ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | Private Attributes
SAML2\Message Class Reference

Base class for all SAML 2 messages. More...

+ Inheritance diagram for SAML2\Message:
+ Collaboration diagram for SAML2\Message:

Public Member Functions

 addValidator ($function, $data)
 Add a method for validating this message. More...
 
 validate (XMLSecurityKey $key)
 Validate this message against a public key. More...
 
 getId ()
 Retrieve the identifier of this message. More...
 
 setId ($id)
 Set the identifier of this message. More...
 
 getIssueInstant ()
 Retrieve the issue timestamp of this message. More...
 
 setIssueInstant ($issueInstant)
 Set the issue timestamp of this message. More...
 
 getDestination ()
 Retrieve the destination of this message. More...
 
 setDestination ($destination)
 Set the destination of this message. More...
 
 setConsent ($consent)
 Set the given consent for this message. More...
 
 getConsent ()
 Set the given consent for this message. More...
 
 getIssuer ()
 Retrieve the issuer if this message. More...
 
 setIssuer ($issuer)
 Set the issuer of this message. More...
 
 isMessageConstructedWithSignature ()
 Query whether or not the message contained a signature at the root level when the object was constructed. More...
 
 getRelayState ()
 Retrieve the RelayState associated with this message. More...
 
 setRelayState ($relayState)
 Set the RelayState associated with this message. More...
 
 toUnsignedXML ()
 Convert this message to an unsigned XML document. More...
 
 toSignedXML ()
 Convert this message to a signed XML document. More...
 
 getSignatureKey ()
 Retrieve the private key we should use to sign the message. More...
 
 setSignatureKey (XMLSecurityKey $signatureKey=null)
 Set the private key we should use to sign the message. More...
 
 setCertificates (array $certificates)
 Set the certificates that should be included in the message. More...
 
 getCertificates ()
 Retrieve the certificates that are included in the message. More...
 
 getExtensions ()
 Retrieve the Extensions. More...
 
 setExtensions ($extensions)
 Set the Extensions. More...
 
 getSignatureMethod ()
 
 validate (XMLSecurityKey $key)
 Validate this element against a public key. More...
 
 setCertificates (array $certificates)
 Set the certificates that should be included in the element. More...
 
 getCertificates ()
 Retrieve the certificates that are included in the element (if any). More...
 
 getSignatureKey ()
 Retrieve the private key we should use to sign the element. More...
 
 setSignatureKey (XMLSecurityKey $signatureKey=null)
 Set the private key we should use to sign the element. More...
 

Static Public Member Functions

static fromXML (\DOMElement $xml)
 Convert an XML element into a message. More...
 

Protected Member Functions

 __construct ($tagName, \DOMElement $xml=null)
 Initialize a message. More...
 

Protected Attributes

 $extensions
 
 $document
 
 $messageContainedSignatureUponConstruction = false
 

Private Attributes

 $tagName
 
 $id
 
 $issueInstant
 
 $destination
 
 $consent = Constants::CONSENT_UNSPECIFIED
 
 $issuer
 
 $relayState
 
 $signatureKey
 
 $certificates
 
 $validators
 
 $signatureMethod
 

Detailed Description

Base class for all SAML 2 messages.

Implements what is common between the samlp:RequestAbstractType and samlp:StatusResponseType element types.

@SuppressWarnings(PHPMD.ExcessiveClassComplexity)

Definition at line 18 of file Message.php.

Constructor & Destructor Documentation

◆ __construct()

SAML2\Message::__construct (   $tagName,
\DOMElement  $xml = null 
)
protected

Initialize a message.

This constructor takes an optional parameter with a \DOMElement. If this parameter is given, the message will be initialized with data from that XML element.

If no XML element is given, the message is initialized with suitable default values.

Parameters
string$tagNameThe tag name of the root element
\DOMElement | null$xmlThe input message
Exceptions

Exception

Reimplemented in SAML2\StatusResponse, and SAML2\SubjectQuery.

Definition at line 136 of file Message.php.

