OpenConext
diff --git a/‎app/config/parameters.yml.dist‎
Lines changed: 1 addition & 1 deletion b/‎app/config/parameters.yml.dist‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎library/EngineBlock/Application/DiContainer.php‎
Lines changed: 6 additions & 6 deletions b/‎library/EngineBlock/Application/DiContainer.php‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎library/EngineBlock/Application/TestDiContainer.php‎
Lines changed: 33 additions & 1 deletion b/‎library/EngineBlock/Application/TestDiContainer.php‎
Lines changed: 33 additions & 1 deletion
diff --git a/‎library/EngineBlock/Corto/Filter/Command/SRAMTestFilter.php‎
Lines changed: 54 additions & 51 deletions b/‎library/EngineBlock/Corto/Filter/Command/SRAMTestFilter.php‎
Lines changed: 54 additions & 51 deletions
diff --git a/‎library/EngineBlock/Corto/Filter/Input.php‎
Lines changed: 1 addition & 8 deletions b/‎library/EngineBlock/Corto/Filter/Input.php‎
Lines changed: 1 addition & 8 deletions
diff --git a/‎library/EngineBlock/Exception/SbsCheckFailed.php‎
Lines changed: 21 additions & 0 deletions b/‎library/EngineBlock/Exception/SbsCheckFailed.php‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎src/OpenConext/EngineBlock/SRAM/SRAMEndpoint.php‎
Lines changed: 0 additions & 87 deletions b/‎src/OpenConext/EngineBlock/SRAM/SRAMEndpoint.php‎
Lines changed: 0 additions & 87 deletions
diff --git a/‎src/OpenConext/EngineBlockBundle/Exception/InvalidSbsResponseException.php‎
Lines changed: 23 additions & 0 deletions b/‎src/OpenConext/EngineBlockBundle/Exception/InvalidSbsResponseException.php‎
Lines changed: 23 additions & 0 deletions
@@ -230,7 +230,7 @@ parameters:
     feature_enable_consent: true
     feature_stepup_sfo_override_engine_entityid: false
     feature_enable_idp_initiated_flow: true
-    feature_enable_sram_interrupt: true
+    feature_enable_sram_interrupt: false
 
     ##########################################################################################
     ## PROFILE SETTINGS
 
@@ -26,6 +26,7 @@
 use OpenConext\EngineBlock\Stepup\StepupEntityFactory;
 use OpenConext\EngineBlock\Stepup\StepupGatewayCallOutHelper;
 use OpenConext\EngineBlock\Validator\AllowedSchemeValidator;
+use OpenConext\EngineBlockBundle\Sbs\SbsClient;
 use Symfony\Component\DependencyInjection\ContainerInterface as SymfonyContainerInterface;
 
 class EngineBlock_Application_DiContainer extends Pimple
@@ -306,6 +307,11 @@ protected function getSymfonyContainer()
         return $this->container;
     }
 
+    public function getSbsClient(): \OpenConext\EngineBlockBundle\Sbs\SbsClientInterface
+    {
+        return $this->container->get('engineblock.sbs.sbs_client');
+    }
+
     public function getPdpClient()
     {
         return $this->container->get('engineblock.pdp.pdp_client');
@@ -530,12 +536,6 @@ protected function getStepupEndpoint()
         return $this->container->get('engineblock.configuration.stepup.endpoint');
     }
 
-    /** @return \OpenConext\EngineBlock\SRAM\SRAMEndpoint $sramEndpoint */
-    public function getSRAMEndpoint()
-    {
-        return $this->container->get('engineblock.configuration.sram.endpoint');
-    }
-
     /** @return string */
     public function getStepupEntityIdOverrideValue()
     {
 
@@ -17,7 +17,9 @@
  */
 
 use OpenConext\EngineBlock\Stepup\StepupEndpoint;
+use OpenConext\EngineBlockBundle\Configuration\FeatureConfigurationInterface;
 use OpenConext\EngineBlockBundle\Pdp\PdpClientInterface;
+use OpenConext\EngineBlockBundle\Sbs\SbsClientInterface;
 
 /**
  * Creates mocked versions of dependencies for unit testing
@@ -29,6 +31,16 @@ class EngineBlock_Application_TestDiContainer extends EngineBlock_Application_Di
      */
     private $pdpClient;
 
+    /**
+     * @var SbsClientInterface|null
+     */
+    private $sbsClient;
+
+    /**
+     * @var FeatureConfigurationInterface|null
+     */
+    private $featureConfiguration;
+
     public function getXmlConverter()
     {
         return Phake::mock('EngineBlock_Corto_XmlToArray');
@@ -49,11 +61,31 @@ public function getPdpClient()
         return $this->pdpClient ?? parent::getPdpClient();
     }
 
-    public function setPdpClient(PdpClientInterface $pdpClient)
+    public function setPdpClient(?PdpClientInterface $pdpClient)
     {
         $this->pdpClient = $pdpClient;
     }
 
+    public function setSbsClient(?SbsClientInterface $sbsClient)
+    {
+        $this->sbsClient = $sbsClient;
+    }
+
+    public function getSbsClient(): SbsClientInterface
+    {
+        return $this->sbsClient ?? parent::getSbsClient();
+    }
+
+    public function setFeatureConfiguration(?FeatureConfigurationInterface $featureConfiguration)
+    {
+        $this->featureConfiguration = $featureConfiguration;
+    }
+
+    public function getFeatureConfiguration(): FeatureConfigurationInterface
+    {
+        return $this->featureConfiguration ?? parent::getFeatureConfiguration();
+    }
+
     public function getConsentFactory()
     {
         $consentFactoryMock = Phake::mock('EngineBlock_Corto_Model_Consent_Factory');
 
