/
HTTPPost.php
117 lines (97 loc) · 3.57 KB
/
HTTPPost.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
declare(strict_types=1);
namespace SimpleSAML\SAML2;
use DOMDocument;
use DOMElement;
use Exception;
use Nyholm\Psr7\Response;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
use SimpleSAML\SAML2\XML\samlp\AbstractRequest;
use SimpleSAML\SAML2\XML\samlp\MessageFactory;
use SimpleSAML\XML\DOMDocumentFactory;
use function array_key_exists;
use function base64_decode;
use function base64_encode;
/**
* Class which implements the HTTP-POST binding.
*
* @package simplesamlphp/saml2
*/
class HTTPPost extends Binding
{
/**
* Send a SAML 2 message using the HTTP-POST binding.
*
* @param \SimpleSAML\SAML2\XML\samlp\AbstractMessage $message The message we should send.
* @return \Psr\Http\Message\ResponseInterface The response
*/
public function send(AbstractMessage $message): ResponseInterface
{
if ($this->destination === null) {
$destination = $message->getDestination();
if ($destination === null) {
throw new Exception('Cannot send message, no destination set.');
}
} else {
$destination = $this->destination;
}
$relayState = $message->getRelayState();
$msgStr = $message->toXML();
Utils::getContainer()->debugMessage($msgStr, 'out');
$msgStr = $msgStr->ownerDocument?->saveXML($msgStr);
$msgStr = base64_encode($msgStr);
if ($message instanceof AbstractRequest) {
$msgType = 'SAMLRequest';
} else {
$msgType = 'SAMLResponse';
}
$post = [];
$post[$msgType] = $msgStr;
if ($relayState !== null) {
$post['RelayState'] = $relayState;
}
$container = Utils::getContainer();
return new Response(303, ['Location' => $container->getPOSTRedirectURL($destination, $post)]);
}
/**
* Receive a SAML 2 message sent using the HTTP-POST binding.
*
* Throws an exception if it is unable receive the message.
*
* @param \Psr\Http\Message\ServerRequestInterface $request
* @return \SimpleSAML\SAML2\XML\samlp\AbstractMessage The received message.
* @throws \Exception
*/
public function receive(ServerRequestInterface $request): AbstractMessage
{
$query = $request->getParsedBody();
if (array_key_exists('SAMLRequest', $query)) {
$msgStr = $query['SAMLRequest'];
} elseif (array_key_exists('SAMLResponse', $query)) {
$msgStr = $query['SAMLResponse'];
} else {
throw new Exception('Missing SAMLRequest or SAMLResponse parameter.');
}
$msgStr = base64_decode($msgStr);
$msgStr = DOMDocumentFactory::fromString($msgStr)->saveXML();
$document = DOMDocumentFactory::fromString($msgStr);
Utils::getContainer()->debugMessage($document->documentElement, 'in');
$msg = MessageFactory::fromXML($document->documentElement);
/**
* 3.5.5.2 - SAML Bindings
*
* If the message is signed, the Destination XML attribute in the root SAML element of the protocol
* message MUST contain the URL to which the sender has instructed the user agent to deliver the
* message.
*/
if ($msg->isSigned()) {
Assert::notNull($msg->getDestination()); // Validation of the value must be done upstream
}
if (array_key_exists('RelayState', $query)) {
$msg->setRelayState($query['RelayState']);
}
return $msg;
}
}