Ejemplo n.º 1
0
 /**
  * @param string                 $xml
  * @param DeserializationContext $context
  *
  * @return AuthnRequest|LogoutRequest|LogoutResponse|Response|SamlMessage
  *
  * @throws \Exception
  */
 public static function fromXML($xml, DeserializationContext $context)
 {
     if (false == is_string($xml)) {
         throw new \InvalidArgumentException('Expecting string');
     }
     $context->getDocument()->loadXML($xml);
     $node = $context->getDocument()->firstChild;
     while ($node && $node instanceof \DOMComment) {
         $node = $node->nextSibling;
     }
     if (null === $node) {
         throw new LightSamlXmlException('Empty XML');
     }
     if (SamlConstants::NS_PROTOCOL !== $node->namespaceURI) {
         throw new LightSamlXmlException(sprintf("Invalid namespace '%s' of the root XML element, expected '%s'", $context->getDocument()->namespaceURI, SamlConstants::NS_PROTOCOL));
     }
     $map = array('AttributeQuery' => null, 'AuthnRequest' => '\\LightSaml\\Model\\Protocol\\AuthnRequest', 'LogoutResponse' => '\\LightSaml\\Model\\Protocol\\LogoutResponse', 'LogoutRequest' => '\\LightSaml\\Model\\Protocol\\LogoutRequest', 'Response' => '\\LightSaml\\Model\\Protocol\\Response', 'ArtifactResponse' => null, 'ArtifactResolve' => null);
     $rootElementName = $node->localName;
     if (array_key_exists($rootElementName, $map)) {
         if ($class = $map[$rootElementName]) {
             /** @var SamlElementInterface $result */
             $result = new $class();
         } else {
             throw new \LogicException('Deserialization of %s root element is not implemented');
         }
     } else {
         throw new LightSamlXmlException(sprintf("Unknown SAML message '%s'", $rootElementName));
     }
     $result->deserialize($node, $context);
     return $result;
 }
Ejemplo n.º 2
0
 /**
  * @param string                 $xml
  * @param DeserializationContext $context
  *
  * @return EntityDescriptor|EntitiesDescriptor
  *
  * @throws \Exception
  */
 public static function fromXML($xml, DeserializationContext $context)
 {
     if (false == is_string($xml)) {
         throw new \InvalidArgumentException('Expecting string');
     }
     $context->getDocument()->loadXML($xml);
     $node = $context->getDocument()->firstChild;
     while ($node && $node instanceof \DOMComment) {
         $node = $node->nextSibling;
     }
     if (null === $node) {
         throw new LightSamlXmlException('Empty XML');
     }
     if (SamlConstants::NS_METADATA !== $node->namespaceURI) {
         throw new LightSamlXmlException(sprintf("Invalid namespace '%s' of the root XML element, expected '%s'", $node->namespaceURI, SamlConstants::NS_METADATA));
     }
     $map = array('EntityDescriptor' => '\\LightSaml\\Model\\Metadata\\EntityDescriptor', 'EntitiesDescriptor' => '\\LightSaml\\Model\\Metadata\\EntitiesDescriptor');
     $rootElementName = $node->localName;
     if (array_key_exists($rootElementName, $map)) {
         if ($class = $map[$rootElementName]) {
             /** @var SamlElementInterface $result */
             $result = new $class();
         } else {
             throw new \LogicException('Deserialization of %s root element is not implemented');
         }
     } else {
         throw new LightSamlXmlException(sprintf("Unknown SAML metadata '%s'", $rootElementName));
     }
     $result->deserialize($node, $context);
     return $result;
 }
Ejemplo n.º 3
0
    public function test_deserialize_invalid02()
    {
        $context = new DeserializationContext();
        $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/Response/invalid02.xml');
        $response = new Response();
        $response->deserialize($context->getDocument(), $context);
        $this->assertEquals('_274be8a4-c2ba-43ca-a7c6-2f1613762576', $response->getID());
        $this->assertEquals('2.0', $response->getVersion());
        $this->assertEquals('2013-11-17T12:35:10Z', $response->getIssueInstantString());
        $this->assertEquals('_b04e5e6166a0ba08f3ae9327a7145498e9f8a60e2f', $response->getInResponseTo());
        $this->assertNotNull($response->getIssuer());
        $this->assertEquals('https://sts.windows.net/554fadfe-f04f-4975-90cb-ddc8b147aaa2/', $response->getIssuer()->getValue());
        $this->assertNotNull($response->getStatus());
        $this->assertEquals(SamlConstants::STATUS_REQUESTER, $response->getStatus()->getStatusCode()->getValue());
        $this->assertEquals(SamlConstants::STATUS_UNSUPPORTED_BINDING, $response->getStatus()->getStatusCode()->getStatusCode()->getValue());
        $expectedMessage = <<<EOT
