-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathMetaRefresh.php
More file actions
156 lines (129 loc) · 5.83 KB
/
MetaRefresh.php
File metadata and controls
156 lines (129 loc) · 5.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?php
declare(strict_types=1);
namespace SimpleSAML\Module\metarefresh;
use Exception;
use SimpleSAML\Configuration;
use SimpleSAML\Logger;
use SimpleSAML\Metadata\MetaDataStorageSource;
class MetaRefresh
{
/**
* @var \SimpleSAML\Configuration
*/
private Configuration $config;
/**
* @var \SimpleSAML\Configuration
*/
private Configuration $modconfig;
/**
* @param \SimpleSAML\Configuration $config The configuration to use by the module.
* @param \SimpleSAML\Configuration $modconfig The module-specific configuration to use by the module.
*/
public function __construct(Configuration $config, Configuration $modconfig)
{
$this->config = $config;
$this->modconfig = $modconfig;
}
/**
* @param string $crontag Only refresh sets which allow this crontag
*/
public function runRefresh(string $crontag = null): void
{
$sets = $this->modconfig->getArray('sets');
/** @var string $datadir */
$datadir = $this->config->getPathValue('datadir', 'data/');
$stateFile = $datadir . 'metarefresh-state.php';
foreach ($sets as $setkey => $set) {
$set = Configuration::loadFromArray($set);
// Only process sets where cron matches the current cron tag
$cronTags = $set->getArray('cron');
if ($crontag !== null && !in_array($crontag, $cronTags, true)) {
Logger::debug('[metarefresh]: Skipping set [' . $setkey . '], not allowed for cron tag ' . $crontag);
continue;
}
Logger::info('[metarefresh]: Executing set [' . $setkey . ']');
$expireAfter = $set->getOptionalInteger('expireAfter', null);
if ($expireAfter !== null) {
$expire = time() + $expireAfter;
} else {
$expire = null;
}
$outputDir = $set->getString('outputDir');
$outputDir = $this->config->resolvePath($outputDir);
if ($outputDir === null) {
throw new Exception("Invalid outputDir specified.");
}
$outputFormat = $set->getValueValidate('outputFormat', ['flatfile', 'serialize', 'pdo'], 'flatfile');
$oldMetadataSrc = MetaDataStorageSource::getSource([
'type' => $outputFormat,
'directory' => $outputDir,
]);
$metaloader = new MetaLoader($expire, $stateFile, $oldMetadataSrc);
// Get global blacklist, whitelist, attributewhitelist and caching info
$blacklist = $this->modconfig->getOptionalArray('blacklist', []);
$whitelist = $this->modconfig->getOptionalArray('whitelist', []);
$attributewhitelist = $this->modconfig->getOptionalArray('attributewhitelist', []);
$conditionalGET = $this->modconfig->getOptionalBoolean('conditionalGET', false);
// get global type filters
$available_types = [
'saml20-idp-remote',
'saml20-sp-remote',
'attributeauthority-remote',
];
$set_types = $set->getOptionalArray('types', $available_types);
foreach ($set->getArray('sources') as $source) {
// filter metadata by type of entity
if (isset($source['types'])) {
$metaloader->setTypes($source['types']);
} else {
$metaloader->setTypes($set_types);
}
// Merge global and src specific blacklists
if (isset($source['blacklist'])) {
$source['blacklist'] = array_unique(array_merge($source['blacklist'], $blacklist));
} else {
$source['blacklist'] = $blacklist;
}
// Merge global and src specific whitelists
if (isset($source['whitelist'])) {
$source['whitelist'] = array_unique(array_merge($source['whitelist'], $whitelist));
} else {
$source['whitelist'] = $whitelist;
}
// Merge global and src specific attributewhitelists: cannot use array_unique for multi-dim.
if (isset($source['attributewhitelist'])) {
$source['attributewhitelist'] = array_merge($source['attributewhitelist'], $attributewhitelist);
} else {
$source['attributewhitelist'] = $attributewhitelist;
}
// Let src specific conditionalGET override global one
if (!isset($source['conditionalGET'])) {
$source['conditionalGET'] = $conditionalGET;
}
// make our cache expiry available to the loader if we're conditionally GETting
if ($source['conditionalGET'] && isset($expireAfter)) {
$source['expireAfter'] = $expireAfter;
}
Logger::debug('[metarefresh]: In set [' . $setkey . '] loading source [' . $source['src'] . ']');
$metaloader->loadSource($source);
}
// Write state information back to disk
$metaloader->writeState();
switch ($outputFormat) {
case 'flatfile':
$metaloader->writeMetadataFiles($outputDir);
break;
case 'serialize':
$metaloader->writeMetadataSerialize($outputDir);
break;
case 'pdo':
$metaloader->writeMetadataPdo($this->config);
break;
}
if ($set->hasValue('arp')) {
$arpconfig = Configuration::loadFromArray($set->getValue('arp'));
$metaloader->writeARPfile($arpconfig);
}
}
}
}