SamlInteractionProvider::initiateSamlRequest() - Code Metrics - OpenConext/Stepup-RA - Measure and Improve Code Quality continuously with Scrutinizer

SamlInteractionProvider::initiateSamlRequest() A
last analyzed 2021-02-03 08:59 UTC

↳ Parent: SamlInteractionProvider

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	13
rs	9.8333
c	0
b	0
f	0
cc	1
nc	1
nop	0

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupRa\RaBundle\Security\Authentication;

use Surfnet\SamlBundle\Entity\IdentityProvider;
use Surfnet\SamlBundle\Entity\ServiceProvider;
use Surfnet\SamlBundle\Http\PostBinding;
use Surfnet\SamlBundle\Http\RedirectBinding;
use Surfnet\SamlBundle\SAML2\AuthnRequestFactory;
use Surfnet\StepupBundle\Service\LoaResolutionService;
use Surfnet\StepupBundle\Value\Loa;
use Surfnet\StepupRa\RaBundle\Exception\LoaTooLowException;
use Surfnet\StepupRa\RaBundle\Exception\UnexpectedIssuerException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AuthenticationException;

/**
 * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
 */
class SamlInteractionProvider
{
    /**
     * @var \Surfnet\SamlBundle\Entity\ServiceProvider
     */
    private $serviceProvider;

    /**
     * @var \Surfnet\SamlBundle\Entity\IdentityProvider
     */
    private $identityProvider;

    /**
     * @var \Surfnet\SamlBundle\Http\RedirectBinding
     */
    private $redirectBinding;

    /**
     * @var \Surfnet\SamlBundle\Http\PostBinding
     */
    private $postBinding;

    /**
     * @var \Surfnet\StepupRa\RaBundle\Security\Authentication\SamlAuthenticationStateHandler
     */
    private $samlAuthenticationStateHandler;

    /**
     * @var \Surfnet\StepupBundle\Service\LoaResolutionService
     */
    private $loaResolutionService;

    /**
     * @var \Surfnet\StepupBundle\Value\Loa
     */
    private $requiredLoa;

    public function __construct(
        ServiceProvider $serviceProvider,
        IdentityProvider $identityProvider,
        RedirectBinding $redirectBinding,
        PostBinding $postBinding,
        SamlAuthenticationStateHandler $samlAuthenticationStateHandler,
        LoaResolutionService $loaResolutionService,
        Loa $requiredLoa
    ) {
        $this->serviceProvider                = $serviceProvider;
        $this->identityProvider               = $identityProvider;
        $this->redirectBinding                = $redirectBinding;
        $this->postBinding                    = $postBinding;
        $this->loaResolutionService           = $loaResolutionService;
        $this->requiredLoa                    = $requiredLoa;
        $this->samlAuthenticationStateHandler = $samlAuthenticationStateHandler;
    }

    /**
     * @return bool
     */
    public function isSamlAuthenticationInitiated()
    {
        return $this->samlAuthenticationStateHandler->hasRequestId();
    }

    /**
     * @return \Symfony\Component\HttpFoundation\RedirectResponse
     */
    public function initiateSamlRequest()
    {
        $authnRequest = AuthnRequestFactory::createNewRequest(
            $this->serviceProvider,
            $this->identityProvider
        );

        $authnRequest->setAuthenticationContextClassRef((string) $this->requiredLoa);

        $this->samlAuthenticationStateHandler->setRequestId($authnRequest->getRequestId());

        return $this->redirectBinding->createRedirectResponseFor($authnRequest);

    }

    /**
     * @param Request $request
     * @return \SAML2\Assertion
     * @throws LoaTooLowException When required LoA is not met by response
     * @throws AuthenticationException When response LoA cannot be resolved
     * @throws UnexpectedIssuerException
     */
    public function processSamlResponse(Request $request)
    {
        /** @var \SAML2\Assertion $assertion */
        $assertion = $this->postBinding->processResponse(
            $request,
            $this->identityProvider,
            $this->serviceProvider
        );

        $this->samlAuthenticationStateHandler->clearRequestId();

        if ($assertion->getIssuer() !== $this->identityProvider->getEntityId()) {
            throw new UnexpectedIssuerException(sprintf(
                'Expected issuer to be configured remote IdP "%s", got "%s"',
                $this->identityProvider->getEntityId(),
                $assertion->getIssuer()
            ));
        }

        $authnContextClassRef = $assertion->getAuthnContextClassRef();
        if (!$this->loaResolutionService->hasLoa($authnContextClassRef)) {
            throw new AuthenticationException('Received SAML response with unresolvable LoA');
        }

        if (!$this->loaResolutionService->getLoa($authnContextClassRef)->canSatisfyLoa($this->requiredLoa)) {
            throw new LoaTooLowException(
                sprintf(
                    "Gateway responded with LoA '%s', which is lower than required LoA '%s'",
                    $assertion->getAuthnContextClassRef(),
                    (string) $this->requiredLoa
                )
            );
        }

        return $assertion;
    }

    /**
     * Resets the SAML flow.
     */
    public function reset()
    {
        $this->samlAuthenticationStateHandler->clearRequestId();
    }
}


