public function test_calls_session_processor()
{
$action = new SpSsoStateAction(TestHelper::getLoggerMock($this), $sessionProcessorMock = $this->getSessionProcessorMock());
$context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
$context->getInboundContext()->setMessage($response = new Response());
$response->addAssertion($assertion1 = new Assertion());
$response->addAssertion($assertion2 = new Assertion());
$context->getOwnEntityContext()->setEntityDescriptor(new EntityDescriptor($ownEntityId = 'http://own.entity.id'));
$context->getPartyEntityContext()->setEntityDescriptor(new EntityDescriptor($partyEntityId = 'http://party.id'));
$sessionProcessorMock->expects($this->once())->method('processAssertions')->with($this->isType('array'), $ownEntityId, $partyEntityId)->willReturnCallback(function (array $assertions, $ownId, $partyId) use($assertion1, $assertion2) {
$this->assertSame($assertion1, $assertions[0]);
$this->assertSame($assertion2, $assertions[1]);
});
$action->execute($context);
}
public function test_response()
{
$response = new Response();
$response->addAssertion($assertion = new Assertion())->setStatus(new Status(new StatusCode(SamlConstants::STATUS_SUCCESS)));
$assertion->setId(Helper::generateID())->setIssuer(new Issuer('https://issuer.com'));
$this->verify($response);
}
/**
* @param string $email
* @param string $message_id
* @return string
*/
public function send($email, $message_id)
{
$message = $this->saml_data_manager->get($message_id);
if (!$message) {
if ($this->logger) {
$this->logger->error("Saml message with id {$message_id} not found or expired");
}
throw new RuntimeException('Authentication message does not exist');
}
$this->saml_data_manager->delete($message_id);
$response = new Response();
$assertion = new Assertion();
$response->addAssertion($assertion)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($message->getAssertionConsumerServiceURL())->setIssuer(new Issuer($message->getIssuer()->getValue()));
$assertion->setId(Helper::generateID())->setIssueInstant(new DateTime())->setIssuer(new Issuer($message->getIssuer()->getValue()))->setSubject((new Subject())->setNameID(new NameID($email, SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo($message->getID())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->setRecipient($message->getAssertionConsumerServiceURL()))))->setConditions((new Conditions())->setNotBefore(new DateTime())->setNotOnOrAfter(new DateTime('+1 MINUTE'))->addItem(new AudienceRestriction([$message->getAssertionConsumerServiceURL()])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, $email)))->addItem((new AuthnStatement())->setAuthnInstant(new DateTime('-10 MINUTE'))->setSessionIndex($message_id)->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
$certificate = X509Certificate::fromFile($this->saml_crt);
$private_key = KeyHelper::createPrivateKey($this->saml_key, '', true);
$response->setSignature(new SignatureWriter($certificate, $private_key));
$binding_factory = new BindingFactory();
$post_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_POST);
$message_context = new MessageContext();
$message_context->setMessage($response);
/** @var SymfonyResponse $http_response */
$http_response = $post_binding->send($message_context);
return $http_response->getContent();
}
public function test_does_nothing_if_response_has_at_least_one_assertion()
{
$action = new HasAssertionsValidatorAction(TestHelper::getLoggerMock($this));
$context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
$context->getInboundContext()->setMessage($response = new Response());
$response->addAssertion(new Assertion());
$action->execute($context);
}
public function test_success_response_with_xsd()
{
$response = new Response();
$response->setStatus(new Status(new StatusCode(SamlConstants::STATUS_SUCCESS)))->setInResponseTo(Helper::generateID())->setID(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://idp.com'));
$response->addAssertion($assertion = new Assertion());
$assertion->setId(Helper::generateID())->setIssueInstant(new \DateTime())->setIssuer(new Issuer('https://idp.com'))->setSubject((new Subject())->setNameID(new NameID('*****@*****.**', SamlConstants::NAME_ID_FORMAT_EMAIL))->addSubjectConfirmation((new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)->setSubjectConfirmationData((new SubjectConfirmationData())->setInResponseTo(Helper::generateID())->setNotOnOrAfter(new \DateTime('+1 hour'))->setRecipient('https://sp.com/acs'))))->setConditions((new Conditions())->setNotBefore(new \DateTime())->setNotOnOrAfter(new \DateTime('+1 hour'))->addItem(new AudienceRestriction(['https://sp.com/acs'])))->addItem((new AttributeStatement())->addAttribute(new Attribute(ClaimTypes::EMAIL_ADDRESS, '*****@*****.**')))->addItem((new AuthnStatement())->setAuthnInstant(new \DateTime('-1 hour'))->setSessionIndex(Helper::generateID())->setAuthnContext((new AuthnContext())->setAuthnContextClassRef(SamlConstants::AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT)));
$this->sign($assertion);
$this->sign($response);
$this->validateProtocol($response);
}
public function test_does_nothing_if_there_is_bearer_assertion()
{
$action = new HasBearerAssertionsValidatorAction(TestHelper::getLoggerMock($this));
$context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
$context->getInboundContext()->setMessage($response = new Response());
$response->addAssertion($assertion = new Assertion());
$assertion->addItem(new AuthnStatement());
$assertion->setSubject($subject = new Subject());
$subject->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation());
$subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER);
$action->execute($context);
}
public function test_creates_context_for_each_assertion()
{
$action = new AssertionAction(TestHelper::getLoggerMock($this), $assertionActionMock = $this->getActionMock());
$context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
$context->getInboundContext()->setMessage($response = new Response());
$response->addAssertion($assertion1 = new Assertion())->addAssertion($assertion2 = new Assertion());
$action->execute($context);
/** @var AssertionContext $assertionContext */
$assertionContext = $context->getSubContext('assertion_0');
$this->assertInstanceOf(AssertionContext::class, $assertionContext);
$this->assertSame($assertion1, $assertionContext->getAssertion());
$assertionContext = $context->getSubContext('assertion_1');
$this->assertInstanceOf(AssertionContext::class, $assertionContext);
$this->assertSame($assertion2, $assertionContext->getAssertion());
}
