public function test_does_nothing_if_there_is_bearer_assertion()
{
$action = new HasBearerAssertionsValidatorAction(TestHelper::getLoggerMock($this));
$context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP);
$context->getInboundContext()->setMessage($response = new Response());
$response->addAssertion($assertion = new Assertion());
$assertion->addItem(new AuthnStatement());
$assertion->setSubject($subject = new Subject());
$subject->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation());
$subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER);
$action->execute($context);
}
/**
* @param AssertionContext $context
*
* @return void
*/
protected function doExecute(AssertionContext $context)
{
$profileContext = $context->getProfileContext();
$inboundMessage = $profileContext->getInboundContext()->getMessage();
$endpoint = $profileContext->getEndpoint();
$data = new SubjectConfirmationData();
if ($inboundMessage) {
$data->setInResponseTo($inboundMessage->getID());
}
$data->setAddress($profileContext->getHttpRequest()->getClientIp());
$data->setNotOnOrAfter($this->timeProvider->getTimestamp() + $this->expirationSeconds);
$data->setRecipient($endpoint->getLocation());
$subjectConfirmation = new SubjectConfirmation();
$subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER);
$subjectConfirmation->setSubjectConfirmationData($data);
if (null === $context->getAssertion()->getSubject()) {
$context->getAssertion()->setSubject(new Subject());
}
$context->getAssertion()->getSubject()->addSubjectConfirmation($subjectConfirmation);
}
public function test_sets_unknown_assertion_id_to_store()
{
$action = new RepeatedIdValidatorAction($loggerMock = TestHelper::getLoggerMock($this), $idStoreMock = TestHelper::getIdStoreMock($this));
$assertionContext = TestHelper::getAssertionContext($assertion = new Assertion());
$assertion->setId($assertionId = '123');
$assertion->setIssuer(new Issuer($issuer = 'http://issuer.com'));
$assertion->addItem(new AuthnStatement());
$assertion->setSubject(new Subject());
$assertion->getSubject()->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation());
$subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER);
$subjectConfirmation->setSubjectConfirmationData(new SubjectConfirmationData());
$subjectConfirmation->getSubjectConfirmationData()->setNotOnOrAfter(new \DateTime());
$idStoreMock->expects($this->once())->method('has')->with($issuer, $assertionId)->willReturn(false);
$idStoreMock->expects($this->once())->method('set')->with($issuer, $assertionId, $this->isInstanceOf(\DateTime::class));
$action->execute($assertionContext);
}
/**
* @expectedException \LightSaml\Error\LightSamlValidationException
* @expectedExceptionMessage SubjectConfirmationData NotBefore MUST be less than NotOnOrAfter
*/
public function test_fails_on_not_on_or_after_less_then_not_before()
{
$subject = new Subject();
$subjectConfirmationData = new SubjectConfirmationData();
$subjectConfirmationData->setNotOnOrAfter(999)->setNotBefore(1000);
$subjectConfirmation = new SubjectConfirmation();
$subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER);
$subjectConfirmation->setSubjectConfirmationData($subjectConfirmationData);
$subject->addSubjectConfirmation($subjectConfirmation);
$validator = new SubjectValidator($this->getNameIdValidatorMock());
$validator->validateSubject($subject);
}
