Issue768 extlib upgrade

classes/auth.php

@@ -70,7 +70,7 @@ class auth extends \auth_plugin_base {
         'idpname'            => '',
         'idpdefaultname'     => '', // Set in constructor.
         'idpmetadata'        => '',
-        'debug'              => 0,
+        'debug'              => null,
         'duallogin'          => saml2_settings::OPTION_DUAL_LOGIN_YES,
         'autologin'          => saml2_settings::OPTION_AUTO_LOGIN_NO,
         'autologincookie'    => '',

classes/store.php

@@ -33,7 +33,7 @@
  * @copyright  2016 Brendan Heywood <brendan@catalyst-au.net>
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
-class store extends \SimpleSAML\Store {
+class store implements \SimpleSAML\Store\StoreInterface {
     /**
      * Retrieve a value from the datastore.
      *
@@ -88,12 +88,10 @@ public function get($type, $key) {
      * @param mixed    $value  The value.
      * @param int|null $expire The expiration time (unix timestamp), or NULL if it never expires.
      */
-    public function set($type, $key, $value, $expire = null) {
+    public function set(string $type, string $key, $value, ?int $expire = null): void {
         global $DB;
 
-        assert(is_string($type));
-        assert(is_string($key));
-        assert(is_null($expire) || (is_int($expire) && $expire > 2592000));
+        assert($expire > 2592000);
 
         if (rand(0, 1000) < 10) {
             $this->delete_expired(); // TODO convert to task.
@@ -133,12 +131,9 @@ public function set($type, $key, $value, $expire = null) {
      * @param string $type The datatype.
      * @param string $key  The key.
      */
-    public function delete($type, $key) {
+    public function delete(string $type, string $key): void {
         global $DB;
 
-        assert(is_string($type));
-        assert(is_string($key));
-
         if (strlen($key) > 50) {
             $key = sha1($key);
         }

config/authsources.php

@@ -63,7 +63,7 @@
     'entityID' => !empty($saml2auth->config->spentityid) ? $saml2auth->config->spentityid : $defaultspentityid,
     'discoURL' => !empty($CFG->auth_saml2_disco_url) ? $CFG->auth_saml2_disco_url : null,
     'idp' => empty($CFG->auth_saml2_disco_url) ? $idpentityid : null,
-    'NameIDPolicy' => $saml2auth->config->nameidpolicy,
+    'NameIDPolicy' => ['Format' => $saml2auth->config->nameidpolicy, 'AllowCreate' => true],
     'OrganizationName' => array(
         $lang => $SITE->shortname,
     ),

config/config.php

@@ -46,7 +46,7 @@
       'baseURL'         => $baseurl . '/auth/saml2/sp/',
     ],
     'certdir'           => $saml2auth->get_saml2_directory() . '/',
-    'debug'             => $saml2auth->is_debugging(),
+    'debug'             => ['saml' => $saml2auth->is_debugging()],
     'logging.level'     => $saml2auth->is_debugging() ? SimpleSAML\Logger::DEBUG : SimpleSAML\Logger::ERR,
     'logging.handler'   => $saml2auth->config->logtofile ? 'file' : 'errorlog',
 

locallib.php

@@ -57,16 +57,16 @@ function auth_saml2_get_sp_metadata($baseurl = '') {
 
     $entityId = $source->getEntityId();
     $spconfig = $source->getMetadata();
-    $store = SimpleSAML\Store::getInstance();
+    \SimpleSAML\Store\StoreFactory::getInstance('\\auth_saml2\\store');
 
     $metaArray20 = array();
 
     $slosvcdefault = array(
         SAML2\Constants::BINDING_HTTP_REDIRECT,
         // SAML2\Constants::BINDING_SOAP, // TODO untested.
     );
+    $slob = $spconfig->getOptionalArray('SingleLogoutServiceBinding', $slosvcdefault);
 
-    $slob = $spconfig->getArray('SingleLogoutServiceBinding', $slosvcdefault);
     $slol = "{$baseurl}/auth/saml2/sp/saml2-logout.php/{$sourceId}";
 
     foreach ($slob as $binding) {
@@ -83,11 +83,11 @@ function auth_saml2_get_sp_metadata($baseurl = '') {
         'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
     );
 
-    if ($spconfig->getString('ProtocolBinding', '') == 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser') {
-        $assertionsconsumerservicesdefault[] = 	'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
+    if ($spconfig->getOptionalString('ProtocolBinding', '') == 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser') {
+     $assertionsconsumerservicesdefault[] = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
     }
 