ACS75006: An error occurred while processing a SAML2 Authentication request. ACS75003: SAML protocol response cannot be sent via bindings other than HTTP POST. Requested binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
            Trace ID: d75d5305-d3fc-40b0-9087-d59032682dd9
            Correlation ID: ca26b4bd-23d4-4233-9c28-96bc0a336c39
            Timestamp: 2013-11-17 12:35:10Z
EOT;
        $expectedMessage = trim(str_replace("\r", '', $expectedMessage));
        $this->assertEquals($expectedMessage, trim(str_replace("\r", '', $response->getStatus()->getStatusMessage())));
        $this->assertCount(0, $response->getAllAssertions());
    }
    public function test_decrypt()
    {
        $xml = <<<EOT
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_973220eb0b94e0367859487a8135e7855742ae2431" InResponseTo="_981d6909d57a6131e98da42ac76720776bd2a59d25" Version="2.0" IssueInstant="2015-09-28T07:24:17Z" Destination="https://localhost/lightsaml/lightSAML/web/sp/acs.php"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://lightsaml.local/idp</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_973220eb0b94e0367859487a8135e7855742ae2431"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>FKXI2BoZn0ix6Yc5m3QM3PDV8dQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>o6redfiU43TO5s0RtHUj9R0PSZVJryAs1e39biVOm84Xrd/n9IKCui3vWd9bN/wBAD9/ZZ4b48fMKfLI0hRivNEi9yJZb91uavdU1StjgpckdZtWdt315zf1+p4+xqnFAtDMWcTP3V8XAGuGfBUT+VndsS7VHVjzSjCj6+qC123TBpJ7HvC9sFUbH+uXgJaK71so8b3z79VH3C26Qnly3bmmARLkNZL8bnwlHJA/BrG/kJN5Lgv6tKB6xRbYU0grSGsA1Vt/nk2bpIGYPZU3SOIVVLUoHTkA6gGceKyJNqPcfJQVNpljTxqZjsJy7mZF9coWBSbTr5DRiGjd9pFOUA==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJAJNOFuQd727cMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE5MDE0MFoXDTI1MDkxMDE5MDE0MFowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJAJNOFuQd727cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHkHtwJBoeOhvr06M0MikKc99ze6TqAGvf+QkgFoV1sWGAh3NKcAR+XSlfK+sQWrHGkiia5hWKgAPMMUbkLP9DFWkjbK241isCZZD/LvA1anbV+7Pidn+swZ5dR7ynX2vj0kFYb+VsGPkavNcj8RN/DduhN/Tmi5sQAlWhaw06UAeEqXtFeLbTgLffBaj7PmR0IYjvTZA0X2FdRu0GXRxn7zghjpvSq9nuWa3pGbfdVtL6GIkwYUPcDzjr4OeGXNmIZe/wMCnz6VGZY+LUgzi/4DAC6V3OjMuhdqS/2+o1+CXCwN08CIHQV6+AUBenEVawMsiadLBgx3kFe5iXrYRMA=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_973220eb0b94e0367859487a8135e7855742ae2431"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>yo6ajbd+5N4zfH1IK+Up21KDuQw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ETYMDZA7IzajOPOqxrLjQImiEhC92u3k3ICoeytaI2KtLRK76hsWtNGIABvSAERUaCpHq+Uzit3yxTTXnCz1lHNzhKL27i42YwbMUe5IWRUYCVk1fJVrAcjWYYsnFMeBq7KRP8a5fHeg9PcIAZoEVz48DOUyx+kSArv2eF8B07fayu2Xp6fVGlJHAOcFWh6mK9ahLhEO3u4cLlvzVH0djF3jsY/qcH6xSK+dXu3JIgo84iJCIVayjxHbYYWA85/gnanODQ+t6cQmVqUztTfgebORgJ+PCXi5FxLPgSJM/PzO/uQ5TavKNuG3rmjjc9nHEYTrdFQ2OOU/gkLi+y31Iw==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJAJNOFuQd727cMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE5MDE0MFoXDTI1MDkxMDE5MDE0MFowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJAJNOFuQd727cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHkHtwJBoeOhvr06M0MikKc99ze6TqAGvf+QkgFoV1sWGAh3NKcAR+XSlfK+sQWrHGkiia5hWKgAPMMUbkLP9DFWkjbK241isCZZD/LvA1anbV+7Pidn+swZ5dR7ynX2vj0kFYb+VsGPkavNcj8RN/DduhN/Tmi5sQAlWhaw06UAeEqXtFeLbTgLffBaj7PmR0IYjvTZA0X2FdRu0GXRxn7zghjpvSq9nuWa3pGbfdVtL6GIkwYUPcDzjr4OeGXNmIZe/wMCnz6VGZY+LUgzi/4DAC6V3OjMuhdqS/2+o1+CXCwN08CIHQV6+AUBenEVawMsiadLBgx3kFe5iXrYRMA=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><xenc:CipherData><xenc:CipherValue>eBXzY5t2TX8r2uNK3aO+4w4K26kGTMgYUaUL22CI4Ntb4Y2tPvenP0R/ncf0GLUXcfwtLLq9dXfV+PI0fucdu9lSZ2yqjj63aBMMZUlxtKA0WXAOI7JX0kj8TG8PFOau+ByLOlUT1oxibCcNT/Xae6YS2muvR3oM3ADn5EOEVKx5Ubzo8WoKxDBjEAluzruikc6gkyoWRexnUlYuhm0XaAnzDz8+9qYIriRoAk+wxmD8eJ6WwRcdahIpCotJ2LaJ/SGmp388x8l6C5G+ITxe5fJScQpUr1bb/UKL3r6mV9NMF0yAe2LfqlJLHQ3iYCcJKRsn59CmLPH1ku+8yd1low==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>
   <xenc:CipherData>
      <xenc:CipherValue>qpFKqOP1rGCRandtetkweGv3rViuWNRaqPmwDyCln4cdMSNsA85umC0GLRzencZB2gMCedBgOf2suiuiorzUz1sAzYDwPD2+xDsKjZQ7aP76LKZDun6To81gp23ZvQHlV59u6QjgW6n2RJaoeBk3x1M9I82KqQ/pp6bqdyvlGkRUBBEJbSikPgpJYpLwF1XAENVDgQ2BX8tk/0iwIN3O/Epn6ZLTxE2UcyI9J0uCMMdmDoKQMnIFe46viEbuz/+idjK58NPdztJGKUJw2Mb62Om3WP0kd5DF8NCcPTVm6Bkyx+mIXKeY/CU58SqPYoCtF9LyaY9NtmhKAl0xVAIkDZgdSGo1nPCWwU+Ee3sBE8eiTVNuoCgwrVQy7gQ94pJ5AAlPF1e/UoIxar0rhPs7m0JpIAy8SEjwGtYpA+Mhgd4xtwC8ffl1H6oovohqT0hTaXxK4R3V0MsRw6a8fNsFskTEGOE7x/39pbvJ0P727YsWXMdzsVJ1pje5mWgtLEKLjePqeQtonZJValnzjSsDdwurmzxBVbDLa373352pEDc8eXCv48erYgCDqV6IOV2TUAIbB17cQbdyGj6lpUmnzjtG7qF5VSuiLQKQbzYU0WV+LbZV8SB8Gt3rSGXgWgB4qhzwMBNjLbKfK59ghcAryz9KN27cutLHIYipHSfkw3BOEg0BsZy0e8TqSI4CSSYHCKhDJzzrWXv8LfhbRd/n8MvmZD4LC9qxkTXnZPC+Vre5ROfv2z41rwpGhPc5iDNBz4pXZild93JuBj/DBJ8FEN/b4Xxxq3/+mnZrWLIR5kckLWMSZ4XQEM+SVIRhMZj9Fk7vuqSRYw9eCSByI5g/ZksaCB/4Cyyhzc34DiQnxxQPA22TXhd0hL3XoZc8LPwWjE6+JqyFYL7VLCRghM5p2vda7W/3/bGWoWlt76BgsJaWfPToY39u2kcLSbm8f+PU6HP6v4g4d6IWGk11o9Pp9UV/9VGdcyO39C+bhfOYQw5d/sxIFy9rVWgvdywbbv1XWv2hU+NU4i0RwTStlNR+JnAu/aYA6riH2GOjShYDgWvHJ7UbUtMUntmNWntY6Ja1lKpwBmJ0O+LotA/mG2jGPCVoXo56x3PXcOsBgdQ3OpOnp8+ckJdhj8qZsOlko8Ye6uK0DgCWLj71Q8BVtSY7btZC4lvFgrCJW5/5WM1biTMb7oub3PAxm6EfIGtdcYz4fN+5bwjdRvOzG4g9smd6vyEFZEhllKkgwbt2OHL6oOdVFMiRxfmO19y0RStcOlKVrG+3DoeZBAWY5qjvQDk/IipR1kVCWD0b+lcn4sJ8jK8+Qw/eneW2Zs3kRiji+hJDMGYtAvkWsRwOz5Yfeu1lZdE5khOykt3cWMjsdxA4nuMhXPEfvSdaHssI0AJfz11RxPCh8CJrxGGlo2X3KC1kRK3kTeIaomYSPwx4TKr7FUkKtuO/JHQbdYpTC4cJYDZbNq6Tz6sc/nburM19VYLR9EcV8WOkT13Ahw02crJHyUSH6eWMvk+QFxGYFuazHajxtCBUcL2aJK1TJ+bd3n7oTMmTLSuTRUt4M4y1+6tKithvw1W8aHlHewaEx9szwZ7xNGYagu44UQxE6uz5G3esZEzOkUPK+wc4AjOuBVIBZ0wqXIoSSMo6DVV70uv1bUHMcHEHj6d7+WmYfWX9fIXrhB41nPr3WZzwenv1aXFyUBW3uOvW3rZGQuMivKPRdHgjExxbPGdnMGXfagGsIYfGlP/KbyWJCKzajFGX7vhLpUl3MZUI9sKNBZ6Jbf3rXg5pZKCc9NcnxP3KzYGwkJRfdSqdXBUsfoeQestoQ0Y3IywFrFHJWgvvPOUf3WFHtE2rYZt8fXK0mPm/kioCfe+i4WnjsUrcwpsQhGXS93nkg0fHcK0Mz8c3Pqu8AyqEFD8OAMy76yuh6hujS1vC83YTQDW0vr+lZUZxJ61AklWcJPASl9pZeqrnV2gNQmIBtsZCcKrFv0QeSShppMyDAXCaqbFwIbsxhAnsVOsTXqpV+dXUeZgwKHnlFqgfTnhh9A0PGoGI8j7xq/fvOinRuigMd9c3F2+jde4btCCGe/llaCUZSNeA9hYw5YJATeCQfgGqzXgariEkSCVeXQju+4XDNtxT33GfhbksjwhdS+lTauFQDAsPgP7yHWBjsA+n3bVr9eaiqK/Yb0VyMGjJYBllcg46+uFazQdp2hgnDiv+xBuQZnod8GdiJbMXjADWm29o85VzIRnR3HESgg9NQdaGcYS89DYJ0jrjEEJEAii0bXYkjbJMqkNII9s/hTh3f1c+QIl42LDo73eh3EcPEc7JIq/ShyDV8WNDTD1zNDbV3RcjpqL4xQ/lZpOGAubRIc6NjIB83OscXkkBO+S1qLKFmeSvsmr2gx5J8nFsVHN2jagX7V0RSr+MpoGss7ncm4dton9bCvoxX0Sr0IYjxCqzKvmr6YCrliR6LKjiYtMbmcfan5yRYv9eIra32vug3MNQhOAVpjZ+395BQMtOHYANKsI+26UpqcZxUcEG+2Sk5Mx5NKIG5JURx+0wuwE9zIqDMVa04ccLZG69Kcv2wM83JS5WGyJHi/R6SgkyYOYpNAXh78ync4+pfb6sQSHNawEqHF1v5x1k39TwMke1OivUOaXew3cmREXwI6vm8vtbgyNHUZpnuzwhLlA6tE2g+hbPkX5i8cbJyiJz9zEwx7Osby27ZggYMqSyxq3cBN0//2U1WnhfkcHMa04Wx4F5oGSYu/2jw9/Ihx17QL/0Ycvxg3jhZia5+BIwtdmHAlF7vzs7eANnKkmpPdhiKT7KC4r840M2J+OZDFLMTASUU72Ws0iRpQjtrpmVAMFTgCeELBIIbp424IBW8aL77WAhhaLLys+WcPWTXuYWJu5/azYuQeFxwfqZiZdBVPSwlQ4LrGgP37qkyHv0RiAQxjLTwuOa9N2IHLQNP6SivwturEwKbs7JnlYWEDOTcKiHteFnAATEm0F8QwrlW/wD1iFMDEAY8j42ufoRdrXFbtwh718gfvJZSkSMTs6Cq2X0jvZreoV4Rq5LiNIjZlr07j8DjeiUQFIL1GJFOKWmSbF25lTiRcKuJ29MmsT9GvztsubjTKdjKhJhhUrqbCn8xRnJ2xfyVglb38csTSmBUs+GEppSMSbyUo5eA/ZoUoDnugKaSEPt8z6fvrStlpEGZSpuZx/HzyoB/78NtzA7WiMYZ12MNmEvsvaRZzQ1NId3aAWXS3vsQ1kIuBpkxQmk42NhmOd5pLNX+EJbujTTRU+3HrsloPVWHHVZ01f2a7XdXiVchcpp4sHx3lx49bnutOHw7LhzkuYRq/Ylips6B6El6O3IpeqCIwnui5BhJFpEdQ8dnT9KfVn27dr/P6/r07Z4PNw0RLaJTCcz/wAti1uZ8Gj6rgfzU3dDXFDB3sGI7iaPwjpku/5EAmPbImz9X/hB0NiRqXkRZlfl5OyRvP//YKdGXaQSC0gVsIU8nkLkEM18ecVEpIQU2rFEr69ruMijS2huhczvumyzFEQ+Rnohc5MUYmRwyWP8Qvvkr3U7WD1vDBJi7BhlEFyI4o+jOJbwOSHcs6z5Oj7JuZ3gGjfXkgKJOBhk9igBEt4sqkN3ZGIYD6g4ClHW0fttBZfR/my26vKtvjOSLeVNxYdDX6Rx0SOfKDV3wo8IA5qPKCOxIvKSmlJ2P2gqrQUR8iR4mnMUVAKYiBCd9hUsLy1GjCTglYngbHOS3BQn9RdHhWgdO8jYnM8ot5lhVzoH8Q9TA1F8UGeMtBFtWm/rCyzGMU0XR4v+BTCn+WvGuYgn1CJOVIAAfl3n/p0TmTZtIUu/dIkrEy7LDNN0Ov+Ov+fh4sjFv3E+1BIkJJhX2+6FkUr8fj54DQj8n8V+WRBOPYkE1n1SUW6iiKn0LVY+yzW0Y9AoDny3BehwljavYkaTgsI+iDs/LYLwYCDYKJ5LDfBk6C5PtoFTTBlqu0czeO7qEH9jP+RObd06M8NbnErZzpAxikA4BiDuMEf4SOchvdSQOdbsl4/oLoiHprLYQvs1Q3jLjdF7zMuMxjtjukzod6IXZbwAnMQJR9fKRpslQ5vkDL4vBRqWU+RDbnlwHqfAhNUjPjFleFM1HKpuzXG+D0TTCmUTt5VHItIDXrgkt4u/g3tqHnncwuC4V944kUV8ZWp6C5k17M9ZlvYWjH+wpjqSeL+PKL/zOL9gLlFFincsrbQravhteRh+iKjAIXIr+mQNwn+MmvjaaLci9HB4R/MHhBX2nw4S37btT/KVO1NgKzimwUEzLoE90Fwd/wzMzaJuey1Kv8MPlYpLaouCn+lr5LfGuK2Traq7BTCDX/RfuE0GkbWg4hica++nstm+xVWvy7WtQf1Jrs+r47VkKP3WJBFFS8RFcdOIxPEQ75CnAgd3fsDVYfQhrf/Z/O+XEdlbxwusDKB2k/Eer/FEZQ0h6p1zoMna0j2I6sQVhgmqlVOW3XW0xSi+L4DylQOGr/WuKmKtCGe/hYUrgD7hKICxo9ouifdLmO3WFkd49hOagXgsWyCGTxAM2JKPC1VGefJh1t5AsiDWx9sgO9WY2U8c3cafqp+X2TOF9d2enH64Vudu34c1WJBvtViv4FUHf69i+Nky8s6+GF273BiYIQ0J761SQvIufw0zOErMJWyGW4Ckr1K2CPO0RKLwDgSpWCHWSthXfwWNWTMYDiQWyxn6vMuxCEgcGufWa7rzizHztKCZZHr0jWtWufUNIT/m1pRH99pu0FRRevcRXSDQdT5piQcpx6x2Jwm7CFJ8PynXZCE9Ln6Zjgiknad7JKAdUcPc6FVw49ukWCjcExFRXbpWEzoKLN13A2HRgmEM2xRl9Jss/gZLRSR5wkALRCh64UJmSRo3/J07in/TDPNp+QDgx+feUFwYw0/eGx9RjiLJOK5JJh+fsZ1OgzvpyWhhaQ3+OspPjc4Cfq1cvdIQaagma52UW5j3LPhMPT7PpDNyiU3QQUh/21mGie1ZAQg10+cuO0AAyev+8e3ztlGCLaiy2gASiJhnO8Ou8J4NCbhXtakTPvfL5LXxPunxRZwE6xG1QHKEa0dKYmKD6tW0s2r14KNPl7OqfuKef+MxDF9nQ+Z3mZvQrb3RPzVh3853/YaRSPmr+XMb31sOvMwC+HCgC5ye/broZ4jTvBhjY0r3l7EgqlZi83avpDh7ZRLpBOrhkjEHVGEuRico5vxM5bR9tMJRmEDW1AdJYXOix4OB9j0MjRU/NBOb7idV1MMlaJWO8mdcLfob86LF2mMu/4LbZG3uTOz/KxnwBdmfDF5H+ZCZZMM8rTCFA80I53BcLQhq5TEWmWwCSiC3dg5DGK8Qzg0b3ruzpXPDfKpAV8C0gt28+02HO8ThhDh1i+LssR8/nUO+0E6bKDmFADnFb/ISx3L8fj1MCyrDrwo0P9WUhYd9a0UDg2ty8Slb+8FLjtwqxY6ADphwgtkfbTJbZgCkDu7+bOScTZ31+cSqEFqEDljrdKIljvH2vMMty3mnUm59IahghWy3UIgtmW3UjtUC/IRxCk63vgjOKVhs/RzCQzOCk5hUO/W4L0XNEYo7dpEauRDNCVkMJ70PRWognr5u6Yoq2zM=</xenc:CipherValue>
