public function checkSPSettings($settings)
{
assert('is_array($settings)');
if (!is_array($settings) || empty($settings)) {
return array('invalid_syntax');
}
$errors = array();
if (!isset($settings['sp']) || empty($settings['sp'])) {
$errors[] = 'sp_not_found';
} else {
$sp = $settings['sp'];
$security = array();
if (isset($settings['security'])) {
$security = $settings['security'];
}
if (!isset($sp['entityId']) || empty($sp['entityId'])) {
$errors[] = 'sp_entityId_not_found';
}
if (!isset($sp['assertionConsumerService']) || !isset($sp['assertionConsumerService']['url']) || empty($sp['assertionConsumerService']['url'])) {
$errors[] = 'sp_acs_not_found';
} else {
if (!filter_var($sp['assertionConsumerService']['url'], FILTER_VALIDATE_URL)) {
$errors[] = 'sp_acs_url_invalid';
}
}
if (isset($sp['singleLogoutService']) && isset($sp['singleLogoutService']['url']) && !filter_var($sp['singleLogoutService']['url'], FILTER_VALIDATE_URL)) {
$errors[] = 'sp_sls_url_invalid';
}
if (isset($security['signMetadata']) && is_array($security['signMetadata'])) {
if (!isset($security['signMetadata']['keyFileName']) || !isset($security['signMetadata']['certFileName'])) {
$errors[] = 'sp_signMetadata_invalid';
}
}
if ((isset($security['authnRequestsSigned']) && $security['authnRequestsSigned'] == true || isset($security['logoutRequestSigned']) && $security['logoutRequestSigned'] == true || isset($security['logoutResponseSigned']) && $security['logoutResponseSigned'] == true || isset($security['wantAssertionsEncrypted']) && $security['wantAssertionsEncrypted'] == true || isset($security['wantNameIdEncrypted']) && $security['wantNameIdEncrypted'] == true) && !$this->checkSPCerts()) {
$errors[] = 'sp_certs_not_found_and_required';
}
}
if (isset($settings['contactPerson'])) {
$types = array_keys($settings['contactPerson']);
$validTypes = array('technical', 'support', 'administrative', 'billing', 'other');
foreach ($types as $type) {
if (!in_array($type, $validTypes)) {
$errors[] = 'contact_type_invalid';
break;
}
}
foreach ($settings['contactPerson'] as $type => $contact) {
if (!isset($contact['givenName']) || empty($contact['givenName']) || !isset($contact['emailAddress']) || empty($contact['emailAddress'])) {
$errors[] = 'contact_not_enought_data';
break;
}
}
}
if (isset($settings['organization'])) {
foreach ($settings['organization'] as $organization) {
if (!isset($organization['name']) || empty($organization['name']) || !isset($organization['displayname']) || empty($organization['displayname']) || !isset($organization['url']) || empty($organization['url'])) {
$errors[] = 'organization_not_enought_data';
break;
}
}
}
return $errors;
}