From 45036340f01b5417762943a843fd4ca343ea8a8f Mon Sep 17 00:00:00 2001 From: Alexander O'Mara Date: Tue, 5 Apr 2022 18:10:02 -0400 Subject: [PATCH] Extensible dependent classes in Auth with builder methods --- src/Saml2/Auth.php | 75 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 69 insertions(+), 6 deletions(-) diff --git a/src/Saml2/Auth.php b/src/Saml2/Auth.php index 70a87152..6f18b7cf 100644 --- a/src/Saml2/Auth.php +++ b/src/Saml2/Auth.php @@ -231,7 +231,7 @@ public function processResponse($requestId = null) $this->_lastError = $this->_lastErrorException = null; if (isset($_POST['SAMLResponse'])) { // AuthnResponse -- HTTP_POST Binding - $response = new Response($this->_settings, $_POST['SAMLResponse']); + $response = $this->buildResponse($this->_settings, $_POST['SAMLResponse']); $this->_lastResponse = $response->getXMLDocument(); if ($response->isValid($requestId)) { @@ -279,7 +279,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie $this->_errors = array(); $this->_lastError = $this->_lastErrorException = null; if (isset($_GET['SAMLResponse'])) { - $logoutResponse = new LogoutResponse($this->_settings, $_GET['SAMLResponse']); + $logoutResponse = $this->buildLogoutResponse($this->_settings, $_GET['SAMLResponse']); $this->_lastResponse = $logoutResponse->getXML(); if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) { $this->_errors[] = 'invalid_logout_response'; @@ -299,7 +299,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie } } } else if (isset($_GET['SAMLRequest'])) { - $logoutRequest = new LogoutRequest($this->_settings, $_GET['SAMLRequest']); + $logoutRequest = $this->buildLogoutRequest($this->_settings, $_GET['SAMLRequest']); $this->_lastRequest = $logoutRequest->getXML(); if (!$logoutRequest->isValid($retrieveParametersFromServer)) { $this->_errors[] = 'invalid_logout_request'; @@ -315,7 +315,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie } $inResponseTo = $logoutRequest->id; $this->_lastMessageId = $logoutRequest->id; - $responseBuilder = new LogoutResponse($this->_settings); + $responseBuilder = $this->buildLogoutResponse($this->_settings); $responseBuilder->build($inResponseTo); $this->_lastResponse = $responseBuilder->getXML(); @@ -594,7 +594,7 @@ public function logout($returnTo = null, array $parameters = array(), $nameId = $nameIdFormat = $this->_nameidFormat; } - $logoutRequest = new LogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); + $logoutRequest = $this->buildLogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); $this->_lastRequest = $logoutRequest->getXML(); $this->_lastRequestID = $logoutRequest->id; @@ -675,6 +675,69 @@ public function buildAuthnRequest($settings, $forceAuthn, $isPassive, $setNameId return new AuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq); } + /** + * Creates a Response. + * + * @param Settings $settings Setting data + * @param string $response A UUEncoded SAML response from the IdP + * + * @return Response The Response object + * + * @throws Exception + * @throws ValidationError + */ + public function buildResponse($settings, $response) + { + return new Response($settings, $response); + } + + /** + * Creates a LogoutRequest. + * + * @param Settings $settings Setting data + * @param string|null $request A UUEncoded Logout Request + * @param string|null $nameId The NameID that will be set in the LogoutRequest + * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process) + * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest + * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest + * @param string|null $nameIdSPNameQualifier The NameID SP NameQualifier will be set in the LogoutRequest + * + * @return LogoutRequest The LogoutRequest object + */ + public function buildLogoutRequest($settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null) + { + return new LogoutRequest($settings, $request, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); + } + + /** + * Creates a LogoutResponse. + * + * @param Settings $settings Setting data + * @param string|null $response An UUEncoded SAML Logout response from the IdP + * + * @return LogoutResponse The LogoutResponse object + * + * @throws Error + * @throws Exception + */ + public function buildLogoutResponse($settings, $response = null) + { + return new LogoutResponse($settings, $response); + } + + /** + * Creates an XMLSecurityKey. + * + * @param string $type Key type + * @param null|array $params Key params + * + * @throws Exception + */ + public function buildXMLSecurityKey($type, $params=null) + { + return new XMLSecurityKey($type, $params); + } + /** * Generates the Signature for a SAML Request * @@ -735,7 +798,7 @@ private function buildMessageSignature($samlMessage, $relayState, $signAlgorithm throw new Error($errorMsg, Error::PRIVATE_KEY_NOT_FOUND); } - $objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private')); + $objKey = $this->buildXMLSecurityKey($signAlgorithm, array('type' => 'private')); $objKey->loadKey($key, false); $security = $this->_settings->getSecurityData();