/**
* @return X509Certificate
*/
public function getCertificate()
{
if (!$this->_certificate) {
$this->_certificate = new X509Certificate();
$filename = $this->certificateFile;
if ($filename[0] == '@') {
$filename = $this->kernel->locateResource($filename);
}
$this->_certificate->loadFromFile($filename);
}
return $this->_certificate;
}
protected function askForCertificate(DialogHelper $dialog, OutputInterface $output, EntityDescriptor $ed)
{
$certificatePath = $this->askFile($dialog, $output, 'Signing Certificate path', false);
if ($certificatePath) {
$certificate = new X509Certificate();
$certificate->loadFromFile($certificatePath);
$keyDescriptor = new KeyDescriptor('signing', $certificate);
$ed->addItem($keyDescriptor);
}
}
/**
* @dataProvider provider
*/
public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '')
{
if ($expectedException) {
$this->setExpectedException($expectedException, $expectedExceptionMessage);
}
$idp = new IdpSsoDescriptor();
foreach ($idpData as $data) {
$idp->addService(new SingleSignOnService($data['binding'], $data['url']));
}
$edIDP = new EntityDescriptor('idp');
$edIDP->addItem($idp);
$sp = new SpSsoDescriptor();
foreach ($spData as $data) {
$sp->addService(new AssertionConsumerService($data['binding'], $data['url']));
}
$edSP = new EntityDescriptor('sp');
$edSP->addItem($sp);
$spMeta = new SpMeta();
foreach ($spMetaData as $name => $value) {
$spMeta->{$name}($value);
}
// without signing
$builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta);
$message = $builder->build();
$response = $builder->send($message);
$this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
$this->assertInstanceOf($expectedResponseType, $response, $name);
$this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
$this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
// with signing
$signature = new SignatureCreator();
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
$key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true);
$signature->setCertificate($certificate);
$signature->setXmlSecurityKey($key);
$builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta, $signature);
$message = $builder->build();
$response = $builder->send($message);
$this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
$this->assertInstanceOf($expectedResponseType, $response, $name);
$this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
$this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
}
function testOne()
{
$entityID = 'http://example.com';
$locationLogout = 'http://example.com/logout';
$locationLogin = '******';
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt');
$ed = new EntityDescriptor($entityID, array(new SpSsoDescriptor(array(new SingleLogoutService(Bindings::SAML2_HTTP_REDIRECT, $locationLogout), new AssertionConsumerService(Bindings::SAML2_HTTP_POST, $locationLogin, 0), new AssertionConsumerService(Bindings::SAML2_HTTP_ARTIFACT, $locationLogin, 1)), array(new KeyDescriptor(KeyDescriptor::USE_SIGNING, $certificate), new KeyDescriptor(KeyDescriptor::USE_ENCRYPTION, $certificate))), new IdpSsoDescriptor(array(new SingleLogoutService(Bindings::SAML2_HTTP_REDIRECT, $locationLogout), new SingleLogoutService(Bindings::SAML2_HTTP_POST, $locationLogout), new SingleSignOnService(Bindings::SAML2_HTTP_REDIRECT, $locationLogin), new SingleSignOnService(Bindings::SAML2_HTTP_POST, $locationLogin)), array(new KeyDescriptor(KeyDescriptor::USE_SIGNING, $certificate), new KeyDescriptor(KeyDescriptor::USE_ENCRYPTION, $certificate)))));
$context = new SerializationContext();
$ed->getXml($context->getDocument(), $context);
$xml = $context->getDocument()->saveXML();
//print "\n $xml \n";
$document = new \DOMDocument();
$document->loadXML($xml);
/** @var $root \DOMElement */
$root = $document->firstChild;
$this->checkXml($document, $entityID, $locationLogout, $locationLogin, $certificate);
$this->checkDeserializaton($root, $entityID, $locationLogout, $locationLogin, $certificate);
}
protected function checkRequest(AuthnRequest $request, $id, $time)
{
$this->assertEquals($id, $request->getID());
$this->assertEquals('2.0', $request->getVersion());
$this->assertEquals($this->destination, $request->getDestination());
$this->assertEquals($this->ascURL, $request->getAssertionConsumerServiceURL());
$this->assertEquals($this->protocolBinding, $request->getProtocolBinding());
$this->assertEquals($time, $request->getIssueInstant());
$this->assertEquals($this->issuer, $request->getIssuer());
$this->assertEquals($this->nameIDPolicyFormat, $request->getNameIdPolicyFormat());
$this->assertTrue($request->getNameIdPolicyAllowCreate());
/** @var SignatureValidatorInterface $signature */
$signature = $request->getSignature();
$this->assertNotNull($signature);
$this->assertTrue($signature instanceof SignatureValidatorInterface);
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
$key = KeyHelper::createPublicKey($certificate);
$signature->validate($key);
}
private function getSignedXml()
{
$doc = new \DOMDocument();
$doc->appendChild($doc->createElement('root'));
/** @var $root \DOMElement */
$root = $doc->firstChild;
$root->setAttribute('foo', 'bar');
$other = $doc->createElement('other');
$root->appendChild($other);
$child = $doc->createElement('child', 'something');
$other->appendChild($child);
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt');
$key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$key->loadKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.pem', true);
$signatureCreator = new SignatureCreator();
$signatureCreator->setCertificate($certificate);
$signatureCreator->setXmlSecurityKey($key);
$context = new SerializationContext($doc);
$signatureCreator->getXml($root, $context);
$xml = $doc->saveXML();
return $xml;
}
