WIP

Author: cicnavi

src/Codebooks/ClaimsEnum.php

@@ -173,6 +173,10 @@ enum ClaimsEnum: string
 
     case Expiration_Date = 'expirationDate';
 
+    case Entities = 'entities';
+
+    case EntityId = 'entity_id';
+
     case EntityTypes = 'entity_types';
 
     case FederationCollectionEndpoint = 'federation_collection_endpoint';
@@ -257,6 +261,8 @@ enum ClaimsEnum: string
 
     case Keys = 'keys';
 
+    case LastUpdated = 'last_updated';
+
     case Length = 'length';
 
     case Locale = 'locale';
@@ -276,6 +282,8 @@ enum ClaimsEnum: string
 
     case Name = 'name';
 
+    case Next = 'next';
+
     case Nonce = 'nonce';
 
     case NonceEndpoint = 'nonce_endpoint';
@@ -434,6 +442,9 @@ enum ClaimsEnum: string
     // TransactionCode
     case TxCode = 'tx_code';
 
+    // UI Infos
+    case UiInfos = 'ui_infos';
+
     // UserInterfaceLocalesSupported
     case UiLocalesSupported = 'ui_locales_supported';
 

src/Federation.php

@@ -19,13 +19,14 @@
 use SimpleSAML\OpenID\Factories\DateIntervalDecoratorFactory;
 use SimpleSAML\OpenID\Factories\HttpClientDecoratorFactory;
 use SimpleSAML\OpenID\Factories\JwsSerializerManagerDecoratorFactory;
-use SimpleSAML\OpenID\Federation\CacheEntityCollectionStore;
-use SimpleSAML\OpenID\Federation\EntityCollectionBuilder;
-use SimpleSAML\OpenID\Federation\EntityCollectionFetcher;
-use SimpleSAML\OpenID\Federation\EntityCollectionFilter;
-use SimpleSAML\OpenID\Federation\EntityCollectionPaginator;
-use SimpleSAML\OpenID\Federation\EntityCollectionSorter;
-use SimpleSAML\OpenID\Federation\EntityCollectionStoreInterface;
+use SimpleSAML\OpenID\Federation\EntityCollection\CacheEntityCollectionStore;
+use SimpleSAML\OpenID\Federation\EntityCollection\EntityCollectionFetcher;
+use SimpleSAML\OpenID\Federation\EntityCollection\EntityCollectionFilter;
+use SimpleSAML\OpenID\Federation\EntityCollection\EntityCollectionPaginator;
+use SimpleSAML\OpenID\Federation\EntityCollection\EntityCollectionResponseFactory;
+use SimpleSAML\OpenID\Federation\EntityCollection\EntityCollectionSorter;
+use SimpleSAML\OpenID\Federation\EntityCollection\EntityCollectionStoreInterface;
+use SimpleSAML\OpenID\Federation\EntityCollection\InMemoryEntityCollectionStore;
 use SimpleSAML\OpenID\Federation\EntityStatementFetcher;
 use SimpleSAML\OpenID\Federation\Factories\EntityStatementFactory;
 use SimpleSAML\OpenID\Federation\Factories\RequestObjectFactory;
@@ -35,15 +36,13 @@
 use SimpleSAML\OpenID\Federation\Factories\TrustMarkFactory;
 use SimpleSAML\OpenID\Federation\Factories\TrustMarkStatusResponseFactory;
 use SimpleSAML\OpenID\Federation\FederationDiscovery;
-use SimpleSAML\OpenID\Federation\InMemoryEntityCollectionStore;
 use SimpleSAML\OpenID\Federation\MetadataPolicyApplicator;
 use SimpleSAML\OpenID\Federation\MetadataPolicyResolver;
 use SimpleSAML\OpenID\Federation\SubordinateListingFetcher;
 use SimpleSAML\OpenID\Federation\TrustChainResolver;
 use SimpleSAML\OpenID\Federation\TrustMarkFetcher;
 use SimpleSAML\OpenID\Federation\TrustMarkStatusResponseFetcher;
 use SimpleSAML\OpenID\Federation\TrustMarkValidator;
-use SimpleSAML\OpenID\Helpers;
 use SimpleSAML\OpenID\Jwks\Factories\JwksDecoratorFactory;
 use SimpleSAML\OpenID\Jws\Factories\JwsDecoratorBuilderFactory;
 use SimpleSAML\OpenID\Jws\Factories\JwsVerifierDecoratorFactory;
@@ -85,7 +84,7 @@ class Federation
 
     protected ?EntityCollectionPaginator $entityCollectionPaginator = null;
 
