From d5a1033cccc01f6608c22e71b6967137eeeb4707 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 6 Oct 2014 14:46:29 +0200
Subject: Add qnd script to fetch all bwIDM members (IdPs) and insert them into
 db

---
 extras/import-idp.php | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 extras/import-idp.php

diff --git a/extras/import-idp.php b/extras/import-idp.php
new file mode 100644
index 0000000..6ea9cb6
--- /dev/null
+++ b/extras/import-idp.php
@@ -0,0 +1,65 @@
+<?php
+
+error_reporting(E_ALL);
+
+if ($argc < 2) die("To few arguments. Pass config file!\n");
+$handle = fopen($argv[1], 'r') or die("Cannot open mysql config given on command line\n");
+$settings = array();
+while (($line = fgets($handle)) !== false) {
+	if (!preg_match('/^\s*(.*?)\s*=\s*(.*?)\s*$/', $line, $out)) continue;
+	$settings[$out[1]] = $out[2];
+}
+fclose($handle);
+
+$ch = curl_init();
+if ($ch === false) die("Could not init curl\n");
+
+if (empty($settings['host']) || empty($settings['user']) || empty($settings['password']) || empty($settings['db'])) die("Missing fields in given mysql config\n");
+
+$db = new mysqli($settings['host'], $settings['user'], $settings['password'], $settings['db']);
+if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n");
+$db->set_charset("utf8");
+
+$url = 'https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml';
+curl_setopt($ch, CURLOPT_URL, $url);
+curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+$data = curl_exec($ch);
+if ($data === false) die("Could not download DFN-AAI meta data\n");
+
+preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
+
+foreach ($out[0] as $data) {
+	$data = preg_replace('#<(/?)[a-zA-Z0-9]+:#', '<\1', $data);
+	$xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?>' . $data)), true);
+	if (!isset($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"])) continue;
+	if (!isset($xml["IDPSSODescriptor"]["Extensions"]["Scope"])) continue;
+	if ($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"] !== 'http://aai.dfn.de/category/bwidm-member') continue;
+	$scope = $xml["IDPSSODescriptor"]["Extensions"]["Scope"];
+	if (!is_array($scope)) $scope = array($scope);
+	$name = $xml["IDPSSODescriptor"]["Extensions"]["UIInfo"]["DisplayName"];
+	$ecp = false;
+	if (is_array($name)) $name = $name[0];
+	foreach ($xml["IDPSSODescriptor"]['SingleSignOnService'] as $sso) {
+		if (isset($sso['@attributes']['Binding']) && $sso['@attributes']['Binding'] === 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP') {
+			$ecp = $sso['@attributes']['Location'];
+			break;
+		}
+	}
+	// Now usable: $scope (kind of, arrayize), $name, $ecp (if known, false otherwise)
+	if ($ecp && !empty($scope)) {
+		$eid = $db->escape_string($scope[0]);
+		$ename = $db->escape_string($name);
+		$eecp = $db->escape_string($ecp);
+		$db->query("INSERT INTO satellite (organizationid, address, name, authmethod, publickey)
+			VALUES ('$eid', '', '$ename', '$eecp', '')
+			ON DUPLICATE KEY UPDATE authmethod = VALUES(authmethod), name = VALUES(name)");
+		foreach ($scope as $alias) {
+			$ealias = $db->escape_string($alias);
+			$db->query("INSERT IGNORE INTO satellite_suffix (organizationid, suffix) VALUES ('$eid', '$ealias')");
+		}
+	}
+}
+
-- 
cgit v1.2.3-55-g7522