ProxyResponseService::parseEptiNameId() - Code Metrics - Inspection of "Gateway: Update SAML2 dependency" - OpenConext/Stepup-Gateway - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — develop (#106)

by A.

created 2016-12-12 13:22 UTC

ProxyResponseService::parseEptiNameId() A

↳ Parent: Project

Complexity

Conditions	3
Paths	2

Size

Total Lines	17
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	17
rs	9.4285
cc	3
eloc	9
nc	2
nop	1

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupGateway\GatewayBundle\Service;

use SAML2_Assertion;
use Surfnet\SamlBundle\Entity\IdentityProvider;
use Surfnet\SamlBundle\Entity\ServiceProvider;
use Surfnet\SamlBundle\SAML2\Attribute\AttributeDefinition;
use Surfnet\SamlBundle\SAML2\Attribute\AttributeDictionary;
use Surfnet\StepupBundle\Value\Loa;
use Surfnet\StepupGateway\GatewayBundle\Saml\AssertionSigningService;
use Surfnet\StepupGateway\GatewayBundle\Saml\Proxy\ProxyStateHandler;

/**
 * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
 */
class ProxyResponseService
{
    /**
     * @var \Surfnet\SamlBundle\Entity\IdentityProvider
     */
    private $hostedIdentityProvider;

    /**
     * @var \Surfnet\StepupGateway\GatewayBundle\Saml\Proxy\ProxyStateHandler
     */
    private $proxyStateHandler;

    /**
     * @var \Surfnet\SamlBundle\SAML2\Attribute\AttributeDictionary
     */
    private $attributeDictionary;

    /**
     * @var \Surfnet\SamlBundle\SAML2\Attribute\AttributeDefinition
     */
    private $eptiAttribute;

    /**
     * @var \DateTime
     */
    private $currentTime;

    /**
     * @var \Surfnet\StepupGateway\GatewayBundle\Saml\AssertionSigningService
     */
    private $assertionSigningService;

    /**
     * @var \Surfnet\StepupBundle\Value\Loa
     */
    private $intrinsicLoa;

    public function __construct(
        IdentityProvider $hostedIdentityProvider,
        ProxyStateHandler $proxyStateHandler,
        AssertionSigningService $assertionSigningService,
        AttributeDictionary $attributeDictionary,
        AttributeDefinition $eptiAttribute,
        Loa $intrinsicLoa
    ) {
        $this->hostedIdentityProvider    = $hostedIdentityProvider;
        $this->proxyStateHandler         = $proxyStateHandler;
        $this->assertionSigningService   = $assertionSigningService;
        $this->attributeDictionary       = $attributeDictionary;
        $this->eptiAttribute             = $eptiAttribute;
        $this->intrinsicLoa              = $intrinsicLoa;
        $this->currentTime = new \DateTime('now', new \DateTimeZone('UTC'));
    }

    /**
     * @param SAML2_Assertion $assertion
     * @param ServiceProvider $targetServiceProvider
     * @param string|null $loa
     * @return \SAML2_Response
     */
    public function createProxyResponse(SAML2_Assertion $assertion, ServiceProvider $targetServiceProvider, $loa = null)
    {

        $newAssertion = new SAML2_Assertion();
        $newAssertion->setNotBefore($this->currentTime->getTimestamp());
        $newAssertion->setNotOnOrAfter($this->getTimestamp('PT5M'));
        $newAssertion->setAttributes($assertion->getAttributes());
        $newAssertion->setIssuer($this->hostedIdentityProvider->getEntityId());
        $newAssertion->setIssueInstant($this->getTimestamp());

        $this->assertionSigningService->signAssertion($newAssertion);
        $this->addSubjectConfirmationFor($newAssertion, $targetServiceProvider);

        $translatedAssertion = $this->attributeDictionary->translate($assertion);
        $eptiNameId = $translatedAssertion->getAttributeValue('eduPersonTargetedID');
        $newAssertion->setNameId($eptiNameId[0]);

        $newAssertion->setValidAudiences([$this->proxyStateHandler->getRequestServiceProvider()]);

        $this->addAuthenticationStatementTo($newAssertion, $assertion);

        if ($loa) {
            $newAssertion->setAuthnContextClassRef($loa);
        }

        return $this->createNewAuthnResponse($newAssertion, $targetServiceProvider);
    }

    /**
     * @param SAML2_Assertion $newAssertion
     * @param ServiceProvider $targetServiceProvider
     */
    private function addSubjectConfirmationFor(SAML2_Assertion $newAssertion, ServiceProvider $targetServiceProvider)

    {
        $confirmation         = new \SAML2_XML_saml_SubjectConfirmation();
        $confirmation->Method = \SAML2_Const::CM_BEARER;

        $confirmationData                      = new \SAML2_XML_saml_SubjectConfirmationData();
        $confirmationData->InResponseTo        = $this->proxyStateHandler->getRequestId();
        $confirmationData->Recipient           = $targetServiceProvider->getAssertionConsumerUrl();
        $confirmationData->NotOnOrAfter        = $this->getTimestamp('PT8H');

