From b7d5e202cc1181e8f4fbe84332d779d90f9725d2 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 16 Sep 2024 14:20:08 +0200
Subject: Update import script

---
 extras/import-idp.php | 88 +++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 72 insertions(+), 16 deletions(-)

diff --git a/extras/import-idp.php b/extras/import-idp.php
index 1298058..a16ed92 100644
--- a/extras/import-idp.php
+++ b/extras/import-idp.php
@@ -29,31 +29,37 @@ while (($line = fgets($handle)) !== false) {
 fclose($handle);
 
 // Default/Fallback
+$suffixMappings = false;
+$localFile = false;
 $requiredAttribute = 'http://aai.dfn.de/category/bwidm-member';
-$url = 'http://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml';
+$url = 'https://www.aai.dfn.de/metadata/dfn-aai-idp-metadata.xml';
 $requireEcp = true;
 $f = __DIR__ . '/shib.conf.php';
 if (is_readable($f)) require_once $f;
 
-$ch = curl_init();
-if ($ch === false) die("Could not init curl\n");
-
 if (empty($settings['host']) || empty($settings['user']) || empty($settings['password']) || empty($settings['db'])) die("Missing fields in given mysql config\n");
 
 $db = new mysqli($settings['host'], $settings['user'], $settings['password'], $settings['db']);
 if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n");
 $db->set_charset("utf8mb4");
 
-curl_setopt($ch, CURLOPT_URL, $url);
-curl_setopt($ch, CURLOPT_TIMEOUT, 10);
-curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
-curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-$data = curl_exec($ch);
-if ($data === false) die("Could not download DFN-AAI meta data\n");
-
-$count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
-pdebug("Found $count EntityDescriptors");
+if ($localFile !== false && file_exists($localFile)) {
+	$data = file_get_contents($localFile);
+} else {
+	pdebug("Downloading...");
+	$ch = curl_init();
+	if ($ch === false) die("Could not init curl\n");
+
+	curl_setopt($ch, CURLOPT_URL, $url);
+	curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+	curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
+	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+	$data = curl_exec($ch);
+	if ($data === false) {
+		die("Could not download DFN-AAI meta data\n");
+	}
+}
 
 function getAttributes($array, $path)
 {
@@ -114,9 +120,15 @@ function wipeDb() {
 	$db->query("UPDATE organization SET authmethod = '' WHERE authmethod LIKE 'http%'");
 }
 
+// Regular ECP auth for suite
+
+$data = preg_replace('#<(/?)[a-zA-Z0-9_-]+:#', '<\1', $data);
+$data = preg_replace('# ([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)=#', ' \1_\2=', $data);
+$count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
+unset($data);
+pdebug("Found $count EntityDescriptors");
+
 foreach ($out[0] as $data) {
-	$data = preg_replace('#<(/?)[a-zA-Z0-9]+:#', '<\1', $data);
-	$data = preg_replace('# ([a-zA-Z0-9]+):([a-zA-Z0-9]+)=#', ' \1_\2=', $data);
 	$xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?'.'>'
 		. $data
 	)), true);
@@ -176,4 +188,48 @@ foreach ($out[0] as $data) {
 		}
 	}
 }
+$db->query("UNLOCK TABLES");
+
+// Mapping of suffix to idp (and back)
+
+if (is_array($suffixMappings)) {
+	$db->query("LOCK TABLES suffix2idp WRITE");
+	$db->query("TRUNCATE TABLE suffix2idp");
+	foreach ($suffixMappings as $file) {
+		$data = file_get_contents($file);
+		if (empty($data))
+			continue;
+		$data = preg_replace('#<(/?)[a-zA-Z0-9_-]+:#', '<\1', $data);
+		$data = preg_replace('# ([a-zA-Z0-9_-]+):([a-zA-Z0-9_-]+)=#', ' \1_\2=', $data);
+		$count = preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
+		unset($data);
+		pdebug("Found $count EntityDescriptors");
+		foreach ($out[0] as $data) {
+			$xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?'.'>'
+				. $data
+			)), true);
+			$scope = getAttributes($xml, "IDPSSODescriptor/Extensions/Scope");
+			if (empty($scope)) {
+				pdebug("No list of scopes...");
+				continue;
+			}
+			$id = getAttributes($xml, "@attributes/entityID");
+			if (is_array($id) && !empty($id)) {
+				$id = $id[0];
+			}
+			$ereg = '';
+			$reg = getAttributes($xml, "Extensions/RegistrationInfo/@attributes/registrationAuthority");
+			if (is_array($reg) && !empty($reg)) {
+				$ereg = $db->escape_string($reg[0]);
+			}
+			$eid = $db->escape_string($id);
+			foreach ($scope as $alias) {
+				$ealias = $db->escape_string($alias);
+				$db->query("INSERT IGNORE INTO suffix2idp (idpurl, suffix, regauth)"
+						. " VALUES ('$eid', '$ealias', '$ereg')");
+			}
+		}
+	}
+	$db->query("UNLOCK TABLES");
+}
 
-- 
cgit v1.2.3-55-g7522