   </xenc:CipherData>
</xenc:EncryptedData></saml:EncryptedAssertion></samlp:Response>

EOT;
        $deserializationContext = new DeserializationContext();
        $deserializationContext->getDocument()->loadXML($xml);
        $response = new Response();
        $response->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
        $credential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../resources/sample/Certificate/lightsaml-idp.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../resources/sample/Certificate/lightsaml-idp.key', '', true));
        $decryptDeserializeContext = new DeserializationContext();
        /** @var EncryptedAssertionReader $reader */
        $reader = $response->getFirstEncryptedAssertion();
        $assertion = $reader->decryptMultiAssertion([$credential], $decryptDeserializeContext);
        $this->assertEquals('_c9cbe081e1b1294c9ea31d98f4a473a081466502a0', $assertion->getId());
        $this->assertEquals('https://lightsaml.local/idp', $assertion->getIssuer()->getValue());
        $this->assertEquals('*****@*****.**', $assertion->getSubject()->getNameID()->getValue());
        $this->assertEquals('common-name', $assertion->getFirstAttributeStatement()->getFirstAttributeByName(ClaimTypes::COMMON_NAME)->getFirstAttributeValue());
        $this->assertEquals('*****@*****.**', $assertion->getFirstAttributeStatement()->getFirstAttributeByName(ClaimTypes::EMAIL_ADDRESS)->getFirstAttributeValue());
    }
 public function test__signed_serialize_deserialize()
 {
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
     $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true);
     $authnRequest = new AuthnRequest();
     $authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205');
     $authnRequest->setIssueInstant('2015-09-13T11:47:33Z');
     $authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO');
     $authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity'));
     $authnRequest->setSignature(new SignatureWriter($certificate, $privateKey));
     $serializationContext = new SerializationContext();
     $authnRequest->serialize($serializationContext->getDocument(), $serializationContext);
     $temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-');
     $serializationContext->getDocument()->save($temporaryFilename);
     $xml = file_get_contents($temporaryFilename);
     $deserializationContext = new DeserializationContext();
     $deserializationContext->getDocument()->loadXML($xml);
     $authnRequest = new AuthnRequest();
     $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
     $signatureReader = $authnRequest->getSignature();
     if ($signatureReader instanceof SignatureXmlReader) {
         $certificate = new X509Certificate();
         $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
         $key = KeyHelper::createPublicKey($certificate);
         $ok = $signatureReader->validate($key);
         $this->assertTrue($ok);
     } else {
         throw new \LogicException('Expected Signature Xml Reader');
     }
 }
Ejemplo n.º 6
0
 /**
  * @param \DOMElement            $dom
  * @param DeserializationContext $deserializationContext
  *
  * @return Assertion
  */
 protected function getAssertionFromDom(\DOMElement $dom, DeserializationContext $deserializationContext)
 {
     $deserializationContext->setDocument($dom->ownerDocument);
     $assertion = new Assertion();
     $assertion->deserialize($dom, $deserializationContext);
     return $assertion;
 }
Ejemplo n.º 7
0
 /**
  * @expectedException \LogicException
  * @expectedExceptionMessage SignatureWriter can not be deserialized
  */
 public function test_throws_logic_exception_on_deserialize()
 {
     $deserializationContext = new DeserializationContext();
     $deserializationContext->getDocument()->loadXML('<a></a>');
     $writer = new SignatureWriter();
     $writer->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
 }
Ejemplo n.º 8
0
 /**
  * Parse saml response.
  *
  * @param  array    $payload
  * @return Response
  */
 public function parseSamlResponse(array $payload)
 {
     $deserialization_context = new DeserializationContext();
     $deserialization_context->getDocument()->loadXML(base64_decode($payload['SAMLResponse']));
     $saml_response = new Response();
