simplesamlphp / simplesamlphp-module-aggregator2

lib/Aggregator.php

Spacing +18 added lines, -18 removed lines

@@ -190,7 +190,7 @@ 
         assert('is_string($id)');
 
         $this->id = $id;
-        $this->logLoc = 'aggregator2:'.$this->id.': ';
+        $this->logLoc = 'aggregator2:' . $this->id . ': ';
 
         $this->cronTag = $config->getString('cron.tag', null);
 
@@ -221,7 +221,7 @@ 
             $signKey = System::resolvePath($signKey, $certDir);
             $this->signKey = @file_get_contents($signKey);
             if ($this->signKey === null) {
-                throw new Exception('Unable to load private key from '.var_export($signKey, true));
+                throw new Exception('Unable to load private key from ' . var_export($signKey, true));
             }
         }
 
@@ -232,13 +232,13 @@ 
             $signCert = System::resolvePath($signCert, $certDir);
             $this->signCert = @file_get_contents($signCert);
             if ($this->signCert === null) {
-                throw new Exception('Unable to load certificate file from '.var_export($signCert, true));
+                throw new Exception('Unable to load certificate file from ' . var_export($signCert, true));
             }
         }
 
         $this->signAlg = $config->getString('sign.algorithm', XMLSecurityKey::RSA_SHA1);
         if (!in_array($this->signAlg, self::$SUPPORTED_SIGNATURE_ALGORITHMS)) {
-            throw new Exception('Unsupported signature algorithm '.var_export($this->signAlg, true));
+            throw new Exception('Unsupported signature algorithm ' . var_export($this->signAlg, true));
         }
 
         $this->sslCAFile = $config->getString('ssl.cafile', null);
@@ -304,24 +304,24 @@ 
         assert('is_int($expires)');
         assert('is_null($tag) || is_string($tag)');
 
-        $cacheFile = $this->cacheDirectory.'/'.$id;
+        $cacheFile = $this->cacheDirectory . '/' . $id;
         try {
             System::writeFile($cacheFile, $data);
         } catch (\Exception $e) {
-            Logger::warning($this->logLoc.'Unable to write to cache file '.var_export($cacheFile, true));
+            Logger::warning($this->logLoc . 'Unable to write to cache file ' . var_export($cacheFile, true));
             return;
         }
 
-        $expireInfo = (string)$expires;
+        $expireInfo = (string) $expires;
         if ($tag !== null) {
-            $expireInfo .= ':'.$tag;
+            $expireInfo .= ':' . $tag;
         }
 
-        $expireFile = $cacheFile.'.expire';
+        $expireFile = $cacheFile . '.expire';
         try {
             System::writeFile($expireFile, $expireInfo);
         } catch (\Exception $e) {
-            Logger::warning($this->logLoc.'Unable to write expiration info to '.var_export($expireFile, true));
+            Logger::warning($this->logLoc . 'Unable to write expiration info to ' . var_export($expireFile, true));
         }
     }
 
@@ -338,12 +338,12 @@ 
         assert('is_string($id)');
         assert('is_null($tag) || is_string($tag)');
 
-        $cacheFile = $this->cacheDirectory.'/'.$id;
+        $cacheFile = $this->cacheDirectory . '/' . $id;
         if (!file_exists($cacheFile)) {
             return false;
         }
 
-        $expireFile = $cacheFile.'.expire';
+        $expireFile = $cacheFile . '.expire';
         if (!file_exists($expireFile)) {
             return false;
         }
@@ -389,7 +389,7 @@ 
             return null;
         }
 
-        $cacheFile = $this->cacheDirectory.'/'.$id;
+        $cacheFile = $this->cacheDirectory . '/' . $id;
         return @file_get_contents($cacheFile);
     }
 
@@ -404,7 +404,7 @@ 
     {
         assert('is_string($id)');
 
-        $cacheFile = $this->cacheDirectory.'/'.$id;
+        $cacheFile = $this->cacheDirectory . '/' . $id;
         if (!file_exists($cacheFile)) {
             return null;
         }
@@ -616,7 +616,7 @@ 
         }
         $this->excluded = $entities;
         sort($this->excluded);
-        $this->cacheId = sha1($this->cacheId.serialize($this->excluded));
+        $this->cacheId = sha1($this->cacheId . serialize($this->excluded));
     }
 
 
@@ -675,7 +675,7 @@ 
         $options = ['saml2', 'shib13', 'saml20-aa', 'shib13-aa'];
         $this->roles['SAML2_XML_md_AttributeAuthorityDescriptor'] = (array_intersect($set, $options) !== []);
 
-        $this->cacheId = sha1($this->cacheId.serialize($this->protocols).serialize($this->roles));
+        $this->cacheId = sha1($this->cacheId . serialize($this->protocols) . serialize($this->roles));
     }
 
 
@@ -698,7 +698,7 @@ 
         $xml = $xml->ownerDocument->saveXML($xml);
 
         if ($this->cacheGenerated !== null) {
-            Logger::debug($this->logLoc.'Saving generated metadata to cache.');
+            Logger::debug($this->logLoc . 'Saving generated metadata to cache.');
             $this->addCacheItem($this->cacheId, $xml, time() + $this->cacheGenerated, $this->cacheTag);
         }
 
@@ -716,7 +716,7 @@ 
         if ($this->cacheGenerated !== null) {
             $xml = $this->getCacheItem($this->cacheId, $this->cacheTag);
             if ($xml !== null) {
-                Logger::debug($this->logLoc.'Loaded generated metadata from cache.');
+                Logger::debug($this->logLoc . 'Loaded generated metadata from cache.');
                 return $xml;
             }
         }

