public function checkIdPSettings($settings)
{
assert('is_array($settings)');
if (!is_array($settings) || empty($settings)) {
return array('invalid_syntax');
}
$errors = array();
if (!isset($settings['idp']) || empty($settings['idp'])) {
$errors[] = 'idp_not_found';
} else {
$idp = $settings['idp'];
if (!isset($idp['entityId']) || empty($idp['entityId'])) {
$errors[] = 'idp_entityId_not_found';
}
if (!isset($idp['singleSignOnService']) || !isset($idp['singleSignOnService']['url']) || empty($idp['singleSignOnService']['url'])) {
$errors[] = 'idp_sso_not_found';
} else {
if (!filter_var($idp['singleSignOnService']['url'], FILTER_VALIDATE_URL)) {
$errors[] = 'idp_sso_url_invalid';
}
}
if (isset($idp['singleLogoutService']) && isset($idp['singleLogoutService']['url']) && !empty($idp['singleLogoutService']['url']) && !filter_var($idp['singleLogoutService']['url'], FILTER_VALIDATE_URL)) {
$errors[] = 'idp_slo_url_invalid';
}
if (isset($settings['security'])) {
$security = $settings['security'];
$existsX509 = isset($idp['x509cert']) && !empty($idp['x509cert']);
$existsFingerprint = isset($idp['certFingerprint']) && !empty($idp['certFingerprint']);
if ((isset($security['wantAssertionsSigned']) && $security['wantAssertionsSigned'] == true || isset($security['wantMessagesSigned']) && $security['wantMessagesSigned'] == true) && !($existsX509 || $existsFingerprint)) {
$errors[] = 'idp_cert_or_fingerprint_not_found_and_required';
}
if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted'] == true && !$existsX509) {
$errors[] = 'idp_cert_not_found_and_required';
}
}
}
return $errors;
}