Skip to content

Commit 6e35829

Browse files
pitbulkpitbulk
committed
Update php-saml to 2.13.0
1 parent 01f028c commit 6e35829

File tree

8 files changed

+195
-111
lines changed

8 files changed

+195
-111
lines changed

onelogin-saml-sso/php/extlib/xmlseclibs/xmlseclibs.php

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -282,7 +282,7 @@ public function loadKey($key, $isFile=false, $isCert = false) {
282282
} else {
283283
$this->key = openssl_get_privatekey($this->key, $this->passphrase);
284284
}
285-
} else if ($this->cryptParams['cipher'] == MCRYPT_RIJNDAEL_128) {
285+
} else if (isset($this->cryptParams['cipher']) && $this->cryptParams['cipher'] == MCRYPT_RIJNDAEL_128) {
286286
/* Check key length */
287287
switch ($this->type) {
288288
case (XMLSecurityKey::AES256_CBC):
@@ -724,7 +724,7 @@ public function validateDigest($refNode, $data) {
724724
$digValue = $this->calculateDigest($digestAlgorithm, $data, false);
725725
$query = 'string(./secdsig:DigestValue)';
726726
$digestValue = $xpath->evaluate($query, $refNode);
727-
return ($digValue == base64_decode($digestValue));
727+
return ($digValue === base64_decode($digestValue));
728728
}
729729

730730
public function processTransforms($refNode, $objData, $includeCommentNodes = true) {
@@ -846,8 +846,6 @@ public function processRefNode($refNode) {
846846
} else {
847847
$dataObject = $refNode->ownerDocument;
848848
}
849-
} else {
850-
$dataObject = file_get_contents($arUrl);
851849
}
852850
} else {
853851
/* This reference identifies the root node with an empty URI. This should

onelogin-saml-sso/php/lib/Saml2/Auth.php

Lines changed: 46 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,13 @@ class OneLogin_Saml2_Auth
2020
*/
2121
private $_attributes = array();
2222

23+
/**
24+
* User attributes data with FriendlyName index.
25+
*
26+
* @var array
27+
*/
28+
private $_attributesWithFriendlyName = array();
29+
2330
/**
2431
* NameID
2532
*
@@ -62,7 +69,7 @@ class OneLogin_Saml2_Auth
6269
* SessionNotOnOrAfter. When the user is logged, this stored it
6370
* from the AuthnStatement of the SAML Response
6471
*
65-
* @var DateTime
72+
* @var int|null
6673
*/
6774
private $_sessionExpiration;
6875

@@ -84,7 +91,7 @@ class OneLogin_Saml2_Auth
8491
* The NotOnOrAfter value of the valid SubjectConfirmationData
8592
* node (if any) of the last assertion processed
8693
*
87-
* @var DateTime
94+
* @var int
8895
*/
8996
private $_lastAssertionNotOnOrAfter;
9097

@@ -98,7 +105,7 @@ class OneLogin_Saml2_Auth
98105
/**
99106
* Reason of the last error.
100107
*
101-
* @var string
108+
* @var string|null
102109
*/
103110
private $_errorReason;
104111

@@ -150,8 +157,7 @@ public function getSettings()
150157
* Set the strict mode active/disable
151158
*
152159
* @param bool $value Strict parameter
153-
*
154-
* @return array The settings data.
160+
* @throws OneLogin_Saml2_Error
155161
*/
156162
public function setStrict($value)
157163
{
@@ -183,6 +189,7 @@ public function processResponse($requestId = null)
183189

184190
if ($response->isValid($requestId)) {
185191
$this->_attributes = $response->getAttributes();
192+
$this->_attributesWithFriendlyName = $response->getAttributesWithFriendlyName();
186193
$this->_nameid = $response->getNameId();
187194
$this->_nameidFormat = $response->getNameIdFormat();
188195
$this->_nameidNameQualifier = $response->getNameIdNameQualifier();
@@ -292,6 +299,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie
292299
* @param string $url The target URL to redirect the user.
293300
* @param array $parameters Extra parameters to be passed as part of the url
294301
* @param bool $stay True if we want to stay (returns the url string) False to redirect
302+
* @return string|null
295303
*/
296304
public function redirectTo($url = '', $parameters = array(), $stay = false)
297305
{
@@ -325,6 +333,16 @@ public function getAttributes()
325333
return $this->_attributes;
326334
}
327335