Indentation +714 added lines, -714 removed lines

@@ -23,718 +23,718 @@
  */
 class Aggregator
 {
-    /**
-     * The list of signature algorithms supported by the aggregator.
-     *
-     * @var array
-     */
-    public static $SUPPORTED_SIGNATURE_ALGORITHMS = [
-        XMLSecurityKey::RSA_SHA1,
-        XMLSecurityKey::RSA_SHA256,
-        XMLSecurityKey::RSA_SHA384,
-        XMLSecurityKey::RSA_SHA512,
-    ];
-
-    /**
-     * The ID of this aggregator.
-     *
-     * @var string
-     */
-    protected $id;
-
-    /**
-     * Our log "location".
-     *
-     * @var string
-     */
-    protected $logLoc;
-
-    /**
-     * Which cron-tag this should be updated in.
-     *
-     * @var string|null
-     */
-    protected $cronTag;
-
-    /**
-     * Absolute path to a cache directory.
-     *
-     * @var string|null
-     */
-    protected $cacheDirectory;
-
-    /**
-     * The entity sources.
-     *
-     * Array of sspmod_aggregator2_EntitySource objects.
-     *
-     * @var array
-     */
-    protected $sources = [];
-
-    /**
-     * How long the generated metadata should be valid, as a number of seconds.
-     *
-     * This is used to set the validUntil attribute on the generated EntityDescriptor.
-     *
-     * @var int
-     */
-    protected $validLength;
-
-    /**
-     * Duration we should cache generated metadata.
-     *
-     * @var int
-     */
-    protected $cacheGenerated;
-
-    /**
-     * An array of entity IDs to exclude from the aggregate.
-     *
-     * @var string[]|null
-     */
-    protected $excluded;
-
-    /**
-     * An indexed array of protocols to filter the aggregate by. keys can be any of:
-     *
-     * - urn:oasis:names:tc:SAML:1.1:protocol
-     * - urn:oasis:names:tc:SAML:2.0:protocol
-     *
-     * Values will be true if enabled, false otherwise.
-     *
-     * @var array|null
-     */
-    protected $protocols;
-
-    /**
-     * An array of roles to filter the aggregate by. Keys can be any of:
-     *
-     * - SAML2_XML_md_IDPSSODescriptor
-     * - SAML2_XML_md_SPSSODescriptor
-     * - SAML2_XML_md_AttributeAuthorityDescriptor
-     *
-     * Values will be true if enabled, false otherwise.
-     *
-     * @var array|null
-     */
-    protected $roles;
-
-    /**
-     * The key we should use to sign the metadata.
-     *
-     * @var string|null
-     */
-    protected $signKey;
-
-    /**
-     * The password for the private key.
-     *
-     * @var string|null
-     */
-    protected $signKeyPass;
-
-    /**
-     * The certificate of the key we sign the metadata with.
-     *
-     * @var string|null
-     */
-    protected $signCert;
-
-    /**
-     * The algorithm to use for metadata signing.
-     *
-     * @var string|null
-     */
-    protected $signAlg;
-
-    /**
-     * The CA certificate file that should be used to validate https-connections.
-     *
-     * @var string|null
-     */
-    protected $sslCAFile;
-
-    /**
-     * The cache ID for our generated metadata.
-     *
-     * @var string
-     */
-    protected $cacheId;
-
-    /**
-     * The cache tag for our generated metadata.
-     *
-     * This tag is used to make sure that a config change
-     * invalidates our cached metadata.
-     *
-     * @var string
-     */
-    protected $cacheTag;
-
-    /**
-     * The registration information for our generated metadata.
-     *
-     * @var array
-     */
-    protected $regInfo;
-
-
-    /**
-     * Initialize this aggregator.
-     *
-     * @param string $id  The id of this aggregator.
-     * @param \SimpleSAML\Configuration $config  The configuration for this aggregator.
-     */
-    protected function __construct($id, Configuration $config)
-    {
-        assert('is_string($id)');
-
-        $this->id = $id;
-        $this->logLoc = 'aggregator2:'.$this->id.': ';
-
-        $this->cronTag = $config->getString('cron.tag', null);
-
-        $this->cacheDirectory = $config->getString('cache.directory', null);
-        if ($this->cacheDirectory !== null) {
-            $this->cacheDirectory = System::resolvePath($this->cacheDirectory);
-        }
-
-        $this->cacheGenerated = $config->getInteger('cache.generated', null);
-        if ($this->cacheGenerated !== null) {
-            $this->cacheId = sha1($this->id);
-            $this->cacheTag = sha1(serialize($config));
-        }
-
-        // configure entity IDs excluded by default
-        $this->excludeEntities($config->getArrayize('exclude', null));
-
-        // configure filters
-        $this->setFilters($config->getArrayize('filter', null));
-
-        $this->validLength = $config->getInteger('valid.length', 7*24*60*60);
-
-        $globalConfig = Configuration::getInstance();
-        $certDir = $globalConfig->getPathValue('certdir', 'cert/');
-
-        $signKey = $config->getString('sign.privatekey', null);
-        if ($signKey !== null) {
-            $signKey = System::resolvePath($signKey, $certDir);
-            $this->signKey = @file_get_contents($signKey);
-            if ($this->signKey === null) {
-                throw new Exception('Unable to load private key from '.var_export($signKey, true));
-            }
-        }
-
-        $this->signKeyPass = $config->getString('sign.privatekey_pass', null);
-
-        $signCert = $config->getString('sign.certificate', null);
-        if ($signCert !== null) {
-            $signCert = System::resolvePath($signCert, $certDir);
-            $this->signCert = @file_get_contents($signCert);
-            if ($this->signCert === null) {
-                throw new Exception('Unable to load certificate file from '.var_export($signCert, true));
-            }
-        }
-
-        $this->signAlg = $config->getString('sign.algorithm', XMLSecurityKey::RSA_SHA1);
-        if (!in_array($this->signAlg, self::$SUPPORTED_SIGNATURE_ALGORITHMS)) {
-            throw new Exception('Unsupported signature algorithm '.var_export($this->signAlg, true));
-        }
-
-        $this->sslCAFile = $config->getString('ssl.cafile', null);
-
-        $this->regInfo = $config->getArray('RegistrationInfo', null);
-
-        $this->initSources($config->getConfigList('sources'));
-    }
-
-
-    /**
-     * Populate the sources array.
-     *
-     * This is called from the constructor, and can be overridden in subclasses.
-     *
-     * @param array $sources  The sources as an array of SimpleSAML_Configuration objects.
-     */
-    protected function initSources(array $sources)
-    {
-        foreach ($sources as $source) {
-            $this->sources[] = new EntitySource($this, $source);
-        }
-    }
-
-
-    /**
-     * Return an instance of the aggregator with the given id.
-     *
-     * @param string $id  The id of the aggregator.
-     */
-    public static function getAggregator($id)
-    {
-        assert('is_string($id)');
-
-        $config = Configuration::getConfig('module_aggregator2.php');
-        return new Aggregator($id, $config->getConfigItem($id));
-    }
-
-
-    /**
-     * Retrieve the ID of the aggregator.
-     *
-     * @return string  The ID of this aggregator.
-     */
-    public function getId()
-    {
-        return $this->id;
-    }
-
-
-    /**
-     * Add an item to the cache.
-     *
-     * @param string $id  The identifier of this data.
-     * @param string $data  The data.
-     * @param int $expires  The timestamp the data expires.
-     * @param string|null $tag  An extra tag that can be used to verify the validity of the cached data.
-     */
-    public function addCacheItem($id, $data, $expires, $tag = null)
-    {
-        assert('is_string($id)');
-        assert('is_string($data)');
-        assert('is_int($expires)');
-        assert('is_null($tag) || is_string($tag)');
-
-        $cacheFile = $this->cacheDirectory.'/'.$id;
-        try {
-            System::writeFile($cacheFile, $data);
-        } catch (\Exception $e) {
-            Logger::warning($this->logLoc.'Unable to write to cache file '.var_export($cacheFile, true));
-            return;
-        }
-
-        $expireInfo = (string)$expires;
-        if ($tag !== null) {
-            $expireInfo .= ':'.$tag;
-        }
-
-        $expireFile = $cacheFile.'.expire';
-        try {
-            System::writeFile($expireFile, $expireInfo);
-        } catch (\Exception $e) {
-            Logger::warning($this->logLoc.'Unable to write expiration info to '.var_export($expireFile, true));
-        }
-    }
-
-
-    /**
-     * Check validity of cached data.
-     *
-     * @param string $id  The identifier of this data.
-     * @param string $tag  The tag that was passed to addCacheItem.
-     * @return bool  TRUE if the data is valid, FALSE if not.
-     */
-    public function isCacheValid($id, $tag = null)
-    {
-        assert('is_string($id)');
-        assert('is_null($tag) || is_string($tag)');
-
-        $cacheFile = $this->cacheDirectory.'/'.$id;
-        if (!file_exists($cacheFile)) {
-            return false;
-        }
-
-        $expireFile = $cacheFile.'.expire';
-        if (!file_exists($expireFile)) {
-            return false;
-        }
-
-        $expireData = @file_get_contents($expireFile);
-        if ($expireData === false) {
-            return false;
-        }
-
-        $expireData = explode(':', $expireData, 2);
-
-        $expireTime = intval($expireData[0]);
-        if ($expireTime <= time()) {
-            return false;
-        }
-
-        if (count($expireData) === 1) {
-            $expireTag = null;
-        } else {
-            $expireTag = $expireData[1];
-        }
-        if ($expireTag !== $tag) {
-            return false;
-        }
-
-        return true;
-    }
-
-
-    /**
-     * Get the cache item.
-     *
-     * @param string $id  The identifier of this data.
-     * @param string $tag  The tag that was passed to addCacheItem.
-     * @return string|null  The cache item, or NULL if it isn't cached or if it is expired.
-     */
-    public function getCacheItem($id, $tag = null)
-    {
-        assert('is_string($id)');
-        assert('is_null($tag) || is_string($tag)');
-
-        if (!$this->isCacheValid($id, $tag)) {
-            return null;
-        }
-
-        $cacheFile = $this->cacheDirectory.'/'.$id;
-        return @file_get_contents($cacheFile);
-    }
-
-
-    /**
-     * Get the cache filename for the specific id.
-     *
-     * @param string $id  The identifier of the cached data.
-     * @return string|null  The filename, or NULL if the cache file doesn't exist.
-     */
-    public function getCacheFile($id)
-    {
-        assert('is_string($id)');
-
-        $cacheFile = $this->cacheDirectory.'/'.$id;
-        if (!file_exists($cacheFile)) {
-            return null;
-        }
-
-        return $cacheFile;
-    }
-
-
-    /**
-     * Retrieve the SSL CA file path, if it is set.
-     *
-     * @return string|null  The SSL CA file path.
-     */
-    public function getCAFile()
-    {
-        return $this->sslCAFile;
-    }
-
-
-    /**
-     * Sign the generated EntitiesDescriptor.
-     */
-    protected function addSignature(SignedElement $element)
-    {
-        if ($this->signKey === null) {
-            return;
-        }
-
-        $privateKey = new XMLSecurityKey($this->signAlg, ['type' => 'private']);
-        if ($this->signKeyPass !== null) {
-            $privateKey->passphrase = $this->signKeyPass;
-        }
-        $privateKey->loadKey($this->signKey, false);
-
-        $element->setSignatureKey($privateKey);
-
-        if ($this->signCert !== null) {
-            $element->setCertificates([$this->signCert]);
-        }
-    }
-
-
-    /**
-     * Recursively browse the children of an EntitiesDescriptor element looking for EntityDescriptor elements, and
-     * return an array containing all of them.
-     *
-     * @param \SAML2\XML\md\EntitiesDescriptor $entity The source EntitiesDescriptor that holds the entities to extract.
-     *
-     * @return array An array containing all the EntityDescriptors found.
-     */
-    private static function extractEntityDescriptors($entity)
-    {
-        assert('$entity instanceof EntitiesDescriptor');
-
-        if (!($entity instanceof EntitiesDescriptor)) {
-            return [];
-        }
-
-        $results = [];
-        foreach ($entity->children as $child) {
-            if ($child instanceof EntityDescriptor) {
-                $results[] = $child;
-                continue;
-            }
-
-            $results = array_merge($results, self::extractEntityDescriptors($child));
-        }
-        return $results;
-    }
-
-
-    /**
-     * Retrieve all entities as an EntitiesDescriptor.
-     *
-     * @return \SAML2\XML\md\EntitiesDescriptor  The entities.
-     */
-    protected function getEntitiesDescriptor()
-    {
-        $ret = new EntitiesDescriptor();
-        $now = time();
-
-        // add RegistrationInfo extension if enabled
-        if ($this->regInfo !== null) {
-            $ri = new RegistrationInfo();
-            $ri->registrationInstant = $now;
-            foreach ($this->regInfo as $riName => $riValues) {
-                switch ($riName) {
-                    case 'authority':
-                        $ri->registrationAuthority = $riValues;
-                        break;
-                    case 'instant':
-                        $ri->registrationInstant = Utils::xsDateTimeToTimestamp($riValues);
-                        break;
