First pass at adding compression settings for both requests and respo…

…nses.

lib/Saml2/AuthnRequest.php

@@ -141,8 +141,12 @@ public function __construct(OneLogin_Saml2_Settings $settings, $forceAuthn = fal
      */
     public function getRequest()
     {
-        $deflatedRequest = gzdeflate($this->_authnRequest);
-        $base64Request = base64_encode($deflatedRequest);
+        $subject = $this->_authnRequest;
+        if ($this->_settings->shouldCompressRequests()) {
+            $subject = gzdeflate($this->_authnRequest);
+        }
+
+        $base64Request = base64_encode($subject);
         return $base64Request;
     }
 

lib/Saml2/LogoutRequest.php

@@ -55,7 +55,7 @@ public function __construct(OneLogin_Saml2_Settings $settings, $request = null,
 
             $nameIdValue = OneLogin_Saml2_Utils::generateUniqueID();
             $issueInstant = OneLogin_Saml2_Utils::parseTime2SAML(time());
-            
+
             $cert = null;
             if (isset($security['nameIdEncrypted']) && $security['nameIdEncrypted']) {
                 $cert = $idpData['x509cert'];
@@ -114,8 +114,12 @@ public function __construct(OneLogin_Saml2_Settings $settings, $request = null,
      */
     public function getRequest()
     {
-        $deflatedRequest = gzdeflate($this->_logoutRequest);
-        return base64_encode($deflatedRequest);
+        $subject = $this->_logoutRequest;
+        if ($this->_settings->shouldCompressRequests()) {
+            $subject = gzdeflate($this->_logoutRequest);
+        }
+
+        return base64_encode($subject);
     }
 
     /**
@@ -143,7 +147,7 @@ public static function getID($request)
      *
      * @param string|DOMDocument $request Logout Request Message
      * @param string|null        $key     The SP key
-     *     
+     *
      * @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
      *
      * @throws Exception
@@ -235,11 +239,11 @@ public static function getIssuer($request)
     /**
      * Gets the SessionIndexes from the Logout Request.
      * Notice: Our Constructor only support 1 SessionIndex but this parser
-     *         extracts an array of all the  SessionIndex found on a  
+     *         extracts an array of all the  SessionIndex found on a
      *         Logout Request, that could be many.
      *
      * @param string|DOMDocument $request Logout Request Message
-     * 
+     *
      * @return array The SessionIndex value
      */
     public static function getSessionIndexes($request)
@@ -283,7 +287,7 @@ public function isValid($retrieveParametersFromServer=false)
                         throw new Exception("Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd");
                     }
                 }
-                
+
                 $currentURL = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();
 
                 // Check NotOnOrAfter
@@ -375,7 +379,7 @@ public function isValid($retrieveParametersFromServer=false)
 
     /* After execute a validation process, if fails this method returns the cause
      *
-     * @return string Cause 
+     * @return string Cause
      */
     public function getError()
     {

lib/Saml2/LogoutResponse.php

@@ -71,7 +71,7 @@ public function getIssuer()
 
     /**
      * Gets the Status of the Logout Response.
-     * 
+     *
      * @return string The Status
      */
     public function getStatus()
@@ -213,7 +213,7 @@ private function _query($query)
     /**
      * Generates a Logout Response object.
      *
-     * @param string $inResponseTo InResponseTo value for the Logout Response. 
+     * @param string $inResponseTo InResponseTo value for the Logout Response.
      */
     public function build($inResponseTo)
     {
@@ -249,13 +249,16 @@ public function build($inResponseTo)
      */
     public function getResponse()
     {
-        $deflatedResponse = gzdeflate($this->_logoutResponse);
-        return base64_encode($deflatedResponse);
+        $subject = $this->_logoutResponse;
+        if ($this->_settings->shouldCompressResponses()) {
+            $subject = gzdeflate($this->_logoutResponse);
+        }
+        return base64_encode($subject);
     }
 
     /* After execute a validation process, if fails this method returns the cause.
      *
-     * @return string Cause 
+     * @return string Cause
      */
     public function getError()
     {

lib/Saml2/Settings.php

@@ -44,6 +44,14 @@ class OneLogin_Saml2_Settings
      */
     private $_idp = array();
 
+    /**
+     * Compression settings that determine
+     * whether gzip compression should be used.
+     *
+     * @var array
+     */
+    private $_compress = array();
+
     /**
      * Security Info related to the SP.
      *
@@ -232,6 +240,10 @@ private function _loadSettingsFromArray($settings)
                 $this->_debug = $settings['debug'];
             }
 
+            if (isset($settings['compress'])) {
+                $this->_compress = $settings['compress'];
+            }
+
             if (isset($settings['security'])) {
                 $this->_security = $settings['security'];
             }
@@ -297,6 +309,14 @@ private function _addDefaultValues()
             $this->_sp['singleLogoutService']['binding'] = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT;
         }
 
