silverstripe /
silverstripe-saml
| Conditions | 6 |
| Paths | 32 |
| Total Lines | 100 |
| Code Lines | 50 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 49 | public function asArray() |
||
| 50 | { |
||
| 51 | $conf = []; |
||
| 52 | |||
| 53 | $conf['strict'] = $this->config()->get('strict'); |
||
| 54 | $conf['debug'] = $this->config()->get('debug'); |
||
| 55 | |||
| 56 | // SERVICE PROVIDER SECTION |
||
| 57 | $sp = $this->config()->get('SP'); |
||
| 58 | $spCertPath = Director::is_absolute($sp['x509cert']) |
||
| 59 | ? $sp['x509cert'] |
||
| 60 | : sprintf('%s/%s', BASE_PATH, $sp['x509cert']); |
||
| 61 | $spKeyPath = Director::is_absolute($sp['privateKey']) |
||
| 62 | ? $sp['privateKey'] |
||
| 63 | : sprintf('%s/%s', BASE_PATH, $sp['privateKey']); |
||
| 64 | |||
| 65 | // set baseurl for SAML messages coming back to the SP |
||
| 66 | $conf['baseurl'] = $sp['entityId']; |
||
| 67 | |||
| 68 | $conf['sp']['entityId'] = $sp['entityId']; |
||
| 69 | $conf['sp']['assertionConsumerService'] = [ |
||
| 70 | 'url' => $sp['entityId'] . '/saml/acs', |
||
| 71 | 'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_POST |
||
| 72 | ]; |
||
| 73 | $conf['sp']['NameIDFormat'] = isset($sp['nameIdFormat']) ? |
||
| 74 | $sp['nameIdFormat'] : OneLogin_Saml2_Constants::NAMEID_TRANSIENT; |
||
| 75 | $conf['sp']['x509cert'] = file_get_contents($spCertPath); |
||
| 76 | $conf['sp']['privateKey'] = file_get_contents($spKeyPath); |
||
| 77 | |||
| 78 | // IDENTITY PROVIDER SECTION |
||
| 79 | $idp = $this->config()->get('IdP'); |
||
| 80 | $conf['idp']['entityId'] = $idp['entityId']; |
||
| 81 | $conf['idp']['singleSignOnService'] = [ |
||
| 82 | 'url' => $idp['singleSignOnService'], |
||
| 83 | 'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, |
||
| 84 | ]; |
||
| 85 | if (isset($idp['singleLogoutService'])) { |
||
| 86 | $conf['idp']['singleLogoutService'] = [ |
||
| 87 | 'url' => $idp['singleLogoutService'], |
||
| 88 | 'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, |
||
| 89 | ]; |
||
| 90 | } |
||
| 91 | |||
| 92 | $idpCertPath = Director::is_absolute($idp['x509cert']) |
||
| 93 | ? $idp['x509cert'] |
||
| 94 | : sprintf('%s/%s', BASE_PATH, $idp['x509cert']); |
||
| 95 | $conf['idp']['x509cert'] = file_get_contents($idpCertPath); |
||
| 96 | |||
| 97 | // SECURITY SECTION |
||
| 98 | $security = $this->config()->get('Security'); |
||
| 99 | $signatureAlgorithm = $security['signatureAlgorithm']; |
||
| 100 | |||
| 101 | $conf['security'] = [ |
||
| 102 | /** signatures and encryptions offered */ |
||
| 103 | // Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted. |
||
| 104 | 'nameIdEncrypted' => true, |
||
| 105 | // Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the |
||
| 106 | // SP will offer this info] |
||
| 107 | 'authnRequestsSigned' => true, |
||
| 108 | // Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed. |
||
| 109 | 'logoutRequestSigned' => true, |
||
| 110 | // Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed. |
||
| 111 | 'logoutResponseSigned' => true, |
||
| 112 | 'signMetadata' => false, |
||
| 113 | /** signatures and encryptions required **/ |
||
| 114 | // Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> |
||
| 115 | // and <samlp:LogoutResponse> elements received by this SP to be signed. |
||
| 116 | 'wantMessagesSigned' => false, |
||
| 117 | // Indicates a requirement for the <saml:Assertion> elements received by |
||
| 118 | // this SP to be signed. [Metadata of the SP will offer this info] |
||
| 119 | 'wantAssertionsSigned' => true, |
||
| 120 | // Indicates a requirement for the NameID received by |
||
| 121 | // this SP to be encrypted. |
||
| 122 | 'wantNameIdEncrypted' => false, |
||
| 123 | |||
| 124 | // Algorithm that the toolkit will use on signing process. Options: |
||
| 125 | // - 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' |
||
| 126 | // - 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' |
||
| 127 | // - 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' |
||
| 128 | // - 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' |
||
| 129 | // - 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' |
||
| 130 | 'signatureAlgorithm' => $signatureAlgorithm, |
||
| 131 | |||
| 132 | // Authentication context. |
||
| 133 | // Set to false and no AuthContext will be sent in the AuthNRequest, |
||
| 134 | // Set true or don't present thi parameter and you will get an AuthContext |
||
| 135 | // 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' |
||
| 136 | // Set an array with the possible auth context values: |
||
| 137 | // array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'), |
||
| 138 | 'requestedAuthnContext' => [ |
||
| 139 | 'urn:federation:authentication:windows', |
||
| 140 | 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password', |
||
| 141 | 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509', |
||
| 142 | ], |
||
| 143 | // Indicates if the SP will validate all received xmls. |
||
| 144 | // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true). |
||
| 145 | 'wantXMLValidation' => true, |
||
| 146 | ]; |
||
| 147 | |||
| 148 | return $conf; |
||
| 149 | } |
||
| 151 |
Loading history...
This check marks private properties in classes that are never used. Those properties can be removed.