From eb5fd57a227497b0b37b9daff7eb1513b2a7a06a Mon Sep 17 00:00:00 2001 From: Milos Tomic Date: Tue, 9 Feb 2016 14:18:58 +0100 Subject: [PATCH] additional actions --- .../ResolveLogoutPartyAction.php | 98 +++++++++++++++++++ .../SingleLogout/SloRequestActionBuilder.php | 19 ++++ .../SloRequestProfileBuilder.php | 44 +++++++++ src/LightSaml/Logout/Profile/Profiles.php | 21 ++++ 4 files changed, 182 insertions(+) create mode 100644 src/LightSaml/Logout/Action/Profile/Outbound/LogoutRequest/ResolveLogoutPartyAction.php create mode 100644 src/LightSaml/Logout/Builder/Profile/WebBrowserSlo/SloRequestProfileBuilder.php create mode 100644 src/LightSaml/Logout/Profile/Profiles.php diff --git a/src/LightSaml/Logout/Action/Profile/Outbound/LogoutRequest/ResolveLogoutPartyAction.php b/src/LightSaml/Logout/Action/Profile/Outbound/LogoutRequest/ResolveLogoutPartyAction.php new file mode 100644 index 0000000..7476cec --- /dev/null +++ b/src/LightSaml/Logout/Action/Profile/Outbound/LogoutRequest/ResolveLogoutPartyAction.php @@ -0,0 +1,98 @@ + + * + * This source file is subject to the GPL-3 license that is bundled + * with this source code in the file LICENSE. + */ + +namespace LightSaml\Logout\Action\Profile\Outbound\LogoutRequest; + +use LightSaml\Action\Profile\AbstractProfileAction; +use LightSaml\Context\Profile\ProfileContext; +use LightSaml\Error\LightSamlContextException; +use LightSaml\Meta\TrustOptions\TrustOptions; +use LightSaml\Store\EntityDescriptor\EntityDescriptorStoreInterface; +use LightSaml\Store\TrustOptions\TrustOptionsStoreInterface; + +class ResolveLogoutPartyAction extends AbstractProfileAction +{ + /** @var EntityDescriptorStoreInterface */ + private $idpEntityDescriptorStore; + + /** @var EntityDescriptorStoreInterface */ + private $spEntityDescriptorStore; + + /** @var TrustOptionsStoreInterface */ + protected $trustOptionsProvider; + + /** + * @param EntityDescriptorStoreInterface $idpEntityDescriptorStore + * @param EntityDescriptorStoreInterface $spEntityDescriptorStore + * @param TrustOptionsStoreInterface $trustOptionsProvider + */ + public function __construct( + EntityDescriptorStoreInterface $idpEntityDescriptorStore, + EntityDescriptorStoreInterface $spEntityDescriptorStore, + TrustOptionsStoreInterface $trustOptionsProvider + ) { + $this->idpEntityDescriptorStore = $idpEntityDescriptorStore; + $this->spEntityDescriptorStore = $spEntityDescriptorStore; + $this->trustOptionsProvider = $trustOptionsProvider; + } + + /** + * @param ProfileContext $context + */ + protected function doExecute(ProfileContext $context) + { + $partyContext = $context->getPartyEntityContext(); + + $partyEntityDescriptor = $this->getPartyEntityDescriptor($context); + $partyContext + ->setEntityId($partyEntityDescriptor->getEntityID()) + ->setEntityDescriptor($partyEntityDescriptor); + + $trustOptions = $this->trustOptionsProvider->get($partyContext->getEntityDescriptor()->getEntityID()); + if (null === $trustOptions) { + $trustOptions = new TrustOptions(); + } + $partyContext->setTrustOptions($trustOptions); + } + + private function getPartyEntityDescriptor(ProfileContext $context) + { + $ssoSessionState = $context->getLogoutSsoSessionState(); + $ownEntityId = $context->getOwnEntityDescriptor()->getEntityID(); + $partyId = $ssoSessionState->getOtherPartyId($ownEntityId); + + $partyEntityDescriptor = $this->findParty($partyId, [$this->idpEntityDescriptorStore, $this->spEntityDescriptorStore]); + + if ($partyEntityDescriptor) { + return $partyEntityDescriptor; + } + + throw new LightSamlContextException($context, sprintf('Unknown party "%s"', $partyId)); + } + + /** + * @param string $entityId + * @param EntityDescriptorStoreInterface[] $entityDescriptorStores + * + * @return \LightSaml\Model\Metadata\EntityDescriptor|null + */ + private function findParty($entityId, array $entityDescriptorStores) + { + foreach ($entityDescriptorStores as $entityDescriptorStore) { + $entityDescriptor = $entityDescriptorStore->get($entityId); + if ($entityDescriptor) { + return $entityDescriptor; + } + } + + return null; + } +} diff --git a/src/LightSaml/Logout/Builder/Action/Profile/SingleLogout/SloRequestActionBuilder.php b/src/LightSaml/Logout/Builder/Action/Profile/SingleLogout/SloRequestActionBuilder.php index 7c7eb71..a712550 100644 --- a/src/LightSaml/Logout/Builder/Action/Profile/SingleLogout/SloRequestActionBuilder.php +++ b/src/LightSaml/Logout/Builder/Action/Profile/SingleLogout/SloRequestActionBuilder.php @@ -11,8 +11,12 @@ namespace LightSaml\Logout\Builder\Action\Profile\SingleLogout; +use LightSaml\Action\Profile\Outbound\Message\CreateMessageIssuerAction; +use LightSaml\Action\Profile\Outbound\Message\DestinationAction; +use LightSaml\Action\Profile\Outbound\Message\ResolveEndpointSloAction; use LightSaml\Logout\Action\Profile\Outbound\LogoutRequest\CreateLogoutRequestAction; use LightSaml\Logout\Action\Profile\Outbound\LogoutRequest\LogoutResolveAction; +use LightSaml\Logout\Action\Profile\Outbound\LogoutRequest\ResolveLogoutPartyAction; use LightSaml\Logout\Action\Profile\Outbound\LogoutRequest\SetNameIdAction; use LightSaml\Logout\Action\Profile\Outbound\LogoutRequest\SetNotOnOrAfterAction; use LightSaml\Action\Profile\Outbound\Message\MessageIdAction; @@ -47,6 +51,21 @@ protected function doInitialize() $this->buildContainer->getSystemContainer()->getLogger(), $this->buildContainer->getSystemContainer()->getTimeProvider() )); + $proceedActionBuilder->add(new ResolveLogoutPartyAction( + $this->buildContainer->getPartyContainer()->getIdpEntityDescriptorStore(), + $this->buildContainer->getPartyContainer()->getSpEntityDescriptorStore(), + $this->buildContainer->getPartyContainer()->getTrustOptionsStore() + )); + $proceedActionBuilder->add(new ResolveEndpointSloAction( + $this->buildContainer->getSystemContainer()->getLogger(), + $this->buildContainer->getServiceContainer()->getEndpointResolver() + )); + $proceedActionBuilder->add(new DestinationAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); + $proceedActionBuilder->add(new CreateMessageIssuerAction( + $this->buildContainer->getSystemContainer()->getLogger() + )); $proceedActionBuilder->add(new SetNameIdAction( $this->buildContainer->getSystemContainer()->getLogger() )); diff --git a/src/LightSaml/Logout/Builder/Profile/WebBrowserSlo/SloRequestProfileBuilder.php b/src/LightSaml/Logout/Builder/Profile/WebBrowserSlo/SloRequestProfileBuilder.php new file mode 100644 index 0000000..36fce2a --- /dev/null +++ b/src/LightSaml/Logout/Builder/Profile/WebBrowserSlo/SloRequestProfileBuilder.php @@ -0,0 +1,44 @@ + + * + * This source file is subject to the GPL-3 license that is bundled + * with this source code in the file LICENSE. + */ + +namespace LightSaml\Logout\Builder\Profile\WebBrowserSlo; + +use LightSaml\Builder\Profile\AbstractProfileBuilder; +use LightSaml\Context\Profile\ProfileContext; +use LightSaml\Logout\Builder\Action\Profile\SingleLogout\SloRequestActionBuilder; +use LightSaml\Logout\Profile\Profiles; + +class SloRequestProfileBuilder extends AbstractProfileBuilder +{ + /** + * @return string + */ + protected function getProfileId() + { + return Profiles::SLO_SEND_LOGOUT_REQUEST; + } + + /** + * @return string + */ + protected function getProfileRole() + { + return ProfileContext::ROLE_NONE; + } + + /** + * @return \LightSaml\Builder\Action\ActionBuilderInterface + */ + protected function getActionBuilder() + { + return new SloRequestActionBuilder($this->container); + } +} diff --git a/src/LightSaml/Logout/Profile/Profiles.php b/src/LightSaml/Logout/Profile/Profiles.php new file mode 100644 index 0000000..5583b9e --- /dev/null +++ b/src/LightSaml/Logout/Profile/Profiles.php @@ -0,0 +1,21 @@ + + * + * This source file is subject to the GPL-3 license that is bundled + * with this source code in the file LICENSE. + */ + +namespace LightSaml\Logout\Profile; + +class Profiles +{ + const SLO_SEND_LOGOUT_REQUEST = 'slo_send_logout_request'; + + private function __construct() + { + } +}