function testOne() { $doc = new \DOMDocument(); $doc->load(__DIR__ . '/../../../../../../../resources/sample/Response/response01.xml'); $xpath = new \DOMXPath($doc); $xpath->registerNamespace('samlp', Protocol::SAML2); $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG); $xpath->registerNamespace('a', Protocol::NS_ASSERTION); $list = $xpath->query('/samlp:Response/a:Assertion/ds:Signature'); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $signatureNode = $list->item(0); $signatureValidator = new SignatureXmlValidator(); $signatureValidator->loadFromXml($signatureNode); $list = $xpath->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $signatureNode); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $certificateDataNode = $list->item(0); $certData = $certificateDataNode->textContent; $certificate = new X509Certificate(); $certificate->setData($certData); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureValidator->validate($key); $this->assertTrue($ok); }
private function verifySignature($xml) { $doc = new \DOMDocument(); $doc->loadXML($xml); $xpath = new \DOMXPath($doc); $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG); $list = $xpath->query('/root/ds:Signature'); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $signatureNode = $list->item(0); $signatureValidator = new SignatureXmlValidator(); $signatureValidator->loadFromXml($signatureNode); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureValidator->validate($key); $this->assertTrue($ok); }
/** * @param \DOMElement $xml * @throws \AerialShip\LightSaml\Error\InvalidXmlException */ function loadFromXml(\DOMElement $xml) { parent::loadFromXml($xml); if ($xml->hasAttribute('Reason')) { $this->setReason($xml->getAttribute('Reason')); } if ($xml->hasAttribute('NotOnOrAfter')) { $this->setNotOnOrAfter($xml->getAttribute('NotOnOrAfter')); } $signatureNode = null; $this->iterateChildrenElements($xml, function (\DOMElement $node) use(&$signatureNode) { if ($node->localName == 'NameID') { $nameID = new NameID(); $nameID->loadFromXml($node); $this->setNameID($nameID); } if ($node->localName == 'SessionIndex') { $this->setSessionIndex($node->textContent); } if ($node->localName == 'Signature' && $node->namespaceURI == Protocol::NS_XMLDSIG) { $signatureNode = $node; } }); if (null !== $signatureNode) { $signature = new SignatureXmlValidator(); $signature->loadFromXml($signatureNode); $this->setSignature($signature); } }
/** * @param \DOMElement $xml * @throws \AerialShip\LightSaml\Error\InvalidXmlException */ function loadFromXml(\DOMElement $xml) { parent::loadFromXml($xml); $this->setAssertionConsumerServiceURL($xml->getAttribute('AssertionConsumerServiceURL')); $this->setProtocolBinding($xml->getAttribute('ProtocolBinding')); $signatureNode = null; $this->iterateChildrenElements($xml, function (\DOMElement $node) use(&$signatureNode) { if ($node->localName == 'NameIDPolicy' && $node->namespaceURI == Protocol::SAML2) { $this->checkRequiredAttributes($node, array('Format', 'AllowCreate')); $this->setNameIdPolicyFormat($node->getAttribute('Format')); $this->setNameIdPolicyAllowCreate($node->getAttribute('AllowCreate') == 'true'); } else { if ($node->localName == 'Signature' && $node->namespaceURI == Protocol::NS_XMLDSIG) { $signatureNode = $node; } } }); if ($signatureNode) { $signature = new SignatureXmlValidator(); $signature->loadFromXml($signatureNode); $this->setSignature($signature); } }
/** * @param \DOMElement $xml * @throws \AerialShip\LightSaml\Error\InvalidXmlException */ function loadFromXml(\DOMElement $xml) { if ($xml->localName != 'Assertion' || $xml->namespaceURI != Protocol::NS_ASSERTION) { throw new InvalidXmlException('Expected Assertion element but got ' . $xml->localName); } $this->checkRequiredAttributes($xml, array('ID', 'Version', 'IssueInstant')); $this->setID($xml->getAttribute('ID')); $this->setVersion($xml->getAttribute('Version')); $this->setIssueInstant($xml->getAttribute('IssueInstant')); $xpath = new \DOMXPath($xml instanceof \DOMDocument ? $xml : $xml->ownerDocument); $xpath->registerNamespace('saml', Protocol::NS_ASSERTION); $signatureNode = null; /** @var $node \DOMElement */ for ($node = $xml->firstChild; $node !== NULL; $node = $node->nextSibling) { if ($node->localName == 'Issuer') { $this->setIssuer(trim($node->textContent)); } else { if ($node->localName == 'Subject') { $this->setSubject(new Subject()); $this->getSubject()->loadFromXml($node); } else { if ($node->localName == 'Conditions') { $this->loadXmlConditions($node, $xpath); } else { if ($node->localName == 'AttributeStatement') { $this->loadXmlAttributeStatement($xml, $xpath); } else { if ($node->localName == 'AuthnStatement') { $this->setAuthnStatement(new AuthnStatement()); $this->getAuthnStatement()->loadFromXml($node); } else { if ($node->localName == 'Signature' && $node->namespaceURI == Protocol::NS_XMLDSIG) { $signatureNode = $node; } } } } } } } if ($signatureNode) { $signature = new SignatureXmlValidator(); $signature->loadFromXml($signatureNode); $this->setSignature($signature); } }