SAML2\SignedElement.

Definition at line 526 of file Message.php.

527  {
528  $this->signatureKey = $signatureKey;
529  }

◆ toSignedXML()

SAML2\Message::toSignedXML ( )

Convert this message to a signed XML document.

This method sign the resulting XML document if the private key for the signature is set.

Returns
The root element of the DOM tree

Definition at line 481 of file Message.php.

References $root.

Referenced by SAML2\SOAP\getOutputToSend(), SAML2\HTTPPost\send(), and SAML2\SOAPClient\send().

482  {
483  $root = $this->toUnsignedXML();
484 
485  if ($this->signatureKey === null) {
486  /* We don't have a key to sign it with. */
487 
488  return $root;
489  }
490 
491  /* Find the position we should insert the signature node at. */
492  if ($this->issuer !== null) {
493  /*
494  * We have an issuer node. The signature node should come
495  * after the issuer node.
496  */
497  $issuerNode = $root->firstChild;
498  $insertBefore = $issuerNode->nextSibling;
499  } else {
500  /* No issuer node - the signature element should be the first element. */
501  $insertBefore = $root->firstChild;
502  }
503 
504  Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore);
505 
506  return $root;
507  }
SAML2\Utils\insertSignature
static insertSignature(XMLSecurityKey $key, array $certificates, \DOMElement $root, \DOMNode $insertBefore=null)
Insert a Signature-node.
Definition: Utils.php:364
$root
$root
Definition: sabredav.php:45
SAML2\Message\toUnsignedXML
toUnsignedXML()
Convert this message to an unsigned XML document.
Definition: Message.php:435
+ Here is the caller graph for this function:

◆ toUnsignedXML()

SAML2\Message::toUnsignedXML ( )

Convert this message to an unsigned XML document.

This method does not sign the resulting XML document.

Returns
The root element of the DOM tree

Definition at line 435 of file Message.php.

References $root.

Referenced by SAML2\HTTPRedirect\getRedirectURL(), and SAML2\HTTPArtifact\getRedirectURL().

436  {
437  $this->document = DOMDocumentFactory::create();
438 
439  $root = $this->document->createElementNS(Constants::NS_SAMLP, 'samlp:'.$this->tagName);
440  $this->document->appendChild($root);
441 
442  /* Ugly hack to add another namespace declaration to the root element. */
443  $root->setAttributeNS(Constants::NS_SAML, 'saml:tmp', 'tmp');
444  $root->removeAttributeNS(Constants::NS_SAML, 'tmp');
445 
446  $root->setAttribute('ID', $this->id);
447  $root->setAttribute('Version', '2.0');
448  $root->setAttribute('IssueInstant', gmdate('Y-m-d\TH:i:s\Z', $this->issueInstant));
449 
450  if ($this->destination !== null) {
451  $root->setAttribute('Destination', $this->destination);
452  }
453  if ($this->consent !== null && $this->consent !== Constants::CONSENT_UNSPECIFIED) {
454  $root->setAttribute('Consent', $this->consent);
455  }
456 
457  if ($this->issuer !== null) {
458  if (is_string($this->issuer)) {
459  Utils::addString($root, Constants::NS_SAML, 'saml:Issuer', $this->issuer);
460  } elseif ($this->issuer instanceof XML\saml\Issuer) {
461  $this->issuer->toXML($root);
462  }
463  }
464 
465  if (!empty($this->extensions)) {
466  Extensions::addList($root, $this->extensions);
467  }
468 
469  return $root;
470  }
SAML2\XML\samlp\Extensions\addList
static addList(\DOMElement $parent, array $extensions)
Add a list of Extensions to the given element.
Definition: Extensions.php:38
SAML2\Utils\addString
static addString(\DOMElement $parent, $namespace, $name, $value)
Append string element.
Definition: Utils.php:635
$root
$root
Definition: sabredav.php:45
SAML2\Constants\NS_SAMLP
const NS_SAMLP
The namespace for the SAML 2 protocol.
Definition: Constants.php:220
SAML2\Constants\CONSENT_UNSPECIFIED
const CONSENT_UNSPECIFIED
No claim as to principal consent is being made.
Definition: Constants.php:102
SAML2\Constants\NS_SAML
const NS_SAML
The namespace for the SAML 2 assertions.
Definition: Constants.php:225
+ Here is the caller graph for this function:

◆ validate()

SAML2\Message::validate ( XMLSecurityKey  $key)

Validate this message against a public key.

true is returned on success, false is returned if we don't have any signature we can validate. An exception is thrown if the signature validation fails.

Parameters
XMLSecurityKey$keyThe key we should check against
Returns
bool true on success, false when we don't have a signature
Exceptions

Implements SAML2\SignedElement.

Definition at line 248 of file Message.php.

References $data, and $exceptions.

Referenced by SAML2\HTTPArtifact\validateSignature().

249  {
250  if (count($this->validators) === 0) {
251  return false;
252  }
253 
254  $exceptions = array();
255 
256  foreach ($this->validators as $validator) {
257  $function = $validator['Function'];
258  $data = $validator['Data'];
259 
260  try {
261  call_user_func($function, $data, $key);
262  /* We were able to validate the message with this validator. */
263 
264  return true;
265  } catch (\Exception $e) {
266  $exceptions[] = $e;
267  }
268  }
269 
270  /* No validators were able to validate the message. */
271  throw $exceptions[0];
272  }
$exceptions
$exceptions
Definition: Utf8Test.php:67
$key
$key
Definition: croninfo.php:18
$data
$data
Definition: bench.php:6
+ Here is the caller graph for this function:

Field Documentation

◆ $certificates

SAML2\Message::$certificates
private

Definition at line 107 of file Message.php.

◆ $consent

SAML2\Message::$consent = Constants::CONSENT_UNSPECIFIED
private

Definition at line 62 of file Message.php.

◆ $destination

SAML2\Message::$destination
private

Definition at line 55 of file Message.php.

Referenced by SAML2\Response\Validation\ConstraintValidator\DestinationMatches\__construct(), and SAML2\Response\Validation\ConstraintValidator\DestinationMatches\validate().

◆ $document

SAML2\Message::$document
protected

Definition at line 86 of file Message.php.

◆ $extensions

SAML2\Message::$extensions
protected

Definition at line 25 of file Message.php.

◆ $id

SAML2\Message::$id
private

Definition at line 41 of file Message.php.

◆ $issueInstant

SAML2\Message::$issueInstant
private

Definition at line 48 of file Message.php.

◆ $issuer

SAML2\Message::$issuer
private

Definition at line 69 of file Message.php.

◆ $messageContainedSignatureUponConstruction

SAML2\Message::$messageContainedSignatureUponConstruction = false
protected

Definition at line 100 of file Message.php.

◆ $relayState

SAML2\Message::$relayState
private

Definition at line 76 of file Message.php.

◆ $signatureKey

SAML2\Message::$signatureKey
private

Definition at line 95 of file Message.php.

◆ $signatureMethod

SAML2\Message::$signatureMethod
private

Definition at line 119 of file Message.php.

◆ $tagName

SAML2\Message::$tagName
private

Definition at line 34 of file Message.php.

◆ $validators

SAML2\Message::$validators
private

Definition at line 114 of file Message.php.

The documentation for this class was generated from the following file: