Split the setting check methods. Now 1 method for IdP settings and other for SP settings

pitbulk · pitbulk · commit 4e716692f68a · 2015-07-14T19:58:10.000+02:00
diff --git a/lib/Saml2/Settings.php b/lib/Saml2/Settings.php
@@ -369,12 +369,34 @@ public function checkSettings($settings)
     {
         assert('is_array($settings)');
 
-        $errors = array ();
         if (!is_array($settings) || empty($settings)) {
-            $errors[] = 'invalid_syntax';
-            return $errors;
+            $errors = array('invalid_syntax');
+        } else {
+            $idpErrors = $this->checkIdPSettings($settings);
+            $spErrors = $this->checkSPSettings($settings);
+            $errors = array_merge($idpErrors, $spErrors);
+        }
+
+        return $errors;
+    }
+
+    /**
+     * Checks the IdP settings info.
+     *
+     * @param array $settings Array with settings data
+     *
+     * @return array $errors  Errors found on the IdP settings data
+     */
+    public function checkIdPSettings($settings)
+    {
+        assert('is_array($settings)');
+
+        if (!is_array($settings) || empty($settings)) {
+            return array('invalid_syntax');
         }
 
+        $errors = array();
+
         if (!isset($settings['idp']) || empty($settings['idp'])) {
             $errors[] = 'idp_not_found';
         } else {
@@ -401,6 +423,44 @@ public function checkSettings($settings)
             }
         }
 
+        if (isset($settings['security'])) {
+            $security = $settings['security'];
+        }
+
+        $existsX509 = isset($settings['idp']) && isset($settings['idp']['x509cert']) && !empty($settings['idp']['x509cert']);
+        $existsFingerprint = isset($settings['idp']) && isset($settings['idp']['certFingerprint']) && !empty($settings['idp']['certFingerprint']);
+        if (((isset($security['wantAssertionsSigned']) && $security['wantAssertionsSigned'] == true)
+            || (isset($security['wantMessagesSigned']) && $security['wantMessagesSigned'] == true))
+            && !($existsX509 || $existsFingerprint)
+        ) {
+            $errors[] = 'idp_cert_or_fingerprint_not_found_and_required';
+        }
+        if ((isset($security['nameIdEncrypted']) && $security['nameIdEncrypted'] == true)
+            && !($existsX509)
+        ) {
+            $errors[] = 'idp_cert_not_found_and_required';
+        }
+
+        return $errors;
+    }
+
+    /**
+     * Checks the SP settings info.
+     *
+     * @param array $settings Array with settings data
+     *
+     * @return array $errors  Errors found on the SP settings data
+     */
+    public function checkSPSettings($settings)
+    {
+        assert('is_array($settings)');
+
+        if (!is_array($settings) || empty($settings)) {
+            return array('invalid_syntax');
+        }
+
+        $errors = array();
+
         if (!isset($settings['sp']) || empty($settings['sp'])) {
             $errors[] = 'sp_not_found';
         } else {
@@ -447,20 +507,6 @@ public function checkSettings($settings)
             ) {
                 $errors[] = 'sp_certs_not_found_and_required';
             }
-
-            $existsX509 = isset($settings['idp']) && isset($settings['idp']['x509cert']) && !empty($settings['idp']['x509cert']);
-            $existsFingerprint = isset($settings['idp']) && isset($settings['idp']['certFingerprint']) && !empty($settings['idp']['certFingerprint']);
-            if (((isset($security['wantAssertionsSigned']) && $security['wantAssertionsSigned'] == true)
-                || (isset($security['wantMessagesSigned']) && $security['wantMessagesSigned'] == true))
-                && !($existsX509 || $existsFingerprint)
-            ) {
-                $errors[] = 'idp_cert_or_fingerprint_not_found_and_required';
-            }
-            if ((isset($security['nameIdEncrypted']) && $security['nameIdEncrypted'] == true)
-                && !($existsX509)
-            ) {
-                $errors[] = 'idp_cert_not_found_and_required';
-            }
         }
 
         if (isset($settings['contactPerson'])) {
diff --git a/lib/Saml2/Utils.php b/lib/Saml2/Utils.php
@@ -998,7 +998,7 @@ public static function validateSign ($xml, $cert = null, $fingerprint = null, $f
                     if ($referenceElem->getAttribute('URI') == '') {
                         $referenceElem->setAttribute('URI', '#'.$signatureElem->parentNode->getAttribute('ID'));
                     }
-                 }
+                }
             }
         } catch (Exception $e) {
             continue;

Original file line number	Diff line number	Diff line change
`@@ -998,7 +998,7 @@ public static function validateSign ($xml, $cert = null, $fingerprint = null, $f`
`998`	`998`	`if ($referenceElem->getAttribute('URI') == '') {`
`999`	`999`	`$referenceElem->setAttribute('URI', '#'.$signatureElem->parentNode->getAttribute('ID'));`
`1000`	`1000`	`}`
`1001`		`- }`
	`1001`	`+ }`
`1002`	`1002`	`}`
`1003`	`1003`	`} catch (Exception $e) {`
`1004`	`1004`	`continue;`