336+
/**
337+
* Returns the set of SAML attributes indexed by FriendlyName
338+
*
339+
* @return array Attributes of the user.
340+
*/
341+
public function getAttributesWithFriendlyName()
342+
{
343+
return $this->_attributesWithFriendlyName;
344+
}
345+
328346
/**
329347
* Returns the nameID
330348
*
@@ -388,7 +406,7 @@ public function getErrors()
388406
/**
389407
* Returns the reason for the last error
390408
*
391-
* @return string Error reason
409+
* @return string|null Error reason
392410
*/
393411
public function getLastErrorReason()
394412
{
@@ -413,6 +431,24 @@ public function getAttribute($name)
413431
return $value;
414432
}
415433

434+
/**
435+
* Returns the requested SAML attribute indexed by FriendlyName
436+
*
437+
* @param string $friendlyName The requested attribute of the user.
438+
*
439+
* @return array|null Requested SAML attribute ($friendlyName).
440+
*/
441+
public function getAttributeWithFriendlyName($friendlyName)
442+
{
443+
assert('is_string($friendlyName)');
444+
445+
$value = null;
446+
if (isset($this->_attributesWithFriendlyName[$friendlyName])) {
447+
return $this->_attributesWithFriendlyName[$friendlyName];
448+
}
449+
return $value;
450+
}
451+
416452
/**
417453
* Initiates the SSO process.
418454
*
@@ -423,7 +459,7 @@ public function getAttribute($name)
423459
* @param bool $stay True if we want to stay (returns the url string) False to redirect
424460
* @param bool $setNameIdPolicy When true the AuthNReuqest will set a nameIdPolicy element
425461
*
426-
* @return If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
462+
* @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
427463
*/
428464
public function login($returnTo = null, $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true)
429465
{
@@ -463,7 +499,7 @@ public function login($returnTo = null, $parameters = array(), $forceAuthn = fal
463499
* @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
464500
* @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest.
465501
*
466-
* @return If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
502+
* @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
467503
*
468504
* @throws OneLogin_Saml2_Error
469505
*/
@@ -568,8 +604,6 @@ public function buildRequestSignature($samlRequest, $relayState, $signAlgorithm
568604
);
569605
}
570606

571-
$key = $this->_settings->getSPkey();
572-
573607
$objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private'));
574608
$objKey->loadKey($key, false);
575609

@@ -651,7 +685,7 @@ public function getLastAssertionId()
651685
}
652686

653687
/**
654-
* @return The NotOnOrAfter value of the valid
688+
* @return int The NotOnOrAfter value of the valid
655689
* SubjectConfirmationData node (if any)
656690
* of the last assertion processed
657691
*/
@@ -677,7 +711,7 @@ public function getLastRequestXML()
677711
* If the SAMLResponse was encrypted, by default tries
678712
* to return the decrypted XML.
679713
*
680-
* @return string The Response XML
714+
* @return string|null The Response XML
681715
*/
682716
public function getLastResponseXML()
683717
{

onelogin-saml-sso/php/lib/Saml2/IdPMetadataParser.php

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,12 @@ class OneLogin_Saml2_IdPMetadataParser
1616
* metadata contains more than one
1717
* IDPSSODescriptor, the first is returned
1818
* @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat
19+
* @param string $desiredSSOBinding Parse specific binding SSO endpoint.
20+
* @param string $desiredSLOBinding Parse specific binding SLO endpoint.
1921
*
2022
* @return array metadata info in php-saml settings format
2123
*/
22-
public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null)
24+
public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT)
2325
{
2426
$metadataInfo = array();
2527

@@ -33,7 +35,7 @@ public static function parseRemoteXML($url, $entityId = null, $desiredNameIdForm
3335