        $confirmation->SubjectConfirmationData = $confirmationData;

        $newAssertion->setSubjectConfirmation([$confirmation]);
    }

    /**
     * @param SAML2_Assertion $newAssertion
     * @param SAML2_Assertion $assertion
     */
    private function addAuthenticationStatementTo(SAML2_Assertion $newAssertion, SAML2_Assertion $assertion)
    {
        $newAssertion->setAuthnInstant($assertion->getAuthnInstant());
        $newAssertion->setAuthnContextClassRef((string) $this->intrinsicLoa);

        $authority = $assertion->getAuthenticatingAuthority();
        $newAssertion->setAuthenticatingAuthority(
            array_merge(
                (empty($authority) ? [] : $authority),
                [$this->hostedIdentityProvider->getEntityId()]
            )
        );
    }

    /**
     * @param SAML2_Assertion $newAssertion
     * @param ServiceProvider $targetServiceProvider
     * @return \SAML2_Response
     */
    private function createNewAuthnResponse(SAML2_Assertion $newAssertion, ServiceProvider $targetServiceProvider)

    {
        $response = new \SAML2_Response();
        $response->setAssertions([$newAssertion]);
        $response->setIssuer($this->hostedIdentityProvider->getEntityId());
        $response->setIssueInstant($this->getTimestamp());
        $response->setDestination($targetServiceProvider->getAssertionConsumerUrl());
        $response->setInResponseTo($this->proxyStateHandler->getRequestId());

        return $response;
    }

    /**
     * @param string $interval a \DateInterval compatible interval to skew the time with

     * @return int
     */
    private function getTimestamp($interval = null)

    {
        $time = clone $this->currentTime;