-    protected ?EntityCollectionBuilder $entityCollectionBuilder = null;
+    protected ?EntityCollectionResponseFactory $entityCollectionBuilder = null;
 
     protected ?EntityStatementFetcher $entityStatementFetcher = null;
 
@@ -154,6 +153,7 @@ public function __construct(
         // phpcs:ignore
         protected readonly TrustMarkStatusEndpointUsagePolicyEnum $defaultTrustMarkStatusEndpointUsagePolicyEnum = TrustMarkStatusEndpointUsagePolicyEnum::NotUsed,
         int $maxDiscoveryDepth = 10,
+        protected ?EntityCollectionStoreInterface $entityCollectionStore = null,
     ) {
         $this->maxCacheDurationDecorator = $this->dateIntervalDecoratorFactory()->build($maxCacheDuration);
         $this->timestampValidationLeewayDecorator = $this->dateIntervalDecoratorFactory()
@@ -360,17 +360,30 @@ public function subordinateListingFetcher(): SubordinateListingFetcher
     }
 
 
-    public function federationDiscovery(?EntityCollectionStoreInterface $store = null): FederationDiscovery
+    public function entityCollectionStore(): EntityCollectionStoreInterface
     {
-        if (!$this->federationDiscovery instanceof \SimpleSAML\OpenID\Federation\FederationDiscovery) {
-            $effectiveStore = $store ?? ($this->cacheDecorator() instanceof \SimpleSAML\OpenID\Decorators\CacheDecorator
-                ? new CacheEntityCollectionStore($this->cacheDecorator())
-                : new InMemoryEntityCollectionStore());
+        if ($this->entityCollectionStore instanceof Federation\EntityCollection\EntityCollectionStoreInterface) {
+            return $this->entityCollectionStore;
+        }
+
+        return $this->entityCollectionStore =
+        $this->cacheDecorator() instanceof \SimpleSAML\OpenID\Decorators\CacheDecorator ?
+        new CacheEntityCollectionStore(
+            $this->cacheDecorator(),
+            $this->helpers(),
+            $this->logger,
+        ) :
+        new InMemoryEntityCollectionStore();
+    }
+
 
+    public function federationDiscovery(): FederationDiscovery
+    {
+        if (!$this->federationDiscovery instanceof \SimpleSAML\OpenID\Federation\FederationDiscovery) {
             $this->federationDiscovery = new FederationDiscovery(
                 $this->entityStatementFetcher(),
                 $this->subordinateListingFetcher(),
-                $effectiveStore,
+                $this->entityCollectionStore(),
                 $this->maxCacheDurationDecorator(),
                 $this->logger,
                 $this->maxDiscoveryDepth,
@@ -405,18 +418,16 @@ public function entityCollectionSorter(): EntityCollectionSorter
 
     public function entityCollectionPaginator(): EntityCollectionPaginator
     {
-        return $this->entityCollectionPaginator ??= new EntityCollectionPaginator();
+        return $this->entityCollectionPaginator ??= new EntityCollectionPaginator(
+            $this->helpers(),
+        );
     }
 
 
-    /**
-     * @param \SimpleSAML\OpenID\Federation\EntityCollectionStoreInterface|null $store  Forwarded to
-     * federationDiscovery()
-     */
-    public function entityCollectionBuilder(?EntityCollectionStoreInterface $store = null): EntityCollectionBuilder
+    public function entityCollectionResponseFactory(): EntityCollectionResponseFactory
     {
-        return $this->entityCollectionBuilder ??= new EntityCollectionBuilder(
-            $this->federationDiscovery($store),
+        return $this->entityCollectionBuilder ??= new EntityCollectionResponseFactory(
+            $this->federationDiscovery(),
             $this->entityCollectionFilter(),
             $this->entityCollectionSorter(),
             $this->entityCollectionPaginator(),

src/Federation/CacheEntityCollectionStore.php

@@ -10,7 +10,16 @@ class EntityCollection
      * @param array<string, \SimpleSAML\OpenID\Federation\EntityStatement> $entities  Keyed by entity ID
      */
     public function __construct(
-        public readonly array $entities,
+        protected readonly array $entities,
     ) {
     }
+
+
+    /**
+     * @return array<string, \SimpleSAML\OpenID\Federation\EntityStatement>
+     */
+    public function all(): array
+    {
+        return $this->entities;
+    }
 }

src/Federation/EntityCollection.php

@@ -0,0 +1,77 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\OpenID\Federation\EntityCollection;
+
+use Psr\Log\LoggerInterface;
+use SimpleSAML\OpenID\Decorators\CacheDecorator;
+use SimpleSAML\OpenID\Helpers;
+use Throwable;
+
+class CacheEntityCollectionStore implements EntityCollectionStoreInterface
+{
+    protected const PREFIX = 'federation_entity_ids';
+
+
+    public function __construct(
+        protected readonly CacheDecorator $cacheDecorator,
+        protected readonly Helpers $helpers,
+        protected readonly ?LoggerInterface $logger,
+    ) {
+    }
+
+
+    public function storeEntityIds(string $trustAnchorId, array $entityIds, int $ttl): void
+    {
+        try {
+            $this->cacheDecorator->set(
+                $this->helpers->json()->encode($entityIds),
+                $ttl,
+                self::PREFIX,
+                $trustAnchorId,
+            );
+        } catch (Throwable $throwable) {
+            $this->logger?->error('Unable to store entity IDs in cache.', [
+                'trustAnchorId' => $trustAnchorId,
+                'entityIds' => $entityIds,
+                'exception_message' => $throwable->getMessage(),
+            ]);
+        }
+    }
+
+
+    public function getEntityIds(string $trustAnchorId): ?array
+    {
+        try {
+            /** @var ?string $cached */
+            $cached = $this->cacheDecorator->get(null, self::PREFIX, $trustAnchorId);
+
+            if (is_null($cached)) {
+                return null;
+            }
+
+            $decoded = $this->helpers->json()->decode($cached);
+            return $this->helpers->type()->ensureArrayWithValuesAsNonEmptyStrings($decoded);
+        } catch (Throwable $throwable) {
+            $this->logger?->error('Unable to retrieve entity IDs from cache.', [
+                'trustAnchorId' => $trustAnchorId,
+                'exception_message' => $throwable->getMessage(),
+            ]);
+            return null;
+        }
+    }
+
+
+    public function clearEntityIds(string $trustAnchorId): void
+    {
+        try {
+            $this->cacheDecorator->delete(self::PREFIX, $trustAnchorId);
+        } catch (Throwable $throwable) {
+            $this->logger?->error('Unable to clear entity IDs from cache.', [
+                'trustAnchorId' => $trustAnchorId,
+                'exception_message' => $throwable->getMessage(),
+            ]);
+        }
+    }
+}

src/Federation/EntityCollection/CacheEntityCollectionStore.php

@@ -2,23 +2,23 @@
 
 declare(strict_types=1);
 
-namespace SimpleSAML\OpenID\Federation;
+namespace SimpleSAML\OpenID\Federation\EntityCollection;
 
 use JsonSerializable;
 use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
 
 class EntityCollectionEntry implements JsonSerializable
 {
     /**
-     * @param non-empty-string        $entityId
-     * @param non-empty-string[]      $entityTypes
-     * @param array<string,mixed>|null $uiInfo   Logo, display name, etc.
+     * @param non-empty-string $entityId
+     * @param non-empty-string[] $entityTypes
+     * @param array<string,mixed>|null $uiInfos   Logo, display name, etc.
      * @param array<array<mixed>>|null $trustMarks
      */
     public function __construct(
         public readonly string $entityId,
         public readonly array $entityTypes,
-        public readonly ?array $uiInfo = null,
+        public readonly ?array $uiInfos = null,
         public readonly ?array $trustMarks = null,
     ) {
     }
@@ -28,19 +28,19 @@ public function __construct(
      * @return array{
      *     entity_id: non-empty-string,
      *     entity_types: non-empty-string[],
-     *     ui_info?: array<string,mixed>,
+     *     ui_infos?: array<string,mixed>,
      *     trust_marks?: array<array<mixed>>
      * }
      */
     public function jsonSerialize(): array
     {
         $data = [
-            'entity_id' => $this->entityId,
+            ClaimsEnum::EntityId->value => $this->entityId,
             ClaimsEnum::EntityTypes->value => $this->entityTypes,
         ];
 
-        if (!is_null($this->uiInfo)) {
-            $data['ui_info'] = $this->uiInfo;
+        if (!is_null($this->uiInfos)) {
+            $data[ClaimsEnum::UiInfos->value] = $this->uiInfos;
         }
 
         if (!is_null($this->trustMarks)) {