     $saml_response->deserialize($deserialization_context->getDocument()->firstChild, $deserialization_context);
     return $saml_response;
 }
Ejemplo n.º 9
0
 /**
  * @param string $xml
  *
  * @return EntitiesDescriptor
  */
 public static function loadXml($xml)
 {
     $context = new DeserializationContext();
     $context->getDocument()->loadXML($xml);
     $ed = new self();
     $ed->deserialize($context->getDocument()->firstChild, $context);
     return $ed;
 }
 public function test_deserialize_ukfederation_metadata()
 {
     $context = new DeserializationContext();
     $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntitiesDescriptor/ukfederation-metadata.xml');
     $entitiesDescriptor = new EntitiesDescriptor();
     $entitiesDescriptor->deserialize($context->getDocument(), $context);
     $this->assertCount(2935, $entitiesDescriptor->getAllEntityDescriptors());
 }
 /**
  * @return EntitiesDescriptor
  */
 public function get()
 {
     if (null == $this->entitiesDescriptor) {
         $this->entitiesDescriptor = new EntitiesDescriptor();
         $deserializationContext = new DeserializationContext();
         $deserializationContext->getDocument()->load($this->filename);
         $this->entitiesDescriptor->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
     }
     return $this->entitiesDescriptor;
 }
 /**
  * @param string $xml
  * @param string $class
  */
 private function deserializeAndVerify($xml, $class)
 {
     $deserializationContext = new DeserializationContext();
     $deserializationContext->getDocument()->loadXML($xml);
     /** @var SamlMessage $samlMessage */
     $samlMessage = new $class();
     $samlMessage->deserialize($deserializationContext->getDocument(), $deserializationContext);
     /** @var AbstractSignatureReader $signatureReader */
     $signatureReader = $samlMessage->getSignature();
     $ok = $signatureReader->validate(KeyHelper::createPublicKey($this->getCertificate()));
     $this->assertTrue($ok);
 }
 public function test__deserialize_formatted_certificate()
 {
     $context = new DeserializationContext();
     $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/ed01-formatted-certificate.xml');
     $ed = new EntityDescriptor();
     $ed->deserialize($context->getDocument()->firstChild, $context);
     $this->assertNotNull($ed->getFirstIdpSsoDescriptor());
     $arr = $ed->getFirstIdpSsoDescriptor()->getAllKeyDescriptors();
     $this->assertCount(1, $arr);
     /** @var KeyDescriptor $kd */
     $kd = array_shift($arr);
     $crt = openssl_x509_parse($kd->getCertificate()->toPem());
     $this->assertEquals('idp.testshib.org', $crt['subject']['CN']);
 }
Ejemplo n.º 14
0
 /**
  * @param \DOMNode               $node
  * @param DeserializationContext $context
  */
 public function deserialize(\DOMNode $node, DeserializationContext $context)
 {
     $list = $context->getXpath()->query('xenc:EncryptedData', $node);
     if (0 == $list->length) {
         throw new LightSamlXmlException('Missing encrypted data in <saml:EncryptedAssertion>');
     }
     if (1 != $list->length) {
         throw new LightSamlXmlException('More than one encrypted data element in <saml:EncryptedAssertion>');
     }
     /** @var \DOMElement $encryptedData */
     $encryptedData = $list->item(0);
     $this->xmlEnc = new XMLSecEnc();
     $this->xmlEnc->setNode($encryptedData);
     $this->xmlEnc->type = $encryptedData->getAttribute('Type');
     $this->symmetricKey = $this->loadSymmetricKey();
     $this->symmetricKeyInfo = $this->loadSymmetricKeyInfo($this->symmetricKey);
 }
 public function test__send_authn_request()
 {
     $expectedRelayState = 'relayState';
     $expectedDestination = 'https://destination.com/auth';
     $request = $this->getAuthnRequest();
     $request->setRelayState($expectedRelayState);
     $request->setDestination($expectedDestination);
     $biding = new HttpRedirectBinding();
     $eventDispatcherMock = $this->getEventDispatcherMock();
     $eventDispatcherMock->expects($this->once())->method('dispatch')->willReturnCallback(function ($name, GenericEvent $event) {
         $this->assertEquals(Events::BINDING_MESSAGE_SENT, $name);
         $this->assertNotEmpty($event->getSubject());
         $doc = new \DOMDocument();
         $doc->loadXML($event->getSubject());
         $this->assertEquals('AuthnRequest', $doc->firstChild->localName);
     });
     $biding->setEventDispatcher($eventDispatcherMock);
     $this->assertSame($eventDispatcherMock, $biding->getEventDispatcher());
     $messageContext = new MessageContext();
     $messageContext->setMessage($request);
     /** @var RedirectResponse $response */
     $response = $biding->send($messageContext);