-                    case 'policies':
-                        $ri->RegistrationPolicy = $riValues;
-                        break;
-                }
-            }
-            $ret->Extensions[] = $ri;
-        }
-
-        foreach ($this->sources as $source) {
-            $m = $source->getMetadata();
-            if ($m === NULL) {
-                continue;
-            }
-            if ($m instanceof EntityDescriptor) {
-                $ret->children[] = $m;
-            } elseif ($m instanceof EntitiesDescriptor) {
-                $ret->children = array_merge($ret->children, self::extractEntityDescriptors($m));
-            }
-        }
-
-        $ret->children = array_unique($ret->children, SORT_REGULAR);
-        $ret->validUntil = $now + $this->validLength;
-
-        return $ret;
-    }
-
-
-    /**
-     * Recursively traverse the children of an EntitiesDescriptor, removing those entities listed in the $entities
-     * property. Returns the EntitiesDescriptor with the entities filtered out.
-     *
-     * @param \SAML2\XML\md\EntitiesDescriptor $descriptor The EntitiesDescriptor from where to exclude entities.
-     *
-     * @return \SAML2\XML\md\EntitiesDescriptor The EntitiesDescriptor with excluded entities filtered out.
-     */
-    protected function exclude(EntitiesDescriptor $descriptor)
-    {
-        if (empty($this->excluded)) {
-            return $descriptor;
-        }
-
-        $filtered = [];
-        foreach ($descriptor->children as $child) {
-            if ($child instanceof EntityDescriptor) {
-                if (in_array($child->entityID, $this->excluded)) {
-                    continue;
-                }
-                $filtered[] = $child;
-            }
-
-            if ($child instanceof EntitiesDescriptor) {
-                $filtered[] = $this->exclude($child);
-            }
-        }
-
-        $descriptor->children = $filtered;
-        return $descriptor;
-    }
-
-
-    /**
-     * Recursively traverse the children of an EntitiesDescriptor, keeping only those entities with the roles listed in
-     * the $roles property, and support for the protocols listed in the $protocols property. Returns the
-     * EntitiesDescriptor containing only those entities.
-     *
-     * @param \SAML2\XML\md\EntitiesDescriptor $descriptor The EntitiesDescriptor to filter.
-     *
-     * @return SAML2_XML_md_EntitiesDescriptor The EntitiesDescriptor with only the entities filtered.
-     */
-    protected function filter(EntitiesDescriptor $descriptor)
-    {
-        if ($this->roles === null || $this->protocols === null) {
-            return $descriptor;
-        }
-
-        $enabled_roles = array_keys($this->roles, true);
-        $enabled_protos = array_keys($this->protocols, true);
-
-        $filtered = [];
-        foreach ($descriptor->children as $child) {
-            if ($child instanceof EntityDescriptor) {
-                foreach ($child->RoleDescriptor as $role) {
-                    if (in_array(get_class($role), $enabled_roles)) {
-                        // we found a role descriptor that is enabled by our filters, check protocols
-                        if (array_intersect($enabled_protos, $role->protocolSupportEnumeration) !== []) {
-                            // it supports some protocol we have enabled, add it
-                            $filtered[] = $child;
-                            break;
-                        }
-                    }
-                }
-
-            }
-
-            if ($child instanceof EntitiesDescriptor) {
-                $filtered[] = $this->filter($child);
-            }
-        }
-
-        $descriptor->children = $filtered;
-        return $descriptor;
-    }
-
-
-    /**
-     * Set this aggregator to exclude a set of entities from the resulting aggregate.
-     *
-     * @param array|null $entities The entity IDs of the entities to exclude.
-     */
-    public function excludeEntities($entities)
-    {
-        assert('is_array($entities) || is_null($entities)');
-
-        if ($entities === null) {
-            return;
-        }
-        $this->excluded = $entities;
-        sort($this->excluded);
-        $this->cacheId = sha1($this->cacheId.serialize($this->excluded));
-    }
-
-
-    /**
-     * Set the internal filters according to one or more options:
-     *
-     * - 'saml2': all SAML2.0-capable entities.
-     * - 'shib13': all SHIB1.3-capable entities.
-     * - 'saml20-idp': all SAML2.0-capable identity providers.
-     * - 'saml20-sp': all SAML2.0-capable service providers.
-     * - 'saml20-aa': all SAML2.0-capable attribute authorities.
-     * - 'shib13-idp': all SHIB1.3-capable identity providers.
-     * - 'shib13-sp': all SHIB1.3-capable service providers.
-     * - 'shib13-aa': all SHIB1.3-capable attribute authorities.
-     *
-     * @param array|null $set An array of the different roles and protocols to filter by.
-     */
-    public function setFilters($set)
-    {
-        assert('is_array($set) || is_null($set)');
-
-        if ($set === null) {
-            return;
-        }
-
-        // configure filters
-        $this->protocols = [
-            Constants::NS_SAMLP                    => true,
-            'urn:oasis:names:tc:SAML:1.1:protocol' => true,
-        ];
-        $this->roles = [
-            'SAML2_XML_md_IDPSSODescriptor'             => true,
-            'SAML2_XML_md_SPSSODescriptor'              => true,
-            'SAML2_XML_md_AttributeAuthorityDescriptor' => true,
-        ];
-
-        // now translate from the options we have, to specific protocols and roles
-
-        // check SAML 2.0 protocol
-        $options = ['saml2', 'saml20-idp', 'saml20-sp', 'saml20-aa'];
-        $this->protocols[Constants::NS_SAMLP] = (array_intersect($set, $options) !== []);
-
-        // check SHIB 1.3 protocol
-        $options = ['shib13', 'shib13-idp', 'shib13-sp', 'shib13-aa'];
-        $this->protocols['urn:oasis:names:tc:SAML:1.1:protocol'] = (array_intersect($set, $options) !== []);
-
-        // check IdP
-        $options = ['saml2', 'shib13', 'saml20-idp', 'shib13-idp'];
-        $this->roles['SAML2_XML_md_IDPSSODescriptor'] = (array_intersect($set, $options) !== []);
-
-        // check SP
-        $options = ['saml2', 'shib13', 'saml20-sp', 'shib13-sp'];
-        $this->roles['SAML2_XML_md_SPSSODescriptor'] = (array_intersect($set, $options) !== []);
-
-        // check AA
-        $options = ['saml2', 'shib13', 'saml20-aa', 'shib13-aa'];
-        $this->roles['SAML2_XML_md_AttributeAuthorityDescriptor'] = (array_intersect($set, $options) !== []);
-
-        $this->cacheId = sha1($this->cacheId.serialize($this->protocols).serialize($this->roles));
-    }
-
-
-    /**
-     * Retrieve the complete, signed metadata as text.
-     *
-     * This function will write the new metadata to the cache file, but will not return
-     * the cached metadata.
-     *
-     * @return string  The metadata, as text.
-     */
-    public function updateCachedMetadata()
-    {
-        $ed = $this->getEntitiesDescriptor();
-        $ed = $this->exclude($ed);
-        $ed = $this->filter($ed);
-        $this->addSignature($ed);
-
-        $xml = $ed->toXML();
-        $xml = $xml->ownerDocument->saveXML($xml);
-
-        if ($this->cacheGenerated !== null) {
-            Logger::debug($this->logLoc.'Saving generated metadata to cache.');
-            $this->addCacheItem($this->cacheId, $xml, time() + $this->cacheGenerated, $this->cacheTag);
-        }
-
-        return $xml;
-    }
-
-
-    /**
-     * Retrieve the complete, signed metadata as text.
-     *
-     * @return string  The metadata, as text.
-     */
-    public function getMetadata()
-    {
-        if ($this->cacheGenerated !== null) {
-            $xml = $this->getCacheItem($this->cacheId, $this->cacheTag);
-            if ($xml !== null) {
-                Logger::debug($this->logLoc.'Loaded generated metadata from cache.');
-                return $xml;
-            }
-        }
-
-        return $this->updateCachedMetadata();
-    }
-
-
-    /**
-     * Update the cached copy of our metadata.
-     */
-    public function updateCache()
-    {
-        foreach ($this->sources as $source) {
-            $source->updateCache();
-        }
-
-        $this->updateCachedMetadata();
-    }
+	/**
+	 * The list of signature algorithms supported by the aggregator.
+	 *
+	 * @var array
+	 */
+	public static $SUPPORTED_SIGNATURE_ALGORITHMS = [
+		XMLSecurityKey::RSA_SHA1,
+		XMLSecurityKey::RSA_SHA256,
+		XMLSecurityKey::RSA_SHA384,
+		XMLSecurityKey::RSA_SHA512,
+	];
+
+	/**
+	 * The ID of this aggregator.
+	 *
+	 * @var string
+	 */
+	protected $id;
+
+	/**
+	 * Our log "location".
+	 *
+	 * @var string
+	 */
+	protected $logLoc;
+
+	/**
+	 * Which cron-tag this should be updated in.
+	 *
+	 * @var string|null
+	 */
+	protected $cronTag;
+
+	/**
+	 * Absolute path to a cache directory.
+	 *
+	 * @var string|null
+	 */
+	protected $cacheDirectory;
+
+	/**
+	 * The entity sources.
+	 *
+	 * Array of sspmod_aggregator2_EntitySource objects.
+	 *
+	 * @var array
+	 */
+	protected $sources = [];
+
+	/**
+	 * How long the generated metadata should be valid, as a number of seconds.
+	 *
+	 * This is used to set the validUntil attribute on the generated EntityDescriptor.
+	 *
+	 * @var int
+	 */
+	protected $validLength;
+
+	/**
+	 * Duration we should cache generated metadata.
+	 *
+	 * @var int
+	 */
+	protected $cacheGenerated;
+
+	/**
+	 * An array of entity IDs to exclude from the aggregate.
+	 *
+	 * @var string[]|null
+	 */
+	protected $excluded;
+
+	/**
+	 * An indexed array of protocols to filter the aggregate by. keys can be any of:
+	 *
+	 * - urn:oasis:names:tc:SAML:1.1:protocol
+	 * - urn:oasis:names:tc:SAML:2.0:protocol
+	 *
+	 * Values will be true if enabled, false otherwise.
+	 *
+	 * @var array|null
+	 */
+	protected $protocols;
+
+	/**
+	 * An array of roles to filter the aggregate by. Keys can be any of:
+	 *
+	 * - SAML2_XML_md_IDPSSODescriptor
+	 * - SAML2_XML_md_SPSSODescriptor
+	 * - SAML2_XML_md_AttributeAuthorityDescriptor
+	 *
+	 * Values will be true if enabled, false otherwise.
+	 *
+	 * @var array|null
+	 */
+	protected $roles;
+
+	/**
+	 * The key we should use to sign the metadata.
+	 *
+	 * @var string|null
+	 */
+	protected $signKey;
+
+	/**
+	 * The password for the private key.
+	 *
+	 * @var string|null
+	 */
+	protected $signKeyPass;
+
+	/**
+	 * The certificate of the key we sign the metadata with.
+	 *
+	 * @var string|null
+	 */
+	protected $signCert;
+
+	/**
+	 * The algorithm to use for metadata signing.
+	 *
+	 * @var string|null
+	 */
+	protected $signAlg;
+
+	/**
+	 * The CA certificate file that should be used to validate https-connections.
+	 *
+	 * @var string|null
+	 */
+	protected $sslCAFile;
+
+	/**
+	 * The cache ID for our generated metadata.
+	 *
+	 * @var string
+	 */
+	protected $cacheId;
+
+	/**
+	 * The cache tag for our generated metadata.
+	 *
+	 * This tag is used to make sure that a config change
+	 * invalidates our cached metadata.
+	 *
+	 * @var string
+	 */
+	protected $cacheTag;
+
+	/**
+	 * The registration information for our generated metadata.
+	 *
+	 * @var array
+	 */
+	protected $regInfo;
+
+
+	/**
+	 * Initialize this aggregator.
+	 *
+	 * @param string $id  The id of this aggregator.
+	 * @param \SimpleSAML\Configuration $config  The configuration for this aggregator.
+	 */
+	protected function __construct($id, Configuration $config)
+	{
+		assert('is_string($id)');
+
+		$this->id = $id;
+		$this->logLoc = 'aggregator2:'.$this->id.': ';
+
+		$this->cronTag = $config->getString('cron.tag', null);
+
+		$this->cacheDirectory = $config->getString('cache.directory', null);
+		if ($this->cacheDirectory !== null) {
+			$this->cacheDirectory = System::resolvePath($this->cacheDirectory);
+		}
+
+		$this->cacheGenerated = $config->getInteger('cache.generated', null);
+		if ($this->cacheGenerated !== null) {
+			$this->cacheId = sha1($this->id);
+			$this->cacheTag = sha1(serialize($config));
+		}
+
+		// configure entity IDs excluded by default
+		$this->excludeEntities($config->getArrayize('exclude', null));
+
+		// configure filters
+		$this->setFilters($config->getArrayize('filter', null));
+
+		$this->validLength = $config->getInteger('valid.length', 7*24*60*60);
+
+		$globalConfig = Configuration::getInstance();
+		$certDir = $globalConfig->getPathValue('certdir', 'cert/');
+
+		$signKey = $config->getString('sign.privatekey', null);
+		if ($signKey !== null) {
+			$signKey = System::resolvePath($signKey, $certDir);
+			$this->signKey = @file_get_contents($signKey);
+			if ($this->signKey === null) {
+				throw new Exception('Unable to load private key from '.var_export($signKey, true));
+			}
+		}
+
+		$this->signKeyPass = $config->getString('sign.privatekey_pass', null);
+
+		$signCert = $config->getString('sign.certificate', null);
+		if ($signCert !== null) {
+			$signCert = System::resolvePath($signCert, $certDir);
+			$this->signCert = @file_get_contents($signCert);
+			if ($this->signCert === null) {
+				throw new Exception('Unable to load certificate file from '.var_export($signCert, true));
+			}
+		}
+
+		$this->signAlg = $config->getString('sign.algorithm', XMLSecurityKey::RSA_SHA1);
+		if (!in_array($this->signAlg, self::$SUPPORTED_SIGNATURE_ALGORITHMS)) {
+			throw new Exception('Unsupported signature algorithm '.var_export($this->signAlg, true));
