Skip to content

Commit fbd4ee0

Browse files
cicnavicicnavi
committed
WIP Trust Mark Validation
1 parent b69583a commit fbd4ee0

File tree

1 file changed

+26
-5
lines changed

1 file changed

+26
-5
lines changed

src/Utils/FederationParticipationValidator.php

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66

77
use SimpleSAML\Module\oidc\ModuleConfig;
88
use SimpleSAML\Module\oidc\Services\LoggerService;
9+
use SimpleSAML\OpenID\Exceptions\TrustMarkException;
910
use SimpleSAML\OpenID\Federation\TrustChain;
1011

1112
class FederationParticipationValidator
@@ -16,22 +17,42 @@ public function __construct(
1617
) {
1718
}
1819

20+
/**
21+
* @throws \SimpleSAML\Error\ConfigurationError
22+
* @throws \SimpleSAML\OpenID\Exceptions\EntityStatementException
23+
* @throws \SimpleSAML\OpenID\Exceptions\TrustChainException
24+
* @throws \SimpleSAML\OpenID\Exceptions\JwsException
25+
* @throws \SimpleSAML\OpenID\Exceptions\TrustMarkException
26+
*/
1927
public function byTrustMarksFor(TrustChain $trustChain): void
2028
{
2129
$trustAnchor = $trustChain->getResolvedTrustAnchor();
2230

23-
$trustMarkLimitsRules = $this->moduleConfig
24-
->getTrustMarksNeededForFederationParticipationFor($trustAnchor->getIssuer());
31+
$trustMarkLimitsRules = $this->moduleConfig->getTrustMarksNeededForFederationParticipationFor(
32+
$trustAnchor->getIssuer(),
33+
);
2534

2635
if (empty($trustMarkLimitsRules)) {
27-
$this->loggerService->debug('No Trust Mark limits emposed for ' . $trustAnchor->getIssuer());
36+
$this->loggerService->debug('No Trust Mark limits imposed for ' . $trustAnchor->getIssuer());
2837
return;
2938
}
3039

3140
$this->loggerService->debug('Trust Mark limits for ' . $trustAnchor->getIssuer(), $trustMarkLimitsRules);
3241

33-
//$leaf = $trustChain->getResolvedLeaf();
34-
//$leafTrustMarks = $leaf->getTrustMarks();
42+
$leaf = $trustChain->getResolvedLeaf();
43+
$leafTrustMarks = $leaf->getTrustMarks();
44+
45+
if (is_null($leafTrustMarks)) {
46+
$error = sprintf(
47+
'Leaf entity %s does not have any Trust Marks available.',
48+
$leaf->getIssuer(),
49+
);
50+
51+
$this->loggerService->error($error, compact('trustMarkLimitsRules'));
52+
throw new TrustMarkException($error);
53+
}
54+
55+
// Leaf has some Trust Marks.
3556

3657
// TODO mivanci continue
3758
}

0 commit comments

Comments
 (0)