     $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $response);
     $url = $response->getTargetUrl();
     $this->assertNotEmpty($url);
     $urlInfo = parse_url($url);
     $this->assertEquals($expectedDestination, $urlInfo['scheme'] . '://' . $urlInfo['host'] . $urlInfo['path']);
     $query = array();
     parse_str($urlInfo['query'], $query);
     $this->assertArrayHasKey('SAMLRequest', $query);
     $this->assertArrayHasKey('RelayState', $query);
     $this->assertArrayHasKey('SigAlg', $query);
     $this->assertArrayHasKey('Signature', $query);
     $this->assertEquals('RY/NCsIwEITvPkXI3TaptY3BKkIvBb2oePAiMUmxYBPtbsXHdxFEGBgY5tuf5frd39nLD9DFUHGZCL5eTZabEW9h75+jB2TUCFDxcQg6GuhAB9N70Gj1YbPb6iwR+jFEjDbeOWvqil+Us7ZYqHlbuEU7IxfXq8vnReZblSvfzowvlVOlKzk7/XbTHMIBRt8EQBOQIiHzqZCko8y0EKQzZzUd1QWDX+qG+ACdpu4fJjb2qaEPeLqafAA=', $query['SAMLRequest']);
     $this->assertEquals($expectedRelayState, $query['RelayState']);
     $this->assertEquals('http://www.w3.org/2000/09/xmldsig#rsa-sha1', $query['SigAlg']);
     $this->assertEquals('tm8dkiHro6oQkvleMAeAIWOLGKn116VVs/lRM+QpeR3YuKCjXcNFhI4xIunGYhfF+f2Li0GNdh6PqoyX3YVd7KVbm5hDTstJwx+PRYzMiBqwNMB5wCTtbZMiBiYbCT28ANU9ObWnYXbfKVNQJq/z8Uj2PFPXr+gVy30ttIXlHFKmGnYAwrlTEEYRDZ4clJ2tNEIxHZwwqHuPy1sd2xdWT8uKHJeRxTbvF2Vzw6ytzFeyQBIIPy/lk46czhi5a8uOb89y0XrDgSqHlwv2Vk/a5iWdYla235vWjAfuKSj6wD9Z0PnyNVPxlCl4B2bnRCWq1XBzYwsS12RYvd0vhO8DEA==', $query['Signature']);
     $xml = gzinflate(base64_decode($query['SAMLRequest']));
     $context = new DeserializationContext();
     $context->getDocument()->loadXML($xml);
     $receivedAuthnRequest = new AuthnRequest();
     $receivedAuthnRequest->deserialize($context->getDocument()->firstChild, $context);
     $this->assertEquals($request->getID(), $receivedAuthnRequest->getID());
     $this->assertEquals($request->getIssueInstantTimestamp(), $receivedAuthnRequest->getIssueInstantTimestamp());
 }
 public function test__deserialize_logout_request01()
 {
     $context = new DeserializationContext();
     $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/Request/logoutrequest01.xml');
     $request = new LogoutRequest();
     $request->deserialize($context->getDocument(), $context);
     $this->assertEquals('_6210989d671b429f1c82467626ffd0be990ded60bd', $request->getID());
     $this->assertEquals('2.0', $request->getVersion());
     $this->assertEquals('2013-11-07T16:07:25Z', $request->getIssueInstantString());
     $this->assertEquals('https://b1.bead.loc/adfs/ls/', $request->getDestination());
     $this->assertEquals('2013-11-07T16:07:25Z', $request->getNotOnOrAfterString());
     $this->assertNotNull($request->getIssuer());
     $this->assertEquals('https://mt.evo.team/simplesaml/module.php/saml/sp/metadata.php/default-sp', $request->getIssuer()->getValue());
     $this->assertNotNull($request->getNameID());
     $this->assertEquals('user', $request->getNameID()->getValue());
     $this->assertEquals(SamlConstants::NAME_ID_FORMAT_TRANSIENT, $request->getNameID()->getFormat());
     $this->assertEquals('_677952a2-7fb3-4e7a-b439-326366e677db', $request->getSessionIndex());
 }
Ejemplo n.º 17
0
 /**
  * @param \DOMElement            $node
  * @param DeserializationContext $context
  *
  * @throws \LightSaml\Error\LightSamlSecurityException
  */
 public function deserialize(\DOMElement $node, DeserializationContext $context)
 {
     $this->checkXmlNodeName($node, 'Signature', SamlConstants::NS_XMLDSIG);
     $this->signature = new XMLSecurityDSig();
     $this->signature->idKeys[] = $this->getIDName();
     $this->signature->sigNode = $node;
     $this->signature->canonicalizeSignedInfo();
     $this->key = null;
     $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
     XMLSecEnc::staticLocateKeyInfo($key, $node);
     if ($key->name || $key->key) {
         $this->key = $key;
     }
     $this->certificates = array();
     $list = $context->getXpath()->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $node);
     foreach ($list as $certNode) {
         $certData = trim($certNode->textContent);
         $certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData);
         $this->certificates[] = $certData;
     }
 }
 public function test__deserialize_test_shib()
 {
     $context = new DeserializationContext();
     $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntitiesDescriptor/testshib-providers.xml');
     $entitiesDescriptor = new EntitiesDescriptor();
     $entitiesDescriptor->deserialize($context->getDocument()->firstChild, $context);
     $this->assertEquals('urn:mace:shibboleth:testshib:two', $entitiesDescriptor->getName());
