diff options
| author | Simon Rettberg | 2014-10-06 14:46:29 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2014-10-06 14:46:29 +0200 |
| commit | d5a1033cccc01f6608c22e71b6967137eeeb4707 (patch) | |
| tree | 36593c03f3c53be3154638715da0bc24a6fa6a0b | |
| parent | Implement API methods getPublicImages, getOrganizations (diff) | |
| download | masterserver-d5a1033cccc01f6608c22e71b6967137eeeb4707.tar.gz masterserver-d5a1033cccc01f6608c22e71b6967137eeeb4707.tar.xz masterserver-d5a1033cccc01f6608c22e71b6967137eeeb4707.zip | |
Add qnd script to fetch all bwIDM members (IdPs) and insert them into db
| -rw-r--r-- | extras/import-idp.php | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/extras/import-idp.php b/extras/import-idp.php new file mode 100644 index 0000000..6ea9cb6 --- /dev/null +++ b/extras/import-idp.php @@ -0,0 +1,65 @@ +<?php + +error_reporting(E_ALL); + +if ($argc < 2) die("To few arguments. Pass config file!\n"); +$handle = fopen($argv[1], 'r') or die("Cannot open mysql config given on command line\n"); +$settings = array(); +while (($line = fgets($handle)) !== false) { + if (!preg_match('/^\s*(.*?)\s*=\s*(.*?)\s*$/', $line, $out)) continue; + $settings[$out[1]] = $out[2]; +} +fclose($handle); + +$ch = curl_init(); +if ($ch === false) die("Could not init curl\n"); + +if (empty($settings['host']) || empty($settings['user']) || empty($settings['password']) || empty($settings['db'])) die("Missing fields in given mysql config\n"); + +$db = new mysqli($settings['host'], $settings['user'], $settings['password'], $settings['db']); +if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n"); +$db->set_charset("utf8"); + +$url = 'https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml'; +curl_setopt($ch, CURLOPT_URL, $url); +curl_setopt($ch, CURLOPT_TIMEOUT, 10); +curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); +curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); +$data = curl_exec($ch); +if ($data === false) die("Could not download DFN-AAI meta data\n"); + +preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out); + +foreach ($out[0] as $data) { + $data = preg_replace('#<(/?)[a-zA-Z0-9]+:#', '<\1', $data); + $xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?>' . $data)), true); + if (!isset($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"])) continue; + if (!isset($xml["IDPSSODescriptor"]["Extensions"]["Scope"])) continue; + if ($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"] !== 'http://aai.dfn.de/category/bwidm-member') continue; + $scope = $xml["IDPSSODescriptor"]["Extensions"]["Scope"]; + if (!is_array($scope)) $scope = array($scope); + $name = $xml["IDPSSODescriptor"]["Extensions"]["UIInfo"]["DisplayName"]; + $ecp = false; + if (is_array($name)) $name = $name[0]; + foreach ($xml["IDPSSODescriptor"]['SingleSignOnService'] as $sso) { + if (isset($sso['@attributes']['Binding']) && $sso['@attributes']['Binding'] === 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP') { + $ecp = $sso['@attributes']['Location']; + break; + } + } + // Now usable: $scope (kind of, arrayize), $name, $ecp (if known, false otherwise) + if ($ecp && !empty($scope)) { + $eid = $db->escape_string($scope[0]); + $ename = $db->escape_string($name); + $eecp = $db->escape_string($ecp); + $db->query("INSERT INTO satellite (organizationid, address, name, authmethod, publickey) + VALUES ('$eid', '', '$ename', '$eecp', '') + ON DUPLICATE KEY UPDATE authmethod = VALUES(authmethod), name = VALUES(name)"); + foreach ($scope as $alias) { + $ealias = $db->escape_string($alias); + $db->query("INSERT IGNORE INTO satellite_suffix (organizationid, suffix) VALUES ('$eid', '$ealias')"); + } + } +} + |