|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the LightSAML-Core package. |
|
5
|
|
|
* |
|
6
|
|
|
* (c) Milos Tomic <[email protected]> |
|
7
|
|
|
* |
|
8
|
|
|
* This source file is subject to the MIT license that is bundled |
|
9
|
|
|
* with this source code in the file LICENSE. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace LightSaml; |
|
13
|
|
|
|
|
14
|
|
|
abstract class SamlConstants |
|
15
|
|
|
{ |
|
16
|
|
|
const PROTOCOL_SAML2 = 'urn:oasis:names:tc:SAML:2.0:protocol'; |
|
17
|
|
|
const PROTOCOL_SAML1 = 'urn:oasis:names:tc:SAML:1.0:protocol'; |
|
18
|
|
|
const PROTOCOL_SAML11 = 'urn:oasis:names:tc:SAML:1.1:protocol'; |
|
19
|
|
|
const PROTOCOL_SHIB1 = 'urn:mace:shibboleth:1.0'; |
|
20
|
|
|
const PROTOCOL_WS_FED = 'http://schemas.xmlsoap.org/ws/2003/07/secext???'; |
|
21
|
|
|
|
|
22
|
|
|
const VERSION_20 = '2.0'; |
|
23
|
|
|
|
|
24
|
|
|
const NS_PROTOCOL = 'urn:oasis:names:tc:SAML:2.0:protocol'; |
|
25
|
|
|
const NS_METADATA = 'urn:oasis:names:tc:SAML:2.0:metadata'; |
|
26
|
|
|
const NS_ASSERTION = 'urn:oasis:names:tc:SAML:2.0:assertion'; |
|
27
|
|
|
const NS_XMLDSIG = 'http://www.w3.org/2000/09/xmldsig#'; |
|
28
|
|
|
|
|
29
|
|
|
const NAME_ID_FORMAT_NONE = null; |
|
30
|
|
|
const NAME_ID_FORMAT_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'; |
|
31
|
|
|
const NAME_ID_FORMAT_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'; |
|
32
|
|
|
const NAME_ID_FORMAT_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'; |
|
33
|
|
|
const NAME_ID_FORMAT_EMAIL = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'; |
|
34
|
|
|
const NAME_ID_FORMAT_SHIB_NAME_ID = 'urn:mace:shibboleth:1.0:nameIdentifier'; |
|
35
|
|
|
const NAME_ID_FORMAT_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'; |
|
36
|
|
|
const NAME_ID_FORMAT_WINDOWS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName'; |
|
37
|
|
|
const NAME_ID_FORMAT_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos'; |
|
38
|
|
|
const NAME_ID_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'; |
|
39
|
|
|
|
|
40
|
|
|
const BINDING_SAML2_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'; |
|
41
|
|
|
const BINDING_SAML2_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'; |
|
42
|
|
|
const BINDING_SAML2_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'; |
|
43
|
|
|
const BINDING_SAML2_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'; |
|
44
|
|
|
const BINDING_SAML2_HTTP_POST_SIMPLE_SIGN = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign'; |
|
45
|
|
|
const BINDING_SHIB1_AUTHN_REQUEST = 'urn:mace:shibboleth:1.0:profiles:AuthnRequest'; |
|
46
|
|
|
const BINDING_SAML1_BROWSER_POST = 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post'; |
|
47
|
|
|
const BINDING_SAML1_ARTIFACT1 = 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01'; |
|
48
|
|
|
const BINDING_WS_FED_WEB_SVC = 'http://schemas.xmlsoap.org/ws/2003/07/secext'; |
|
49
|
|
|
|
|
50
|
|
|
const STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success'; |
|
51
|
|
|
const STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester'; |
|
52
|
|
|
const STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder'; |
|
53
|
|
|
const STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch'; |
|
54
|
|
|
const STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive'; |
|
55
|
|
|
const STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout'; |
|
56
|
|
|
const STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded'; |
|
57
|
|
|
const STATUS_INVALID_NAME_ID_POLICY = 'urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy'; |
|
58
|
|
|
const STATUS_UNSUPPORTED_BINDING = 'urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding'; |
|
59
|
|
|
|
|
60
|
|
|
const XMLSEC_TRANSFORM_ALGORITHM_ENVELOPED_SIGNATURE = 'http://www.w3.org/2000/09/xmldsig#enveloped-signature'; |
|
61
|
|
|
|
|
62
|
|
|
const CONSENT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:consent:unspecified'; |
|
63
|
|
|
|
|
64
|
|
|
const CONFIRMATION_METHOD_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer'; |
|
65
|
|
|
const CONFIRMATION_METHOD_HOK = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key'; |
|
66
|
|
|
const CONFIRMATION_METHOD_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches'; |
|
67
|
|
|
|
|
68
|
|
|
const AUTHN_CONTEXT_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'; |
|
69
|
|
|
const AUTHN_CONTEXT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified'; |
|
70
|
|
|
const AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'; |
|
71
|
|
|
const AUTHN_CONTEXT_WINDOWS = 'urn:federation:authentication:windows'; |
|
72
|
|
|
|
|
73
|
|
|
const ENCODING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'; |
|
74
|
|
|
|
|
75
|
|
|
const LOGOUT_REASON_USER = 'urn:oasis:names:tc:SAML:2.0:logout:user'; |
|
76
|
|
|
const LOGOUT_REASON_ADMIN = 'urn:oasis:names:tc:SAML:2.0:logout:admin'; |
|
77
|
|
|
const LOGOUT_REASON_GLOBAL_TIMEOUT = 'urn:oasis:names:tc:SAML:2.0:logout:global-timeout'; |
|
78
|
|
|
const LOGOUT_REASON_SP_TIMEOUT = 'urn:oasis:names:tc:SAML:2.0:logout:sp-timeout'; |
|
79
|
|
|
|
|
80
|
|
|
const XMLDSIG_DIGEST_MD5 = 'http://www.w3.org/2001/04/xmldsig-more#md5'; |
|
81
|
|
|
|
|
82
|
|
|
const ATTRIBUTE_NAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'; |
|
83
|
|
|
|
|
84
|
|
|
/** |
|
85
|
|
|
* @param string $value |
|
86
|
|
|
* |
|
87
|
|
|
* @return bool |
|
88
|
|
|
*/ |
|
89
|
6 |
|
public static function isProtocolValid($value) |
|
90
|
|
|
{ |
|
91
|
6 |
|
static $arr = array( |
|
92
|
|
|
self::PROTOCOL_SAML2, |
|
93
|
|
|
self::PROTOCOL_SAML1, |
|
94
|
|
|
self::PROTOCOL_SAML11, |
|
95
|
|
|
self::PROTOCOL_SHIB1, |
|
96
|
|
|
self::PROTOCOL_WS_FED, |
|
97
|
|
|
); |
|
98
|
|
|
|
|
99
|
6 |
|
return in_array($value, $arr); |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
|
|
/** |
|
103
|
|
|
* @param string $value |
|
104
|
|
|
* |
|
105
|
|
|
* @return bool |
|
106
|
|
|
*/ |
|
107
|
5 |
View Code Duplication |
public static function isNsValid($value) |
|
|
|
|
|
|
108
|
|
|
{ |
|
109
|
5 |
|
static $arr = array( |
|
110
|
|
|
self::NS_PROTOCOL, |
|
111
|
|
|
self::NS_METADATA, |
|
112
|
|
|
self::NS_ASSERTION, |
|
113
|
|
|
self::NS_XMLDSIG, |
|
114
|
|
|
); |
|
115
|
|
|
|
|
116
|
5 |
|
return in_array($value, $arr); |
|
117
|
|
|
} |
|
118
|
|
|
|
|
119
|
|
|
/** |
|
120
|
|
|
* @param string $value |
|
121
|
|
|
* |
|
122
|
|
|
* @return bool |
|
123
|
|
|
*/ |
|
124
|
11 |
View Code Duplication |
public static function isNameIdFormatValid($value) |
|
|
|
|
|
|
125
|
|
|
{ |
|
126
|
11 |
|
static $arr = array( |
|
127
|
|
|
self::NAME_ID_FORMAT_NONE, |
|
128
|
|
|
self::NAME_ID_FORMAT_ENTITY, |
|
129
|
|
|
self::NAME_ID_FORMAT_PERSISTENT, |
|
130
|
|
|
self::NAME_ID_FORMAT_TRANSIENT, |
|
131
|
|
|
self::NAME_ID_FORMAT_EMAIL, |
|
132
|
|
|
self::NAME_ID_FORMAT_SHIB_NAME_ID, |
|
133
|
|
|
self::NAME_ID_FORMAT_X509_SUBJECT_NAME, |
|
134
|
|
|
self::NAME_ID_FORMAT_WINDOWS, |
|
135
|
|
|
self::NAME_ID_FORMAT_KERBEROS, |
|
136
|
|
|
self::NAME_ID_FORMAT_UNSPECIFIED, |
|
137
|
|
|
); |
|
138
|
|
|
|
|
139
|
11 |
|
return in_array($value, $arr); |
|
140
|
|
|
} |
|
141
|
|
|
|
|
142
|
|
|
/** |
|
143
|
|
|
* @param string $value |
|
144
|
|
|
* |
|
145
|
|
|
* @return bool |
|
146
|
|
|
*/ |
|
147
|
10 |
View Code Duplication |
public static function isBindingValid($value) |
|
|
|
|
|
|
148
|
|
|
{ |
|
149
|
10 |
|
static $arr = array( |
|
150
|
|
|
self::BINDING_SAML2_HTTP_REDIRECT, |
|
151
|
|
|
self::BINDING_SAML2_HTTP_POST, |
|
152
|
|
|
self::BINDING_SAML2_HTTP_ARTIFACT, |
|
153
|
|
|
self::BINDING_SAML2_SOAP, |
|
154
|
|
|
self::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN, |
|
155
|
|
|
self::BINDING_SHIB1_AUTHN_REQUEST, |
|
156
|
|
|
self::BINDING_SAML1_BROWSER_POST, |
|
157
|
|
|
self::BINDING_SAML1_ARTIFACT1, |
|
158
|
|
|
self::BINDING_WS_FED_WEB_SVC, |
|
159
|
|
|
); |
|
160
|
|
|
|
|
161
|
10 |
|
return in_array($value, $arr); |
|
162
|
|
|
} |
|
163
|
|
|
|
|
164
|
|
|
/** |
|
165
|
|
|
* @param string $value |
|
166
|
|
|
* |
|
167
|
|
|
* @return bool |
|
168
|
|
|
*/ |
|
169
|
10 |
View Code Duplication |
public static function isStatusValid($value) |
|
|
|
|
|
|
170
|
|
|
{ |
|
171
|
10 |
|
static $arr = array( |
|
172
|
|
|
self::STATUS_SUCCESS, |
|
173
|
|
|
self::STATUS_REQUESTER, |
|
174
|
|
|
self::STATUS_RESPONDER, |
|
175
|
|
|
self::STATUS_VERSION_MISMATCH, |
|
176
|
|
|
self::STATUS_NO_PASSIVE, |
|
177
|
|
|
self::STATUS_PARTIAL_LOGOUT, |
|
178
|
|
|
self::STATUS_PROXY_COUNT_EXCEEDED, |
|
179
|
|
|
self::STATUS_INVALID_NAME_ID_POLICY, |
|
180
|
|
|
self::STATUS_UNSUPPORTED_BINDING, |
|
181
|
|
|
); |
|
182
|
|
|
|
|
183
|
10 |
|
return in_array($value, $arr); |
|
184
|
|
|
} |
|
185
|
|
|
|
|
186
|
|
|
/** |
|
187
|
|
|
* @param string $value |
|
188
|
|
|
* |
|
189
|
|
|
* @return bool |
|
190
|
|
|
*/ |
|
191
|
4 |
View Code Duplication |
public static function isConfirmationMethodValid($value) |
|
|
|
|
|
|
192
|
|
|
{ |
|
193
|
4 |
|
static $arr = array( |
|
194
|
|
|
self::CONFIRMATION_METHOD_BEARER, |
|
195
|
|
|
self::CONFIRMATION_METHOD_HOK, |
|
196
|
|
|
self::CONFIRMATION_METHOD_SENDER_VOUCHES, |
|
197
|
|
|
); |
|
198
|
|
|
|
|
199
|
4 |
|
return in_array($value, $arr); |
|
200
|
|
|
} |
|
201
|
|
|
|
|
202
|
|
|
/** |
|
203
|
|
|
* @param string $value |
|
204
|
|
|
* |
|
205
|
|
|
* @return bool |
|
206
|
|
|
*/ |
|
207
|
5 |
View Code Duplication |
public static function isAuthnContextValid($value) |
|
|
|
|
|
|
208
|
|
|
{ |
|
209
|
5 |
|
static $arr = array( |
|
210
|
|
|
self::AUTHN_CONTEXT_PASSWORD, |
|
211
|
|
|
self::AUTHN_CONTEXT_UNSPECIFIED, |
|
212
|
|
|
self::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT, |
|
213
|
|
|
self::AUTHN_CONTEXT_WINDOWS, |
|
214
|
|
|
); |
|
215
|
|
|
|
|
216
|
5 |
|
return in_array($value, $arr); |
|
217
|
|
|
} |
|
218
|
|
|
|
|
219
|
|
|
/** |
|
220
|
|
|
* @param string $value |
|
221
|
|
|
* |
|
222
|
|
|
* @return bool |
|
223
|
|
|
*/ |
|
224
|
5 |
View Code Duplication |
public static function isLogoutReasonValid($value) |
|
|
|
|
|
|
225
|
|
|
{ |
|
226
|
5 |
|
static $arr = array( |
|
227
|
|
|
self::LOGOUT_REASON_USER, |
|
228
|
|
|
self::LOGOUT_REASON_ADMIN, |
|
229
|
|
|
self::LOGOUT_REASON_GLOBAL_TIMEOUT, |
|
230
|
|
|
self::LOGOUT_REASON_SP_TIMEOUT, |
|
231
|
|
|
); |
|
232
|
|
|
|
|
233
|
5 |
|
return in_array($value, $arr); |
|
234
|
|
|
} |
|
235
|
|
|
} |
|
236
|
|
|
|
thephplab /
lightsaml
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.