simplesamlphp /
saml2
@@ -651,7 +651,7 @@ discard block |
||
| 651 | 651 | /** |
| 652 | 652 | * Check whether the NameId is encrypted. |
| 653 | 653 | * |
| 654 | - * @return TRUE if the NameId is encrypted, FALSE if not. |
|
| 654 | + * @return boolean if the NameId is encrypted, FALSE if not. |
|
| 655 | 655 | */ |
| 656 | 656 | public function isNameIdEncrypted() |
| 657 | 657 | { |
@@ -779,7 +779,7 @@ discard block |
||
| 779 | 779 | * This function returns NULL if there are no restrictions on how early the |
| 780 | 780 | * assertion can be used. |
| 781 | 781 | * |
| 782 | - * @return int|NULL The earliest timestamp this assertion is valid. |
|
| 782 | + * @return integer The earliest timestamp this assertion is valid. |
|
| 783 | 783 | */ |
| 784 | 784 | public function getNotBefore() |
| 785 | 785 | { |
@@ -806,7 +806,7 @@ discard block |
||
| 806 | 806 | * This function returns NULL if there are no restrictions on how |
| 807 | 807 | * late the assertion can be used. |
| 808 | 808 | * |
| 809 | - * @return int|NULL The latest timestamp this assertion is valid. |
|
| 809 | + * @return integer The latest timestamp this assertion is valid. |
|
| 810 | 810 | */ |
| 811 | 811 | public function getNotOnOrAfter() |
| 812 | 812 | { |
@@ -864,7 +864,7 @@ discard block |
||
| 864 | 864 | /** |
| 865 | 865 | * Retrieve the AuthnInstant of the assertion. |
| 866 | 866 | * |
| 867 | - * @return int|NULL The timestamp the user was authenticated, or NULL if the user isn't authenticated. |
|
| 867 | + * @return integer The timestamp the user was authenticated, or NULL if the user isn't authenticated. |
|
| 868 | 868 | */ |
| 869 | 869 | public function getAuthnInstant() |
| 870 | 870 | { |
@@ -1026,7 +1026,7 @@ discard block |
||
| 1026 | 1026 | * See: |
| 1027 | 1027 | * @url http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf |
| 1028 | 1028 | * |
| 1029 | - * @return \SAML2_XML_Chunk|NULL |
|
| 1029 | + * @return SAML2_XML_Chunk |
|
| 1030 | 1030 | */ |
| 1031 | 1031 | public function getAuthnContextDecl() |
| 1032 | 1032 | { |
@@ -1056,7 +1056,7 @@ discard block |
||
| 1056 | 1056 | * |
| 1057 | 1057 | * The URI reference MAY directly resolve into an XML document containing the referenced declaration. |
| 1058 | 1058 | * |
| 1059 | - * @return string |
|
| 1059 | + * @return SAML2_XML_Chunk |
|
| 1060 | 1060 | */ |
| 1061 | 1061 | public function getAuthnContextDeclRef() |
| 1062 | 1062 | { |
@@ -1088,7 +1088,7 @@ discard block |
||
| 1088 | 1088 | /** |
| 1089 | 1089 | * Retrieve all attributes. |
| 1090 | 1090 | * |
| 1091 | - * @return array All attributes, as an associative array. |
|
| 1091 | + * @return DOMElement[] All attributes, as an associative array. |
|
| 1092 | 1092 | */ |
| 1093 | 1093 | public function getAttributes() |
| 1094 | 1094 | { |
@@ -62,11 +62,11 @@ |
||
| 62 | 62 | */ |
| 63 | 63 | private $encryptionKey; |
| 64 | 64 | |
| 65 | - /** |
|
| 66 | - * The earliest time this assertion is valid, as an UNIX timestamp. |
|
| 67 | - * |
|
| 68 | - * @var int |
|
| 69 | - */ |
|
| 65 | + /** |
|
| 66 | + * The earliest time this assertion is valid, as an UNIX timestamp. |
|
| 67 | + * |
|
| 68 | + * @var int |
