v.3.17.0

- fix: SPID compliant certificates - fix: metadata spid namespaces - feat: add function getIdPList
italia · Jul 27, 2023 · 9275ade · 9275ade
2 parents 6bc423f + 76ccaf6
commit 9275ade
Show file tree

Hide file tree

Showing 6 changed files with 604 additions and 29 deletions.
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "config": {
-        "version": "3.16.0",
+        "version": "3.17.0",
         "allow-plugins": {
             "simplesamlphp/composer-module-installer": true
         }

diff --git a/setup/Setup.php b/setup/Setup.php
@@ -834,7 +834,7 @@ public static function setup(Event $event) {
 		        $config['installDir'] . "/vendor/simplesamlphp/simplesamlphp/cert"
 		    );
 		    echo $colors->getColoredString("\nConfiguring OpenSSL... ", "white");
-		    if (!file_exists('openssl.cnf')) {
+		    if (!file_exists('spid-php-openssl.cnf')) {
 		        $openssl_config = fopen("spid-php-openssl.cnf", "w");
 		        fwrite($openssl_config, "oid_section = spid_oids\n");
 
@@ -848,8 +848,12 @@ public static function setup(Event $event) {
 
 		        fwrite($openssl_config, "\n[ spid_oids ]\n");
 		        //fwrite($openssl_config, "organizationIdentifier=2.5.4.97\n");
-		        fwrite($openssl_config, "spid-privatesector-SP=1.3.76.16.4.3.1\n");
-		        fwrite($openssl_config, "spid-publicsector-SP=1.3.76.16.4.2.1\n");
+		        fwrite($openssl_config, "agidcert=1.3.76.16.6\n");
+						if($config['spIsPublicAdministration']) {
+							fwrite($openssl_config, "spid-publicsector-SP=1.3.76.16.4.2.1\n");
+						} else {
+							fwrite($openssl_config, "spid-privatesector-SP=1.3.76.16.4.3.1\n");
+						}
 		        fwrite($openssl_config, "uri=2.5.4.83\n");
 
 		        fwrite($openssl_config, "\n[ dn ]\n");
@@ -862,7 +866,16 @@ public static function setup(Event $event) {
 		        //fwrite($openssl_config, "serialNumber=" . $config['spOrganizationCode'] . "\n");
 
 		        fwrite($openssl_config, "\n[ req_ext ]\n");
-		        fwrite($openssl_config, "certificatePolicies = @spid_policies\n");
+		        fwrite($openssl_config, "basicConstraints=CA:FALSE\n");
+		        fwrite($openssl_config, "keyUsage=critical,digitalSignature,nonRepudiation\n");
+		        fwrite($openssl_config, "certificatePolicies=@agid_policies,@spid_policies\n");
+
+		        fwrite($openssl_config, "\n[ agid_policies ]\n");
+		        fwrite($openssl_config, "policyIdentifier=agidcert\n");
+		        fwrite($openssl_config, "userNotice=@agidcert_notice\n");
+
+						fwrite($openssl_config, "\n[ agidcert_notice ]\n");
+		        fwrite($openssl_config, "explicitText=\"agIDcert\"\n");
 
 		        fwrite($openssl_config, "\n[ spid_policies ]\n");
 		        switch ($config['spIsPublicAdministration']) {
@@ -878,7 +891,16 @@ public static function setup(Event $event) {
 		                die();
 		                break;
 		        }
-		        echo $colors->getColoredString("OK\n", "green");
+		        fwrite($openssl_config, "userNotice=@spid_notice\n");
+
+		        fwrite($openssl_config, "\n[ spid_notice ]\n");
+						if($config['spIsPublicAdministration']) {
+							fwrite($openssl_config, "explicitText=\"cert_SP_Pub\"\n");
+						} else {
+							fwrite($openssl_config, "explicitText=\"cert_SP_Priv\"\n");
+						}
+
+					echo $colors->getColoredString("OK\n", "green");
 		    } 
 		    shell_exec(
 		            "openssl req -new -x509 -config spid-php-openssl.cnf -days 730 " .
@@ -908,7 +930,7 @@ public static function setup(Event $event) {
 		        $config['installDir'] . "/vendor/simplesamlphp/simplesamlphp/cert"
 		    );
 		    echo $colors->getColoredString("\nConfiguring OpenSSL... ", "white");
-		    if (!file_exists('openssl.cnf')) {
+		    if (!file_exists('cie-php-openssl.cnf')) {
 		        $openssl_config = fopen("cie-php-openssl.cnf", "w");
 		        fwrite($openssl_config, "oid_section = cie_oids\n");
 

diff --git a/setup/sdk/spid-php.tpl b/setup/sdk/spid-php.tpl
@@ -20,28 +20,29 @@
             {{IDPS}}
         }
 
-        public function isSPIDEnabled() {
-            return self::SPID_ENABLED;
-        }
-
-        public function isCIEEnabled() {
-            return self::CIE_ENABLED;
-        }
-
         public function getIdPList() {
             require_once("vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php");
-            $list = array();
-            foreach($this->idps as $code=>$entity_id) {
+            
+            $list = [];
+            foreach($this->idps as $code => $entity_id) {
                 array_push($list, array(
                     'name' => $metadata[$entity_id]['name']['it'],
+                    'entity_id' => $entity_id,
                     'code' => $code,
-                    'image' => $metadata[$entity_id]['icon']
+                    'logo_uri' => $metadata[$entity_id]['icon']
                 ));
             }
-
             return $list;
         }
 
+	      public function isSPIDEnabled() {
+	        return self::SPID_ENABLED;
+	      }
+
+	      public function isCIEEnabled() {
+	        return self::CIE_ENABLED;
+	      }
+
         public function getIdP() {
             return $this->spid_auth->getAuthData('saml:sp:IdP');
         }

diff --git a/setup/simplesamlphp/saml2/src/SAML2/XML/md/ContactPerson.php b/setup/simplesamlphp/saml2/src/SAML2/XML/md/ContactPerson.php
@@ -104,7 +104,7 @@ public function __construct(DOMElement $xml = null)
         if ($xml->hasAttribute('entityType')) {
             // SPID Entity Type (Avviso SPID n.19 v.4)
             if(substr($xml->getAttribute('entityType'), 0, 5)=='spid:') {
-                $this->setEntityType($xml->getAttribute('entityType'), 'spid');
+                $this->setEntityType($xml->getAttribute('entityType'), 'spid:https://spid.gov.it/saml-extensions');
             } else {
                 $this->setEntityType($xml->getAttribute('entityType'));
             }
@@ -219,13 +219,8 @@ public function setContactType(string $contactType) : void
      */
     public function setEntityType(string $entityType, string $ns=null) : void
     {
-        if($ns!=null && $ns!='') {
-            $this->entityType = $ns.':'.$entityType;
-            $this->entityTypeNS = $ns;
-        } else {
             $this->entityType = $entityType;
-            $this->entityTypeNS = null;
-        }
+            $this->entityTypeNS = $ns;
     }
 
 
@@ -457,7 +452,8 @@ public function toXML(DOMElement $parent) : DOMElement
         $e->setAttribute('contactType', $this->getContactType());
 
         if ($this->entityType != null) {
-            $e->setAttribute($this->entityTypeNS . ($this->entityTypeNS? ':' : '') . 'entityType', $this->getEntityType());
+            $attribute = ($this->entityTypeNS=='spid:https://spid.gov.it/saml-extensions')? 'spid:entityType' : 'entityType';
+            $e->setAttribute($attribute, $this->entityType);
         }
 
         foreach ($this->getContactPersonAttributes() as $attr => $val) {