3436
$xml = curl_exec($ch);
3537
if ($xml !== false) {
36-
$metadataInfo = self::parseXML($xml, $entityId);
38+
$metadataInfo = self::parseXML($xml, $entityId, $desiredNameIdFormat, $desiredSSOBinding, $desiredSLOBinding);
3739
} else {
3840
throw new Exception(curl_error($ch), curl_errno($ch));
3941
}
@@ -51,17 +53,19 @@ public static function parseRemoteXML($url, $entityId = null, $desiredNameIdForm
5153
* metadata contains more than one
5254
* IDPSSODescriptor, the first is returned
5355
* @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat
56+
* @param string $desiredSSOBinding Parse specific binding SSO endpoint.
57+
* @param string $desiredSLOBinding Parse specific binding SLO endpoint.
5458
*
5559
* @return array metadata info in php-saml settings format
5660
*/
57-
public static function parseFileXML($filepath, $entityId = null, $desiredNameIdFormat = null)
61+
public static function parseFileXML($filepath, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT)
5862
{
5963
$metadataInfo = array();
6064

6165
try {
6266
if (file_exists($filepath)) {
6367
$data = file_get_contents($filepath);
64-
$metadataInfo = self::parseXML($data, $entityId);
68+
$metadataInfo = self::parseXML($data, $entityId, $desiredNameIdFormat, $desiredSSOBinding, $desiredSLOBinding);
6569
}
6670
} catch (Exception $e) {
6771
}
@@ -77,10 +81,13 @@ public static function parseFileXML($filepath, $entityId = null, $desiredNameIdF
7781
* metadata contains more than one
7882
* IDPSSODescriptor, the first is returned
7983
* @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat
84+
* @param string $desiredSSOBinding Parse specific binding SSO endpoint.
85+
* @param string $desiredSLOBinding Parse specific binding SLO endpoint.
8086
*
8187
* @return array metadata info in php-saml settings format
88+
* @throws \Exception
8289
*/
83-
public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = null)
90+
public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT)
8491
{
8592
$metadataInfo = array();
8693

@@ -114,7 +121,7 @@ public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = n
114121
$metadataInfo['idp']['entityId'] = $entityId;
115122
}
116123

117-
$ssoNodes = OneLogin_Saml2_Utils::query($dom, './md:SingleSignOnService[@Binding="'.OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT.'"]', $idpDescriptor);
124+
$ssoNodes = OneLogin_Saml2_Utils::query($dom, './md:SingleSignOnService[@Binding="'.$desiredSSOBinding.'"]', $idpDescriptor);
118125
if ($ssoNodes->length < 1) {
119126
$ssoNodes = OneLogin_Saml2_Utils::query($dom, './md:SingleSignOnService', $idpDescriptor);
120127
}
@@ -125,7 +132,7 @@ public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = n
125132
);
126133
}
127134

128-
$sloNodes = OneLogin_Saml2_Utils::query($dom, './md:SingleLogoutService[@Binding="'.OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT.'"]', $idpDescriptor);
135+
$sloNodes = OneLogin_Saml2_Utils::query($dom, './md:SingleLogoutService[@Binding="'.$desiredSLOBinding.'"]', $idpDescriptor);
129136
if ($sloNodes->length < 1) {
130137
$sloNodes = OneLogin_Saml2_Utils::query($dom, './md:SingleLogoutService', $idpDescriptor);
131138
}
@@ -143,20 +150,20 @@ public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = n
143150
if (!empty($keyDescriptorCertSigningNodes) || !empty($keyDescriptorCertEncryptionNodes)) {
144151
$metadataInfo['idp']['x509certMulti'] = array();
145152
if (!empty($keyDescriptorCertSigningNodes)) {
146-
$idpInfo['x509certMulti']['signing'] = array();
147153
foreach ($keyDescriptorCertSigningNodes as $keyDescriptorCertSigningNode) {
148154
$metadataInfo['idp']['x509certMulti']['signing'][] = OneLogin_Saml2_Utils::formatCert($keyDescriptorCertSigningNode->nodeValue, false);
149155
}
150156
}
151157
if (!empty($keyDescriptorCertEncryptionNodes)) {
152-
$idpInfo['x509certMulti']['encryption'] = array();
153158
foreach ($keyDescriptorCertEncryptionNodes as $keyDescriptorCertEncryptionNode) {
154159
$metadataInfo['idp']['x509certMulti']['encryption'][] = OneLogin_Saml2_Utils::formatCert($keyDescriptorCertEncryptionNode->nodeValue, false);
155160
}
156161
}
157162

