function testOne()
{
$doc = new \DOMDocument();
$doc->load(__DIR__ . '/../../../../../../../resources/sample/Response/response01.xml');
$xpath = new \DOMXPath($doc);
$xpath->registerNamespace('samlp', Protocol::SAML2);
$xpath->registerNamespace('ds', Protocol::NS_XMLDSIG);
$xpath->registerNamespace('a', Protocol::NS_ASSERTION);
$list = $xpath->query('/samlp:Response/a:Assertion/ds:Signature');
$this->assertEquals(1, $list->length);
/** @var $signatureNode \DOMElement */
$signatureNode = $list->item(0);
$signatureValidator = new SignatureXmlValidator();
$signatureValidator->loadFromXml($signatureNode);
$list = $xpath->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $signatureNode);
$this->assertEquals(1, $list->length);
/** @var $signatureNode \DOMElement */
$certificateDataNode = $list->item(0);
$certData = $certificateDataNode->textContent;
$certificate = new X509Certificate();
$certificate->setData($certData);
$key = KeyHelper::createPublicKey($certificate);
$ok = $signatureValidator->validate($key);
$this->assertTrue($ok);
}
private function verifySignature($xml)
{
$doc = new \DOMDocument();
$doc->loadXML($xml);
$xpath = new \DOMXPath($doc);
$xpath->registerNamespace('ds', Protocol::NS_XMLDSIG);
$list = $xpath->query('/root/ds:Signature');
$this->assertEquals(1, $list->length);
/** @var $signatureNode \DOMElement */
$signatureNode = $list->item(0);
$signatureValidator = new SignatureXmlValidator();
$signatureValidator->loadFromXml($signatureNode);
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt');
$key = KeyHelper::createPublicKey($certificate);
$ok = $signatureValidator->validate($key);
$this->assertTrue($ok);
}
/**
* @param \DOMElement $xml
* @throws \AerialShip\LightSaml\Error\InvalidXmlException
*/
function loadFromXml(\DOMElement $xml)
{
parent::loadFromXml($xml);
if ($xml->hasAttribute('Reason')) {
$this->setReason($xml->getAttribute('Reason'));
}
if ($xml->hasAttribute('NotOnOrAfter')) {
$this->setNotOnOrAfter($xml->getAttribute('NotOnOrAfter'));
}
$signatureNode = null;
$this->iterateChildrenElements($xml, function (\DOMElement $node) use(&$signatureNode) {
if ($node->localName == 'NameID') {
$nameID = new NameID();
$nameID->loadFromXml($node);
$this->setNameID($nameID);
}
if ($node->localName == 'SessionIndex') {
$this->setSessionIndex($node->textContent);
}
if ($node->localName == 'Signature' && $node->namespaceURI == Protocol::NS_XMLDSIG) {
$signatureNode = $node;
}
});
if (null !== $signatureNode) {
$signature = new SignatureXmlValidator();
$signature->loadFromXml($signatureNode);
$this->setSignature($signature);
}
}
/**
* @param \DOMElement $xml
* @throws \AerialShip\LightSaml\Error\InvalidXmlException
*/
function loadFromXml(\DOMElement $xml)
{
parent::loadFromXml($xml);
$this->setAssertionConsumerServiceURL($xml->getAttribute('AssertionConsumerServiceURL'));
$this->setProtocolBinding($xml->getAttribute('ProtocolBinding'));
$signatureNode = null;
$this->iterateChildrenElements($xml, function (\DOMElement $node) use(&$signatureNode) {
if ($node->localName == 'NameIDPolicy' && $node->namespaceURI == Protocol::SAML2) {
$this->checkRequiredAttributes($node, array('Format', 'AllowCreate'));
$this->setNameIdPolicyFormat($node->getAttribute('Format'));
$this->setNameIdPolicyAllowCreate($node->getAttribute('AllowCreate') == 'true');
} else {
if ($node->localName == 'Signature' && $node->namespaceURI == Protocol::NS_XMLDSIG) {
$signatureNode = $node;
}
}
});
if ($signatureNode) {
$signature = new SignatureXmlValidator();
$signature->loadFromXml($signatureNode);
$this->setSignature($signature);
}
}
/**
* @param \DOMElement $xml
* @throws \AerialShip\LightSaml\Error\InvalidXmlException
*/
function loadFromXml(\DOMElement $xml)
{
if ($xml->localName != 'Assertion' || $xml->namespaceURI != Protocol::NS_ASSERTION) {
throw new InvalidXmlException('Expected Assertion element but got ' . $xml->localName);
}
$this->checkRequiredAttributes($xml, array('ID', 'Version', 'IssueInstant'));
$this->setID($xml->getAttribute('ID'));
$this->setVersion($xml->getAttribute('Version'));
$this->setIssueInstant($xml->getAttribute('IssueInstant'));
$xpath = new \DOMXPath($xml instanceof \DOMDocument ? $xml : $xml->ownerDocument);
$xpath->registerNamespace('saml', Protocol::NS_ASSERTION);
$signatureNode = null;
/** @var $node \DOMElement */
for ($node = $xml->firstChild; $node !== NULL; $node = $node->nextSibling) {
if ($node->localName == 'Issuer') {
$this->setIssuer(trim($node->textContent));
} else {
if ($node->localName == 'Subject') {
$this->setSubject(new Subject());
$this->getSubject()->loadFromXml($node);
} else {
if ($node->localName == 'Conditions') {
$this->loadXmlConditions($node, $xpath);
} else {
if ($node->localName == 'AttributeStatement') {
$this->loadXmlAttributeStatement($xml, $xpath);
} else {
if ($node->localName == 'AuthnStatement') {
$this->setAuthnStatement(new AuthnStatement());
$this->getAuthnStatement()->loadFromXml($node);
} else {
if ($node->localName == 'Signature' && $node->namespaceURI == Protocol::NS_XMLDSIG) {
$signatureNode = $node;
}
}
}
}
}
}
}
if ($signatureNode) {
$signature = new SignatureXmlValidator();
$signature->loadFromXml($signatureNode);
$this->setSignature($signature);
}
}