+		}
+
+		$this->sslCAFile = $config->getString('ssl.cafile', null);
+
+		$this->regInfo = $config->getArray('RegistrationInfo', null);
+
+		$this->initSources($config->getConfigList('sources'));
+	}
+
+
+	/**
+	 * Populate the sources array.
+	 *
+	 * This is called from the constructor, and can be overridden in subclasses.
+	 *
+	 * @param array $sources  The sources as an array of SimpleSAML_Configuration objects.
+	 */
+	protected function initSources(array $sources)
+	{
+		foreach ($sources as $source) {
+			$this->sources[] = new EntitySource($this, $source);
+		}
+	}
+
+
+	/**
+	 * Return an instance of the aggregator with the given id.
+	 *
+	 * @param string $id  The id of the aggregator.
+	 */
+	public static function getAggregator($id)
+	{
+		assert('is_string($id)');
+
+		$config = Configuration::getConfig('module_aggregator2.php');
+		return new Aggregator($id, $config->getConfigItem($id));
+	}
+
+
+	/**
+	 * Retrieve the ID of the aggregator.
+	 *
+	 * @return string  The ID of this aggregator.
+	 */
+	public function getId()
+	{
+		return $this->id;
+	}
+
+
+	/**
+	 * Add an item to the cache.
+	 *
+	 * @param string $id  The identifier of this data.
+	 * @param string $data  The data.
+	 * @param int $expires  The timestamp the data expires.
+	 * @param string|null $tag  An extra tag that can be used to verify the validity of the cached data.
+	 */
+	public function addCacheItem($id, $data, $expires, $tag = null)
+	{
+		assert('is_string($id)');
+		assert('is_string($data)');
+		assert('is_int($expires)');
+		assert('is_null($tag) || is_string($tag)');
+
+		$cacheFile = $this->cacheDirectory.'/'.$id;
+		try {
+			System::writeFile($cacheFile, $data);
+		} catch (\Exception $e) {
+			Logger::warning($this->logLoc.'Unable to write to cache file '.var_export($cacheFile, true));
+			return;
+		}
+
+		$expireInfo = (string)$expires;
+		if ($tag !== null) {
+			$expireInfo .= ':'.$tag;
+		}
+
+		$expireFile = $cacheFile.'.expire';
+		try {
+			System::writeFile($expireFile, $expireInfo);
+		} catch (\Exception $e) {
+			Logger::warning($this->logLoc.'Unable to write expiration info to '.var_export($expireFile, true));
+		}
+	}
+
+
+	/**
+	 * Check validity of cached data.
+	 *
+	 * @param string $id  The identifier of this data.
+	 * @param string $tag  The tag that was passed to addCacheItem.
+	 * @return bool  TRUE if the data is valid, FALSE if not.
+	 */
+	public function isCacheValid($id, $tag = null)
+	{
+		assert('is_string($id)');
+		assert('is_null($tag) || is_string($tag)');
+
+		$cacheFile = $this->cacheDirectory.'/'.$id;
+		if (!file_exists($cacheFile)) {
+			return false;
+		}
+
+		$expireFile = $cacheFile.'.expire';
+		if (!file_exists($expireFile)) {
+			return false;
+		}
+
+		$expireData = @file_get_contents($expireFile);
+		if ($expireData === false) {
+			return false;
+		}
+
+		$expireData = explode(':', $expireData, 2);
+
+		$expireTime = intval($expireData[0]);
+		if ($expireTime <= time()) {
+			return false;
+		}
+
+		if (count($expireData) === 1) {
+			$expireTag = null;
+		} else {
+			$expireTag = $expireData[1];
+		}
+		if ($expireTag !== $tag) {
+			return false;
+		}
+
+		return true;
+	}
+
+
+	/**
+	 * Get the cache item.
+	 *
+	 * @param string $id  The identifier of this data.
+	 * @param string $tag  The tag that was passed to addCacheItem.
+	 * @return string|null  The cache item, or NULL if it isn't cached or if it is expired.
+	 */
+	public function getCacheItem($id, $tag = null)
+	{
+		assert('is_string($id)');
+		assert('is_null($tag) || is_string($tag)');
+
+		if (!$this->isCacheValid($id, $tag)) {
+			return null;
+		}
+
+		$cacheFile = $this->cacheDirectory.'/'.$id;
+		return @file_get_contents($cacheFile);
+	}
+
+
+	/**
+	 * Get the cache filename for the specific id.
+	 *
+	 * @param string $id  The identifier of the cached data.
+	 * @return string|null  The filename, or NULL if the cache file doesn't exist.
+	 */
+	public function getCacheFile($id)
+	{
+		assert('is_string($id)');
+
+		$cacheFile = $this->cacheDirectory.'/'.$id;
+		if (!file_exists($cacheFile)) {
+			return null;
+		}
+
+		return $cacheFile;
+	}
+
+
+	/**
+	 * Retrieve the SSL CA file path, if it is set.
+	 *
+	 * @return string|null  The SSL CA file path.
+	 */
+	public function getCAFile()
+	{
+		return $this->sslCAFile;
+	}
+
+
+	/**
+	 * Sign the generated EntitiesDescriptor.
+	 */
+	protected function addSignature(SignedElement $element)
+	{
+		if ($this->signKey === null) {
+			return;
+		}
+
+		$privateKey = new XMLSecurityKey($this->signAlg, ['type' => 'private']);
+		if ($this->signKeyPass !== null) {
+			$privateKey->passphrase = $this->signKeyPass;
+		}
+		$privateKey->loadKey($this->signKey, false);
+
+		$element->setSignatureKey($privateKey);
+
+		if ($this->signCert !== null) {
+			$element->setCertificates([$this->signCert]);
+		}
+	}
+
+
+	/**
+	 * Recursively browse the children of an EntitiesDescriptor element looking for EntityDescriptor elements, and
+	 * return an array containing all of them.
+	 *
+	 * @param \SAML2\XML\md\EntitiesDescriptor $entity The source EntitiesDescriptor that holds the entities to extract.
+	 *
+	 * @return array An array containing all the EntityDescriptors found.
+	 */
+	private static function extractEntityDescriptors($entity)
+	{
+		assert('$entity instanceof EntitiesDescriptor');
+
+		if (!($entity instanceof EntitiesDescriptor)) {
+			return [];
+		}
+
+		$results = [];
+		foreach ($entity->children as $child) {
+			if ($child instanceof EntityDescriptor) {
+				$results[] = $child;
+				continue;
+			}
+
+			$results = array_merge($results, self::extractEntityDescriptors($child));
+		}
+		return $results;
+	}
+
+
+	/**
+	 * Retrieve all entities as an EntitiesDescriptor.
+	 *
+	 * @return \SAML2\XML\md\EntitiesDescriptor  The entities.
+	 */
+	protected function getEntitiesDescriptor()
+	{
+		$ret = new EntitiesDescriptor();
+		$now = time();
+
+		// add RegistrationInfo extension if enabled
+		if ($this->regInfo !== null) {
+			$ri = new RegistrationInfo();
+			$ri->registrationInstant = $now;
+			foreach ($this->regInfo as $riName => $riValues) {
+				switch ($riName) {
+					case 'authority':
+						$ri->registrationAuthority = $riValues;
+						break;
+					case 'instant':
+						$ri->registrationInstant = Utils::xsDateTimeToTimestamp($riValues);
+						break;
+					case 'policies':
+						$ri->RegistrationPolicy = $riValues;
+						break;
+				}
+			}
+			$ret->Extensions[] = $ri;
+		}
+
+		foreach ($this->sources as $source) {
+			$m = $source->getMetadata();
+			if ($m === NULL) {
+				continue;
+			}
+			if ($m instanceof EntityDescriptor) {
+				$ret->children[] = $m;
+			} elseif ($m instanceof EntitiesDescriptor) {
+				$ret->children = array_merge($ret->children, self::extractEntityDescriptors($m));
+			}
+		}
+
+		$ret->children = array_unique($ret->children, SORT_REGULAR);
+		$ret->validUntil = $now + $this->validLength;
+
+		return $ret;
+	}
+
+
+	/**
+	 * Recursively traverse the children of an EntitiesDescriptor, removing those entities listed in the $entities
+	 * property. Returns the EntitiesDescriptor with the entities filtered out.
+	 *
+	 * @param \SAML2\XML\md\EntitiesDescriptor $descriptor The EntitiesDescriptor from where to exclude entities.
+	 *
+	 * @return \SAML2\XML\md\EntitiesDescriptor The EntitiesDescriptor with excluded entities filtered out.
+	 */
+	protected function exclude(EntitiesDescriptor $descriptor)
+	{
+		if (empty($this->excluded)) {
+			return $descriptor;
+		}
+
+		$filtered = [];
+		foreach ($descriptor->children as $child) {
+			if ($child instanceof EntityDescriptor) {
+				if (in_array($child->entityID, $this->excluded)) {
+					continue;
+				}
+				$filtered[] = $child;
+			}
+
+			if ($child instanceof EntitiesDescriptor) {
+				$filtered[] = $this->exclude($child);
+			}
+		}
+
+		$descriptor->children = $filtered;
+		return $descriptor;
+	}
+
+
+	/**
+	 * Recursively traverse the children of an EntitiesDescriptor, keeping only those entities with the roles listed in
+	 * the $roles property, and support for the protocols listed in the $protocols property. Returns the
+	 * EntitiesDescriptor containing only those entities.
+	 *
+	 * @param \SAML2\XML\md\EntitiesDescriptor $descriptor The EntitiesDescriptor to filter.
+	 *
+	 * @return SAML2_XML_md_EntitiesDescriptor The EntitiesDescriptor with only the entities filtered.
+	 */
+	protected function filter(EntitiesDescriptor $descriptor)
+	{
+		if ($this->roles === null || $this->protocols === null) {
+			return $descriptor;
+		}
+
+		$enabled_roles = array_keys($this->roles, true);
+		$enabled_protos = array_keys($this->protocols, true);
+
+		$filtered = [];
+		foreach ($descriptor->children as $child) {
+			if ($child instanceof EntityDescriptor) {
+				foreach ($child->RoleDescriptor as $role) {
+					if (in_array(get_class($role), $enabled_roles)) {
+						// we found a role descriptor that is enabled by our filters, check protocols
+						if (array_intersect($enabled_protos, $role->protocolSupportEnumeration) !== []) {
+							// it supports some protocol we have enabled, add it
+							$filtered[] = $child;
+							break;
+						}
+					}
+				}
+
+			}
+
+			if ($child instanceof EntitiesDescriptor) {
+				$filtered[] = $this->filter($child);
+			}
+		}
+
+		$descriptor->children = $filtered;
+		return $descriptor;
+	}
+
+
+	/**
+	 * Set this aggregator to exclude a set of entities from the resulting aggregate.
+	 *
+	 * @param array|null $entities The entity IDs of the entities to exclude.
+	 */
+	public function excludeEntities($entities)
+	{
+		assert('is_array($entities) || is_null($entities)');
+
+		if ($entities === null) {
+			return;
+		}
+		$this->excluded = $entities;
+		sort($this->excluded);
+		$this->cacheId = sha1($this->cacheId.serialize($this->excluded));
+	}
+
+
+	/**
+	 * Set the internal filters according to one or more options:
+	 *
+	 * - 'saml2': all SAML2.0-capable entities.
+	 * - 'shib13': all SHIB1.3-capable entities.
+	 * - 'saml20-idp': all SAML2.0-capable identity providers.
+	 * - 'saml20-sp': all SAML2.0-capable service providers.
+	 * - 'saml20-aa': all SAML2.0-capable attribute authorities.
+	 * - 'shib13-idp': all SHIB1.3-capable identity providers.
+	 * - 'shib13-sp': all SHIB1.3-capable service providers.
+	 * - 'shib13-aa': all SHIB1.3-capable attribute authorities.
+	 *
+	 * @param array|null $set An array of the different roles and protocols to filter by.
+	 */
+	public function setFilters($set)
+	{
+		assert('is_array($set) || is_null($set)');
+
+		if ($set === null) {
+			return;
+		}
+
+		// configure filters
+		$this->protocols = [
+			Constants::NS_SAMLP                    => true,
+			'urn:oasis:names:tc:SAML:1.1:protocol' => true,
+		];
+		$this->roles = [
+			'SAML2_XML_md_IDPSSODescriptor'             => true,
+			'SAML2_XML_md_SPSSODescriptor'              => true,
+			'SAML2_XML_md_AttributeAuthorityDescriptor' => true,
+		];
+
+		// now translate from the options we have, to specific protocols and roles
+
+		// check SAML 2.0 protocol
+		$options = ['saml2', 'saml20-idp', 'saml20-sp', 'saml20-aa'];
+		$this->protocols[Constants::NS_SAMLP] = (array_intersect($set, $options) !== []);
+
+		// check SHIB 1.3 protocol
+		$options = ['shib13', 'shib13-idp', 'shib13-sp', 'shib13-aa'];
+		$this->protocols['urn:oasis:names:tc:SAML:1.1:protocol'] = (array_intersect($set, $options) !== []);
+
+		// check IdP
+		$options = ['saml2', 'shib13', 'saml20-idp', 'shib13-idp'];
+		$this->roles['SAML2_XML_md_IDPSSODescriptor'] = (array_intersect($set, $options) !== []);
+
+		// check SP
+		$options = ['saml2', 'shib13', 'saml20-sp', 'shib13-sp'];
+		$this->roles['SAML2_XML_md_SPSSODescriptor'] = (array_intersect($set, $options) !== []);
+
+		// check AA
+		$options = ['saml2', 'shib13', 'saml20-aa', 'shib13-aa'];
+		$this->roles['SAML2_XML_md_AttributeAuthorityDescriptor'] = (array_intersect($set, $options) !== []);
+
+		$this->cacheId = sha1($this->cacheId.serialize($this->protocols).serialize($this->roles));
+	}
+
+
+	/**
+	 * Retrieve the complete, signed metadata as text.
+	 *
+	 * This function will write the new metadata to the cache file, but will not return
+	 * the cached metadata.
+	 *
+	 * @return string  The metadata, as text.
+	 */
+	public function updateCachedMetadata()
+	{
+		$ed = $this->getEntitiesDescriptor();
+		$ed = $this->exclude($ed);
+		$ed = $this->filter($ed);
+		$this->addSignature($ed);
+
+		$xml = $ed->toXML();
+		$xml = $xml->ownerDocument->saveXML($xml);
+
+		if ($this->cacheGenerated !== null) {
+			Logger::debug($this->logLoc.'Saving generated metadata to cache.');
+			$this->addCacheItem($this->cacheId, $xml, time() + $this->cacheGenerated, $this->cacheTag);
+		}
+
+		return $xml;
+	}
+
+
+	/**
+	 * Retrieve the complete, signed metadata as text.
+	 *
+	 * @return string  The metadata, as text.
+	 */
+	public function getMetadata()
+	{
+		if ($this->cacheGenerated !== null) {
+			$xml = $this->getCacheItem($this->cacheId, $this->cacheTag);
+			if ($xml !== null) {
+				Logger::debug($this->logLoc.'Loaded generated metadata from cache.');
+				return $xml;
+			}
+		}
+
+		return $this->updateCachedMetadata();
+	}
+
+
+	/**
+	 * Update the cached copy of our metadata.
+	 */
+	public function updateCache()
+	{
+		foreach ($this->sources as $source) {
+			$source->updateCache();
+		}
+
+		$this->updateCachedMetadata();
+	}
 }