137 {
138 assert(is_string($tagName));
139 $this->tagName = $tagName;
140
141 $this->id = Utils::getContainer()->generateId();
142 $this->issueInstant = Temporal::getTime();
143 $this->certificates = array();
144 $this->validators = array();
145
146 if ($xml === null) {
147 return;
148 }
149
150 if (!$xml->hasAttribute('ID')) {
151 throw new \Exception('Missing ID attribute on SAML message.');
152 }
153 $this->id = $xml->getAttribute('ID');
154
155 if ($xml->getAttribute('Version') !== '2.0') {
156 /* Currently a very strict check. */
157 throw new \Exception('Unsupported version: '.$xml->getAttribute('Version'));
158 }
159
160 $this->issueInstant = Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant'));
161
162 if ($xml->hasAttribute('Destination')) {
163 $this->destination = $xml->getAttribute('Destination');
164 }
165
166 if ($xml->hasAttribute('Consent')) {
167 $this->consent = $xml->getAttribute('Consent');
168 }
169
170 $issuer = Utils::xpQuery($xml, './saml_assertion:Issuer');
171 if (!empty($issuer)) {
172 $this->issuer = new XML\saml\Issuer($issuer[0]);
173 if ($this->issuer->Format === Constants::NAMEID_ENTITY) {
174 $this->issuer = $this->issuer->value;
175 }
176 }
177
178 $this->validateSignature($xml);
179
180 $this->extensions = Extensions::getList($xml);
181 }
SAML2\Constants\NAMEID_ENTITY
const NAMEID_ENTITY
Entity NameID format.
Definition: Constants.php:190
SAML2\Utilities\Temporal\getTime
static getTime()
Getter for getting the current timestamp.
Definition: Temporal.php:13
SAML2\Utils\xpQuery
static xpQuery(\DOMNode $node, $query)
Do an XPath query on an XML node.
Definition: Utils.php:191
SAML2\Utils\xsDateTimeToTimestamp
static xsDateTimeToTimestamp($time)
This function converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp.
Definition: Utils.php:721
SAML2\Utils\getContainer
static getContainer()
Definition: Utils.php:752
SAML2\XML\samlp\Extensions\getList
static getList(\DOMElement $parent)
Get a list of Extensions in the given element.
Definition: Extensions.php:22
$xml
$xml
Definition: fetch_windows_zones.php:11

References $issuer, $xml, and getTime().

+ Here is the call graph for this function:

Member Function Documentation

◆ addValidator()

SAML2\Message::addValidator (   $function,
  $data 
)

Add a method for validating this message.

This function is used by the HTTP-Redirect binding, to make it possible to check the signature against the one included in the query string.

Parameters
callback$functionThe function which should be called
mixed$dataThe data that should be included as the first parameter to the function

Definition at line 225 of file Message.php.

226 {
227 assert(is_callable($function));
228
229 $this->validators[] = array(
230 'Function' => $function,
231 'Data' => $data,
232 );
233 }
$data
$data
Definition: bench.php:6

References $data.

Referenced by SAML2\SOAPClient\addSSLValidator().

+ Here is the caller graph for this function:

◆ fromXML()

static SAML2\Message::fromXML ( \DOMElement  $xml)
static

Convert an XML element into a message.

Parameters
\DOMElement$xmlThe root XML element
Returns
\SAML2\Message The message
Exceptions

Exception

Definition at line 562 of file Message.php.

563 {
564 if ($xml->namespaceURI !== Constants::NS_SAMLP) {
565 throw new \Exception('Unknown namespace of SAML message: '.var_export($xml->namespaceURI, true));
566 }
567
568 switch ($xml->localName) {
569 case 'AttributeQuery':
570 return new AttributeQuery($xml);
571 case 'AuthnRequest':
572 return new AuthnRequest($xml);
573 case 'LogoutResponse':
574 return new LogoutResponse($xml);
575 case 'LogoutRequest':
576 return new LogoutRequest($xml);
577 case 'Response':
578 return new Response($xml);
579 case 'ArtifactResponse':
580 return new ArtifactResponse($xml);
581 case 'ArtifactResolve':
582 return new ArtifactResolve($xml);
583 default:
584 throw new \Exception('Unknown SAML message: '.var_export($xml->localName, true));
585 }
586 }
SAML2\Constants\NS_SAMLP
const NS_SAMLP
The namespace for the SAML 2 protocol.
Definition: Constants.php:220

References $xml.

◆ getCertificates()

SAML2\Message::getCertificates ( )

Retrieve the certificates that are included in the message.

Returns
array An array of certificates

Implements SAML2\SignedElement.

Definition at line 548 of file Message.php.

549 {
550 return $this->certificates;
551 }

References $certificates.

◆ getConsent()

SAML2\Message::getConsent ( )

Set the given consent for this message.

