/**
* Load a fixture.
*/
public function setUp()
{
$xml = <<<XML
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="SomeIDValue" Version="2.0" IssueInstant="2010-07-22T11:30:19Z">
<saml:Issuer>TheIssuer</saml:Issuer>
<saml:EncryptedID>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<xenc:CipherData>
<xenc:CipherValue>j7t37UjyQ9zgu+zcCDH8v0IaXP2aRSm/XuAW5p5dzeFKf9PZnh7n8977cmex6SCl9SQrJOlqw/GRa342MKFVEl2VmEY9Q+br0ypAZueLwe/z1x3NWzN1ZKwNteWrM7jMdoesjV55PWIWmnuBoDBebuKB7+zS83WN2plV/geSLDg=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</dsig:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>rwUZFd0oNzJnvqliCntg8IBx1rulZD4Dopz1LNzx2GbqMln4vxtHi+tzmM9iZ/70zO3n83YXk61JwRzEwvmu7OEZERkjL3cQAEDEws/s4Ibc16pR0irorZy1FYqi9DR1dzDLI2Hbfdrg5oHviyPXtw==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml:EncryptedID>
<samlp:SessionIndex>SomeSessionIndex1</samlp:SessionIndex>
<samlp:SessionIndex>SomeSessionIndex2</samlp:SessionIndex>
</samlp:LogoutRequest>
XML;
$document = DOMDocumentFactory::fromString($xml);
$this->logoutRequestElement = $document->firstChild;
}
/**
* Test retrieval of a localized string for a given node.
*/
public function testExtractLocalizedString()
{
$document = DOMDocumentFactory::fromString('<root xmlns="' . Constants::NS_MD . '">' . '<somenode xml:lang="en">value (en)</somenode>' . '<somenode xml:lang="no">value (no)</somenode>' . '</root>');
$localizedStringValues = Utils::extractLocalizedStrings($document->firstChild, Constants::NS_MD, 'somenode');
$this->assertTrue(count($localizedStringValues) === 2);
$this->assertEquals('value (en)', $localizedStringValues["en"]);
$this->assertEquals('value (no)', $localizedStringValues["no"]);
}
/**
* @return \DOMElement
*/
public function toSignedXML()
{
$doc = DOMDocumentFactory::create();
$root = $doc->createElement('root');
$doc->appendChild($root);
$child = $doc->createElement('child');
$root->appendChild($child);
$txt = $doc->createTextNode('sometext');
$child->appendChild($txt);
$this->signElement($root, $child);
return $root;
}
/**
* Receive a SAML 2 message sent using the HTTP-POST binding.
*
* Throws an exception if it is unable receive the message.
*
* @return \SAML2\Message The received message.
* @throws \Exception
*/
public function receive()
{
$postText = file_get_contents('php://input');
if (empty($postText)) {
throw new \Exception('Invalid message received to AssertionConsumerService endpoint.');
}
$document = DOMDocumentFactory::fromString($postText);
$xml = $document->firstChild;
Utils::getContainer()->debugMessage($xml, 'in');
$results = Utils::xpQuery($xml, '/soap-env:Envelope/soap-env:Body/*[1]');
return Message::fromXML($results[0]);
}
/**
* Receive a SAML 2 message sent using the HTTP-POST binding.
*
* Throws an exception if it is unable receive the message.
*
* @return \SAML2\Message The received message.
* @throws \Exception
*/
public function receive()
{
if (array_key_exists('SAMLRequest', $_POST)) {
$msg = $_POST['SAMLRequest'];
} elseif (array_key_exists('SAMLResponse', $_POST)) {
$msg = $_POST['SAMLResponse'];
} else {
throw new \Exception('Missing SAMLRequest or SAMLResponse parameter.');
}
$msg = base64_decode($msg);
Utils::getContainer()->debugMessage($msg, 'in');
$document = DOMDocumentFactory::fromString($msg);
$xml = $document->firstChild;
$msg = Message::fromXML($xml);
if (array_key_exists('RelayState', $_POST)) {
$msg->setRelayState($_POST['RelayState']);
}
return $msg;
}
/**
* StatusCode is required in a StatusResponse.