|
| 69 | + */ |
|
| 70 | 70 | private $notBefore; |
| 71 | 71 | |
| 72 | 72 | /** |
@@ -232,7 +232,7 @@ discard block |
||
| 232 | 232 | |
| 233 | 233 | if ($xml->getAttribute('Version') !== '2.0') { |
| 234 | 234 | /* Currently a very strict check. */ |
| 235 | - throw new Exception('Unsupported version: ' . $xml->getAttribute('Version')); |
|
| 235 | + throw new Exception('Unsupported version: '.$xml->getAttribute('Version')); |
|
| 236 | 236 | } |
| 237 | 237 | |
| 238 | 238 | $this->issueInstant = SAML2_Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant')); |
@@ -332,7 +332,7 @@ discard block |
||
| 332 | 332 | continue; |
| 333 | 333 | } |
| 334 | 334 | if ($node->namespaceURI !== SAML2_Const::NS_SAML) { |
| 335 | - throw new Exception('Unknown namespace of condition: ' . var_export($node->namespaceURI, TRUE)); |
|
| 335 | + throw new Exception('Unknown namespace of condition: '.var_export($node->namespaceURI, TRUE)); |
|
| 336 | 336 | } |
| 337 | 337 | switch ($node->localName) { |
| 338 | 338 | case 'AudienceRestriction': |
@@ -356,7 +356,7 @@ discard block |
||
| 356 | 356 | /* Currently ignored. */ |
| 357 | 357 | break; |
| 358 | 358 | default: |
| 359 | - throw new Exception('Unknown condition: ' . var_export($node->localName, TRUE)); |
|
| 359 | + throw new Exception('Unknown condition: '.var_export($node->localName, TRUE)); |
|
| 360 | 360 | } |
| 361 | 361 | } |
| 362 | 362 | |
@@ -1238,7 +1238,7 @@ discard block |
||
| 1238 | 1238 | $document = $parentElement->ownerDocument; |
| 1239 | 1239 | } |
| 1240 | 1240 | |
| 1241 | - $root = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'Assertion'); |
|
| 1241 | + $root = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:'.'Assertion'); |
|
| 1242 | 1242 | $parentElement->appendChild($root); |
| 1243 | 1243 | |
| 1244 | 1244 | /* Ugly hack to add another namespace declaration to the root element. */ |
@@ -1290,7 +1290,7 @@ discard block |
||
| 1290 | 1290 | if ($this->encryptedNameId === NULL) { |
| 1291 | 1291 | SAML2_Utils::addNameId($subject, $this->nameId); |
| 1292 | 1292 | } else { |
| 1293 | - $eid = $subject->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedID'); |
|
| 1293 | + $eid = $subject->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:'.'EncryptedID'); |
|
| 1294 | 1294 | $subject->appendChild($eid); |
| 1295 | 1295 | $eid->appendChild($subject->ownerDocument->importNode($this->encryptedNameId, TRUE)); |
| 1296 | 1296 | } |
@@ -563,7 +563,7 @@ |
||
| 563 | 563 | * The returned NameId is in the format used by SAML2_Utils::addNameId(). |
| 564 | 564 | * |
| 565 | 565 | * @see SAML2_Utils::addNameId() |
| 566 | - * @return array|NULL The name identifier of the assertion. |
|
| 566 | + * @return string The name identifier of the assertion. |
|
| 567 | 567 | * @throws Exception |
| 568 | 568 | */ |
| 569 | 569 | public function getNameId() |
@@ -76,7 +76,7 @@ |
||
| 76 | 76 | * are not configured to be used with the usage given |
| 77 | 77 | * |
| 78 | 78 | * @param array $configuredKeys |
| 79 | - * @param $usage |
|
| 79 | + * @param null|string $usage |
|
| 80 | 80 | */ |
| 81 | 81 | public function loadKeys(array $configuredKeys, $usage) |
