From 221a5da4ff8c75dd4d8d95c1a27e5b1052731d6c Mon Sep 17 00:00:00 2001
From: janul <janusz.ulanowski@heanet.ie>
Date: Tue, 18 Nov 2014 14:26:51 +0000
Subject: [PATCH] continue arpgen improvements #131

---
 application/libraries/Arp_generator.php | 154 +++++++++++++-----------
 1 file changed, 84 insertions(+), 70 deletions(-)

diff --git a/application/libraries/Arp_generator.php b/application/libraries/Arp_generator.php
index 34233d6eb..911981381 100644
--- a/application/libraries/Arp_generator.php
+++ b/application/libraries/Arp_generator.php
@@ -109,6 +109,13 @@ public function arpArrayToXML(array $release)
 
         foreach ($release as $key => $value)
         {
+            // remove all  deny records from array and skip generating filterpolicy for sp if no attrs founs 
+            $value['attributes'] = array_filter($value['attributes']);
+            if (count($value['attributes']) == 0)
+            {
+                continue;
+            }
+            
             $AttributeFilterPolicy = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeFilterPolicy');
             $AttributeFilterPolicy->setAttribute('id', $key);
             $comment = "\n";
@@ -135,101 +142,108 @@ public function arpArrayToXML(array $release)
                 foreach ($value['attributes'] as $attr_name => $attr_value)
                 {
                     log_message('debug', 'generating arpXML attr: ' . $attr_name . ' for:' . $key);
-                    if (array_key_exists($attr_name, $value['custom']) && $attr_value == 1)
+                    if ($attr_value == 1)
                     {
-                        log_message('debug', 'found custom for attr: ' . $attr_name . ' for:' . $key);
-                        $AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
-                        $AttributeRule->setAttribute('attributeID', $attr_name);
-                        if (array_key_exists('permit', $value['custom'][$attr_name]) && count($value['custom'][$attr_name]['permit']) > 0)
+                        if (array_key_exists($attr_name, $value['custom']))
                         {
-                            log_message('debug', 'Found custom permit for:' . $key);
-                            if (count($value['custom'][$attr_name]['permit']) > 1)
+                            log_message('debug', 'found custom for attr: ' . $attr_name . ' for:' . $key);
+                            $AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
+                            $AttributeRule->setAttribute('attributeID', $attr_name);
+                            if (array_key_exists('permit', $value['custom'][$attr_name]) && count($value['custom'][$attr_name]['permit']) > 0)
                             {
-                                $PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
-                                $PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:OR');
+                                log_message('debug', 'Found custom permit for:' . $key);
+                                if (count($value['custom'][$attr_name]['permit']) > 1)
+                                {
+                                    $PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
+                                    $PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:OR');
 
-                                foreach ($value['custom'][$attr_name]['permit'] as $kvalue)
+                                    foreach ($value['custom'][$attr_name]['permit'] as $kvalue)
+                                    {
+                                        $value_permited = $docXML->CreateElement('basic:Rule');
+                                        $value_permited->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
+                                        $value_permited->setAttribute('value', '' . $kvalue . '');
+                                        $value_permited->setAttribute('ignoreCase', 'true');
+                                        $PermitValueRule->appendChild($value_permited);
+                                    }
+
+                                    $AttributeRule->appendChild($PermitValueRule);
+                                    $AttributeFilterPolicy->appendChild($AttributeRule);
+                                }
+                                else
                                 {
-                                    $value_permited = $docXML->CreateElement('basic:Rule');
-                                    $value_permited->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
-                                    $value_permited->setAttribute('value', '' . $kvalue . '');
-                                    $value_permited->setAttribute('ignoreCase', 'true');
-                                    $PermitValueRule->appendChild($value_permited);
+                                    $PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
+                                    $PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
+                                    $kvalue = $value['custom'][$attr_name]['permit'][0];
+                                    $PermitValueRule->setAttribute('value', '' . $kvalue . '');
+                                    $PermitValueRule->setAttribute('ignoreCase', 'true');
+                                    $AttributeRule->appendChild($PermitValueRule);
+                                    $AttributeFilterPolicy->appendChild($AttributeRule);
                                 }
-
-                                $AttributeRule->appendChild($PermitValueRule);
-                                $AttributeFilterPolicy->appendChild($AttributeRule);
                             }
-                            else
+                            if (array_key_exists('deny', $value['custom'][$attr_name]) && count($value['custom'][$attr_name]['deny']) > 0)
                             {
-                                $PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
-                                $PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
-                                $kvalue = $value['custom'][$attr_name]['permit'][0];
-                                $PermitValueRule->setAttribute('value', '' . $kvalue . '');
-                                $PermitValueRule->setAttribute('ignoreCase', 'true');
-                                $AttributeRule->appendChild($PermitValueRule);
-                                $AttributeFilterPolicy->appendChild($AttributeRule);
-                            }
-                        }
-                        if (array_key_exists('deny', $value['custom'][$attr_name]) && count($value['custom'][$attr_name]['deny']) > 0)
-                        {
-                            log_message('debug', 'Found custom deny for:' . $key);
-                            if (count($value['custom'][$attr_name]['deny']) > 1)
-                            {
-                                $DenyValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
-                                $DenyValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:OR');
+                                log_message('debug', 'Found custom deny for:' . $key);
+                                if (count($value['custom'][$attr_name]['deny']) > 1)
+                                {
+                                    $DenyValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
+                                    $DenyValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:OR');
 