158163
$idpCertdata = $metadataInfo['idp']['x509certMulti'];
159-
if (count($idpCertdata) == 1 || ((isset($idpCertdata['signing']) && count($idpCertdata['signing']) == 1) && isset($idpCertdata['encryption']) && count($idpCertdata['encryption']) == 1 && strcmp($idpCertdata['signing'][0], $idpCertdata['encryption'][0]) == 0)) {
164+
if ((count($idpCertdata) == 1 and
165+
((isset($idpCertdata['signing']) and count($idpCertdata['signing']) == 1) or (isset($idpCertdata['encryption']) and count($idpCertdata['encryption']) == 1))) or
166+
((isset($idpCertdata['signing']) && count($idpCertdata['signing']) == 1) && isset($idpCertdata['encryption']) && count($idpCertdata['encryption']) == 1 && strcmp($idpCertdata['signing'][0], $idpCertdata['encryption'][0]) == 0)) {
160167
if (isset($metadataInfo['idp']['x509certMulti']['signing'][0])) {
161168
$metadataInfo['idp']['x509cert'] = $metadataInfo['idp']['x509certMulti']['signing'][0];
162169
} else {
@@ -189,8 +196,8 @@ public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = n
189196
/**
190197
* Inject metadata info into php-saml settings array
191198
*
192-
* @param string $settings php-saml settings array
193-
* @param string $metadataInfo array metadata info
199+
* @param array $settings php-saml settings array
200+
* @param array $metadataInfo array metadata info
194201
*
195202
* @return array settings
196203
*/

onelogin-saml-sso/php/lib/Saml2/LogoutRequest.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,8 @@ public function __construct(OneLogin_Saml2_Settings $settings, $request = null,
7272
}
7373

7474
if (!empty($nameId)) {
75-
if (empty($nameIdFormat)) {
75+
if (empty($nameIdFormat) &&
76+
$spData['NameIDFormat'] != OneLogin_Saml2_Constants::NAMEID_UNSPECIFIED) {
7677
$nameIdFormat = $spData['NameIDFormat'];
7778
}
7879
$spNameQualifier = null;
@@ -380,7 +381,7 @@ public function isValid($retrieveParametersFromServer = false)
380381
$this->_error = $e->getMessage();
381382
$debug = $this->_settings->isDebugActive();
382383
if ($debug) {
383-
echo $this->_error;
384+
echo htmlentities($this->_error);
384385
}
385386
return false;
386387
}

onelogin-saml-sso/php/lib/Saml2/LogoutResponse.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ class OneLogin_Saml2_LogoutResponse
3232

3333
/**
3434
* After execute a validation process, if it fails, this var contains the cause
35-
* @var string
35+
* @var string|null
3636
*/
3737
private $_error;
3838

@@ -87,7 +87,7 @@ public function getIssuer()
8787
/**
8888
* Gets the Status of the Logout Response.
8989
*
90-
* @return string The Status
90+
* @return string|null The Status
9191
*/
9292
public function getStatus()
9393
{
@@ -188,7 +188,7 @@ public function isValid($requestId = null, $retrieveParametersFromServer = false
188188
$this->_error = $e->getMessage();
189189
$debug = $this->_settings->isDebugActive();
190190
if ($debug) {
191-
echo $this->_error;
191+
echo htmlentities($this->_error);
192192
}
193193
return false;
194194
}
@@ -271,7 +271,7 @@ public function getError()
271271
}
272272

273273
/**
274-
* @return the ID of the Response
274+
* @return string the ID of the Response
275275
*/
276276
public function getId()
277277
{

0 commit comments

Comments
 (0)