+        if (!isset($this->_compress['requests'])) {
+            $this->_compress['requests'] = true;
+        }
+
+        if (!isset($this->_compress['responses'])) {
+            $this->_compress['responses'] = true;
+        }
+
         // Related to nameID
         if (!isset($this->_sp['NameIDFormat'])) {
             $this->_sp['NameIDFormat'] = OneLogin_Saml2_Constants::NAMEID_UNSPECIFIED;
@@ -393,11 +413,45 @@ public function checkSettings($settings)
             }
             $spErrors = $this->checkSPSettings($settings);
             $errors = array_merge($spErrors, $errors);
+
+            $compressErrors = $this->checkCompressionSettings($settings);
+            $errors = array_merge($compressErrors, $errors);
         }
 
         return $errors;
     }
 
+    /**
+     * Checks the compression settings info.
+     *
+     * @param array $settings Array with settings data
+     *
+     * @return array $errors  Errors found on the settings data
+     */
+    public function checkCompressionSettings($settings)
+    {
+        $errors = array();
+
+        if (isset($settings['compress'])) {
+            if (!is_array($settings['compress'])) {
+                $errors[] = "invalid_syntax";
+            } else if (
+                isset($settings['compress']['requests'])
+                && $settings['compress']['requests'] !== true
+                && $settings['compress']['requests'] !== false
+            ) {
+                $errors[] = "'compress'=>'requests' values must be true or false.";
+            } else if (
+                isset($settings['compress']['responses'])
+                && $settings['compress']['responses'] !== true
+                && $settings['compress']['responses'] !== false
+            ) {
+                $errors[] = "'compress'=>'responses' values must be true or false.";
+            }
+        }
+        return $errors;
+    }
+
     /**
      * Checks the IdP settings info.
      *
@@ -665,6 +719,26 @@ public function getOrganization()
         return $this->_organization;
     }
 
+    /**
+    * Should SAML requests be compressed?
+    *
+    * @return bool Yes/No as True/False
+    */
+    public function shouldCompressRequests()
+    {
+        return $this->_compress['requests'];
+    }
+
+    /**
+    * Should SAML responses be compressed?
+    *
+    * @return bool Yes/No as True/False
+    */
+    public function shouldCompressResponses()
+    {
+        return $this->_compress['responses'];
+    }
+
     /**
      * Gets the SP metadata. The XML representation.
      *

tests/settings/settings1.php

@@ -22,7 +22,10 @@
             ),
             'x509cert' => 'MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo',
         ),
-
+        'compress' => array(
+            'requests' => true,
+            'responses' => true
+        ),
         'security' => array (
             'authnRequestsSigned' => false,
             'wantAssertionsSigned' => false,
@@ -46,4 +49,4 @@
                 'url' => 'http://sp.example.com',
             ),
         ),
-    );
+    );

tests/settings/settings2.php

@@ -25,7 +25,10 @@
         ),
         'x509cert' => 'MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo',
     ),
-
+    'compress' => array(
+        'requests' => false,
+        'responses' => false
+    ),
     'security' => array (
         'authnRequestsSigned' => false,
         'wantAssertionsSigned' => false,

tests/src/OneLogin/Saml2/AuthnRequestTest.php

@@ -226,4 +226,43 @@ public function testCreateEncSAMLRequest()
         $this->assertRegExp('#Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"#', $message);
         $this->assertRegExp('#ProviderName="SP prueba"#', $message);
     }
+
+    /**
+    * Tests that a 'true' value for compress => requests gets honored when we
+    * try to obtain the request payload from getRequest()
+    *
+    * @covers OneLogin_Saml2_AuthnRequest::getRequest()
+    */
+    public function testWeCanChooseToCompressARequest()
+    {
+        //Test that we can compress.
+        $settingsDir = TEST_ROOT .'/settings/';
+        include $settingsDir.'settings1.php';
+
+        $settings = new OneLogin_Saml2_Settings($settingsInfo);
+        $authnRequest = new OneLogin_Saml2_AuthnRequest($settings);
+        $payload = $authnRequest->getRequest();
+        $decoded = base64_decode($payload);
+        $decompressed = gzinflate($decoded);
+        $this->assertRegExp('#^<samlp:AuthnRequest#', $decompressed);
+    }
+
+    /**
+    * Tests that a 'false' value for compress => requests gets honored when we
+    * try to obtain the request payload from getRequest()
+    *
+    * @covers OneLogin_Saml2_AuthnRequest::getRequest()
+    */
+    public function testWeCanChooseNotToCompressARequest()
+    {
+        //Test that we can choose not to compress the request payload.
+        $settingsDir = TEST_ROOT .'/settings/';
+        include $settingsDir.'settings2.php';
+
+        $settings = new OneLogin_Saml2_Settings($settingsInfo);
+        $authnRequest = new OneLogin_Saml2_AuthnRequest($settings);
+        $payload = $authnRequest->getRequest();
+        $decoded = base64_decode($payload);
+        $this->assertRegExp('#^<samlp:AuthnRequest#', $decoded);
+    }
 }