public function test_all_returns_all_added()
{
$entitiesDescriptor = new EntitiesDescriptor();
$entitiesDescriptor->addItem(new EntityDescriptor('http://some.com'));
$entitiesDescriptor->addItem(new EntityDescriptor($entityId = 'http://entity.com'));
$entitiesDescriptor->addItem(new EntityDescriptor('http://third.com'));
$store = new FixedEntityDescriptorStore();
$store->add($entitiesDescriptor);
$this->assertCount(3, $entitiesDescriptor->getAllItems());
}
/**
* @return EntitiesDescriptor
*/
public function get()
{
if (null == $this->entitiesDescriptor) {
$this->entitiesDescriptor = new EntitiesDescriptor();
$deserializationContext = new DeserializationContext();
$deserializationContext->getDocument()->load($this->filename);
$this->entitiesDescriptor->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
}
return $this->entitiesDescriptor;
}
public function test_entities_descriptor_with_xsd()
{
$entitiesDescriptor = new EntitiesDescriptor();
$entitiesDescriptor->addItem($ed1 = new EntityDescriptor('https://ed1.com'));
$entitiesDescriptor->addItem($es1 = new EntitiesDescriptor());
$es1->addItem($ed2 = new EntityDescriptor('https://ed2.com'));
$entitiesDescriptor->addItem($ed3 = new EntityDescriptor('https://ed3.com'));
$this->fillEntityDescriptor($ed1);
$this->fillEntityDescriptor($ed2);
$this->fillEntityDescriptor($ed3);
$this->sign($entitiesDescriptor);
$this->validateMetadata($entitiesDescriptor);
}
/**
* @param EntityDescriptor|EntitiesDescriptor $entityDescriptor
*
* @return FixedEntityDescriptorStore
*
* @throws \InvalidArgumentException
*/
public function add($entityDescriptor)
{
if ($entityDescriptor instanceof EntityDescriptor) {
if (false == $entityDescriptor->getEntityID()) {
throw new \InvalidArgumentException('EntityDescriptor must have entityId set');
}
$this->descriptors[$entityDescriptor->getEntityID()] = $entityDescriptor;
} elseif ($entityDescriptor instanceof EntitiesDescriptor) {
foreach ($entityDescriptor->getAllItems() as $item) {
$this->add($item);
}
} else {
throw new \InvalidArgumentException('Expected EntityDescriptor or EntitiesDescriptor');
}
return $this;
}
private function load()
{
try {
$this->object = EntityDescriptor::load($this->filename);
} catch (LightSamlXmlException $ex) {
$this->object = EntitiesDescriptor::load($this->filename);
}
}
private function getBuildContainer($inResponseTo = null, TimeProviderInterface $timeProvider = null)
{
$buildContainer = new BuildContainer($pimple = new Container());
// OWN
$ownCredential = new \LightSaml\Credential\X509Credential(\LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'), \LightSaml\Credential\KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true));
$ownCredential->setEntityId(self::OWN_ENTITY_ID);
$ownEntityDescriptor = new \LightSaml\Builder\EntityDescriptor\SimpleEntityDescriptorBuilder(self::OWN_ENTITY_ID, 'https://localhost/lightsaml/lightSAML/web/sp/acs.php', null, $ownCredential->getCertificate());
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\OwnContainerProvider($ownEntityDescriptor, [$ownCredential]));
// SYSTEM
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\SystemContainerProvider(true));
if ($timeProvider) {
$pimple[SystemContainer::TIME_PROVIDER] = function () use($timeProvider) {
return $timeProvider;
};
}
// PARTY
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\PartyContainerProvider());
$pimple[PartyContainer::IDP_ENTITY_DESCRIPTOR] = function () {
$idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
$idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/../../../../../../web/sp/testshib-providers.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/localhost-lightsaml-lightsaml-idp.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/openidp.feide.no.xml'));
return $idpProvider;
};
// STORE
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\StoreContainerProvider($buildContainer->getSystemContainer()));
if ($inResponseTo) {
$pimple[StoreContainer::REQUEST_STATE_STORE] = function () use($inResponseTo) {
$store = new RequestStateArrayStore();
$store->set(new RequestState($inResponseTo));
return $store;
};
}
// PROVIDER
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ProviderContainerProvider());
// CREDENTIAL
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\CredentialContainerProvider($buildContainer->getPartyContainer(), $buildContainer->getOwnContainer()));
// SERVICE
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ServiceContainerProvider($buildContainer->getCredentialContainer(), $buildContainer->getStoreContainer(), $buildContainer->getSystemContainer()));
return $buildContainer;
}
public function test__deserialize_test_shib()
{
$context = new DeserializationContext();