templates/list.php

Indentation +20 added lines, -20 removed lines

@@ -6,29 +6,29 @@
 
 <?php
 if (count($this->data['sources']) === 0) {
-    echo "    <p>".$this->t('{aggregator2:aggregator:no_aggregators}')."</p>\n";
+	echo "    <p>".$this->t('{aggregator2:aggregator:no_aggregators}')."</p>\n";
 } else {
-    echo "    <ul>";
+	echo "    <ul>";
 
-    foreach ($this->data['sources'] as $id => $source) {
-        $encId = urlencode($id);
-        $params = [
-            'id' => $encId,
-        ];
-        echo str_repeat(' ', 8)."<li>\n";
-        echo str_repeat(' ', 12).'<a href="';
-        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params).'">'.htmlspecialchars($id)."</a>\n";
-        echo str_repeat(' ', 12).'<a href="';
-        $params['mimetype'] = 'text/plain';
-        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params).'">['.
-            $this->t('{aggregator2:aggregator:text}')."]</a>\n";
-        echo str_repeat(' ', 12).'<a href="';
-        $params['mimetype'] = 'application/xml';
-        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params)."\">[XML]</a>\n";
-        echo str_repeat(' ', 8)."</li>\n";
-    }
+	foreach ($this->data['sources'] as $id => $source) {
+		$encId = urlencode($id);
+		$params = [
+			'id' => $encId,
+		];
+		echo str_repeat(' ', 8)."<li>\n";
+		echo str_repeat(' ', 12).'<a href="';
+		echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params).'">'.htmlspecialchars($id)."</a>\n";
+		echo str_repeat(' ', 12).'<a href="';
+		$params['mimetype'] = 'text/plain';
+		echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params).'">['.
+			$this->t('{aggregator2:aggregator:text}')."]</a>\n";
+		echo str_repeat(' ', 12).'<a href="';
+		$params['mimetype'] = 'application/xml';
+		echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params)."\">[XML]</a>\n";
+		echo str_repeat(' ', 8)."</li>\n";
+	}
 
-    echo "    </ul>\n";
+	echo "    </ul>\n";
 }
 
 $this->includeAtTemplateBase('includes/footer.php');

Spacing +10 added lines, -10 removed lines

@@ -6,7 +6,7 @@ 
 
 <?php
 if (count($this->data['sources']) === 0) {
-    echo "    <p>".$this->t('{aggregator2:aggregator:no_aggregators}')."</p>\n";
+    echo "    <p>" . $this->t('{aggregator2:aggregator:no_aggregators}') . "</p>\n";
 } else {
     echo "    <ul>";
 