1			<?php
2
3			/**
4			* Copyright 2014 SURFnet bv
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19			namespace Surfnet\StepupRa\RaBundle\Security\Authentication;
20
21			use Surfnet\SamlBundle\Entity\IdentityProvider;
22			use Surfnet\SamlBundle\Entity\ServiceProvider;
23			use Surfnet\SamlBundle\Http\PostBinding;
24			use Surfnet\SamlBundle\Http\RedirectBinding;
25			use Surfnet\SamlBundle\SAML2\AuthnRequestFactory;
26			use Surfnet\StepupBundle\Service\LoaResolutionService;
27			use Surfnet\StepupBundle\Value\Loa;
28			use Surfnet\StepupRa\RaBundle\Exception\LoaTooLowException;
29			use Surfnet\StepupRa\RaBundle\Exception\UnexpectedIssuerException;
30			use Symfony\Component\HttpFoundation\Request;
31			use Symfony\Component\Security\Core\Exception\AuthenticationException;
32
33			/**
34			* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
35			*/
36			class SamlInteractionProvider
37			{
38			/**
39			* @var \Surfnet\SamlBundle\Entity\ServiceProvider
40			*/
41			private $serviceProvider;
42
43			/**
44			* @var \Surfnet\SamlBundle\Entity\IdentityProvider
45			*/
46			private $identityProvider;
47
48			/**
49			* @var \Surfnet\SamlBundle\Http\RedirectBinding
50			*/
51			private $redirectBinding;
52
53			/**
54			* @var \Surfnet\SamlBundle\Http\PostBinding
55			*/
56			private $postBinding;
57
58			/**
59			* @var \Surfnet\StepupRa\RaBundle\Security\Authentication\SamlAuthenticationStateHandler
60			*/
61			private $samlAuthenticationStateHandler;
62
63			/**
64			* @var \Surfnet\StepupBundle\Service\LoaResolutionService
65			*/
66			private $loaResolutionService;
67
68			/**
69			* @var \Surfnet\StepupBundle\Value\Loa
70			*/
71			private $requiredLoa;
72
73			public function __construct(
74			ServiceProvider $serviceProvider,
75			IdentityProvider $identityProvider,
76			RedirectBinding $redirectBinding,
77			PostBinding $postBinding,
78			SamlAuthenticationStateHandler $samlAuthenticationStateHandler,
79			LoaResolutionService $loaResolutionService,
80			Loa $requiredLoa
81			) {
82			$this->serviceProvider = $serviceProvider;
83			$this->identityProvider = $identityProvider;
84			$this->redirectBinding = $redirectBinding;
85			$this->postBinding = $postBinding;
86			$this->loaResolutionService = $loaResolutionService;
87			$this->requiredLoa = $requiredLoa;
88			$this->samlAuthenticationStateHandler = $samlAuthenticationStateHandler;
89			}
90
91			/**
92			* @return bool
93			*/
94			public function isSamlAuthenticationInitiated()
95			{
96			return $this->samlAuthenticationStateHandler->hasRequestId();
97			}
98
99			/**
100			* @return \Symfony\Component\HttpFoundation\RedirectResponse
101			*/
102			public function initiateSamlRequest()
103			{
104			$authnRequest = AuthnRequestFactory::createNewRequest(
105			$this->serviceProvider,
106			$this->identityProvider
107			);
108
109			$authnRequest->setAuthenticationContextClassRef((string) $this->requiredLoa);
110
111			$this->samlAuthenticationStateHandler->setRequestId($authnRequest->getRequestId());
112
113			return $this->redirectBinding->createRedirectResponseFor($authnRequest);
			0 ignored issues – show Deprecated Code introduced 2018-01-17 08:27 UTC by Report Bug Copy Issue Report The method `Surfnet\SamlBundle\Http\...teRedirectResponseFor()` has been deprecated with message: Please use the `createResponseFor` method instead This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
114			}
115
116			/**
117			* @param Request $request
118			* @return \SAML2\Assertion
119			* @throws LoaTooLowException When required LoA is not met by response
120			* @throws AuthenticationException When response LoA cannot be resolved
121			* @throws UnexpectedIssuerException
122			*/
123			public function processSamlResponse(Request $request)
124			{
125			/** @var \SAML2\Assertion $assertion */
126			$assertion = $this->postBinding->processResponse(
127			$request,
128			$this->identityProvider,
129			$this->serviceProvider
130			);
131
132			$this->samlAuthenticationStateHandler->clearRequestId();
133
134			if ($assertion->getIssuer() !== $this->identityProvider->getEntityId()) {
135			throw new UnexpectedIssuerException(sprintf(
136			'Expected issuer to be configured remote IdP "%s", got "%s"',
137			$this->identityProvider->getEntityId(),
138			$assertion->getIssuer()
139			));
140			}
141
142			$authnContextClassRef = $assertion->getAuthnContextClassRef();
143			if (!$this->loaResolutionService->hasLoa($authnContextClassRef)) {
144			throw new AuthenticationException('Received SAML response with unresolvable LoA');
145			}
146
147			if (!$this->loaResolutionService->getLoa($authnContextClassRef)->canSatisfyLoa($this->requiredLoa)) {
148			throw new LoaTooLowException(
149			sprintf(
150			"Gateway responded with LoA '%s', which is lower than required LoA '%s'",
151			$assertion->getAuthnContextClassRef(),
152			(string) $this->requiredLoa
153			)
154			);
155			}
156
157			return $assertion;
158			}
159
160			/**
161			* Resets the SAML flow.
162			*/
163			public function reset()
164			{
165			$this->samlAuthenticationStateHandler->clearRequestId();
166			}
167			}
168

OpenConext / Stepup-RA

SamlInteractionProvider::initiateSamlRequest() A last analyzed 2021-02-03 08:59 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

SamlInteractionProvider::initiateSamlRequest() A
last analyzed 2021-02-03 08:59 UTC