-                                foreach ($value['custom'][$attr_name]['deny'] as $kvalue)
+                                    foreach ($value['custom'][$attr_name]['deny'] as $kvalue)
+                                    {
+                                        $value_denied = $docXML->CreateElement('basic:Rule');
+                                        $value_denied->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
+                                        $value_denied->setAttribute('value', '' . $kvalue . '');
+                                        $value_denied->setAttribute('ignoreCase', 'true');
+                                        $DenyValueRule->appendChild($value_denied);
+                                    }
+
+                                    $AttributeRule->appendChild($DenyValueRule);
+                                    $AttributeFilterPolicy->appendChild($AttributeRule);
+                                }
+                                else
                                 {
-                                    $value_denied = $docXML->CreateElement('basic:Rule');
-                                    $value_denied->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
-                                    $value_denied->setAttribute('value', '' . $kvalue . '');
-                                    $value_denied->setAttribute('ignoreCase', 'true');
-                                    $DenyValueRule->appendChild($value_denied);
+                                    $DenyValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
+                                    $DenyValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
+                                    $kvalue = $value['custom'][$attr_name]['deny'][0];
+                                    $DenyValueRule->setAttribute('value', '' . $kvalue . '');
+                                    $DenyValueRule->setAttribute('ignoreCase', 'true');
+                                    $AttributeRule->appendChild($DenyValueRule);
+                                    $AttributeFilterPolicy->appendChild($AttributeRule);
                                 }
-
-                                $AttributeRule->appendChild($DenyValueRule);
-                                $AttributeFilterPolicy->appendChild($AttributeRule);
                             }
-                            else
-                            {
-                                $DenyValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
-                                $DenyValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:AttributeValueString');
-                                $kvalue = $value['custom'][$attr_name]['deny'][0];
-                                $DenyValueRule->setAttribute('value', '' . $kvalue . '');
-                                $DenyValueRule->setAttribute('ignoreCase', 'true');
-                                $AttributeRule->appendChild($DenyValueRule);
-                                $AttributeFilterPolicy->appendChild($AttributeRule);
-                            }
-                        }
-                    }
-                    else
-                    {
-                        if ($attr_value == 1)
-                        {
-                            $AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
-                            $AttributeRule->setAttribute('attributeID', $attr_name);
-                            $PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
-                            $PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:ANY');
-                            $AttributeFilterPolicy->appendChild($AttributeRule);
-                            $AttributeRule->appendChild($PermitValueRule);
                         }
-                       /**
                         else
                         {
                             $AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
                             $AttributeRule->setAttribute('attributeID', $attr_name);
-                            $PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
+                            $PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'PermitValueRule');
                             $PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:ANY');
                             $AttributeFilterPolicy->appendChild($AttributeRule);
                             $AttributeRule->appendChild($PermitValueRule);
                         }
-                       */
                     }
+                    /**
+                      else
+                      {
+                      $AttributeRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'AttributeRule');
+                      $AttributeRule->setAttribute('attributeID', $attr_name);
+                      $PermitValueRule = $docXML->CreateElementNS('urn:mace:shibboleth:2.0:afp', 'DenyValueRule');
+                      $PermitValueRule->setAttributeNS('http://www.w3.org/2001/XMLSchema-instance', 'xsi:type', 'basic:ANY');
+                      $AttributeFilterPolicy->appendChild($AttributeRule);
+                      $AttributeRule->appendChild($PermitValueRule);
+                      }
+
+                     */
                 }
             }
         }
 
+        if (!$AttributeFilterPolicyGroup->hasAttribute('xmlns:xsi'))
+        {
+            $AttributeFilterPolicyGroup->setAttributeNS('http://www.w3.org/2000/xmlns/',
+            'xmlns:xsi',
+            'http://www.w3.org/2001/XMLSchema-instance');
+        }
         $docXML->appendChild($AttributeFilterPolicyGroup);
         return $docXML;
     }
@@ -802,7 +816,7 @@ public function arpToArrayByInherit($provider)
 
         foreach ($specific_attributes as $pkey => $pvalue)
         {
-            if (isset($attrs[''.$pkey.'']))
+            if (isset($attrs['' . $pkey . '']))
             {
                 $attrs[$pkey] = array_merge($attrs[$pkey], array_intersect_key($pvalue, $attrs[$pkey]));
             }