-    $assertionsconsumerservices = $spconfig->getArray('acs.Bindings', $assertionsconsumerservicesdefault);
+    $assertionsconsumerservices = $spconfig->getOptionalArray('acs.Bindings', $assertionsconsumerservicesdefault);
 
     $index = 0;
     $eps = array();
@@ -124,12 +124,11 @@ function auth_saml2_get_sp_metadata($baseurl = '') {
     $metaArray20['AssertionConsumerService'] = $eps;
 
     $keys = array();
-    $certInfo = SimpleSAML\Utils\Crypto::loadPublicKey($spconfig, FALSE, 'new_');
+    $cryptoUtils = new \SimpleSAML\Utils\Crypto();
+    $certInfo = $cryptoUtils->loadPublicKey($spconfig, FALSE, 'new_');
     if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
         $hasNewCert = TRUE;
 
-        $certData = $certInfo['certData'];
-
         $keys[] = array(
             'type' => 'X509Certificate',
             'signing' => TRUE,
@@ -139,22 +138,20 @@ function auth_saml2_get_sp_metadata($baseurl = '') {
     } else {
         $hasNewCert = FALSE;
     }
+    $certInfo = $cryptoUtils->loadPublicKey($spconfig);
 
-    $certInfo = SimpleSAML\Utils\Crypto::loadPublicKey($spconfig);
     if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
-        $certData = $certInfo['certData'];
 
         $keys[] = array(
             'type' => 'X509Certificate',
             'signing' => TRUE,
             'encryption' => ($hasNewCert ? FALSE : TRUE),
             'X509Certificate' => $certInfo['certData'],
         );
-    } else {
-        $certData = NULL;
     }
 
-    $format = $spconfig->getString('NameIDPolicy', NULL);
+    $format = $spconfig->getOptionalArray('NameIDPolicy', NULL);
+    $format = $format['Format'];
     if ($format !== NULL) {
         $metaArray20['NameIDFormat'] = $format;
     }
@@ -251,7 +248,7 @@ function auth_saml2_get_sp_metadata($baseurl = '') {
     $metaArray20['metadata-set'] = 'saml20-sp-remote';
     $metaArray20['entityid'] = $entityId;
 
-    $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId);
+    $metaBuilder = new \SimpleSAML\Metadata\SAMLBuilder($entityId);
     $metaBuilder->addMetadataSP20($metaArray20, $supported_protocols);
     $metaBuilder->addOrganizationInfo($metaArray20);
 
@@ -267,7 +264,7 @@ function auth_saml2_get_sp_metadata($baseurl = '') {
     }
 
     /* Sign the metadata if enabled. */
-    $xml = SimpleSAML_Metadata_Signer::sign($xml, $spconfig->toArray(), 'SAML 2 SP');
+    $xml = \SimpleSAML\Metadata\Signer::sign($xml, $spconfig->toArray(), 'SAML 2 SP');
 
     // Store the file so it is exactly the same next time.
     file_put_contents($file, $xml);

sp/saml2-acs.php

@@ -31,7 +31,11 @@
 $_SERVER['PATH_INFO'] = '/' . $saml2auth->spname;
 
 try {
-    require($CFG->dirroot.'/auth/saml2/.extlib/simplesamlphp/modules/saml/www/sp/saml2-acs.php');
+    $config = \SimpleSAML\Configuration::getInstance();
+    $session = \SimpleSAML\Session::getSessionFromRequest();
+    $controller = new \SimpleSAML\Module\saml\Controller\ServiceProvider($config, $session);
+    $acs = $controller->assertionConsumerService($saml2auth->spname);
+    $acs->sendContent();
 } catch (Exception $e) {
     throw new saml2_exception($e->getMessage(), $e->getTraceAsString());
 }

sp/saml2-logout.php

@@ -55,8 +55,11 @@
     if (!is_null($session->getAuthState($saml2auth->spname))) {
         $session->registerLogoutHandler($saml2auth->spname, '\auth_saml2\api', 'logout_from_idp_front_channel');
     }
-
-    require('../.extlib/simplesamlphp/modules/saml/www/sp/saml2-logout.php');
+    $config = \SimpleSAML\Configuration::getInstance();
+    $session = \SimpleSAML\Session::getSessionFromRequest();
+    $controller = new \SimpleSAML\Module\saml\Controller\ServiceProvider($config, $session);
+    $acs = $controller->singleLogoutService($saml2auth->spname);
+    $acs->sendContent();
 } catch (Exception $e) {
     // TODO SSPHP uses Exceptions for handling valid conditions, so a succesful
     // logout is an Exception. This is a workaround to just go back to the home