     $this->assertCount(2, $entitiesDescriptor->getAllEntityDescriptors());
     //region IDP
     $ed = $entitiesDescriptor->getByEntityId('https://idp.testshib.org/idp/shibboleth');
     $this->assertNotNull($ed);
     $this->assertEquals('https://idp.testshib.org/idp/shibboleth', $ed->getEntityID());
     $this->assertCount(1, $ed->getAllIdpSsoDescriptors());
     $idp = $ed->getFirstIdpSsoDescriptor();
     $this->assertNotNull($idp);
     $this->assertEquals('urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol', $idp->getProtocolSupportEnumeration());
     $this->assertCount(1, $idp->getAllKeyDescriptors());
     KeyDescriptorChecker::checkCertificateCN($this, null, 'idp.testshib.org', $idp->getFirstKeyDescriptor());
     NameIdFormatChecker::check($this, $idp, array(SamlConstants::NAME_ID_FORMAT_TRANSIENT, SamlConstants::NAME_ID_FORMAT_SHIB_NAME_ID));
     $this->assertCount(4, $idp->getAllSingleSignOnServices());
     EndpointChecker::check($this, SamlConstants::BINDING_SHIB1_AUTHN_REQUEST, 'https://idp.testshib.org/idp/profile/Shibboleth/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SHIB1_AUTHN_REQUEST));
     EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://idp.testshib.org/idp/profile/SAML2/POST/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_HTTP_POST));
     EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_REDIRECT, 'https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_HTTP_REDIRECT));
     EndpointChecker::check($this, SamlConstants::BINDING_SAML2_SOAP, 'https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_SOAP));
     $this->assertEmpty($idp->getAllSingleLogoutServices());
     $this->assertEmpty($idp->getAllAttributes());
     $this->assertEmpty($idp->getAllOrganizations());
     $this->assertEmpty($idp->getAllContactPersons());
     $this->assertCount(1, $ed->getAllOrganizations());
     OrganizationChecker::check($this, 'TestShib Two Identity Provider', 'TestShib Two', 'http://www.testshib.org/testshib-two/', $ed->getFirstOrganization());
     $this->assertCount(1, $ed->getAllContactPersons());
     ContactPersonChecker::check($this, ContactPerson::TYPE_TECHNICAL, null, 'Nate', 'Klingenstein', '*****@*****.**', null, $ed->getFirstContactPerson());
     unset($idp);
     //endregion
     //region SP
     $ed = $entitiesDescriptor->getByEntityId('https://sp.testshib.org/shibboleth-sp');
     $this->assertNotNull($ed);
     $this->assertEquals('https://sp.testshib.org/shibboleth-sp', $ed->getEntityID());
     $this->assertCount(1, $ed->getAllSpSsoDescriptors());
     $sp = $ed->getFirstSpSsoDescriptor();
     $this->assertNotNull($sp);
     $this->assertEquals('urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext', $sp->getProtocolSupportEnumeration());
     $this->assertCount(1, $sp->getAllKeyDescriptors());
     KeyDescriptorChecker::checkCertificateCN($this, null, 'sp.testshib.org', $sp->getFirstKeyDescriptor());
     $this->assertCount(4, $sp->getAllSingleLogoutServices());
     EndpointChecker::check($this, SamlConstants::BINDING_SAML2_SOAP, 'https://sp.testshib.org/Shibboleth.sso/SLO/SOAP', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_SOAP));
     EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_REDIRECT, 'https://sp.testshib.org/Shibboleth.sso/SLO/Redirect', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_REDIRECT));
     EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://sp.testshib.org/Shibboleth.sso/SLO/POST', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_POST));
     EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_ARTIFACT, 'https://sp.testshib.org/Shibboleth.sso/SLO/Artifact', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_ARTIFACT));
     NameIdFormatChecker::check($this, $sp, array(SamlConstants::NAME_ID_FORMAT_TRANSIENT, SamlConstants::NAME_ID_FORMAT_SHIB_NAME_ID));
     $this->assertCount(8, $sp->getAllAssertionConsumerServices());
     IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://sp.testshib.org/Shibboleth.sso/SAML2/POST', 1, true, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_POST));
     IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN, 'https://sp.testshib.org/Shibboleth.sso/SAML2/POST-SimpleSign', 2, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN));
     IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_ARTIFACT, 'https://sp.testshib.org/Shibboleth.sso/SAML2/Artifact', 3, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_ARTIFACT));
     IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML1_BROWSER_POST, 'https://sp.testshib.org/Shibboleth.sso/SAML/POST', 4, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML1_BROWSER_POST));
     IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML1_ARTIFACT1, 'https://sp.testshib.org/Shibboleth.sso/SAML/Artifact', 5, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML1_ARTIFACT1));
     IndexedEndpointChecker::check($this, SamlConstants::BINDING_WS_FED_WEB_SVC, 'https://sp.testshib.org/Shibboleth.sso/ADFS', 6, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_WS_FED_WEB_SVC));
     $this->assertCount(1, $ed->getAllOrganizations());
     OrganizationChecker::check($this, 'TestShib Two Service Provider', 'TestShib Two', 'http://www.testshib.org/testshib-two/', $ed->getFirstOrganization());
     $this->assertCount(1, $ed->getAllContactPersons());
     ContactPersonChecker::check($this, ContactPerson::TYPE_TECHNICAL, null, 'Nate', 'Klingenstein', '*****@*****.**', null, $ed->getFirstContactPerson());
     unset($sp);
     //endregion
 }
Ejemplo n.º 19
0
    public function test__deserialize()
    {
        $xml = <<<EOT
<?xml version="1.0"?>
<md:EntitiesDescriptor ID="esd1" Name="first" validUntil="2013-10-27T11:55:37.035Z" cacheDuration="P1D" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:EntityDescriptor entityID="ed1"/>
<md:EntityDescriptor entityID="ed2"/>
<md:EntitiesDescriptor ID="esd2" Name="second">
    <md:EntityDescriptor entityID="ed3"/>
</md:EntitiesDescriptor>
</md:EntitiesDescriptor>
EOT;
        $context = new DeserializationContext();
        $context->getDocument()->loadXML($xml);
        $esd = new EntitiesDescriptor();
        $esd->deserialize($context->getDocument(), $context);
        $this->assertEquals('esd1', $esd->getId());
        $this->assertEquals('first', $esd->getName());
        $this->assertEquals(1382874937, $esd->getValidUntilTimestamp());
        $this->assertEquals('P1D', $esd->getCacheDuration());
        $items = $esd->getAllItems();
        $this->assertCount(3, $items);
        $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntityDescriptor', $items[0]);
        $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntityDescriptor', $items[1]);
        $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntitiesDescriptor', $items[2]);
    }
Ejemplo n.º 20
0
 /**
  * @param \DOMElement            $node
  * @param DeserializationContext $context
  * @param string                 $elementName
  * @param string                 $class
  * @param string                 $namespacePrefix
  *
  * @throws \LogicException
  */
 protected function oneElementFromXml(\DOMElement $node, DeserializationContext $context, $elementName, $class, $namespacePrefix)
 {
     if ($namespacePrefix) {
         $query = sprintf('./%s:%s', $namespacePrefix, $elementName);
     } else {
         $query = sprintf('./%s', $elementName);
     }
     $arr = $context->getXpath()->query($query, $node);
     $value = $arr->length > 0 ? $arr->item(0) : null;
     if ($value) {
         $setter = 'set' . $elementName;
         if (false == method_exists($this, $setter)) {
             throw new \LogicException(sprintf("Unable to find setter for element '%s' in class '%s'", $elementName, get_class($this)));
         }
         if ($class) {
             /** @var AbstractSamlModel $object */
             $object = new $class();
             if (false == $object instanceof \LightSaml\Model\SamlElementInterface) {
                 throw new \LogicException(sprintf("Specified class '%s' for element '%s' must implement SamlElementInterface", $class, $elementName));
             }
             $object->deserialize($value, $context);
         } else {
             $object = $value->textContent;
         }
         $this->{$setter}($object);
     }
 }
Ejemplo n.º 21
0
 /**
  * @param \DOMElement            $node
  * @param DeserializationContext $context
  *
  * @throws LightSamlXmlException
  *
  * @return void
  */
 public function deserialize(\DOMElement $node, DeserializationContext $context)
 {
     $this->checkXmlNodeName($node, 'KeyDescriptor', SamlConstants::NS_METADATA);
     $this->attributesFromXml($node, array('use'));
     $list = $context->getXpath()->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $node);
     if (1 != $list->length) {
         throw new LightSamlXmlException('Missing X509Certificate node');
     }
     /** @var $x509CertificateNode \DOMElement */
     $x509CertificateNode = $list->item(0);
     $certificateData = trim($x509CertificateNode->textContent);
     if (false == $certificateData) {
         throw new LightSamlXmlException('Missing certificate data');
     }
     $this->certificate = new X509Certificate();
     $this->certificate->setData($certificateData);
 }