@@ -15,17 +15,17 @@ 
         $params = [
             'id' => $encId,
         ];
-        echo str_repeat(' ', 8)."<li>\n";
-        echo str_repeat(' ', 12).'<a href="';
-        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params).'">'.htmlspecialchars($id)."</a>\n";
-        echo str_repeat(' ', 12).'<a href="';
+        echo str_repeat(' ', 8) . "<li>\n";
+        echo str_repeat(' ', 12) . '<a href="';
+        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params) . '">' . htmlspecialchars($id) . "</a>\n";
+        echo str_repeat(' ', 12) . '<a href="';
         $params['mimetype'] = 'text/plain';
-        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params).'">['.
-            $this->t('{aggregator2:aggregator:text}')."]</a>\n";
-        echo str_repeat(' ', 12).'<a href="';
+        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params) . '">[' .
+            $this->t('{aggregator2:aggregator:text}') . "]</a>\n";
+        echo str_repeat(' ', 12) . '<a href="';
         $params['mimetype'] = 'application/xml';
-        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params)."\">[XML]</a>\n";
-        echo str_repeat(' ', 8)."</li>\n";
+        echo SimpleSAML\Module::getModuleURL('aggregator2/get.php', $params) . "\">[XML]</a>\n";
+        echo str_repeat(' ', 8) . "</li>\n";
     }
 
     echo "    </ul>\n";

config-templates/module_aggregator2.php

Indentation +38 added lines, -38 removed lines

@@ -2,35 +2,35 @@ 
 
 // This is the configuration file for the aggregator2-module
 $config = [
-    /*
+	/*
      * 'example' will be one set of aggregated metadata.
      * The aggregated metadata can be retrieved from:
      *   https://.../simplesaml/module.php/aggregator2/get.php?id=example
      */
-    'example' => [
-        // 'sources' is an array with the places we want to fetch metadata from
-        'sources' => [
-            /* Metadata validated by the https-certificate of the server. */
-            [
-                /* The URL we should fetch the metadata from. */
-                'url' => 'https://sp.example.org/metadata.xml',
+	'example' => [
+		// 'sources' is an array with the places we want to fetch metadata from
+		'sources' => [
+			/* Metadata validated by the https-certificate of the server. */
+			[
+				/* The URL we should fetch the metadata from. */
+				'url' => 'https://sp.example.org/metadata.xml',
 
-                /*
+				/*
                  * To enable validation of the https-certificate, we must
                  * specify a file with valid CA certificates.
                  *
                  * This can be an absolute path, or a path relative to the
                  * cert-directory.
                  */
-                'ssl.cafile' => '/etc/ssl/certs/ca-certificates.crt',
-            ],
+				'ssl.cafile' => '/etc/ssl/certs/ca-certificates.crt',
+			],
 
-            /* Metadata validated by its signature. */
-            [
-                /* The URL we should fetch the metadata from. */
-                'url' => 'http://idp.example.org/metadata.xml',
+			/* Metadata validated by its signature. */
+			[
+				/* The URL we should fetch the metadata from. */
+				'url' => 'http://idp.example.org/metadata.xml',
 
-                /*
+				/*
                  * To verify the signature in the metadata, we must specify
                  * a certificate that should be used. Note: This cannot
                  * be a CA certificate.
@@ -38,17 +38,17 @@ 
                  * This can be an absolute path, or a path relative to the
                  * cert-directory.
                  */
-                'cert' => 'idp.example.org.crt',
-            ],
+				'cert' => 'idp.example.org.crt',
+			],
 
-            /* Metadata from a file. */
-            [
-                'url' => '/var/simplesaml/somemetadata.xml',
-            ],
+			/* Metadata from a file. */
+			[
+				'url' => '/var/simplesaml/somemetadata.xml',
+			],
 
-        ],
+		],
 
-        /*
+		/*
          * Update this metadata during this cron tag.
          *
          * For this option to work, you must configure the cron-module,
@@ -57,9 +57,9 @@ 
          * This option is optional. If cron is not configured, the metadata
          * caches will be updated when receiving requests for metadata.
          */
-        'cron.tag' => 'hourly',
+		'cron.tag' => 'hourly',
 
-        /*
+		/*
          * The directory we will store downloaded and generated metadata.
          * This directory must be writeable by the web-server.
          *
@@ -67,9 +67,9 @@ 
          * aggregated metadata will result in the aggregator fetching and
          * parsing all metadata sources.
          */
-        'cache.directory' => '/var/cache/simplesaml-aggregator2',
+		'cache.directory' => '/var/cache/simplesaml-aggregator2',
 
-        /*
+		/*
          * This is the number of seconds we will cache the metadata file we generate.
          * This should be a longer time than the interval between each time the cron
          * job is executed.
@@ -77,34 +77,34 @@ 
          * This option is optional. If unspecified, the metadata will be generated
          * on every request.
          */
-        'cache.generated' => 24*60*60,
+		'cache.generated' => 24*60*60,
 
-        /*
+		/*
          * The generated metadata will have a validUntil set to the time it is generated
          * plus this number of seconds.
          */
-        'valid.length' => 7*24*60*60,
+		'valid.length' => 7*24*60*60,
 
-        /*
+		/*
          * The private key we should use to sign the metadata, in pem-format.
          *
          * This is optional. If it is not specified, the metadata will not be signed.
          */
-        'sign.privatekey' => 'metadata.pem',
+		'sign.privatekey' => 'metadata.pem',
 
-        /*
+		/*
          * The password for the private key.
          *
          * Optional, the private key is assumed to be unencrypted if this option
          * isn't set.
          */
-        'sign.privatekey_pass' => 'secret',
+		'sign.privatekey_pass' => 'secret',
 
-        /*
+		/*
          * The certificate that corresponds to the private key.
          *
          * If specified, the certificate will be included in the signature in the metadata.
          */
-        'sign.certificate' => 'metadata.crt',
-    ],
+		'sign.certificate' => 'metadata.crt',
+	],
 ];

tests/bootstrap.php

Indentation +2 added lines, -2 removed lines

@@ -6,7 +6,7 @@
 // Symlink module into ssp vendor lib so that templates and urls can resolve correctly
 $linkPath = $projectRoot.'/vendor/simplesamlphp/simplesamlphp/modules/aggregator2';
 if (file_exists($linkPath) === false) {
-    echo "Linking '$linkPath' to '$projectRoot'\n";
-    symlink($projectRoot, $linkPath);
+	echo "Linking '$linkPath' to '$projectRoot'\n";
+	symlink($projectRoot, $linkPath);
 }
 

Spacing +2 added lines, -2 removed lines

@@ -1,10 +1,10 @@
 <?php
 
 $projectRoot = dirname(__DIR__);
-require_once($projectRoot.'/vendor/autoload.php');
+require_once($projectRoot . '/vendor/autoload.php');
 
 // Symlink module into ssp vendor lib so that templates and urls can resolve correctly
-$linkPath = $projectRoot.'/vendor/simplesamlphp/simplesamlphp/modules/aggregator2';
+$linkPath = $projectRoot . '/vendor/simplesamlphp/simplesamlphp/modules/aggregator2';
 if (file_exists($linkPath) === false) {
     echo "Linking '$linkPath' to '$projectRoot'\n";
     symlink($projectRoot, $linkPath);

hooks/hook_cron.php

Indentation +20 added lines, -20 removed lines

@@ -7,28 +7,28 @@
  */
 function aggregator2_hook_cron(&$croninfo)
 {
-    assert('is_array($croninfo)');
-    assert('array_key_exists("summary", $croninfo)');
-    assert('array_key_exists("tag", $croninfo)');
+	assert('is_array($croninfo)');
+	assert('array_key_exists("summary", $croninfo)');
+	assert('array_key_exists("tag", $croninfo)');
 
-    $cronTag = $croninfo['tag'];
+	$cronTag = $croninfo['tag'];
 
-    $config = \SimpleSAML\Configuration::getConfig('module_aggregator2.php');
-    $config = $config->toArray();
+	$config = \SimpleSAML\Configuration::getConfig('module_aggregator2.php');
+	$config = $config->toArray();
 
-    foreach ($config as $id => $c) {
-        if (!isset($c['cron.tag'])) {
-            continue;
-        }
-        if ($c['cron.tag'] !== $cronTag) {
-            continue;
-        }
+	foreach ($config as $id => $c) {
+		if (!isset($c['cron.tag'])) {
+			continue;
+		}
+		if ($c['cron.tag'] !== $cronTag) {
+			continue;
+		}
 
-        try {
-            $a = \SimpleSAML\Module\aggregator2\Aggregator::getAggregator($id);
-            $a->updateCache();
-        } catch (\Exception $e) {
-            $croninfo['summary'][] = 'Error during aggregator2 cacheupdate: ' . $e->getMessage();
-        }
-    }
+		try {
+			$a = \SimpleSAML\Module\aggregator2\Aggregator::getAggregator($id);
+			$a->updateCache();
+		} catch (\Exception $e) {
+			$croninfo['summary'][] = 'Error during aggregator2 cacheupdate: ' . $e->getMessage();
+		}
+	}
 }

hooks/hook_frontpage.php

Indentation +6 added lines, -6 removed lines

@@ -7,11 +7,11 @@
  */
 function aggregator2_hook_frontpage(&$links)
 {
-    assert('is_array($links)');
-    assert('array_key_exists("links", $links)');
+	assert('is_array($links)');
+	assert('array_key_exists("links", $links)');
 
