summaryrefslogtreecommitdiffstats
path: root/extras/import-idp.php
blob: 6ea9cb653ae57f5b911cb477f5ff753a2ef41d07 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?php

error_reporting(E_ALL);

if ($argc < 2) die("To few arguments. Pass config file!\n");
$handle = fopen($argv[1], 'r') or die("Cannot open mysql config given on command line\n");
$settings = array();
while (($line = fgets($handle)) !== false) {
	if (!preg_match('/^\s*(.*?)\s*=\s*(.*?)\s*$/', $line, $out)) continue;
	$settings[$out[1]] = $out[2];
}
fclose($handle);

$ch = curl_init();
if ($ch === false) die("Could not init curl\n");

if (empty($settings['host']) || empty($settings['user']) || empty($settings['password']) || empty($settings['db'])) die("Missing fields in given mysql config\n");

$db = new mysqli($settings['host'], $settings['user'], $settings['password'], $settings['db']);
if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n");
$db->set_charset("utf8");

$url = 'https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
if ($data === false) die("Could not download DFN-AAI meta data\n");

preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);

foreach ($out[0] as $data) {
	$data = preg_replace('#<(/?)[a-zA-Z0-9]+:#', '<\1', $data);
	$xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?>' . $data)), true);
	if (!isset($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"])) continue;
	if (!isset($xml["IDPSSODescriptor"]["Extensions"]["Scope"])) continue;
	if ($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"] !== 'http://aai.dfn.de/category/bwidm-member') continue;
	$scope = $xml["IDPSSODescriptor"]["Extensions"]["Scope"];
	if (!is_array($scope)) $scope = array($scope);
	$name = $xml["IDPSSODescriptor"]["Extensions"]["UIInfo"]["DisplayName"];
	$ecp = false;
	if (is_array($name)) $name = $name[0];
	foreach ($xml["IDPSSODescriptor"]['SingleSignOnService'] as $sso) {
		if (isset($sso['@attributes']['Binding']) && $sso['@attributes']['Binding'] === 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP') {
			$ecp = $sso['@attributes']['Location'];
			break;
		}
	}
	// Now usable: $scope (kind of, arrayize), $name, $ecp (if known, false otherwise)
	if ($ecp && !empty($scope)) {
		$eid = $db->escape_string($scope[0]);
		$ename = $db->escape_string($name);
		$eecp = $db->escape_string($ecp);
		$db->query("INSERT INTO satellite (organizationid, address, name, authmethod, publickey)
			VALUES ('$eid', '', '$ename', '$eecp', '')
			ON DUPLICATE KEY UPDATE authmethod = VALUES(authmethod), name = VALUES(name)");
		foreach ($scope as $alias) {
			$ealias = $db->escape_string($alias);
			$db->query("INSERT IGNORE INTO satellite_suffix (organizationid, suffix) VALUES ('$eid', '$ealias')");
		}
	}
}