From b46aebeaae44ec47fb6cc5e8c23fbeb95f6841f3 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 15 May 2024 16:56:09 +0200
Subject: Update import-idp script

---
 extras/import-idp.php | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/extras/import-idp.php b/extras/import-idp.php
index 4518bbf..1298058 100644
--- a/extras/import-idp.php
+++ b/extras/import-idp.php
@@ -7,7 +7,9 @@ function pdebug($text)
 	if (DEBUG) echo "$text\n";
 }
 
-if ($argc < 2) die("To few arguments. Pass config file!\n");
+if ($argc < 2)
+	die("Too few arguments. Pass config file!\n");
+
 if ($argv[1] === '--debug') {
 	$argc--;
 	array_shift($argv);
@@ -15,7 +17,9 @@ if ($argv[1] === '--debug') {
 } else {
 	define('DEBUG', false);
 }
-if ($argc < 2) die("To few arguments. Pass config file!\n");
+if ($argc < 2)
+	die("Too few arguments. Pass config file!\n");
+
 $handle = fopen($argv[1], 'r') or die("Cannot open mysql config given on command line\n");
 $settings = array();
 while (($line = fgets($handle)) !== false) {
@@ -26,7 +30,8 @@ fclose($handle);
 
 // Default/Fallback
 $requiredAttribute = 'http://aai.dfn.de/category/bwidm-member';
-$url = 'https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-metadata.xml';
+$url = 'http://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml';
+$requireEcp = true;
 $f = __DIR__ . '/shib.conf.php';
 if (is_readable($f)) require_once $f;
 
@@ -37,7 +42,7 @@ if (empty($settings['host']) || empty($settings['user']) || empty($settings['pas
 
 $db = new mysqli($settings['host'], $settings['user'], $settings['password'], $settings['db']);
 if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n");
-$db->set_charset("utf8");
+$db->set_charset("utf8mb4");
 
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_TIMEOUT, 10);
@@ -140,12 +145,26 @@ foreach ($out[0] as $data) {
 		}
 	}
 	// Now usable: $scope, $name, $ecp (if known, false otherwise)
-	if ($ecp === false) {
+	if ($requireEcp && $ecp === false) {
 		pdebug("No ECP end-point...");
 	} else {
 		pdebug("Adding/Updating with ECP URL $ecp, suffixes: " . implode(', ', $scope));
 		wipeDb();
-		$eid = $db->escape_string($scope[0]);
+		$orgid = false;
+		// Try to use any existing organization ID based on the suffixes. This is to avoid adding the same organzation twice, should the first entry in the list change
+		foreach ($scope as $alias) {
+			$ealias = $db->escape_string($alias);
+			$res = $db->query("SELECT organizationid FROM organization_suffix WHERE suffix = '$ealias' LIMIT 1");
+			if ($row = $res->fetch_assoc()) {
+				$orgid = $row['organizationid'];
+				break;
+			}
+		}
+		if ($orgid === false) {
+			// Not known yet, use first
+			$orgid = $scope[0];
+		}
+		$eid = $db->escape_string($orgid);
 		$ename = $db->escape_string($name);
 		$eecp = $db->escape_string($ecp);
 		$db->query("INSERT INTO organization (organizationid, name, authmethod, publickey)
-- 
cgit v1.2.3-55-g7522