update-metadata.php 4.47 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
<?php // Copyright (c) 2018, SWITCH
$MAN=<<<PAGE
Name:        SWITCHwayf
Author:      Lukas Haemmerle, SWITCH
Description: This file is used to dynamically create the list of 
             IdPs and SP to be displayed for the WAYF/DS service 
             based on the federation metadata.
             Configuration parameters are specified in config.php.
             The list of Identity Providers can also be updated 
             by running the script update-metadata.php 
             periodically as web server user, e.g. with a cron 
             entry like:
             5 * * * * /usr/bin/php update-metadata.php > /dev/null
        
Usage: 
php update-metadata.php -help|-h
php update-metadata.php --metadata-file <file> \
    --metadata-idp-file <file> --metadata-sp-file <file> \
    [--verbose | -v]
20 21 22
php update-metadata.php --metadata-url <url> \
    --metadata-idp-file <file> --metadata-sp-file <file> \
    [--verbose | -v]
23 24 25 26 27 28 29 30 31 32 33


Example usage: 
php update-metadata.php \
    --metadata-file /var/cache/shibboleth/metadata.switchaai.xml \
    --metadata-idp-file /tmp/IDProvider.metadata.php \
    --metadata-sp-file /tmp/SProvider.metadata.php


Argument Description 
-------------------
34
--metadata-url <url>        SAML2 metadata URL
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
--metadata-file <file>      SAML2 metadata file
--metadata-idp-file <file>  File containing Service Providers 
--metadata-sp-file <file>   File containing Identity Providers 
--language <locale>         Language locale, e.g. 'en', 'jp', ...
--verbose | -v              Verbose mode
--help | -h                  Print this man page


PAGE;

require_once('functions.php');
require_once('readMetadata.php');

// Script options
$longopts = array(
50
    "metadata-url:",
51 52 53 54 55 56 57 58 59 60 61 62 63 64
    "metadata-file:",
    "metadata-idp-file:",
    "metadata-sp-file:",
    "language:",
    "verbose",
    "help",
);

$options = getopt('hv', $longopts);

if (isset($options['help']) || isset($options['h'])) {
	exit($MAN);
} 

65 66 67
if (isset($options['metadata-url'])) {
	$metadataURL = $options['metadata-url'];
} elseif (isset($options['metadata-file'])) {
68
	$metadataFile = $options['metadata-file'];
69 70
} else {
	exit("Exiting: both --metadata-url and --metadata-file parameters missing\n");
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
}

if (!isset($options['metadata-sp-file'])) {
	exit("Exiting: mandatory --metadata-sp-file parameter missing\n");
} else {
	$metadataSPFile = $options['metadata-sp-file'];
	$metadataTempSPFile = $metadataSPFile.'.swp';
}

if (!isset($options['metadata-idp-file'])) {
	exit("Exiting: mandatory --metadata-idp-file parameter missing\n");
} else {
	$metadataIDPFile = $options['metadata-idp-file'];
	$metadataTempIDPFile = $metadataIDPFile.'.swp';
}

// Set other options
$language = isset($options['language']) ? $options['language'] : 'en';
$verbose  = isset($options['verbose']) || isset($options['v']) ? true : false;

// Input validation
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
if ($metadataURL) {
	$metadataFile = tempnam(sys_get_temp_dir(), 'metadata');
	if (!ini_get('allow_url_fopen')) {
		exit("Exiting: allow_url_fopen disabled, unabled to download $metadataURL\n");
	}
	if ($verbose) {
		echo "Downloading metadata from $metadataURL to $metadataFile\n";
	}
	$result = copy($metadataURL, $metadataFile);
	if (!$result) {
		$error = error_get_last();
		exit("Exiting: could not download $metadataURL: $error\n");
	}
} else {
	if (
		!file_exists($metadataFile)
		|| filesize($metadataFile) == 0
		) {
		exit("Exiting: File $metadataFile is empty or does not exist\n");
	}

	if (!is_readable($metadataFile)){
		exit("Exiting: File $metadataFile is not readable\n");
	}
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
}

if ($verbose) {
	echo "Parsing metadata file $metadataFile\n";
}

// Parse metadata
list($metadataIDProviders, $metadataSProviders) = parseMetadata($metadataFile, $language);

// If $metadataIDProviders is not FALSE, dump results in $metadataIDPFile.
if (is_array($metadataIDProviders)){

	if ($verbose) {
		echo "Dumping parsed Identity Providers to file $metadataIDPFile\n";
	}
	dumpFile($metadataTempIDPFile, $metadataIDProviders, 'metadataIDProviders');
	
	if(!rename($metadataTempIDPFile, $metadataIDPFile)){
		exit("Exiting: Could not rename temporary file $metadataTempIDPFile to $metadataIDPFile");
	}
}

// If $metadataSProviders is not FALSE, dump results in $metadataSPFile.
if (is_array($metadataSProviders)){

	if ($verbose) {
		echo "Dumping parsed Service Providers to file $metadataSPFile\n";
	}
	dumpFile($metadataTempSPFile, $metadataSProviders, 'metadataSProviders');
	
	if(!rename($metadataTempSPFile, $metadataSPFile)){
		exit("Exiting: Could not rename temporary file $metadataTempSPFile to $metadataSPFile");
	}
}