-    $links['federation'][] = [
-        'href' => \SimpleSAML\Module::getModuleURL('aggregator2/'),
-        'text' => '{aggregator2:aggregator:frontpage_link}',
-    ];
+	$links['federation'][] = [
+		'href' => \SimpleSAML\Module::getModuleURL('aggregator2/'),
+		'text' => '{aggregator2:aggregator:frontpage_link}',
+	];
 }

lib/EntitySource.php

Indentation +233 added lines, -233 removed lines

@@ -21,237 +21,237 @@
  */
 class EntitySource
 {
-    /**
-     * Our log "location".
-     *
-     * @var string
-     */
-    protected $logLoc;
-
-    /**
-     * The aggregator we belong to.
-     *
-     * @var \SimpleSAML\Module\aggregator2\Aggregator
-     */
-    protected $aggregator;
-
-    /**
-     * The URL we should fetch it from.
-     *
-     * @var string
-     */
-    protected $url;
-
-    /**
-     * The SSL CA file that should be used to validate the connection.
-     *
-     * @var string|null
-     */
-    protected $sslCAFile;
-
-    /**
-     * The certificate we should use to validate downloaded metadata.
-     *
-     * @var string|null
-     */
-    protected $certificate;
-
-    /**
-     * The parsed metadata.
-     *
-     * @var \SAML2\XML\md\EntitiesDescriptor|\SAML2\XML\md\EntityDescriptor|null
-     */
-    protected $metadata;
-
-    /**
-     * The cache ID.
-     *
-     * @var string
-     */
-    protected $cacheId;
-
-    /**
-     * The cache tag.
-     *
-     * @var string
-     */
-    protected $cacheTag;
-
-    /**
-     * Whether we have attempted to update the cache already.
-     *
-     * @var bool
-     */
-    protected $updateAttempted;
-
-
-    /**
-     * Initialize this EntitySource.
-     *
-     * @param \SimpleSAML\Configuration $config  The configuration.
-     */
-    public function __construct(Aggregator $aggregator, Configuration $config)
-    {
-        $this->logLoc = 'aggregator2:'.$aggregator->getId().': ';
-        $this->aggregator = $aggregator;
-
-        $this->url = $config->getString('url');
-        $this->sslCAFile = $config->getString('ssl.cafile', null);
-        if ($this->sslCAFile === null) {
-            $this->sslCAFile = $aggregator->getCAFile();
-        }
-
-        $this->certificate = $config->getString('cert', null);
-
-        $this->cacheId = sha1($this->url);
-        $this->cacheTag = sha1(serialize($config));
-    }
-
-
-    /**
-     * Retrieve and parse the metadata.
-     *
-     * @return \SAML2\XML\md\EntitiesDescriptor|\SAML2\XML\md\EntityDescriptor|null
-     * The downloaded metadata or NULL if we were unable to download or parse it.
-     */
-    private function downloadMetadata()
-    {
-        Logger::debug($this->logLoc.'Downloading metadata from '.var_export($this->url, true));
-
-        $context = ['ssl' => []];
-        if ($this->sslCAFile !== null) {
-            $context['ssl']['cafile'] = Config::getCertPath($this->sslCAFile);
-            Logger::debug($this->logLoc.'Validating https connection against CA certificate(s) found in '.
-                var_export($context['ssl']['cafile'], true));
-            $context['ssl']['verify_peer'] = true;
-            $context['ssl']['CN_match'] = parse_url($this->url, PHP_URL_HOST);
-        }
-
-        $data = HTTP::fetch($this->url, $context);
-        if ($data === false || $data === null) {
-            Logger::error($this->logLoc.'Unable to load metadata from '.var_export($this->url, true));
-            return null;
-        }
-
-        $doc = new \DOMDocument();
-        $res = $doc->loadXML($data);
-        if (!$res) {
-            Logger::error($this->logLoc.'Error parsing XML from '.var_export($this->url, true));
-            return null;
-        }
-
-        $root = Utils::xpQuery($doc->firstChild, '/saml_metadata:EntityDescriptor|/saml_metadata:EntitiesDescriptor');
-        if (count($root) === 0) {
-            Logger::error($this->logLoc.'No <EntityDescriptor> or <EntitiesDescriptor> in metadata from '.
-                var_export($this->url, true));
-            return null;
-        }
-
-        if (count($root) > 1) {
-            Logger::error($this->logLoc.'More than one <EntityDescriptor> or <EntitiesDescriptor> in metadata from '.
-                var_export($this->url, true));
-            return null;
-        }
-
-        $root = $root[0];
-        try {
-            if ($root->localName === 'EntityDescriptor') {
-                $md = new EntityDescriptor($root);
-            } else {
-                $md = new EntitiesDescriptor($root);
-            }
-        } catch (\Exception $e) {
-            Logger::error($this->logLoc.'Unable to parse metadata from '.
-                var_export($this->url, true).': '.$e->getMessage());
-            return null;
-        }
-
-        if ($this->certificate !== null) {
-            $file = Config::getCertPath($this->certificate);
-            $certData = file_get_contents($file);
-            if ($certData === false) {
-                throw new Exception('Error loading certificate from '.var_export($file, true));
-            }
-
-            // Extract the public key from the certificate for validation
-            $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type'=>'public']);
-            $key->loadKey($file, true);
-
-            if (!$md->validate($key)) {
-                Logger::error($this->logLoc.'Error validating signature on metadata.');
-                return null;
-            }
-            Logger::debug($this->logLoc.'Validated signature on metadata from '.var_export($this->url, true));
-        }
-
-        return $md;
-    }
-
-
-    /**
-     * Attempt to update our cache file.
-     */
-    public function updateCache()
-    {
-        if ($this->updateAttempted) {
-            return;
-        }
-        $this->updateAttempted = true;
-
-        $this->metadata = $this->downloadMetadata();
-        if ($this->metadata === null) {
-            return;
-        }
-
-        $expires = time() + 24*60*60; // Default expires in one day
-
-        if ($this->metadata->validUntil !== null && $this->metadata->validUntil < $expires) {
-            $expires = $this->metadata->validUntil;
-        }
-
-        $metadataSerialized = serialize($this->metadata);
-
-        $this->aggregator->addCacheItem($this->cacheId, $metadataSerialized, $expires, $this->cacheTag);
-    }
-
-
-    /**
-     * Retrieve the metadata file.
-     *
-     * This function will check its cached copy, to see whether it can be used.
-     *
-     * @return \SAML2\XML\md\EntityDescriptor|\SAML2\XML\md\EntitiesDescriptor|null  The downloaded metadata.
-     */
-    public function getMetadata()
-    {
-        if ($this->metadata !== null) {
-            /* We have already downloaded the metdata. */
-            return $this->metadata;
-        }
-
-        if (!$this->aggregator->isCacheValid($this->cacheId, $this->cacheTag)) {
-            $this->updateCache();
-            if ($this->metadata !== null) {
-                return $this->metadata;
-            }
-            /* We were unable to update the cache - use cached metadata. */
-        }
-
-        $cacheFile = $this->aggregator->getCacheFile($this->cacheId);
-
-        if (!file_exists($cacheFile)) {
-            Logger::error($this->logLoc . 'No cached metadata available.');
-            return null;
-        }
-
-        Logger::debug($this->logLoc.'Using cached metadata from '.var_export($cacheFile, true));
-
-        $metadata = file_get_contents($cacheFile);
-        if ($metadata !== null) {
-            $this->metadata = unserialize($metadata);
-            return $this->metadata;
-        }
-
-        return null;
-    }
+	/**
+	 * Our log "location".
+	 *
+	 * @var string
+	 */
+	protected $logLoc;
+
+	/**
+	 * The aggregator we belong to.
+	 *
+	 * @var \SimpleSAML\Module\aggregator2\Aggregator
+	 */
+	protected $aggregator;
+
+	/**
+	 * The URL we should fetch it from.
+	 *
+	 * @var string
+	 */
+	protected $url;
+
+	/**
+	 * The SSL CA file that should be used to validate the connection.
+	 *
+	 * @var string|null
+	 */
+	protected $sslCAFile;
+
+	/**
+	 * The certificate we should use to validate downloaded metadata.
+	 *
+	 * @var string|null
+	 */
+	protected $certificate;
+
+	/**
+	 * The parsed metadata.
+	 *
+	 * @var \SAML2\XML\md\EntitiesDescriptor|\SAML2\XML\md\EntityDescriptor|null
+	 */
+	protected $metadata;
+
+	/**
+	 * The cache ID.
+	 *
+	 * @var string
+	 */
+	protected $cacheId;
+
+	/**
+	 * The cache tag.
+	 *
+	 * @var string
+	 */
+	protected $cacheTag;
+
+	/**
+	 * Whether we have attempted to update the cache already.
+	 *
+	 * @var bool
+	 */
+	protected $updateAttempted;
+
+
+	/**
+	 * Initialize this EntitySource.
+	 *
+	 * @param \SimpleSAML\Configuration $config  The configuration.
+	 */
+	public function __construct(Aggregator $aggregator, Configuration $config)
+	{
+		$this->logLoc = 'aggregator2:'.$aggregator->getId().': ';
+		$this->aggregator = $aggregator;
+
+		$this->url = $config->getString('url');
+		$this->sslCAFile = $config->getString('ssl.cafile', null);
+		if ($this->sslCAFile === null) {
+			$this->sslCAFile = $aggregator->getCAFile();
+		}
+
+		$this->certificate = $config->getString('cert', null);
+
+		$this->cacheId = sha1($this->url);
+		$this->cacheTag = sha1(serialize($config));
+	}
+
+
+	/**
+	 * Retrieve and parse the metadata.
+	 *
+	 * @return \SAML2\XML\md\EntitiesDescriptor|\SAML2\XML\md\EntityDescriptor|null
+	 * The downloaded metadata or NULL if we were unable to download or parse it.
+	 */
+	private function downloadMetadata()
+	{
+		Logger::debug($this->logLoc.'Downloading metadata from '.var_export($this->url, true));
+
+		$context = ['ssl' => []];
+		if ($this->sslCAFile !== null) {
+			$context['ssl']['cafile'] = Config::getCertPath($this->sslCAFile);
+			Logger::debug($this->logLoc.'Validating https connection against CA certificate(s) found in '.
+				var_export($context['ssl']['cafile'], true));
+			$context['ssl']['verify_peer'] = true;
+			$context['ssl']['CN_match'] = parse_url($this->url, PHP_URL_HOST);
+		}
+
+		$data = HTTP::fetch($this->url, $context);
+		if ($data === false || $data === null) {
+			Logger::error($this->logLoc.'Unable to load metadata from '.var_export($this->url, true));
+			return null;
+		}
+
+		$doc = new \DOMDocument();
+		$res = $doc->loadXML($data);
+		if (!$res) {
+			Logger::error($this->logLoc.'Error parsing XML from '.var_export($this->url, true));
+			return null;
+		}
+
+		$root = Utils::xpQuery($doc->firstChild, '/saml_metadata:EntityDescriptor|/saml_metadata:EntitiesDescriptor');
+		if (count($root) === 0) {
+			Logger::error($this->logLoc.'No <EntityDescriptor> or <EntitiesDescriptor> in metadata from '.
+				var_export($this->url, true));
+			return null;
+		}
+
+		if (count($root) > 1) {
+			Logger::error($this->logLoc.'More than one <EntityDescriptor> or <EntitiesDescriptor> in metadata from '.
+				var_export($this->url, true));
+			return null;
+		}
+
+		$root = $root[0];
+		try {
+			if ($root->localName === 'EntityDescriptor') {
+				$md = new EntityDescriptor($root);
+			} else {
+				$md = new EntitiesDescriptor($root);
+			}
+		} catch (\Exception $e) {
+			Logger::error($this->logLoc.'Unable to parse metadata from '.
+				var_export($this->url, true).': '.$e->getMessage());
+			return null;
+		}
+
+		if ($this->certificate !== null) {
+			$file = Config::getCertPath($this->certificate);
+			$certData = file_get_contents($file);
+			if ($certData === false) {
+				throw new Exception('Error loading certificate from '.var_export($file, true));
+			}
+
+			// Extract the public key from the certificate for validation
+			$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type'=>'public']);
+			$key->loadKey($file, true);
+
+			if (!$md->validate($key)) {
+				Logger::error($this->logLoc.'Error validating signature on metadata.');
+				return null;
+			}
+			Logger::debug($this->logLoc.'Validated signature on metadata from '.var_export($this->url, true));
+		}
+
+		return $md;
+	}
+
+
+	/**
+	 * Attempt to update our cache file.
+	 */
+	public function updateCache()
+	{
+		if ($this->updateAttempted) {
+			return;
+		}
+		$this->updateAttempted = true;
+
+		$this->metadata = $this->downloadMetadata();
+		if ($this->metadata === null) {
+			return;
+		}
+
+		$expires = time() + 24*60*60; // Default expires in one day
+
+		if ($this->metadata->validUntil !== null && $this->metadata->validUntil < $expires) {
+			$expires = $this->metadata->validUntil;
+		}
+
+		$metadataSerialized = serialize($this->metadata);
+
+		$this->aggregator->addCacheItem($this->cacheId, $metadataSerialized, $expires, $this->cacheTag);
+	}
+
+
+	/**
+	 * Retrieve the metadata file.
+	 *
+	 * This function will check its cached copy, to see whether it can be used.
+	 *
+	 * @return \SAML2\XML\md\EntityDescriptor|\SAML2\XML\md\EntitiesDescriptor|null  The downloaded metadata.
+	 */
+	public function getMetadata()
+	{
+		if ($this->metadata !== null) {
+			/* We have already downloaded the metdata. */
+			return $this->metadata;
+		}
+
+		if (!$this->aggregator->isCacheValid($this->cacheId, $this->cacheTag)) {
+			$this->updateCache();
+			if ($this->metadata !== null) {
+				return $this->metadata;
+			}
+			/* We were unable to update the cache - use cached metadata. */
+		}
+
+		$cacheFile = $this->aggregator->getCacheFile($this->cacheId);
+
+		if (!file_exists($cacheFile)) {
+			Logger::error($this->logLoc . 'No cached metadata available.');
+			return null;
+		}
+
+		Logger::debug($this->logLoc.'Using cached metadata from '.var_export($cacheFile, true));
+
+		$metadata = file_get_contents($cacheFile);
+		if ($metadata !== null) {
+			$this->metadata = unserialize($metadata);
+			return $this->metadata;
+		}
+
+		return null;
+	}
 }

