1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
<?php
error_reporting(E_ALL);
if ($argc < 2) die("To few arguments. Pass config file!\n");
$handle = fopen($argv[1], 'r') or die("Cannot open mysql config given on command line\n");
$settings = array();
while (($line = fgets($handle)) !== false) {
if (!preg_match('/^\s*(.*?)\s*=\s*(.*?)\s*$/', $line, $out)) continue;
$settings[$out[1]] = $out[2];
}
fclose($handle);
$ch = curl_init();
if ($ch === false) die("Could not init curl\n");
if (empty($settings['host']) || empty($settings['user']) || empty($settings['password']) || empty($settings['db'])) die("Missing fields in given mysql config\n");
$db = new mysqli($settings['host'], $settings['user'], $settings['password'], $settings['db']);
if ($db->connect_errno) die("Could not connect to db: " . $db->connect_error . "\n");
$db->set_charset("utf8");
$url = 'https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-metadata.xml';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
if ($data === false) die("Could not download DFN-AAI meta data\n");
preg_match_all('#<EntityDescriptor.*?</EntityDescriptor>#s', $data, $out);
foreach ($out[0] as $data) {
$data = preg_replace('#<(/?)[a-zA-Z0-9]+:#', '<\1', $data);
$xml = json_decode(json_encode(simplexml_load_string('<?xml version="1.0" encoding="utf-8" standalone="yes" ?>' . $data)), true);
if (!isset($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"])) continue;
if (!isset($xml["IDPSSODescriptor"]["Extensions"]["Scope"])) continue;
if ($xml["Extensions"]["EntityAttributes"]["Attribute"]["AttributeValue"] !== 'http://aai.dfn.de/category/bwidm-member') continue;
$scope = $xml["IDPSSODescriptor"]["Extensions"]["Scope"];
if (!is_array($scope)) $scope = array($scope);
$name = $xml["IDPSSODescriptor"]["Extensions"]["UIInfo"]["DisplayName"];
$ecp = false;
if (is_array($name)) $name = $name[0];
foreach ($xml["IDPSSODescriptor"]['SingleSignOnService'] as $sso) {
if (isset($sso['@attributes']['Binding']) && $sso['@attributes']['Binding'] === 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP') {
$ecp = $sso['@attributes']['Location'];
break;
}
}
// Now usable: $scope (kind of, arrayize), $name, $ecp (if known, false otherwise)
if ($ecp && !empty($scope)) {
$eid = $db->escape_string($scope[0]);
$ename = $db->escape_string($name);
$eecp = $db->escape_string($ecp);
$db->query("INSERT INTO satellite (organizationid, address, name, authmethod, publickey)
VALUES ('$eid', '', '$ename', '$eecp', '')
ON DUPLICATE KEY UPDATE authmethod = VALUES(authmethod), name = VALUES(name)");
foreach ($scope as $alias) {
$ealias = $db->escape_string($alias);
$db->query("INSERT IGNORE INTO satellite_suffix (organizationid, suffix) VALUES ('$eid', '$ealias')");
}
}
}
|