Most likely (though not required) a value of rn:oasis:names:tc:SAML:2.0:consent.

See also
\SAML2\Constants
Returns
string Consent

Definition at line 365 of file Message.php.

366 {
367 return $this->consent;
368 }

◆ getDestination()

SAML2\Message::getDestination ( )

Retrieve the destination of this message.

Returns
string|null The destination of this message, or NULL if no destination is given

Definition at line 323 of file Message.php.

324 {
325 return $this->destination;
326 }

References $destination.

Referenced by SAML2\SOAPClient\send().

+ Here is the caller graph for this function:

◆ getExtensions()

SAML2\Message::getExtensions ( )

Retrieve the Extensions.

Returns
\SAML2\XML\samlp\Extensions

Definition at line 593 of file Message.php.

594 {
595 return $this->extensions;
596 }

◆ getId()

SAML2\Message::getId ( )

Retrieve the identifier of this message.

Returns
string The identifier of this message

Definition at line 279 of file Message.php.

280 {
281 return $this->id;
282 }

References $id.

◆ getIssueInstant()

SAML2\Message::getIssueInstant ( )

Retrieve the issue timestamp of this message.

Returns
int The issue timestamp of this message, as an UNIX timestamp

Definition at line 301 of file Message.php.

302 {
303 return $this->issueInstant;
304 }

◆ getIssuer()

SAML2\Message::getIssuer ( )

Retrieve the issuer if this message.

Returns
string|\SAML2\XML\saml\Issuer|null The issuer of this message, or NULL if no issuer is given

Definition at line 375 of file Message.php.

376 {
377 if (is_string($this->issuer) || $this->issuer instanceof XML\saml\Issuer) {
378 return $this->issuer;
379 }
380
381 return null;
382 }

References $issuer.

Referenced by SAML2\SOAPClient\send().

+ Here is the caller graph for this function:

◆ getRelayState()

SAML2\Message::getRelayState ( )

Retrieve the RelayState associated with this message.

Returns
string|null The RelayState, or NULL if no RelayState is given

Definition at line 411 of file Message.php.

412 {
413 return $this->relayState;
414 }

References $relayState.

◆ getSignatureKey()

SAML2\Message::getSignatureKey ( )

Retrieve the private key we should use to sign the message.

Returns
XMLSecurityKey|null The key, or NULL if no key is specified

Implements SAML2\SignedElement.

Definition at line 514 of file Message.php.

515 {
516 return $this->signatureKey;
517 }

◆ getSignatureMethod()

SAML2\Message::getSignatureMethod ( )
Returns
null|string

Definition at line 613 of file Message.php.

614 {
615 return $this->signatureMethod;
616 }

◆ isMessageConstructedWithSignature()

SAML2\Message::isMessageConstructedWithSignature ( )

Query whether or not the message contained a signature at the root level when the object was constructed.

Returns
bool

Definition at line 401 of file Message.php.

402 {
403 return $this->messageContainedSignatureUponConstruction;
404 }
SAML2\Message\$messageContainedSignatureUponConstruction
$messageContainedSignatureUponConstruction
Definition: Message.php:100

◆ setCertificates()

SAML2\Message::setCertificates ( array  $certificates)

Set the certificates that should be included in the message.

The certificates should be strings with the PEM encoded data.

Parameters
array$certificatesAn array of certificates

Implements SAML2\SignedElement.

Definition at line 538 of file Message.php.

539 {
540 $this->certificates = $certificates;
541 }

References $certificates.

◆ setConsent()

SAML2\Message::setConsent (   $consent)

Set the given consent for this message.

Most likely (though not required) a value of rn:oasis:names:tc:SAML:2.0:consent.

See also
\SAML2\Constants
Parameters
string$consent

Definition at line 349 of file Message.php.

350 {
351 assert(is_string($consent));
352
353 $this->consent = $consent;
354 }

◆ setDestination()

SAML2\Message::setDestination (   $destination)

Set the destination of this message.

Parameters
string | null$destinationThe new destination of this message

Definition at line 333 of file Message.php.

334 {
335 assert(is_string($destination) || is_null($destination));
336
337 $this->destination = $destination;
338 }

References $destination.

◆ setExtensions()

SAML2\Message::setExtensions (   $extensions)

Set the Extensions.

Parameters
array | null$extensionsThe Extensions

Definition at line 603 of file Message.php.

