1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace flipbox\saml\sp\services\messages; |
4
|
|
|
|
5
|
|
|
use craft\base\Component; |
6
|
|
|
use flipbox\keychain\records\KeyChainRecord; |
7
|
|
|
use flipbox\saml\core\exceptions\InvalidMetadata; |
8
|
|
|
use flipbox\saml\core\helpers\MessageHelper; |
9
|
|
|
use flipbox\saml\core\records\AbstractProvider; |
10
|
|
|
use flipbox\saml\sp\models\Settings; |
11
|
|
|
use flipbox\saml\sp\Saml; |
12
|
|
|
use SAML2\AuthnRequest as SamlAuthnRequest; |
13
|
|
|
use SAML2\Constants; |
14
|
|
|
use SAML2\XML\md\EndpointType; |
15
|
|
|
use SAML2\XML\saml\Issuer; |
16
|
|
|
use yii\base\Event; |
17
|
|
|
|
18
|
|
|
class AuthnRequest extends Component |
19
|
|
|
{ |
20
|
|
|
|
21
|
|
|
const EVENT_AFTER_MESSAGE_CREATED = 'eventAfterMessageCreated'; |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* @param AbstractProvider $identityProvider |
25
|
|
|
* @return \SAML2\XML\md\IndexedEndpointType|null |
26
|
|
|
* @throws InvalidMetadata |
27
|
|
|
*/ |
28
|
6 |
|
private function firstIdpSsoService(AbstractProvider $identityProvider): EndpointType |
29
|
|
|
{ |
30
|
6 |
|
if (!($service = $identityProvider->firstIdpSsoService(Constants::BINDING_HTTP_POST))) { |
31
|
|
|
$service = $identityProvider->firstIdpSsoService(); |
|
|
|
|
32
|
|
|
} |
33
|
|
|
|
34
|
6 |
|
if (!$service) { |
35
|
|
|
throw new InvalidMetadata("IdP Metadata is missing SSO Service"); |
36
|
|
|
} |
37
|
|
|
|
38
|
6 |
|
return $service; |
39
|
|
|
} |
40
|
|
|
|
41
|
|
|
/** |
42
|
|
|
* @param AbstractProvider $myServiceProvider |
43
|
|
|
* @param AbstractProvider $identityProvider |
44
|
|
|
* @return \SAML2\AuthnRequest |
45
|
|
|
* @throws \craft\errors\SiteNotFoundException |
46
|
|
|
*/ |
47
|
6 |
|
public function create( |
48
|
|
|
AbstractProvider $myServiceProvider, |
49
|
|
|
AbstractProvider $identityProvider |
50
|
|
|
): SamlAuthnRequest { |
51
|
|
|
|
52
|
6 |
|
$idpSsoService = $this->firstIdpSsoService($identityProvider); |
53
|
|
|
|
54
|
6 |
|
$location = $idpSsoService->getLocation(); |
55
|
|
|
|
56
|
|
|
/** |
57
|
|
|
* @var $samlSettings Settings |
58
|
|
|
*/ |
59
|
6 |
|
$samlSettings = Saml::getInstance()->getSettings(); |
60
|
|
|
|
61
|
6 |
|
$authnRequest = new \SAML2\AuthnRequest(); |
62
|
|
|
|
63
|
6 |
|
$authnRequest->setAssertionConsumerServiceURL( |
64
|
6 |
|
$samlSettings->getDefaultLoginEndpoint() |
65
|
|
|
); |
66
|
|
|
|
67
|
6 |
|
$authnRequest->setProtocolBinding( |
68
|
6 |
|
$idpSsoService->getBinding() |
69
|
|
|
); |
70
|
|
|
|
71
|
6 |
|
$authnRequest->setId($requestId = MessageHelper::generateId()); |
72
|
|
|
|
73
|
6 |
|
$authnRequest->setIssueInstant( |
74
|
6 |
|
(new \DateTime())->getTimestamp() |
75
|
|
|
); |
76
|
|
|
|
77
|
6 |
|
$authnRequest->setDestination( |
78
|
6 |
|
$location |
79
|
|
|
); |
80
|
|
|
|
81
|
6 |
|
$authnRequest->setRelayState( |
82
|
6 |
|
\Craft::$app->getUser()->getReturnUrl() |
83
|
|
|
); |
84
|
|
|
|
85
|
6 |
|
$authnRequest->setIssuer( |
86
|
6 |
|
$issuer = new Issuer() |
87
|
|
|
); |
88
|
|
|
|
89
|
6 |
|
$issuer->setValue( |
90
|
6 |
|
Saml::getInstance()->getSettings()->getEntityId() |
91
|
|
|
); |
92
|
|
|
|
93
|
|
|
/** |
94
|
|
|
* @var KeyChainRecord $pair |
95
|
|
|
*/ |
96
|
6 |
|
$pair = $myServiceProvider->keychain; |
97
|
|
|
|
98
|
6 |
|
if ($pair && $samlSettings->signAuthnRequest) { |
99
|
3 |
|
$authnRequest->setSignatureKey( |
100
|
3 |
|
$myServiceProvider->keychainPrivateXmlSecurityKey() |
101
|
|
|
); |
102
|
|
|
} |
103
|
|
|
|
104
|
|
|
/** |
105
|
|
|
* Kick off event here so people can manipulate this object if needed |
106
|
|
|
*/ |
107
|
6 |
|
$event = new \flipbox\saml\sp\events\AuthnRequest(); |
108
|
6 |
|
$event->message = $authnRequest; |
109
|
6 |
|
$this->trigger(static::EVENT_AFTER_MESSAGE_CREATED, $event); |
110
|
|
|
|
111
|
6 |
|
return $authnRequest; |
112
|
|
|
} |
113
|
|
|
} |
114
|
|
|
|
This check looks for function or method calls that always return null and whose return value is assigned to a variable.
The method
getObject()
can return nothing but null, so it makes no sense to assign that value to a variable.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.