| 82 | 82 | { |
@@ -102,7 +102,7 @@ |
||
| 102 | 102 | /** |
| 103 | 103 | * Check whether the NameId is encrypted. |
| 104 | 104 | * |
| 105 | - * @return TRUE if the NameId is encrypted, FALSE if not. |
|
| 105 | + * @return boolean if the NameId is encrypted, FALSE if not. |
|
| 106 | 106 | */ |
| 107 | 107 | public function isNameIdEncrypted() |
| 108 | 108 | { |
@@ -259,7 +259,7 @@ |
||
| 259 | 259 | if ($this->encryptedNameId === NULL) { |
| 260 | 260 | SAML2_Utils::addNameId($root, $this->nameId); |
| 261 | 261 | } else { |
| 262 | - $eid = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:' . 'EncryptedID'); |
|
| 262 | + $eid = $root->ownerDocument->createElementNS(SAML2_Const::NS_SAML, 'saml:'.'EncryptedID'); |
|
| 263 | 263 | $root->appendChild($eid); |
| 264 | 264 | $eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, TRUE)); |
| 265 | 265 | } |
@@ -43,7 +43,7 @@ |
||
| 43 | 43 | /** |
| 44 | 44 | * Retrieve the assertions in this response. |
| 45 | 45 | * |
| 46 | - * @return SAML2_Assertion[]|SAML2_EncryptedAssertion[] |
|
| 46 | + * @return SAML2_Utilities_ArrayCollection |
|
| 47 | 47 | */ |
| 48 | 48 | public function getAssertions() |
| 49 | 49 | { |
@@ -50,7 +50,7 @@ discard block |
||
| 50 | 50 | * @param SAML2_Configuration_Destination $currentDestination |
| 51 | 51 | * @param SAML2_Response $response |
| 52 | 52 | * |
| 53 | - * @return SAML2_Assertion[] Collection (SAML2_Utilities_ArrayCollection) of SAML2_Assertion objects |
|
| 53 | + * @return SAML2_Utilities_ArrayCollection Collection (SAML2_Utilities_ArrayCollection) of SAML2_Assertion objects |
|
| 54 | 54 | */ |
| 55 | 55 | public function process( |
| 56 | 56 | SAML2_Configuration_ServiceProvider $serviceProviderConfiguration, |
@@ -120,7 +120,7 @@ discard block |
||
| 120 | 120 | /** |
| 121 | 121 | * @param SAML2_Response $response |
| 122 | 122 | * |
| 123 | - * @return SAML2_Assertion[] |
|
| 123 | + * @return SAML2_Utilities_ArrayCollection |
|
| 124 | 124 | */ |
| 125 | 125 | private function processAssertions(SAML2_Response $response) |
| 126 | 126 | { |
@@ -248,7 +248,7 @@ |
||
| 248 | 248 | * |
| 249 | 249 | * @param DOMElement $node The element we should fetch the attribute from. |
| 250 | 250 | * @param string $attributeName The name of the attribute. |
| 251 | - * @param mixed $default The value that should be returned if the attribute doesn't exist. |
|
| 251 | + * @param false|null $default The value that should be returned if the attribute doesn't exist. |
|
| 252 | 252 | * @return bool|mixed The value of the attribute, or $default if the attribute doesn't exist. |
| 253 | 253 | * @throws Exception |
| 254 | 254 | */ |
@@ -493,7 +493,7 @@ |
||
| 493 | 493 | * namespaces needed to parse the XML. |
| 494 | 494 | */ |
| 495 | 495 | $xml = '<root xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" '. |
| 496 | - 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">' . |
|
| 496 | + 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">' . |
|
| 497 | 497 | $decrypted . |
| 498 | 498 | '</root>'; |
| 499 | 499 | |
@@ -153,7 +153,7 @@ discard block |
||
| 153 | 153 | } |
| 154 | 154 | |
