Convert this assertion to an XML element.
| public toXML ( DOMNode $parentElement = null ) : DOMElement | ||
| $parentElement | DOMNode | The DOM node the assertion should be created in. |
| return | DOMElement | This assertion. |
/**
* Set the assertion.
*
* @param \SAML2\Assertion $assertion The assertion.
* @param XMLSecurityKey $key The key we should use to encrypt the assertion.
* @throws \Exception
*/
public function setAssertion(Assertion $assertion, XMLSecurityKey $key)
{
$xml = $assertion->toXML();
Utils::getContainer()->debugMessage($xml, 'encrypt');
$enc = new XMLSecEnc();
$enc->setNode($xml);
$enc->type = XMLSecEnc::Element;
switch ($key->type) {
case XMLSecurityKey::TRIPLEDES_CBC:
case XMLSecurityKey::AES128_CBC:
case XMLSecurityKey::AES192_CBC:
case XMLSecurityKey::AES256_CBC:
$symmetricKey = $key;
break;
case XMLSecurityKey::RSA_1_5:
case XMLSecurityKey::RSA_OAEP_MGF1P:
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
$symmetricKey->generateSessionKey();
$enc->encryptKey($key, $symmetricKey);
break;
default:
throw new \Exception('Unknown key type for encryption: ' . $key->type);
}
$this->encryptedData = $enc->encryptNode($symmetricKey);
}
public function testMarshalling()
{
// Create an assertion
$assertion = new Assertion();
$assertion->setIssuer('testIssuer');
$assertion->setValidAudiences(array('audience1', 'audience2'));
$assertion->setAuthnContext('someAuthnContext');
// Marshall it to a \DOMElement
$assertionElement = $assertion->toXML();
// Test for an Issuer
$issuerElements = Utils::xpQuery($assertionElement, './saml_assertion:Issuer');
$this->assertCount(1, $issuerElements);
$this->assertEquals('testIssuer', $issuerElements[0]->textContent);
// Test for an AudienceRestriction
$audienceElements = Utils::xpQuery($assertionElement, './saml_assertion:Conditions/saml_assertion:AudienceRestriction/saml_assertion:Audience');
$this->assertCount(2, $audienceElements);
$this->assertEquals('audience1', $audienceElements[0]->textContent);
$this->assertEquals('audience2', $audienceElements[1]->textContent);
// Test for an Authentication Context
$authnContextElements = Utils::xpQuery($assertionElement, './saml_assertion:AuthnStatement/saml_assertion:AuthnContext/saml_assertion:AuthnContextClassRef');
$this->assertCount(1, $authnContextElements);
$this->assertEquals('someAuthnContext', $authnContextElements[0]->textContent);
}
public function testTypedEncryptedAttributeValuesAreParsedCorrectly()
{
$xml = <<<XML
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Version="2.0"
ID="_93af655219464fb403b34436cfb0c5cb1d9a5502"
IssueInstant="1970-01-01T01:33:31Z">
<saml:Issuer>Provider</saml:Issuer>
<saml:Conditions/>
<saml:AttributeStatement>
<saml:Attribute Name="urn:some:string">
<saml:AttributeValue xsi:type="xs:string">string</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:some:integer">
<saml:AttributeValue xsi:type="xs:integer">42</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
XML;
$privateKey = CertificatesMock::getPublicKey();
$assertion = new Assertion(DOMDocumentFactory::fromString($xml)->firstChild);
$assertion->setEncryptionKey($privateKey);
$assertion->setEncryptedAttributes(true);
$encryptedAssertion = $assertion->toXML()->ownerDocument->saveXML();
$assertionToVerify = new Assertion(DOMDocumentFactory::fromString($encryptedAssertion)->firstChild);
$this->assertTrue($assertionToVerify->hasEncryptedAttributes());
$assertionToVerify->decryptAttributes(CertificatesMock::getPrivateKey());
$attributes = $assertionToVerify->getAttributes();
$this->assertInternalType('int', $attributes['urn:some:integer'][0]);
$this->assertInternalType('string', $attributes['urn:some:string'][0]);
$this->assertXmlStringEqualsXmlString($xml, $assertionToVerify->toXML()->ownerDocument->saveXML());
}
/**
* @group Assertion
*/
public function testCorrectSignatureMethodCanBeExtracted()
{
$document = new \DOMDocument();
$document->loadXML(<<<XML
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Version="2.0"
ID="_93af655219464fb403b34436cfb0c5cb1d9a5502"
IssueInstant="1970-01-01T01:33:31Z">
<saml:Issuer>Provider</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">s00000000:123456789</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2011-08-31T08:51:05Z" Recipient="https://sp.example.com/assertion_consumer" InResponseTo="_13603a6565a69297e9809175b052d115965121c8" />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2011-08-31T08:51:05Z" NotBefore="2011-08-31T08:51:05Z">
<saml:AudienceRestriction>
<saml:Audience>ServiceProvider</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2011-08-31T08:51:05Z" SessionIndex="_93af655219464fb403b34436cfb0c5cb1d9a5502">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
<saml:SubjectLocality Address="127.0.0.1"/>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="urn:ServiceID">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:EntityConcernedID">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:EntityConcernedSubID">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
XML
);
$privateKey = CertificatesMock::getPrivateKey();
$unsignedAssertion = new Assertion($document->firstChild);
$unsignedAssertion->setSignatureKey($privateKey);
$unsignedAssertion->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM));
$signedAssertion = new Assertion($unsignedAssertion->toXML());
$signatureMethod = $signedAssertion->getSignatureMethod();
$this->assertEquals($privateKey->getAlgorith(), $signatureMethod);
}
/**
* Test NameID Encryption and Decryption.
*/
public function testNameIdEncryption()
{
// Create an assertion
$assertion = new Assertion();
$assertion->setIssuer('testIssuer');
$assertion->setValidAudiences(array('audience1', 'audience2'));
$assertion->setAuthnContext('someAuthnContext');
$assertion->setNameId(array("Value" => "just_a_basic_identifier", "Format" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
$this->assertFalse($assertion->isNameIdEncrypted());
$publicKey = CertificatesMock::getPublicKey();
$assertion->encryptNameId($publicKey);
$this->assertTrue($assertion->isNameIdEncrypted());
// Marshall it to a \DOMElement
$assertionElement = $assertion->toXML()->ownerDocument->saveXML();
$assertionToVerify = new Assertion(DOMDocumentFactory::fromString($assertionElement)->firstChild);
$this->assertTrue($assertionToVerify->isNameIdEncrypted());
$privateKey = CertificatesMock::getPrivateKey();
$assertionToVerify->decryptNameId($privateKey);
$this->assertFalse($assertionToVerify->isNameIdEncrypted());
$nameID = $assertionToVerify->getNameID();
$this->assertEquals('just_a_basic_identifier', $nameID['Value']);
$this->assertEquals('urn:oasis:names:tc:SAML:2.0:nameid-format:transient', $nameID['Format']);
}