604 {
605 assert(is_array($extensions) || is_null($extensions));
606
607 $this->extensions = $extensions;
608 }

◆ setId()

SAML2\Message::setId (   $id)

Set the identifier of this message.

Parameters
string$idThe new identifier of this message

Definition at line 289 of file Message.php.

290 {
291 assert(is_string($id));
292
293 $this->id = $id;
294 }

References $id.

◆ setIssueInstant()

SAML2\Message::setIssueInstant (   $issueInstant)

Set the issue timestamp of this message.

Parameters
int$issueInstantThe new issue timestamp of this message, as an UNIX timestamp

Definition at line 311 of file Message.php.

312 {
313 assert(is_int($issueInstant));
314
315 $this->issueInstant = $issueInstant;
316 }

◆ setIssuer()

SAML2\Message::setIssuer (   $issuer)

Set the issuer of this message.

Parameters
string | \SAML2\XML\saml\Issuer | null$issuerThe new issuer of this message

Definition at line 389 of file Message.php.

390 {
391 assert(is_string($issuer) || $issuer instanceof XML\saml\Issuer || is_null($issuer));
392
393 $this->issuer = $issuer;
394 }

References $issuer.

◆ setRelayState()

SAML2\Message::setRelayState (   $relayState)

Set the RelayState associated with this message.

Parameters
string | null$relayStateThe new RelayState

Definition at line 421 of file Message.php.

422 {
423 assert(is_string($relayState) || is_null($relayState));
424
425 $this->relayState = $relayState;
426 }

References $relayState.

◆ setSignatureKey()

SAML2\Message::setSignatureKey ( XMLSecurityKey  $signatureKey = null)

Set the private key we should use to sign the message.

If the key is null, the message will be sent unsigned.

Parameters
XMLSecurityKey | null$signatureKey

Implements SAML2\SignedElement.

Definition at line 526 of file Message.php.

527 {
528 $this->signatureKey = $signatureKey;
529 }

◆ toSignedXML()

SAML2\Message::toSignedXML ( )

Convert this message to a signed XML document.

This method sign the resulting XML document if the private key for the signature is set.

Returns
\DOMElement The root element of the DOM tree

Definition at line 481 of file Message.php.

482 {
483 $root = $this->toUnsignedXML();
484
485 if ($this->signatureKey === null) {
486 /* We don't have a key to sign it with. */
487
488 return $root;
489 }
490
491 /* Find the position we should insert the signature node at. */
492 if ($this->issuer !== null) {
493 /*
494 * We have an issuer node. The signature node should come
495 * after the issuer node.
496 */
497 $issuerNode = $root->firstChild;
498 $insertBefore = $issuerNode->nextSibling;
499 } else {
500 /* No issuer node - the signature element should be the first element. */
501 $insertBefore = $root->firstChild;
502 }
503
504 Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore);
505
506 return $root;
507 }
SAML2\Message\toUnsignedXML
toUnsignedXML()
Convert this message to an unsigned XML document.
Definition: Message.php:435
SAML2\Utils\insertSignature
static insertSignature(XMLSecurityKey $key, array $certificates, \DOMElement $root, \DOMNode $insertBefore=null)
Insert a Signature-node.
Definition: Utils.php:364
$root
$root
Definition: sabredav.php:45

References $root.

Referenced by SAML2\SOAPClient\send().

+ Here is the caller graph for this function:

◆ toUnsignedXML()

SAML2\Message::toUnsignedXML ( )

Convert this message to an unsigned XML document.

This method does not sign the resulting XML document.

Returns
\DOMElement The root element of the DOM tree

Reimplemented in SAML2\ArtifactResolve, SAML2\ArtifactResponse, SAML2\AttributeQuery, SAML2\AuthnRequest, SAML2\LogoutRequest, SAML2\StatusResponse, and SAML2\SubjectQuery.

Definition at line 435 of file Message.php.

