|
public static getPublicKeySha1 ( ) : |
||
| return | ||
/**
* Test validating a signed authentication request.
*/
public function testSignedRequestValidation()
{
$qs = 'SAMLRequest=nVLBauMwEP0Vo7sjW7FpKpJA2rBsoNuGOruHXhZFHm8EsuRqxtv27yvbWWgvYelFgjfvzbx5zBJVazu56enkHuG5B6TktbUO5VhYsT446RUalE61gJK0rDY%2F7qSYZbILnrz2ln2QXFYoRAhkvGPJbrtiv7VoygJEoTJ9LOusXDSFuJ4vdH6cxwoIEGUjsrqoFUt%2BQcCoXLHYKMoRe9g5JOUoQlleprlI8%2FyQz6W4ksXiiSXbuI1xikbViahDyfkRSM2wD40DmjnL0bSdhcE6Hx7BTd3xqnqoIPw1GmbdqWPJNx80jCGtGIUeWLL5t8mtd9i3EM78n493%2FzWr9XVvx%2B58mj39IlUaR%2FQmKOPq4Dtkyf4c9E1EjPtzOePjREL5%2FXDYp%2FuH6sDWy6G3HDML66%2B5ayO7VlHx2dySf2y9nM7pPprabffeGv02ZNcquux5QEydNiNVUlAODTiKMVvrX24DKIJz8nw9jfx8tOt3&RelayState=https%3A%2F%2Fbeta.surfnet.nl%2Fsimplesaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3DBraindrops&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=b%2Bqe%2FXGgICOrEL1v9dwuoy0RJtJ%2FGNAr7gJGYSJzLG0riPKwo7v5CH8GPC2P9IRikaeaNeQrnhBAaf8FCWrO0cLFw4qR6msK9bxRBGk%2BhIaTUYCh54ETrVCyGlmBneMgC5%2FiCRvtEW3ESPXCCqt8Ncu98yZmv9LIVyHSl67Se%2BfbB9sDw3%2FfzwYIHRMqK2aS8jnsnqlgnBGGOXqIqN3%2Bd%2F2dwtCfz14s%2F9odoYzSUv32qfNPiPez6PSNqwhwH7dWE3TlO%2FjZmz0DnOeQ2ft6qdZEi5ZN5KCV6VmNKpkrLMq6DDPnuwPm%2F8oCAoT88R2jG7uf9QZB%2BArWJKMEhDLsCA%3D%3D';
$_SERVER['QUERY_STRING'] = $qs;
$hr = new HTTPRedirect();
$request = $hr->receive();
// validate with the correct certificate, should verify
$result = $request->validate(CertificatesMock::getPublicKey2Sha1());
$this->assertTrue($result);
// validate with another cert, should fail
$this->setExpectedException('Exception', 'Unable to validate signature');
$result = $request->validate(CertificatesMock::getPublicKeySha1());
}
/**
* Calling validate on an unsigned assertion must return
* false, not an exception.
*/
public function testVerifyUnsignedAssertion()
{
$xml = <<<XML
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_593e33ddf86449ce4d4c22b60ac48e067d98a0b2bf"
Version="2.0"
IssueInstant="2010-03-05T13:34:28Z"
>
<saml:Issuer>testIssuer</saml:Issuer>
<saml:Conditions>
<saml:AudienceRestriction>
<saml:Audience>audience1</saml:Audience>
<saml:Audience>audience2</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2010-03-05T13:34:28Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>someAuthnContext</saml:AuthnContextClassRef>
<saml:AuthenticatingAuthority>someIdP1</saml:AuthenticatingAuthority>
<saml:AuthenticatingAuthority>someIdP2</saml:AuthenticatingAuthority>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
XML;
$document = DOMDocumentFactory::fromString($xml);
$assertion = new Assertion($document->firstChild);
// Was not signed
$this->assertFalse($assertion->getWasSignedAtConstruction());
$publicKey = CertificatesMock::getPublicKeySha1();
$result = $assertion->validate($publicKey);
$this->assertFalse($result);
}