*/
public function testNoStatusCodeThrowsException()
{
$this->setExpectedException('Exception', 'Missing status code');
$xml = <<<XML
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="s2a0da3504aff978b0f8c80f6a62c713c4a2f64c5b"
InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"
Version="2.0"
IssueInstant="2007-12-10T11:39:48Z"
Destination="http://somewhere.example.org/simplesaml/saml2/sp/AssertionConsumerService.php">
<saml:Issuer>max.example.org</saml:Issuer>
<samlp:Status>
<samlp:StatusMessage>Something is wrong...</samlp:StatusMessage>
</samlp:Status>
</samlp:Response>
XML;
$fixtureResponseDom = DOMDocumentFactory::fromString($xml);
$response = new Response($fixtureResponseDom->firstChild);
}
/**
* @group domdocument
* @expectedException \SAML2\Exception\InvalidArgumentException
* @expectedExceptionMessage Invalid Argument type: "non-empty string" expected, "string" given
*/
public function testEmptyStringIsNotValid()
{
DOMDocumentFactory::fromString("");
}
public function testLoop()
{
$xml = <<<XML
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="s2a0da3504aff978b0f8c80f6a62c713c4a2f64c5b"
InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984"
Version="2.0"
IssueInstant="2007-12-10T11:39:48Z"
Destination="http://moodle.bridge.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php">
<saml:Issuer>max.feide.no</saml:Issuer>
<samlp:Extensions>
<myns:AttributeList xmlns:myns="urn:mynamespace">
<myns:Attribute name="UserName" value=""/>
</myns:AttributeList>
</samlp:Extensions>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
Version="2.0"
ID="s2b7afe8e21a0910d027dfbc94ec4b862e1fbbd9ab"
IssueInstant="2007-12-10T11:39:48Z">
<saml:Issuer>max.feide.no</saml:Issuer>
<saml:Subject>
<saml:NameID NameQualifier="max.feide.no" SPNameQualifier="urn:mace:feide.no:services:no.feide.moodle" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">UB/WJAaKAPrSHbqlbcKWu7JktcKY</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2007-12-10T19:39:48Z" InResponseTo="_bec424fa5103428909a30ff1e31168327f79474984" Recipient="http://moodle.bridge.feide.no/simplesaml/saml2/sp/AssertionConsumerService.php"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2007-12-10T11:29:48Z" NotOnOrAfter="2007-12-10T19:39:48Z">
<saml:AudienceRestriction>
<saml:Audience>urn:mace:feide.no:services:no.feide.moodle</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2007-12-10T11:39:48Z" SessionIndex="s259fad9cad0cf7d2b3b68f42b17d0cfa6668e0201">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="givenName">
<saml:AttributeValue xsi:type="xs:string">RkVJREUgVGVzdCBVc2VyIChnaXZlbk5hbWUpIMO4w6bDpcOYw4bDhQ==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonPrincipalName">
<saml:AttributeValue xsi:type="xs:string">dGVzdEBmZWlkZS5ubw==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="o">
<saml:AttributeValue xsi:type="xs:string">VU5JTkVUVA==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="ou">
<saml:AttributeValue xsi:type="xs:string">VU5JTkVUVA==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonOrgDN">
<saml:AttributeValue xsi:type="xs:string">ZGM9dW5pbmV0dCxkYz1ubw==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonPrimaryAffiliation">
<saml:AttributeValue xsi:type="xs:string">c3R1ZGVudA==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="mail">
<saml:AttributeValue xsi:type="xs:string">bW9yaWEtc3VwcG9ydEB1bmluZXR0Lm5v</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="preferredLanguage">
<saml:AttributeValue xsi:type="xs:string">bm8=</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonOrgUnitDN">
<saml:AttributeValue xsi:type="xs:string">b3U9dW5pbmV0dCxvdT1vcmdhbml6YXRpb24sZGM9dW5pbmV0dCxkYz1ubw==</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sn">
<saml:AttributeValue xsi:type="xs:string">RkVJREUgVGVzdCBVc2VyIChzbikgw7jDpsOlw5jDhsOF</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="cn">
<saml:AttributeValue xsi:type="xs:string">RkVJREUgVGVzdCBVc2VyIChjbikgw7jDpsOlw5jDhsOF</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonAffiliation">
<saml:AttributeValue xsi:type="xs:string">ZW1wbG95ZWU=_c3RhZmY=_c3R1ZGVudA==</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
XML;
$fixtureResponseDom = DOMDocumentFactory::fromString($xml);
$request = new Response($fixtureResponseDom->firstChild);
$requestXml = $requestDocument = $request->toUnsignedXML()->ownerDocument->C14N();
$fixtureXml = $fixtureResponseDom->C14N();
$this->assertXmlStringEqualsXmlString($fixtureXml, $requestXml, 'Response after Unmarshalling and re-marshalling remains the same');
}
