summaryrefslogtreecommitdiffstats
path: root/extras/import-idp.php
diff options
context:
space:
mode:
authorSimon Rettberg2018-11-08 13:08:50 +0100
committerSimon Rettberg2018-11-08 13:08:50 +0100
commitfb7adf2b1e9ffabf1572b78022391f8077b99fb6 (patch)
tree43057045b9d6bbac570a6652e3434cc7ac27361f /extras/import-idp.php
parentUpdate sample config (diff)
downloadmasterserver-fb7adf2b1e9ffabf1572b78022391f8077b99fb6.tar.gz
masterserver-fb7adf2b1e9ffabf1572b78022391f8077b99fb6.tar.xz
masterserver-fb7adf2b1e9ffabf1572b78022391f8077b99fb6.zip
Update IdP Importer
Diffstat (limited to 'extras/import-idp.php')
-rw-r--r--extras/import-idp.php98
1 files changed, 75 insertions, 23 deletions
diff --git a/extras/import-idp.php b/extras/import-idp.php
index 0b9adf1..760783d 100644
--- a/extras/import-idp.php
+++ b/extras/import-idp.php
@@ -20,12 +20,7 @@ $db = new mysqli($settings['host'], $settings['user'], $settings['password'], $s
if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n");
$db->set_charset("utf8");
-if ($argc > 2) {
- $url = $argv[2];
-} else {
- $url = 'https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml';
-}
-echo "Using $url...\n";
+$url = 'https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
@@ -36,24 +31,80 @@ if ($data === false) die("Could not download DFN-AAI meta data\n");
preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
+
+
+function getAttributes($array, $path)
+{
+ if (!is_array($path)) {
+ // Convert '/path/syntax/foo/wanteditem' to array for further processing and recursive calls
+ $path = explode('/', $path);
+ }
+ do {
+ // Get next element from array, loop to ignore empty elements (so double slashes in the path are allowed)
+ $element = array_shift($path);
+ } while (empty($element) && !empty($path));
+ if (!isset($array[$element])) {
+ // Current path element does not exist - error
+ return array();
+ }
+ if (empty($path)) {
+ // Path is now empty which means we're at 'wanteditem' from out example above now
+ if (!is_array($array[$element]) || !isset($array[$element][0])) {
+ // If it's a leaf node of the array, wrap it in plain array, so the function will
+ // always return an array on success
+ return array($array[$element]);
+ }
+ // 'wanteditem' is not a unique leaf node, return as is
+ // This means it's either a plain array, in case there are multiple 'wanteditem' elements on the same level
+ // or it's an associative array if 'wanteditem' has any sub-nodes
+ return $array[$element];
+ }
+ // Recurse
+ if (!is_array($array[$element])) {
+ // We're in the middle of the requested path, but the current element is already a leaf node with no
+ // children - error
+ return array();
+ }
+ if (isset($array[$element][0])) {
+ // The currently handled element of the path exists multiple times on the current level, so it is
+ // wrapped in a plain array - recurse into each one of them and merge the results
+ $return = array();
+ foreach ($array[$element] as $item) {
+ $return = array_merge($return, getAttributes($item, $path));
+ }
+ return $return;
+ }
+ // Unique non-leaf node - simple recursion
+ return getAttributes($array[$element], $path);
+}
+
+// Safety check: If XML module is missing, don't wipe DB
+@simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?'.'><test></test>');
+
+// Also, only wipe old URLs if we found at least one valid URL
+function wipeDb() {
+ global $db;
+ static $wiped = false;
+ if ($wiped)
+ return;
+ $wiped = true;
+ $db->query("LOCK TABLES organization WRITE, organization_suffix WRITE");
+ $db->query("UPDATE organization SET authmethod = '' WHERE authmethod LIKE 'http%'");
+}
+
foreach ($out[0] as $data) {
$data = preg_replace('#<(/?)[a-zA-Z0-9]+:#', '<\1', $data);
- $xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?>' . $data)), true);
- //if (!isset($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"])) {
- // echo "no EntityAttributes.Attribute.AttributeValue!\n";
- // continue;
- //}
- //if ($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"] !== 'http://aai.dfn.de/category/bwidm-member') continue;
- if (!isset($xml["IDPSSODescriptor"]["Extensions"]["Scope"])) {
- echo "No Extensions.Scope!\n";
- continue;
- }
- $scope = $xml["IDPSSODescriptor"]["Extensions"]["Scope"];
- if (!is_array($scope)) $scope = array($scope);
- $name = $xml["IDPSSODescriptor"]["Extensions"]["UIInfo"]["DisplayName"];
+ $data = preg_replace('# ([a-zA-Z0-9]+):([a-zA-Z0-9]+)=#', ' \1_\2=', $data);
+ $xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?'.'>'
+ . $data
+ )), true);
+ if (!in_array('http://aai.dfn.de/category/bwidm-member', getAttributes($xml, 'Extensions/EntityAttributes/Attribute/AttributeValue'))) continue;
+ $scope = getAttributes($xml, "IDPSSODescriptor/Extensions/Scope");
+ if (empty($scope)) continue;
+ $name = getAttributes($xml, "IDPSSODescriptor/Extensions/UIInfo/DisplayName");
$ecp = false;
if (is_array($name)) $name = $name[0];
- foreach ($xml["IDPSSODescriptor"]['SingleSignOnService'] as $sso) {
+ foreach (getAttributes($xml, "IDPSSODescriptor/SingleSignOnService") as $sso) {
if (isset($sso['@attributes']['Binding']) && $sso['@attributes']['Binding'] === 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP') {
$ecp = $sso['@attributes']['Location'];
break;
@@ -61,15 +112,16 @@ foreach ($out[0] as $data) {
}
// Now usable: $scope (kind of, arrayize), $name, $ecp (if known, false otherwise)
if ($ecp && !empty($scope)) {
+ wipeDb();
$eid = $db->escape_string($scope[0]);
$ename = $db->escape_string($name);
$eecp = $db->escape_string($ecp);
- $db->query("INSERT INTO satellite (organizationid, address, name, authmethod, publickey)
- VALUES ('$eid', '', '$ename', '$eecp', '')
+ $db->query("INSERT INTO organization (organizationid, name, authmethod, publickey)
+ VALUES ('$eid', '$ename', '$eecp', '')
ON DUPLICATE KEY UPDATE authmethod = VALUES(authmethod), name = VALUES(name)");
foreach ($scope as $alias) {
$ealias = $db->escape_string($alias);
- $db->query("INSERT IGNORE INTO satellite_suffix (organizationid, suffix) VALUES ('$eid', '$ealias')");
+ $db->query("INSERT IGNORE INTO organization_suffix (organizationid, suffix) VALUES ('$eid', '$ealias')");
}
}
}