436 {
437 $this->document = DOMDocumentFactory::create();
438
439 $root = $this->document->createElementNS(Constants::NS_SAMLP, 'samlp:'.$this->tagName);
440 $this->document->appendChild($root);
441
442 /* Ugly hack to add another namespace declaration to the root element. */
443 $root->setAttributeNS(Constants::NS_SAML, 'saml:tmp', 'tmp');
444 $root->removeAttributeNS(Constants::NS_SAML, 'tmp');
445
446 $root->setAttribute('ID', $this->id);
447 $root->setAttribute('Version', '2.0');
448 $root->setAttribute('IssueInstant', gmdate('Y-m-d\TH:i:s\Z', $this->issueInstant));
449
450 if ($this->destination !== null) {
451 $root->setAttribute('Destination', $this->destination);
452 }
453 if ($this->consent !== null && $this->consent !== Constants::CONSENT_UNSPECIFIED) {
454 $root->setAttribute('Consent', $this->consent);
455 }
456
457 if ($this->issuer !== null) {
458 if (is_string($this->issuer)) {
459 Utils::addString($root, Constants::NS_SAML, 'saml:Issuer', $this->issuer);
460 } elseif ($this->issuer instanceof XML\saml\Issuer) {
461 $this->issuer->toXML($root);
462 }
463 }
464
465 if (!empty($this->extensions)) {
466 Extensions::addList($root, $this->extensions);
467 }
468
469 return $root;
470 }
SAML2\Constants\NS_SAML
const NS_SAML
The namespace for the SAML 2 assertions.
Definition: Constants.php:225
SAML2\Constants\CONSENT_UNSPECIFIED
const CONSENT_UNSPECIFIED
No claim as to principal consent is being made.
Definition: Constants.php:102
SAML2\Utils\addString
static addString(\DOMElement $parent, $namespace, $name, $value)
Append string element.
Definition: Utils.php:635
SAML2\XML\samlp\Extensions\addList
static addList(\DOMElement $parent, array $extensions)
Add a list of Extensions to the given element.
Definition: Extensions.php:38

References $root.

◆ validate()

SAML2\Message::validate ( XMLSecurityKey  $key)

Validate this message against a public key.

true is returned on success, false is returned if we don't have any signature we can validate. An exception is thrown if the signature validation fails.

Parameters
XMLSecurityKey$keyThe key we should check against
Returns
bool true on success, false when we don't have a signature
Exceptions

Exception

Implements SAML2\SignedElement.

Definition at line 248 of file Message.php.

249 {
250 if (count($this->validators) === 0) {
251 return false;
252 }
253
254 $exceptions = array();
255
256 foreach ($this->validators as $validator) {
257 $function = $validator['Function'];
258 $data = $validator['Data'];
259
260 try {
261 call_user_func($function, $data, $key);
262 /* We were able to validate the message with this validator. */
263
264 return true;
265 } catch (\Exception $e) {
266 $exceptions[] = $e;
267 }
268 }
269
270 /* No validators were able to validate the message. */
271 throw $exceptions[0];
272 }
$exceptions
$exceptions
Definition: Utf8Test.php:67
$key
$key
Definition: croninfo.php:18

References $data, $exceptions, and $key.

Field Documentation

◆ $certificates

SAML2\Message::$certificates
private

Definition at line 107 of file Message.php.

◆ $consent

SAML2\Message::$consent = Constants::CONSENT_UNSPECIFIED
private

Definition at line 62 of file Message.php.

◆ $destination

SAML2\Message::$destination
private

Definition at line 55 of file Message.php.

Referenced by SAML2\Response\Validation\ConstraintValidator\DestinationMatches\__construct(), SAML2\Response\Validation\PreconditionValidator\__construct(), and SAML2\Response\Validation\ConstraintValidator\DestinationMatches\validate().

◆ $document

SAML2\Message::$document
protected

Definition at line 86 of file Message.php.

◆ $extensions

SAML2\Message::$extensions
protected

Definition at line 25 of file Message.php.

◆ $id

SAML2\Message::$id
private

Definition at line 41 of file Message.php.

◆ $issueInstant

SAML2\Message::$issueInstant
private

Definition at line 48 of file Message.php.

◆ $issuer

SAML2\Message::$issuer
private

Definition at line 69 of file Message.php.

◆ $messageContainedSignatureUponConstruction

SAML2\Message::$messageContainedSignatureUponConstruction = false
protected

Definition at line 100 of file Message.php.

◆ $relayState

SAML2\Message::$relayState
private

Definition at line 76 of file Message.php.

◆ $signatureKey

SAML2\Message::$signatureKey
private

Definition at line 95 of file Message.php.

◆ $signatureMethod

SAML2\Message::$signatureMethod
private

Definition at line 119 of file Message.php.

◆ $tagName

SAML2\Message::$tagName
private

Definition at line 34 of file Message.php.

◆ $validators

SAML2\Message::$validators
private

Definition at line 114 of file Message.php.

The documentation for this class was generated from the following file: