Skip to content

Commit

Permalink
continue arpgen improvements #131
Browse files Browse the repository at this point in the history
  • Loading branch information
@janul
janul committed Nov 18, 2014
1 parent 9b5181e commit 221a5da
Showing 1 changed file with 84 additions and 70 deletions.
154 changes: 84 additions & 70 deletions application/libraries/Arp_generator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,13 @@ public function arpArrayToXML(array $release)

foreach ($release as $key => $value)
{
// remove all deny records from array and skip generating filterpolicy for sp if no attrs founs
$value['attributes'] = array_filter($value['attributes']);
if (count($value['attributes']) == 0)
{
continue;
}

$AttributeFilterPolicy = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeFilterPolicy');
$AttributeFilterPolicy->setAttribute('id', $key);
$comment = "\n";
Expand All @@ -135,101 +142,108 @@ public function arpArrayToXML(array $release)
foreach ($value['attributes'] as $attr_name => $attr_value)
{
log_message('debug', 'generating arpXML attr: ' . $attr_name . ' for:' . $key);
if (array_key_exists($attr_name, $value['custom']) && $attr_value == 1)
if ($attr_value == 1)
{
log_message('debug', 'found custom for attr: ' . $attr_name . ' for:' . $key);
$AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
$AttributeRule->setAttribute('attributeID', $attr_name);
if (array_key_exists('permit', $value['custom'][$attr_name]) && count($value['custom'][$attr_name]['permit']) > 0)
if (array_key_exists($attr_name, $value['custom']))
{
log_message('debug', 'Found custom permit for:' . $key);
if (count($value['custom'][$attr_name]['permit']) > 1)
log_message('debug', 'found custom for attr: ' . $attr_name . ' for:' . $key);
$AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
$AttributeRule->setAttribute('attributeID', $attr_name);
if (array_key_exists('permit', $value['custom'][$attr_name]) && count($value['custom'][$attr_name]['permit']) > 0)
{
$PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
$PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:OR');
log_message('debug', 'Found custom permit for:' . $key);
if (count($value['custom'][$attr_name]['permit']) > 1)
{
$PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
$PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:OR');

foreach ($value['custom'][$attr_name]['permit'] as $kvalue)
foreach ($value['custom'][$attr_name]['permit'] as $kvalue)
{
$value_permited = $docXML->CreateElement('basic:Rule');
$value_permited->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
$value_permited->setAttribute('value', '' . $kvalue . '');
$value_permited->setAttribute('ignoreCase', 'true');
$PermitValueRule->appendChild($value_permited);
}

$AttributeRule->appendChild($PermitValueRule);
$AttributeFilterPolicy->appendChild($AttributeRule);
}
else
{
$value_permited = $docXML->CreateElement('basic:Rule');
$value_permited->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
$value_permited->setAttribute('value', '' . $kvalue . '');
$value_permited->setAttribute('ignoreCase', 'true');
$PermitValueRule->appendChild($value_permited);
$PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
$PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
$kvalue = $value['custom'][$attr_name]['permit'][0];
$PermitValueRule->setAttribute('value', '' . $kvalue . '');
$PermitValueRule->setAttribute('ignoreCase', 'true');
$AttributeRule->appendChild($PermitValueRule);
$AttributeFilterPolicy->appendChild($AttributeRule);
}

$AttributeRule->appendChild($PermitValueRule);
$AttributeFilterPolicy->appendChild($AttributeRule);
}
else
if (array_key_exists('deny', $value['custom'][$attr_name]) && count($value['custom'][$attr_name]['deny']) > 0)
{
$PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
$PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
$kvalue = $value['custom'][$attr_name]['permit'][0];
$PermitValueRule->setAttribute('value', '' . $kvalue . '');
$PermitValueRule->setAttribute('ignoreCase', 'true');
$AttributeRule->appendChild($PermitValueRule);
$AttributeFilterPolicy->appendChild($AttributeRule);
}
}
if (array_key_exists('deny', $value['custom'][$attr_name]) && count($value['custom'][$attr_name]['deny']) > 0)
{
log_message('debug', 'Found custom deny for:' . $key);
if (count($value['custom'][$attr_name]['deny']) > 1)
{
$DenyValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
$DenyValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:OR');
log_message('debug', 'Found custom deny for:' . $key);
if (count($value['custom'][$attr_name]['deny']) > 1)
{
$DenyValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
$DenyValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:OR');

foreach ($value['custom'][$attr_name]['deny'] as $kvalue)
foreach ($value['custom'][$attr_name]['deny'] as $kvalue)
{
$value_denied = $docXML->CreateElement('basic:Rule');
$value_denied->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
$value_denied->setAttribute('value', '' . $kvalue . '');
$value_denied->setAttribute('ignoreCase', 'true');
$DenyValueRule->appendChild($value_denied);
}

$AttributeRule->appendChild($DenyValueRule);
$AttributeFilterPolicy->appendChild($AttributeRule);
}
else
{
$value_denied = $docXML->CreateElement('basic:Rule');
$value_denied->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
$value_denied->setAttribute('value', '' . $kvalue . '');
$value_denied->setAttribute('ignoreCase', 'true');
$DenyValueRule->appendChild($value_denied);
$DenyValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
$DenyValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
$kvalue = $value['custom'][$attr_name]['deny'][0];
$DenyValueRule->setAttribute('value', '' . $kvalue . '');
$DenyValueRule->setAttribute('ignoreCase', 'true');
$AttributeRule->appendChild($DenyValueRule);
$AttributeFilterPolicy->appendChild($AttributeRule);
}

$AttributeRule->appendChild($DenyValueRule);
$AttributeFilterPolicy->appendChild($AttributeRule);
}
else
{
$DenyValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
$DenyValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
$kvalue = $value['custom'][$attr_name]['deny'][0];
$DenyValueRule->setAttribute('value', '' . $kvalue . '');
$DenyValueRule->setAttribute('ignoreCase', 'true');
$AttributeRule->appendChild($DenyValueRule);
$AttributeFilterPolicy->appendChild($AttributeRule);
}
}
}
else
{
if ($attr_value == 1)
{
$AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
$AttributeRule->setAttribute('attributeID', $attr_name);
$PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
$PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:ANY');
$AttributeFilterPolicy->appendChild($AttributeRule);
$AttributeRule->appendChild($PermitValueRule);
}
/**
else
{
$AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
$AttributeRule->setAttribute('attributeID', $attr_name);
$PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
$PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
$PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:ANY');
$AttributeFilterPolicy->appendChild($AttributeRule);
$AttributeRule->appendChild($PermitValueRule);
}
*/
}
/**
else
{
$AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
$AttributeRule->setAttribute('attributeID', $attr_name);
$PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
$PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:ANY');
$AttributeFilterPolicy->appendChild($AttributeRule);
$AttributeRule->appendChild($PermitValueRule);
}
*/
}
}
}

if (!$AttributeFilterPolicyGroup->hasAttribute('xmlns:xsi'))
{
$AttributeFilterPolicyGroup->setAttributeNS('http://www.w3.org/2000/xmlns/',
'xmlns:xsi',
'http://www.w3.org/2001/XMLSchema-instance');
}
$docXML->appendChild($AttributeFilterPolicyGroup);
return $docXML;
}
Expand Down Expand Up @@ -802,7 +816,7 @@ public function arpToArrayByInherit($provider)

foreach ($specific_attributes as $pkey => $pvalue)
{
if (isset($attrs[''.$pkey.'']))
if (isset($attrs['' . $pkey . '']))
{
$attrs[$pkey] = array_merge($attrs[$pkey], array_intersect_key($pvalue, $attrs[$pkey]));
}
Expand Down

0 comments on commit 221a5da

Please sign in to comment.