simplesamlphp-module-metarefresh/bin/metarefresh.php at e68d25e981820bac8a2d89464f249072a4715bcd · simplesamlphp/simplesamlphp-module-metarefresh · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/usr/bin/env php
<?php

declare(strict_types=1);

/*
 * This script can be used to generate metadata for SimpleSAMLphp
 * based on an XML metadata file.
 */

// This is the base directory of the SimpleSAMLphp installation
$baseDir = dirname(__FILE__, 4);

// Add library autoloader.
require_once($baseDir . '/src/_autoload.php');

if (!\SimpleSAML\Module::isModuleEnabled('metarefresh')) {
    echo "You need to enable the metarefresh module before this script can be used.\n";
    echo "You can enable it by searching for the `module.enable` key in `config.php` and set `metarefresh` to true.\n";
    exit(1);
}

// Initialize the configuration
$configdir = (new \SimpleSAML\Utils\Config())->getConfigDir();
\SimpleSAML\Configuration::setConfigDir($configdir);

// $outputDir contains the directory we will store the generated metadata in
$sysUtils = new \SimpleSAML\Utils\System();
$outputDir = $sysUtils->resolvePath('metadata-generated');

/* $toStdOut is a boolean telling us whether we will print the output to stdout instead
 * of writing it to files in $outputDir.
 */
$toStdOut = false;

/* $certificates contains the certificates which should be used to check the signature of the signed
 * EntityDescriptor in the metadata, or NULL if signature verification shouldn't be done.
 */
$certificates = null;

// This variable contains the files we will parse
$files = [];

// Parse arguments

$progName = array_shift($argv);

foreach ($argv as $a) {
    if (strlen($a) === 0) {
        continue;
    }

    if ($a[0] !== '-') {
        // Not an option. Assume that it is a file we should parse
        $files[] = $a;
        continue;
    }

    if (strpos($a, '=') !== false) {
        $p = strpos($a, '=');
        $v = substr($a, $p + 1);
        $a = substr($a, 0, $p);
    } else {
        $v = null;
    }

    // Map short options to long options
    $shortOptMap = [
        '-h' => '--help',
        '-o' => '--out-dir',
        '-s' => '--stdout',
    ];
    if (array_key_exists($a, $shortOptMap)) {
        $a = $shortOptMap[$a];
    }

    switch ($a) {
        case '--certificate':
            if ($v === null || strlen($v) === 0) {
                echo 'The --certficate option requires a parameter.' . "\n";
                echo 'Please run `' . $progName . ' --help` for usage information.' . "\n";
                exit(1);
            }
            $certificates[] = $v;
            break;
        case '--help':
            printHelp();
            exit(0);
        case '--out-dir':
            if ($v === null || strlen($v) === 0) {
                echo 'The --out-dir option requires a parameter.' . "\n";
                echo 'Please run `' . $progName . ' --help` for usage information.' . "\n";
                exit(1);
            }
            $outputDir = $sysUtils->resolvePath($v);
            break;
        case '--stdout':
            $toStdOut = true;
            break;
        default:
            echo 'Unknown option: ' . $a . "\n";
            echo 'Please run `' . $progName . ' --help` for usage information.' . "\n";
            exit(1);
    }
}

if (count($files) === 0) {
    echo $progName . ': Missing input files. Please run `' . $progName . ' --help` for usage information.' . "\n";
    exit(1);
}

// The metadata global variable will be filled with the metadata we extract
$metaloader = new \SimpleSAML\Module\metarefresh\MetaLoader();

foreach ($files as $f) {
    $source = ['src' => $f];
    if (isset($certificates)) {
        $source['certificates'] = $certificates;
    }
    $metaloader->loadSource($source);
}

if ($toStdOut) {
    $metaloader->dumpMetadataStdOut();
} else {
    $metaloader->writeMetadataFiles($outputDir);
}

/**
 * This function prints the help output.
 */
function printHelp(): void
{
    global $progName;

    /*   '======================================================================' */
    echo 'Usage: ' . $progName . ' [options] [files]' . "\n";
    echo "\n";
    echo 'This program parses SAML metadata files and outputs configuration that can' . "\n";
    echo 'be added to the metadata files in metadata/.' . "\n";
    echo "\n";
    echo 'Options:' . "\n";
    echo ' --certificate=<FILE>         The certificate which should be used' . "\n";
    echo '                              to check the signature of the metadata.' . "\n";
    echo '                              The file are stored in the cert dir.' . "\n";
    echo '                              It is possibility to add multiple' . "\n";
    echo '                              --certificate options to handle' . "\n";
    echo '                              key rollover.' . "\n";
    echo ' -h, --help                   Print this help.' . "\n";
    echo ' -o=<DIR>, --out-dir=<DIR>    Write the output to this directory. The' . "\n";
    echo '                              default directory is metadata-generated/.' . "\n";
    echo '                              Non-absolute paths will be relative to the SimpleSAMLphp' . "\n";
    echo '                              base directory.' . "\n";
    echo ' -s, --stdout                 Write the output to stdout instead of' . "\n";
    echo '                              separate files in the output directory.' . "\n";
    echo "\n";
}