summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2024-09-16 14:20:08 +0200
committerSimon Rettberg2024-09-16 14:20:08 +0200
commitb7d5e202cc1181e8f4fbe84332d779d90f9725d2 (patch)
tree74eea64028d7b2b2fa6269e28ce822fe36db5530
parentDon't check FS ports (diff)
downloadmasterserver-master.tar.gz
masterserver-master.tar.xz
masterserver-master.zip
Update import scriptHEADmaster
-rw-r--r--extras/import-idp.php88
1 files changed, 72 insertions, 16 deletions
diff --git a/extras/import-idp.php b/extras/import-idp.php
index 1298058..a16ed92 100644
--- a/extras/import-idp.php
+++ b/extras/import-idp.php
@@ -29,31 +29,37 @@ while (($line = fgets($handle)) !== false) {
fclose($handle);
// Default/Fallback
+$suffixMappings = false;
+$localFile = false;
$requiredAttribute = 'http://aai.dfn.de/category/bwidm-member';
-$url = 'http://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml';
+$url = 'https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml';
$requireEcp = true;
$f = __DIR__ . '/shib.conf.php';
if (is_readable($f)) require_once $f;
-$ch = curl_init();
-if ($ch === false) die("Could not init curl\n");
-
if (empty($settings['host']) || empty($settings['user']) || empty($settings['password']) || empty($settings['db'])) die("Missing fields in given mysql config\n");
$db = new mysqli($settings['host'], $settings['user'], $settings['password'], $settings['db']);
if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n");
$db->set_charset("utf8mb4");
-curl_setopt($ch, CURLOPT_URL, $url);
-curl_setopt($ch, CURLOPT_TIMEOUT, 10);
-curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
-curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-$data = curl_exec($ch);
-if ($data === false) die("Could not download DFN-AAI meta data\n");
-
-$count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
-pdebug("Found $count EntityDescriptors");
+if ($localFile !== false && file_exists($localFile)) {
+ $data = file_get_contents($localFile);
+} else {
+ pdebug("Downloading...");
+ $ch = curl_init();
+ if ($ch === false) die("Could not init curl\n");
+
+ curl_setopt($ch, CURLOPT_URL, $url);
+ curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ $data = curl_exec($ch);
+ if ($data === false) {
+ die("Could not download DFN-AAI meta data\n");
+ }
+}
function getAttributes($array, $path)
{
@@ -114,9 +120,15 @@ function wipeDb() {
$db->query("UPDATE organization SET authmethod = '' WHERE authmethod LIKE 'http%'");
}
+// Regular ECP auth for suite
+
+$data = preg_replace('#<(/?)[a-zA-Z0-9_-]+:#', '<\1', $data);
+$data = preg_replace('# ([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)=#', ' \1_\2=', $data);
+$count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
+unset($data);
+pdebug("Found $count EntityDescriptors");
+
foreach ($out[0] as $data) {
- $data = preg_replace('#<(/?)[a-zA-Z0-9]+:#', '<\1', $data);
- $data = preg_replace('# ([a-zA-Z0-9]+):([a-zA-Z0-9]+)=#', ' \1_\2=', $data);
$xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?'.'>'
. $data
)), true);
@@ -176,4 +188,48 @@ foreach ($out[0] as $data) {
}
}
}
+$db->query("UNLOCK TABLES");
+
+// Mapping of suffix to idp (and back)
+
+if (is_array($suffixMappings)) {
+ $db->query("LOCK TABLES suffix2idp WRITE");
+ $db->query("TRUNCATE TABLE suffix2idp");
+ foreach ($suffixMappings as $file) {
+ $data = file_get_contents($file);
+ if (empty($data))
+ continue;
+ $data = preg_replace('#<(/?)[a-zA-Z0-9_-]+:#', '<\1', $data);
+ $data = preg_replace('# ([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)=#', ' \1_\2=', $data);
+ $count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
+ unset($data);
+ pdebug("Found $count EntityDescriptors");
+ foreach ($out[0] as $data) {
+ $xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?'.'>'
+ . $data
+ )), true);
+ $scope = getAttributes($xml, "IDPSSODescriptor/Extensions/Scope");
+ if (empty($scope)) {
+ pdebug("No list of scopes...");
+ continue;
+ }
+ $id = getAttributes($xml, "@attributes/entityID");
+ if (is_array($id) && !empty($id)) {
+ $id = $id[0];
+ }
+ $ereg = '';
+ $reg = getAttributes($xml, "Extensions/RegistrationInfo/@attributes/registrationAuthority");
+ if (is_array($reg) && !empty($reg)) {
+ $ereg = $db->escape_string($reg[0]);
+ }
+ $eid = $db->escape_string($id);
+ foreach ($scope as $alias) {
+ $ealias = $db->escape_string($alias);
+ $db->query("INSERT IGNORE INTO suffix2idp (idpurl, suffix, regauth)"
+ . " VALUES ('$eid', '$ealias', '$ereg')");
+ }
+ }
+ }
+ $db->query("UNLOCK TABLES");
+}