| 155 | 155 | /* Check the signature. */ |
| 156 | - if (! $objXMLSecDSig->verify($key)) { |
|
| 156 | + if (!$objXMLSecDSig->verify($key)) { |
|
| 157 | 157 | throw new Exception("Unable to validate Signature"); |
| 158 | 158 | } |
| 159 | 159 | } |
@@ -235,7 +235,7 @@ discard block |
||
| 235 | 235 | } |
| 236 | 236 | |
| 237 | 237 | foreach ($namespaces as $prefix => $uri) { |
| 238 | - $newElement->setAttributeNS($uri, $prefix . ':__ns_workaround__', 'tmp'); |
|
| 238 | + $newElement->setAttributeNS($uri, $prefix.':__ns_workaround__', 'tmp'); |
|
| 239 | 239 | $newElement->removeAttributeNS($uri, '__ns_workaround__'); |
| 240 | 240 | } |
| 241 | 241 | |
@@ -268,7 +268,7 @@ discard block |
||
| 268 | 268 | case 'true': |
| 269 | 269 | return TRUE; |
| 270 | 270 | default: |
| 271 | - throw new Exception('Invalid value of boolean attribute ' . var_export($attributeName, TRUE) . ': ' . var_export($value, TRUE)); |
|
| 271 | + throw new Exception('Invalid value of boolean attribute '.var_export($attributeName, TRUE).': '.var_export($value, TRUE)); |
|
| 272 | 272 | } |
| 273 | 273 | } |
| 274 | 274 | |
@@ -401,7 +401,7 @@ discard block |
||
| 401 | 401 | $symKeyInfoAlgo = $symmetricKeyInfo->getAlgorith(); |
| 402 | 402 | |
| 403 | 403 | if (in_array($symKeyInfoAlgo, $blacklist, TRUE)) { |
| 404 | - throw new Exception('Algorithm disabled: ' . var_export($symKeyInfoAlgo, TRUE)); |
|
| 404 | + throw new Exception('Algorithm disabled: '.var_export($symKeyInfoAlgo, TRUE)); |
|
| 405 | 405 | } |
| 406 | 406 | |
| 407 | 407 | if ($symKeyInfoAlgo === XMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === XMLSecurityKey::RSA_1_5) { |
@@ -417,9 +417,9 @@ discard block |
||
| 417 | 417 | /* Make sure that the input key format is the same as the one used to encrypt the key. */ |
| 418 | 418 | if ($inputKeyAlgo !== $symKeyInfoAlgo) { |
| 419 | 419 | throw new Exception( |
| 420 | - 'Algorithm mismatch between input key and key used to encrypt ' . |
|
| 421 | - ' the symmetric key for the message. Key was: ' . |
|
| 422 | - var_export($inputKeyAlgo, TRUE) . '; message was: ' . |
|
| 420 | + 'Algorithm mismatch between input key and key used to encrypt '. |
|
| 421 | + ' the symmetric key for the message. Key was: '. |
|
| 422 | + var_export($inputKeyAlgo, TRUE).'; message was: '. |
|
| 423 | 423 | var_export($symKeyInfoAlgo, TRUE) |
| 424 | 424 | ); |
| 425 | 425 | } |
@@ -433,20 +433,20 @@ discard block |
||
| 433 | 433 | /* To protect against "key oracle" attacks, we need to be able to create a |
| 434 | 434 | * symmetric key, and for that we need to know the key size. |
| 435 | 435 | */ |
| 436 | - throw new Exception('Unknown key size for encryption algorithm: ' . var_export($symmetricKey->type, TRUE)); |
|
| 436 | + throw new Exception('Unknown key size for encryption algorithm: '.var_export($symmetricKey->type, TRUE)); |
|
| 437 | 437 | } |
| 438 | 438 | |
| 439 | 439 | try { |
| 440 | 440 | $key = $encKey->decryptKey($symmetricKeyInfo); |
| 441 | 441 | if (strlen($key) != $keySize) { |
| 442 | 442 | throw new Exception( |
| 443 | - 'Unexpected key size (' . strlen($key) * 8 . 'bits) for encryption algorithm: ' . |
|
