diff options
author | Simon Rettberg | 2024-09-16 14:20:08 +0200 |
---|---|---|
committer | Simon Rettberg | 2024-09-16 14:20:08 +0200 |
commit | b7d5e202cc1181e8f4fbe84332d779d90f9725d2 (patch) | |
tree | 74eea64028d7b2b2fa6269e28ce822fe36db5530 | |
parent | Don't check FS ports (diff) | |
download | masterserver-master.tar.gz masterserver-master.tar.xz masterserver-master.zip |
-rw-r--r-- | extras/import-idp.php | 88 |
1 files changed, 72 insertions, 16 deletions
diff --git a/extras/import-idp.php b/extras/import-idp.php index 1298058..a16ed92 100644 --- a/extras/import-idp.php +++ b/extras/import-idp.php @@ -29,31 +29,37 @@ while (($line = fgets($handle)) !== false) { fclose($handle); // Default/Fallback +$suffixMappings = false; +$localFile = false; $requiredAttribute = 'http://aai.dfn.de/category/bwidm-member'; -$url = 'http://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml'; +$url = 'https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml'; $requireEcp = true; $f = __DIR__ . '/shib.conf.php'; if (is_readable($f)) require_once $f; -$ch = curl_init(); -if ($ch === false) die("Could not init curl\n"); - if (empty($settings['host']) || empty($settings['user']) || empty($settings['password']) || empty($settings['db'])) die("Missing fields in given mysql config\n"); $db = new mysqli($settings['host'], $settings['user'], $settings['password'], $settings['db']); if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n"); $db->set_charset("utf8mb4"); -curl_setopt($ch, CURLOPT_URL, $url); -curl_setopt($ch, CURLOPT_TIMEOUT, 10); -curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); -curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); -curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); -$data = curl_exec($ch); -if ($data === false) die("Could not download DFN-AAI meta data\n"); - -$count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out); -pdebug("Found $count EntityDescriptors"); +if ($localFile !== false && file_exists($localFile)) { + $data = file_get_contents($localFile); +} else { + pdebug("Downloading..."); + $ch = curl_init(); + if ($ch === false) die("Could not init curl\n"); + + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_TIMEOUT, 10); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + $data = curl_exec($ch); + if ($data === false) { + die("Could not download DFN-AAI meta data\n"); + } +} function getAttributes($array, $path) { @@ -114,9 +120,15 @@ function wipeDb() { $db->query("UPDATE organization SET authmethod = '' WHERE authmethod LIKE 'http%'"); } +// Regular ECP auth for suite + +$data = preg_replace('#<(/?)[a-zA-Z0-9_-]+:#', '<\1', $data); +$data = preg_replace('# ([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)=#', ' \1_\2=', $data); +$count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out); +unset($data); +pdebug("Found $count EntityDescriptors"); + foreach ($out[0] as $data) { - $data = preg_replace('#<(/?)[a-zA-Z0-9]+:#', '<\1', $data); - $data = preg_replace('# ([a-zA-Z0-9]+):([a-zA-Z0-9]+)=#', ' \1_\2=', $data); $xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?'.'>' . $data )), true); @@ -176,4 +188,48 @@ foreach ($out[0] as $data) { } } } +$db->query("UNLOCK TABLES"); + +// Mapping of suffix to idp (and back) + +if (is_array($suffixMappings)) { + $db->query("LOCK TABLES suffix2idp WRITE"); + $db->query("TRUNCATE TABLE suffix2idp"); + foreach ($suffixMappings as $file) { + $data = file_get_contents($file); + if (empty($data)) + continue; + $data = preg_replace('#<(/?)[a-zA-Z0-9_-]+:#', '<\1', $data); + $data = preg_replace('# ([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)=#', ' \1_\2=', $data); + $count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out); + unset($data); + pdebug("Found $count EntityDescriptors"); + foreach ($out[0] as $data) { + $xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?'.'>' + . $data + )), true); + $scope = getAttributes($xml, "IDPSSODescriptor/Extensions/Scope"); + if (empty($scope)) { + pdebug("No list of scopes..."); + continue; + } + $id = getAttributes($xml, "@attributes/entityID"); + if (is_array($id) && !empty($id)) { + $id = $id[0]; + } + $ereg = ''; + $reg = getAttributes($xml, "Extensions/RegistrationInfo/@attributes/registrationAuthority"); + if (is_array($reg) && !empty($reg)) { + $ereg = $db->escape_string($reg[0]); + } + $eid = $db->escape_string($id); + foreach ($scope as $alias) { + $ealias = $db->escape_string($alias); + $db->query("INSERT IGNORE INTO suffix2idp (idpurl, suffix, regauth)" + . " VALUES ('$eid', '$ealias', '$ereg')"); + } + } + } + $db->query("UNLOCK TABLES"); +} |