Spacing +13 added lines, -13 removed lines

@@ -92,7 +92,7 @@ 
      */
     public function __construct(Aggregator $aggregator, Configuration $config)
     {
-        $this->logLoc = 'aggregator2:'.$aggregator->getId().': ';
+        $this->logLoc = 'aggregator2:' . $aggregator->getId() . ': ';
         $this->aggregator = $aggregator;
 
         $this->url = $config->getString('url');
@@ -116,12 +116,12 @@ 
      */
     private function downloadMetadata()
     {
-        Logger::debug($this->logLoc.'Downloading metadata from '.var_export($this->url, true));
+        Logger::debug($this->logLoc . 'Downloading metadata from ' . var_export($this->url, true));
 
         $context = ['ssl' => []];
         if ($this->sslCAFile !== null) {
             $context['ssl']['cafile'] = Config::getCertPath($this->sslCAFile);
-            Logger::debug($this->logLoc.'Validating https connection against CA certificate(s) found in '.
+            Logger::debug($this->logLoc . 'Validating https connection against CA certificate(s) found in ' .
                 var_export($context['ssl']['cafile'], true));
             $context['ssl']['verify_peer'] = true;
             $context['ssl']['CN_match'] = parse_url($this->url, PHP_URL_HOST);
@@ -129,26 +129,26 @@ 
 
         $data = HTTP::fetch($this->url, $context);
         if ($data === false || $data === null) {
-            Logger::error($this->logLoc.'Unable to load metadata from '.var_export($this->url, true));
+            Logger::error($this->logLoc . 'Unable to load metadata from ' . var_export($this->url, true));
             return null;
         }
 
         $doc = new \DOMDocument();
         $res = $doc->loadXML($data);
         if (!$res) {
-            Logger::error($this->logLoc.'Error parsing XML from '.var_export($this->url, true));
+            Logger::error($this->logLoc . 'Error parsing XML from ' . var_export($this->url, true));
             return null;
         }
 
         $root = Utils::xpQuery($doc->firstChild, '/saml_metadata:EntityDescriptor|/saml_metadata:EntitiesDescriptor');
         if (count($root) === 0) {
-            Logger::error($this->logLoc.'No <EntityDescriptor> or <EntitiesDescriptor> in metadata from '.
+            Logger::error($this->logLoc . 'No <EntityDescriptor> or <EntitiesDescriptor> in metadata from ' .
                 var_export($this->url, true));
             return null;
         }
 
         if (count($root) > 1) {
-            Logger::error($this->logLoc.'More than one <EntityDescriptor> or <EntitiesDescriptor> in metadata from '.
+            Logger::error($this->logLoc . 'More than one <EntityDescriptor> or <EntitiesDescriptor> in metadata from ' .
                 var_export($this->url, true));
             return null;
         }
@@ -161,8 +161,8 @@ 
                 $md = new EntitiesDescriptor($root);
             }
         } catch (\Exception $e) {
-            Logger::error($this->logLoc.'Unable to parse metadata from '.
-                var_export($this->url, true).': '.$e->getMessage());
+            Logger::error($this->logLoc . 'Unable to parse metadata from ' .
+                var_export($this->url, true) . ': ' . $e->getMessage());
             return null;
         }
 
@@ -170,7 +170,7 @@ 
             $file = Config::getCertPath($this->certificate);
             $certData = file_get_contents($file);
             if ($certData === false) {
-                throw new Exception('Error loading certificate from '.var_export($file, true));
+                throw new Exception('Error loading certificate from ' . var_export($file, true));
             }
 
             // Extract the public key from the certificate for validation
@@ -178,10 +178,10 @@ 
             $key->loadKey($file, true);
 
             if (!$md->validate($key)) {
-                Logger::error($this->logLoc.'Error validating signature on metadata.');
+                Logger::error($this->logLoc . 'Error validating signature on metadata.');
                 return null;
             }
-            Logger::debug($this->logLoc.'Validated signature on metadata from '.var_export($this->url, true));
+            Logger::debug($this->logLoc . 'Validated signature on metadata from ' . var_export($this->url, true));
         }
 
         return $md;
@@ -244,7 +244,7 @@ 
             return null;
         }
 
-        Logger::debug($this->logLoc.'Using cached metadata from '.var_export($cacheFile, true));
+        Logger::debug($this->logLoc . 'Using cached metadata from ' . var_export($cacheFile, true));
 
         $metadata = file_get_contents($cacheFile);
         if ($metadata !== null) {

www/get.php

Indentation +8 added lines, -8 removed lines

@@ -1,18 +1,18 @@ 
 <?php
 
 if (!isset($_REQUEST['id'])) {
-    throw new \SimpleSAML\Error\BadRequest('Missing required parameter "id".');
+	throw new \SimpleSAML\Error\BadRequest('Missing required parameter "id".');
 }
 $id = strval($_REQUEST['id']);
 
 $set = null;
 if (isset($_REQUEST['set'])) {
-    $set = explode(',', $_REQUEST['set']);
+	$set = explode(',', $_REQUEST['set']);
 }
 
 $excluded_entities = null;
 if (isset($_REQUEST['exclude'])) {
-    $excluded_entities = explode(',', $_REQUEST['exclude']);
+	$excluded_entities = explode(',', $_REQUEST['exclude']);
 }
 
 $aggregator = \SimpleSAML\Module\aggregator2\Aggregator::getAggregator($id);
@@ -22,17 +22,17 @@ 
 
 $mimetype = 'application/samlmetadata+xml';
 $allowedmimetypes = [
-    'text/plain',
-    'application/samlmetadata-xml',
-    'application/xml',
+	'text/plain',
+	'application/samlmetadata-xml',
+	'application/xml',
 ];
 
 if (isset($_GET['mimetype']) && in_array($_GET['mimetype'], $allowedmimetypes)) {
-    $mimetype = $_GET['mimetype'];
+	$mimetype = $_GET['mimetype'];
 }
 
 if ($mimetype === 'text/plain') {
-    $xml = \SimpleSAML\Utils\XML::formatXMLString($xml);
+	$xml = \SimpleSAML\Utils\XML::formatXMLString($xml);
 }
 
 header('Content-Type: '.$mimetype);

Spacing +2 added lines, -2 removed lines

@@ -35,13 +35,13 @@
     $xml = \SimpleSAML\Utils\XML::formatXMLString($xml);
 }
 
-header('Content-Type: '.$mimetype);
+header('Content-Type: ' . $mimetype);
 header('Content-Length: ' . strlen($xml));
 
 /*
  * At this point, if the ID was forged, getMetadata() would
  * have failed to find a valid metadata set, so we can trust it.
  */
-header('Content-Disposition: filename='.$id.'.xml');
+header('Content-Disposition: filename=' . $id . '.xml');
 
 echo $xml;