| 443 | + 'Unexpected key size ('.strlen($key)*8.'bits) for encryption algorithm: '. |
|
| 444 | 444 | var_export($symmetricKey->type, TRUE) |
| 445 | 445 | ); |
| 446 | 446 | } |
| 447 | 447 | } catch (Exception $e) { |
| 448 | 448 | /* We failed to decrypt this key. Log it, and substitute a "random" key. */ |
| 449 | - SAML2_Utils::getContainer()->getLogger()->error('Failed to decrypt symmetric key: ' . $e->getMessage()); |
|
| 449 | + SAML2_Utils::getContainer()->getLogger()->error('Failed to decrypt symmetric key: '.$e->getMessage()); |
|
| 450 | 450 | /* Create a replacement key, so that it looks like we fail in the same way as if the key was correctly padded. */ |
| 451 | 451 | |
| 452 | 452 | /* We base the symmetric key on the encrypted key and private key, so that we always behave the |
@@ -455,7 +455,7 @@ discard block |
||
| 455 | 455 | $encryptedKey = $encKey->getCipherValue(); |
| 456 | 456 | $pkey = openssl_pkey_get_details($symmetricKeyInfo->key); |
| 457 | 457 | $pkey = sha1(serialize($pkey), TRUE); |
| 458 | - $key = sha1($encryptedKey . $pkey, TRUE); |
|
| 458 | + $key = sha1($encryptedKey.$pkey, TRUE); |
|
| 459 | 459 | |
| 460 | 460 | /* Make sure that the key has the correct length. */ |
| 461 | 461 | if (strlen($key) > $keySize) { |
@@ -471,8 +471,8 @@ discard block |
||
| 471 | 471 | /* Make sure that the input key has the correct format. */ |
| 472 | 472 | if ($inputKeyAlgo !== $symKeyAlgo) { |
| 473 | 473 | throw new Exception( |
| 474 | - 'Algorithm mismatch between input key and key in message. ' . |
|
| 475 | - 'Key was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' . |
|
| 474 | + 'Algorithm mismatch between input key and key in message. '. |
|
| 475 | + 'Key was: '.var_export($inputKeyAlgo, TRUE).'; message was: '. |
|
| 476 | 476 | var_export($symKeyAlgo, TRUE) |
| 477 | 477 | ); |
| 478 | 478 | } |
@@ -481,7 +481,7 @@ discard block |
||
| 481 | 481 | |
| 482 | 482 | $algorithm = $symmetricKey->getAlgorith(); |
| 483 | 483 | if (in_array($algorithm, $blacklist, TRUE)) { |
| 484 | - throw new Exception('Algorithm disabled: ' . var_export($algorithm, TRUE)); |
|
| 484 | + throw new Exception('Algorithm disabled: '.var_export($algorithm, TRUE)); |
|
| 485 | 485 | } |
| 486 | 486 | |
| 487 | 487 | /** @var string $decrypted */ |
@@ -493,8 +493,8 @@ discard block |
||
| 493 | 493 | * namespaces needed to parse the XML. |
| 494 | 494 | */ |
| 495 | 495 | $xml = '<root xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" '. |
| 496 | - 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">' . |
|
| 497 | - $decrypted . |
|
| 496 | + 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">'. |
|
| 497 | + $decrypted. |
|
| 498 | 498 | '</root>'; |
| 499 | 499 | |
| 500 | 500 | try { |
@@ -533,7 +533,7 @@ discard block |
||
| 533 | 533 | * Something went wrong during decryption, but for security |
| 534 | 534 | * reasons we cannot tell the user what failed. |
| 535 | 535 | */ |
| 536 | - SAML2_Utils::getContainer()->getLogger()->error('Decryption failed: ' . $e->getMessage()); |
|
| 536 | + SAML2_Utils::getContainer()->getLogger()->error('Decryption failed: '.$e->getMessage()); |
|
| 537 | 537 | throw new Exception('Failed to decrypt XML element.', 0, $e); |
