update-metadata.php 5.76 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
<?php // Copyright (c) 2018, SWITCH
$MAN=<<<PAGE
Name:        SWITCHwayf
Author:      Lukas Haemmerle, SWITCH
Description: This file is used to dynamically create the list of 
             IdPs and SP to be displayed for the WAYF/DS service 
             based on the federation metadata.
             Configuration parameters are specified in config.php.
             The list of Identity Providers can also be updated 
             by running the script update-metadata.php 
             periodically as web server user, e.g. with a cron 
             entry like:
             5 * * * * /usr/bin/php update-metadata.php > /dev/null
        
Usage: 
php update-metadata.php -help|-h
php update-metadata.php --metadata-file <file> \
    --metadata-idp-file <file> --metadata-sp-file <file> \
19
    [--verbose | -v] [--min-sp-count <count>] [--min-idp-count <count>]
20 21
php update-metadata.php --metadata-url <url> \
    --metadata-idp-file <file> --metadata-sp-file <file> \
22
    [--verbose | -v] [--min-sp-count <count>] [--min-idp-count <count>]
23 24 25 26 27 28 29 30 31 32 33


Example usage: 
php update-metadata.php \
    --metadata-file /var/cache/shibboleth/metadata.switchaai.xml \
    --metadata-idp-file /tmp/IDProvider.metadata.php \
    --metadata-sp-file /tmp/SProvider.metadata.php


Argument Description 
-------------------
34
--metadata-url <url>        SAML2 metadata URL
35 36 37
--metadata-file <file>      SAML2 metadata file
--metadata-idp-file <file>  File containing Service Providers 
--metadata-sp-file <file>   File containing Identity Providers 
38 39
--min-idp-count <count>     Minimum expected number of IdPs in metadata
--min-sp-count <count>      Minimum expected number of SPs in metadata
40 41 42 43 44 45 46 47 48 49 50 51
--language <locale>         Language locale, e.g. 'en', 'jp', ...
--verbose | -v              Verbose mode
--help | -h                  Print this man page


PAGE;

require_once('functions.php');
require_once('readMetadata.php');

// Script options
$longopts = array(
52
    "metadata-url:",
53 54 55
    "metadata-file:",
    "metadata-idp-file:",
    "metadata-sp-file:",
56 57
    "min-idp-count:",
    "min-sp-count:",
58 59 60 61 62 63 64 65 66 67 68
    "language:",
    "verbose",
    "help",
);

$options = getopt('hv', $longopts);

if (isset($options['help']) || isset($options['h'])) {
	exit($MAN);
} 

69 70 71
if (isset($options['metadata-url'])) {
	$metadataURL = $options['metadata-url'];
} elseif (isset($options['metadata-file'])) {
72
	$metadataFile = $options['metadata-file'];
73 74
} else {
	exit("Exiting: both --metadata-url and --metadata-file parameters missing\n");
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
}

if (!isset($options['metadata-sp-file'])) {
	exit("Exiting: mandatory --metadata-sp-file parameter missing\n");
} else {
	$metadataSPFile = $options['metadata-sp-file'];
	$metadataTempSPFile = $metadataSPFile.'.swp';
}

if (!isset($options['metadata-idp-file'])) {
	exit("Exiting: mandatory --metadata-idp-file parameter missing\n");
} else {
	$metadataIDPFile = $options['metadata-idp-file'];
	$metadataTempIDPFile = $metadataIDPFile.'.swp';
}

91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
if (isset($options['min-sp-count'])) {
	if (!is_numeric($options['min-sp-count'])) {
		exit("Exiting: invalid value for --min-sp-count parameter\n");
	} else {
		$minSPCount = $options['min-sp-count'];
	}
} else {
	$minSPCount = 0;
}

if (isset($options['min-idp-count'])) {
	if (!is_numeric($options['min-idp-count'])) {
		exit("Exiting: invalid value for --min-idp-count parameter\n");
	} else {
		$minIDPCount = $options['min-idp-count'];
	}
} else {
	$minIDPCount = 0;
}

111 112 113 114 115
// Set other options
$language = isset($options['language']) ? $options['language'] : 'en';
$verbose  = isset($options['verbose']) || isset($options['v']) ? true : false;

// Input validation
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
if ($metadataURL) {
	$metadataFile = tempnam(sys_get_temp_dir(), 'metadata');
	if (!ini_get('allow_url_fopen')) {
		exit("Exiting: allow_url_fopen disabled, unabled to download $metadataURL\n");
	}
	if ($verbose) {
		echo "Downloading metadata from $metadataURL to $metadataFile\n";
	}
	$result = copy($metadataURL, $metadataFile);
	if (!$result) {
		$error = error_get_last();
		exit("Exiting: could not download $metadataURL: $error\n");
	}
} else {
	if (
		!file_exists($metadataFile)
		|| filesize($metadataFile) == 0
		) {
		exit("Exiting: File $metadataFile is empty or does not exist\n");
	}

	if (!is_readable($metadataFile)){
		exit("Exiting: File $metadataFile is not readable\n");
	}
140 141 142 143 144 145 146 147 148 149 150
}

if ($verbose) {
	echo "Parsing metadata file $metadataFile\n";
}

// Parse metadata
list($metadataIDProviders, $metadataSProviders) = parseMetadata($metadataFile, $language);

// If $metadataIDProviders is not FALSE, dump results in $metadataIDPFile.
if (is_array($metadataIDProviders)){
151 152 153 154
	$IDPCount = count($metadataIDProviders);
	if ($IDPCount < $minIDPCount) {
		exit("Exiting: number of Identity Providers found ($IDPCount) lower than expected ($minIDPCount)\n");
	}
155 156 157 158 159 160 161 162 163 164 165 166 167

	if ($verbose) {
		echo "Dumping parsed Identity Providers to file $metadataIDPFile\n";
	}
	dumpFile($metadataTempIDPFile, $metadataIDProviders, 'metadataIDProviders');
	
	if(!rename($metadataTempIDPFile, $metadataIDPFile)){
		exit("Exiting: Could not rename temporary file $metadataTempIDPFile to $metadataIDPFile");
	}
}

// If $metadataSProviders is not FALSE, dump results in $metadataSPFile.
if (is_array($metadataSProviders)){
168 169 170 171
	$SPCount = count($metadataSProviders);
	if ($SPCount < $minSPCount) {
		exit("Exiting: number of Service Providers found ($SPCount) lower than expected ($minSPCount)\n");
	}
172 173 174 175 176 177 178 179 180 181

	if ($verbose) {
		echo "Dumping parsed Service Providers to file $metadataSPFile\n";
	}
	dumpFile($metadataTempSPFile, $metadataSProviders, 'metadataSProviders');
	
	if(!rename($metadataTempSPFile, $metadataSPFile)){
		exit("Exiting: Could not rename temporary file $metadataTempSPFile to $metadataSPFile");
	}
}
182 183 184 185 186 187 188 189 190

// clean up if needed
if ($metadataURL) {
	$result = unlink($metadataFile);
	if (!$result) {
		$error = error_get_last();
		exit("Exiting: could not delete temporary file $metadataFile: $error\n");
	}
}