@@ -1,5 +1,8 @@
 <?php
 
+use OpenConext\EngineBlockBundle\Configuration\FeatureConfigurationInterface;
+use OpenConext\EngineBlockBundle\Sbs\Dto\Request;
+
 /**
  * Copyright 2021 Stichting Kennisnet
  *
@@ -27,70 +30,70 @@ public function getResponseAttributes()
         return $this->_responseAttributes;
     }
 
+    public function getResponse()
+    {
+        return $this->_response;
+    }
+
     public function execute(): void
     {
-        $application = EngineBlock_ApplicationSingleton::getInstance();
+        if (!$this->getFeatureConfiguration()->isEnabled('eb.feature_enable_sram_interrupt')) {
+            return;
+        }
 
-        $sramEndpoint = $application->getDiContainer()->getSRAMEndpoint();
-        $sramApiToken = $sramEndpoint->getApiToken();
-        $sramAuthzLocation = $sramEndpoint->getAuthzLocation();
-        // $sramAuthzLocation = 'http://192.168.0.1:12345/api';
+        if ($this->_serviceProvider->getCoins()->collabEnabled() === false) {
+            return;
+        }
 
-        error_log("SRAMTestFilter execute");
+        try {
+            $request = $this->buildRequest();
+            $interruptResponse = $this->getSbsClient()->requestInterruptDecisionFor($request);
+
+            if ($interruptResponse->msg === 'interrupt') {
+                // @TODO Consider if this should be an attribute?
+                $this->_response->setSRAMInterruptNonce($interruptResponse->nonce);
+            } elseif (!empty($interruptResponse->attributes)) {
+                // @TODO make sure this has test coverage
+                $this->_responseAttributes = array_merge_recursive(
+                    $this->_responseAttributes,
+                    $interruptResponse->attributes
+                );
+            }
+        }catch (Throwable $e){
+            throw new EngineBlock_Exception_SbsCheckFailed('The SBS server could not be queried: ' . $e->getMessage());
+        }
+    }
 
-        $attributes = $this->getResponseAttributes();
+    private function getSbsClient()
+    {
+        return EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getSbsClient();
+    }
 
+    private function getFeatureConfiguration(): FeatureConfigurationInterface
+    {
+        return EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getFeatureConfiguration();
+    }
+
+    /**
+     * @return Request
+     * @throws EngineBlock_Corto_ProxyServer_Exception
+     */
+    private function buildRequest(): Request
+    {
+        $attributes = $this->getResponseAttributes();
         $id = $this->_request->getId();
 
+        // @TODO Check: can it occur this is not set?
         $user_id = $attributes['urn:mace:dir:attribute-def:uid'][0];
         $continue_url = $this->_server->getUrl('SRAMInterruptService', '') . "?ID=$id";
         $service_id = $this->_serviceProvider->entityId;
-        // @TODO at the very start of this function, check if the SP has `coin:collab_enabled`, skip otherwise?
         $issuer_id = $this->_identityProvider->entityId;
 
-        /***
-         * @TODO Move all curl related things to new HttpClient. See PDPClient as an example.
-         * @TODO Make sure it has tests
-         * @TODO add tests for this Input Filter
-         */
-
-        $headers = array(
-            "Authorization: $sramApiToken"
+        return Request::create(
+            $user_id,
+            $continue_url,
+            $service_id,
+            $issuer_id
         );
-
-        $post = array(
-            'user_id' => $user_id,
-            'continue_url' => $continue_url,
-            'service_id' => $service_id,
-            'issuer_id' => $issuer_id
-        );
-
-        $options = [
-            CURLOPT_HEADER => false,
-            CURLOPT_RETURNTRANSFER => true,
-            CURLOPT_HTTPHEADER => $headers,
-            CURLOPT_POST => true,
-            CURLOPT_POSTFIELDS => $post,
-        ];
-
-
-        $ch = curl_init($sramAuthzLocation);
-        curl_setopt_array($ch, $options);
-
-        $data = curl_exec($ch);
-        curl_close($ch);
-
-        $body = json_decode($data, false);
-        // error_log("SRAMTestFilter " . var_export($body, true));
-
-        // @TODO Add integration test: Assert the redirect url on the saml response is SRAM
-
-        $msg = $body->msg;
-        if ($msg === 'interrupt') {
-            $this->_response->setSRAMInterruptNonce($body->nonce);
-        } elseif ($body->attributes) {
-            $this->_responseAttributes = array_merge_recursive($this->_responseAttributes, (array) $body->attributes);
-        }
-
     }
 }
@@ -96,16 +96,9 @@ public function getCommands()
             // Apply the Attribute Release Policy before we do consent.
             new EngineBlock_Corto_Filter_Command_AttributeReleasePolicy(),
 
+            new EngineBlock_Corto_Filter_Command_SRAMTestFilter(),
         );
 
-        // SRAM Test filter
-        // When feature_enable_sram_interrupt enabled
-        // @TODO Should this check be here, or in the filter itself like \EngineBlock_Corto_Filter_Command_SsoNotificationCookieFilter
-        // @TODO if it stays here, add test to make sure it's in the command[] or not
-        if ($featureConfiguration->isEnabled('eb.feature_enable_sram_interrupt')) {
-            $commands[] = new EngineBlock_Corto_Filter_Command_SRAMTestFilter();
-        }
-
         if (!$featureConfiguration->isEnabled('eb.run_all_manipulations_prior_to_consent')) {
             return $commands;
         }
 
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * Copyright 2025 SURFnet B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+class EngineBlock_Exception_SbsCheckFailed extends EngineBlock_Exception
+{
+}
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * Copyright 2025 SURFnet B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace OpenConext\EngineBlockBundle\Exception;
+
+class InvalidSbsResponseException extends RuntimeException
+{
+}