| 538 | 538 | } |
| 539 | 539 | } |
@@ -695,7 +695,7 @@ discard block |
||
| 695 | 695 | $regex = '/^(\\d\\d\\d\\d)-(\\d\\d)-(\\d\\d)T(\\d\\d):(\\d\\d):(\\d\\d)(?:\\.\\d+)?Z$/D'; |
| 696 | 696 | if (preg_match($regex, $time, $matches) == 0) { |
| 697 | 697 | throw new Exception( |
| 698 | - 'Invalid SAML2 timestamp passed to xsDateTimeToTimestamp: ' . $time |
|
| 698 | + 'Invalid SAML2 timestamp passed to xsDateTimeToTimestamp: '.$time |
|
| 699 | 699 | ); |
| 700 | 700 | } |
| 701 | 701 | |
@@ -30,7 +30,7 @@ discard block |
||
| 30 | 30 | } |
| 31 | 31 | |
| 32 | 32 | $generatedId = pack('H*', ((string) SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(20)))); |
| 33 | - $artifact = base64_encode("\x00\x04\x00\x00" . sha1($message->getIssuer(), TRUE) . $generatedId) ; |
|
| 33 | + $artifact = base64_encode("\x00\x04\x00\x00".sha1($message->getIssuer(), TRUE).$generatedId); |
|
| 34 | 34 | $artifactData = $message->toUnsignedXML(); |
| 35 | 35 | $artifactDataString = $artifactData->ownerDocument->saveXML($artifactData); |
| 36 | 36 | |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | { |
| 73 | 73 | if (array_key_exists('SAMLart', $_REQUEST)) { |
| 74 | 74 | $artifact = base64_decode($_REQUEST['SAMLart']); |
| 75 | - $endpointIndex = bin2hex(substr($artifact, 2, 2)); |
|
| 75 | + $endpointIndex = bin2hex(substr($artifact, 2, 2)); |
|
| 76 | 76 | $sourceId = bin2hex(substr($artifact, 4, 20)); |
| 77 | 77 | |
| 78 | 78 | } else { |
@@ -84,12 +84,12 @@ discard block |
||
| 84 | 84 | $idpMetadata = $metadataHandler->getMetaDataConfigForSha1($sourceId, 'saml20-idp-remote'); |
| 85 | 85 | |
| 86 | 86 | if ($idpMetadata === NULL) { |
| 87 | - throw new Exception('No metadata found for remote provider with SHA1 ID: ' . var_export($sourceId, TRUE)); |
|
| 87 | + throw new Exception('No metadata found for remote provider with SHA1 ID: '.var_export($sourceId, TRUE)); |
|
| 88 | 88 | } |
| 89 | 89 | |
| 90 | 90 | $endpoint = NULL; |
| 91 | 91 | foreach ($idpMetadata->getEndpoints('ArtifactResolutionService') as $ep) { |
| 92 | - if ($ep['index'] === hexdec($endpointIndex)) { |
|
| 92 | + if ($ep['index'] === hexdec($endpointIndex)) { |
|
| 93 | 93 | $endpoint = $ep; |
| 94 | 94 | break; |
| 95 | 95 | } |
@@ -99,7 +99,7 @@ discard block |
||
| 99 | 99 | throw new Exception('No ArtifactResolutionService with the correct index.'); |
| 100 | 100 | } |
| 101 | 101 | |
| 102 | - SAML2_Utils::getContainer()->getLogger()->debug("ArtifactResolutionService endpoint being used is := " . $endpoint['Location']); |
|
| 102 | + SAML2_Utils::getContainer()->getLogger()->debug("ArtifactResolutionService endpoint being used is := ".$endpoint['Location']); |
|
| 103 | 103 | |
| 104 | 104 | //Construct the ArtifactResolve Request |
| 105 | 105 | $ar = new SAML2_ArtifactResolve(); |
@@ -36,7 +36,7 @@ |
||
| 36 | 36 | } |
| 37 | 37 | |
| 38 | 38 | if (!$xml->hasAttribute('index')) { |
| 39 | - throw new Exception('Missing index on ' . $xml->tagName); |
|
| 39 | + throw new Exception('Missing index on '.$xml->tagName); |
|
| 40 | 40 | } |
| 41 | 41 | $this->index = (int) $xml->getAttribute('index'); |
| 42 | 42 | |