        if ($interval) {
            $time->add(new \DateInterval($interval));
        }

        return $time->getTimestamp();
    }
}


1		<?php
2
3		/**
4		* Copyright 2014 SURFnet bv
5		*
6		* Licensed under the Apache License, Version 2.0 (the "License");
7		* you may not use this file except in compliance with the License.
8		* You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing, software
13		* distributed under the License is distributed on an "AS IS" BASIS,
14		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15		* See the License for the specific language governing permissions and
16		* limitations under the License.
17		*/
18
19		namespace Surfnet\StepupGateway\GatewayBundle\Service;
20
21		use SAML2_Assertion;
22		use Surfnet\SamlBundle\Entity\IdentityProvider;
23		use Surfnet\SamlBundle\Entity\ServiceProvider;
24		use Surfnet\SamlBundle\SAML2\Attribute\AttributeDefinition;
25		use Surfnet\SamlBundle\SAML2\Attribute\AttributeDictionary;
26		use Surfnet\StepupBundle\Value\Loa;
27		use Surfnet\StepupGateway\GatewayBundle\Saml\AssertionSigningService;
28		use Surfnet\StepupGateway\GatewayBundle\Saml\Proxy\ProxyStateHandler;
29
30		/**
31		* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
32		*/
33		class ProxyResponseService
34		{
35		/**
36		* @var \Surfnet\SamlBundle\Entity\IdentityProvider
37		*/
38		private $hostedIdentityProvider;
39
40		/**
41		* @var \Surfnet\StepupGateway\GatewayBundle\Saml\Proxy\ProxyStateHandler
42		*/
43		private $proxyStateHandler;
44
45		/**
46		* @var \Surfnet\SamlBundle\SAML2\Attribute\AttributeDictionary
47		*/
48		private $attributeDictionary;
49
50		/**
51		* @var \Surfnet\SamlBundle\SAML2\Attribute\AttributeDefinition
52		*/
53		private $eptiAttribute;
54
55		/**
56		* @var \DateTime
57		*/
58		private $currentTime;
59
60		/**
61		* @var \Surfnet\StepupGateway\GatewayBundle\Saml\AssertionSigningService
62		*/
63		private $assertionSigningService;
64
65		/**
66		* @var \Surfnet\StepupBundle\Value\Loa
67		*/
68		private $intrinsicLoa;
69
70		public function __construct(
71		IdentityProvider $hostedIdentityProvider,
72		ProxyStateHandler $proxyStateHandler,
73		AssertionSigningService $assertionSigningService,
74		AttributeDictionary $attributeDictionary,
75		AttributeDefinition $eptiAttribute,
76		Loa $intrinsicLoa
77		) {
78		$this->hostedIdentityProvider = $hostedIdentityProvider;
79		$this->proxyStateHandler = $proxyStateHandler;
80		$this->assertionSigningService = $assertionSigningService;
81		$this->attributeDictionary = $attributeDictionary;
82		$this->eptiAttribute = $eptiAttribute;
83		$this->intrinsicLoa = $intrinsicLoa;
84		$this->currentTime = new \DateTime('now', new \DateTimeZone('UTC'));
85		}
86
87		/**
88		* @param SAML2_Assertion $assertion
89		* @param ServiceProvider $targetServiceProvider
90		* @param string\|null $loa
91		* @return \SAML2_Response
92		*/
93		public function createProxyResponse(SAML2_Assertion $assertion, ServiceProvider $targetServiceProvider, $loa = null)
94		{
95
96		$newAssertion = new SAML2_Assertion();
97		$newAssertion->setNotBefore($this->currentTime->getTimestamp());
98		$newAssertion->setNotOnOrAfter($this->getTimestamp('PT5M'));
99		$newAssertion->setAttributes($assertion->getAttributes());
100		$newAssertion->setIssuer($this->hostedIdentityProvider->getEntityId());
101		$newAssertion->setIssueInstant($this->getTimestamp());
102
103		$this->assertionSigningService->signAssertion($newAssertion);
104		$this->addSubjectConfirmationFor($newAssertion, $targetServiceProvider);
105
106		$translatedAssertion = $this->attributeDictionary->translate($assertion);
107		$eptiNameId = $translatedAssertion->getAttributeValue('eduPersonTargetedID');
108		$newAssertion->setNameId($eptiNameId[0]);
109
110		$newAssertion->setValidAudiences([$this->proxyStateHandler->getRequestServiceProvider()]);
111
112		$this->addAuthenticationStatementTo($newAssertion, $assertion);
113
114		if ($loa) {
115		$newAssertion->setAuthnContextClassRef($loa);
116		}
117
118		return $this->createNewAuthnResponse($newAssertion, $targetServiceProvider);
119		}
120
121		/**
122		* @param SAML2_Assertion $newAssertion
123		* @param ServiceProvider $targetServiceProvider
124		*/
125	View Code Duplication	private function addSubjectConfirmationFor(SAML2_Assertion $newAssertion, ServiceProvider $targetServiceProvider)
		0 ignored issues – show Duplication introduced 2015-12-15 13:35 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
126		{
127		$confirmation = new \SAML2_XML_saml_SubjectConfirmation();
128		$confirmation->Method = \SAML2_Const::CM_BEARER;
129
130		$confirmationData = new \SAML2_XML_saml_SubjectConfirmationData();
131		$confirmationData->InResponseTo = $this->proxyStateHandler->getRequestId();
132		$confirmationData->Recipient = $targetServiceProvider->getAssertionConsumerUrl();
133		$confirmationData->NotOnOrAfter = $this->getTimestamp('PT8H');
134
135		$confirmation->SubjectConfirmationData = $confirmationData;
136
137		$newAssertion->setSubjectConfirmation([$confirmation]);
138		}
139
140		/**
141		* @param SAML2_Assertion $newAssertion
142		* @param SAML2_Assertion $assertion
143		*/
144		private function addAuthenticationStatementTo(SAML2_Assertion $newAssertion, SAML2_Assertion $assertion)
145		{
146		$newAssertion->setAuthnInstant($assertion->getAuthnInstant());
147		$newAssertion->setAuthnContextClassRef((string) $this->intrinsicLoa);
148
149		$authority = $assertion->getAuthenticatingAuthority();
150		$newAssertion->setAuthenticatingAuthority(
151		array_merge(
152		(empty($authority) ? [] : $authority),
153		[$this->hostedIdentityProvider->getEntityId()]
154		)
155		);
156		}
157
158		/**
159		* @param SAML2_Assertion $newAssertion
160		* @param ServiceProvider $targetServiceProvider
161		* @return \SAML2_Response
162		*/
163	View Code Duplication	private function createNewAuthnResponse(SAML2_Assertion $newAssertion, ServiceProvider $targetServiceProvider)
		0 ignored issues – show Duplication introduced 2015-12-15 13:35 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
164		{
165		$response = new \SAML2_Response();
166		$response->setAssertions([$newAssertion]);
167		$response->setIssuer($this->hostedIdentityProvider->getEntityId());
168		$response->setIssueInstant($this->getTimestamp());
169		$response->setDestination($targetServiceProvider->getAssertionConsumerUrl());
170		$response->setInResponseTo($this->proxyStateHandler->getRequestId());
171
172		return $response;
173		}
174
175		/**
176		* @param string $interval a \DateInterval compatible interval to skew the time with
		0 ignored issues – show Documentation introduced 2015-12-15 13:35 UTC by Report Bug Copy Issue Report Should the type for parameter `$interval` not be `string\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
177		* @return int
178		*/
179	View Code Duplication	private function getTimestamp($interval = null)
		0 ignored issues – show Duplication introduced 2015-12-15 13:35 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
180		{
181		$time = clone $this->currentTime;
182
183		if ($interval) {
184		$time->add(new \DateInterval($interval));
185		}
186
187		return $time->getTimestamp();
188		}
189		}
190

OpenConext / Stepup-Gateway

Pull Request — develop (#106)

ProxyResponseService::parseEptiNameId() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like