$context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntitiesDescriptor/testshib-providers.xml');
$entitiesDescriptor = new EntitiesDescriptor();
$entitiesDescriptor->deserialize($context->getDocument()->firstChild, $context);
$this->assertEquals('urn:mace:shibboleth:testshib:two', $entitiesDescriptor->getName());
$this->assertCount(2, $entitiesDescriptor->getAllEntityDescriptors());
//region IDP
$ed = $entitiesDescriptor->getByEntityId('https://idp.testshib.org/idp/shibboleth');
$this->assertNotNull($ed);
$this->assertEquals('https://idp.testshib.org/idp/shibboleth', $ed->getEntityID());
$this->assertCount(1, $ed->getAllIdpSsoDescriptors());
$idp = $ed->getFirstIdpSsoDescriptor();
$this->assertNotNull($idp);
$this->assertEquals('urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol', $idp->getProtocolSupportEnumeration());
$this->assertCount(1, $idp->getAllKeyDescriptors());
KeyDescriptorChecker::checkCertificateCN($this, null, 'idp.testshib.org', $idp->getFirstKeyDescriptor());
NameIdFormatChecker::check($this, $idp, array(SamlConstants::NAME_ID_FORMAT_TRANSIENT, SamlConstants::NAME_ID_FORMAT_SHIB_NAME_ID));
$this->assertCount(4, $idp->getAllSingleSignOnServices());
EndpointChecker::check($this, SamlConstants::BINDING_SHIB1_AUTHN_REQUEST, 'https://idp.testshib.org/idp/profile/Shibboleth/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SHIB1_AUTHN_REQUEST));
EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://idp.testshib.org/idp/profile/SAML2/POST/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_HTTP_POST));
EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_REDIRECT, 'https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_HTTP_REDIRECT));
EndpointChecker::check($this, SamlConstants::BINDING_SAML2_SOAP, 'https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_SOAP));
$this->assertEmpty($idp->getAllSingleLogoutServices());
$this->assertEmpty($idp->getAllAttributes());
$this->assertEmpty($idp->getAllOrganizations());
$this->assertEmpty($idp->getAllContactPersons());
$this->assertCount(1, $ed->getAllOrganizations());
OrganizationChecker::check($this, 'TestShib Two Identity Provider', 'TestShib Two', 'http://www.testshib.org/testshib-two/', $ed->getFirstOrganization());
$this->assertCount(1, $ed->getAllContactPersons());
ContactPersonChecker::check($this, ContactPerson::TYPE_TECHNICAL, null, 'Nate', 'Klingenstein', '*****@*****.**', null, $ed->getFirstContactPerson());
unset($idp);
//endregion
//region SP
$ed = $entitiesDescriptor->getByEntityId('https://sp.testshib.org/shibboleth-sp');
$this->assertNotNull($ed);
$this->assertEquals('https://sp.testshib.org/shibboleth-sp', $ed->getEntityID());
$this->assertCount(1, $ed->getAllSpSsoDescriptors());
$sp = $ed->getFirstSpSsoDescriptor();
$this->assertNotNull($sp);
$this->assertEquals('urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext', $sp->getProtocolSupportEnumeration());
$this->assertCount(1, $sp->getAllKeyDescriptors());
KeyDescriptorChecker::checkCertificateCN($this, null, 'sp.testshib.org', $sp->getFirstKeyDescriptor());
$this->assertCount(4, $sp->getAllSingleLogoutServices());
EndpointChecker::check($this, SamlConstants::BINDING_SAML2_SOAP, 'https://sp.testshib.org/Shibboleth.sso/SLO/SOAP', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_SOAP));
EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_REDIRECT, 'https://sp.testshib.org/Shibboleth.sso/SLO/Redirect', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_REDIRECT));
EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://sp.testshib.org/Shibboleth.sso/SLO/POST', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_POST));
EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_ARTIFACT, 'https://sp.testshib.org/Shibboleth.sso/SLO/Artifact', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_ARTIFACT));
NameIdFormatChecker::check($this, $sp, array(SamlConstants::NAME_ID_FORMAT_TRANSIENT, SamlConstants::NAME_ID_FORMAT_SHIB_NAME_ID));
$this->assertCount(8, $sp->getAllAssertionConsumerServices());
IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://sp.testshib.org/Shibboleth.sso/SAML2/POST', 1, true, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_POST));
IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN, 'https://sp.testshib.org/Shibboleth.sso/SAML2/POST-SimpleSign', 2, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN));
IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_ARTIFACT, 'https://sp.testshib.org/Shibboleth.sso/SAML2/Artifact', 3, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_ARTIFACT));
IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML1_BROWSER_POST, 'https://sp.testshib.org/Shibboleth.sso/SAML/POST', 4, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML1_BROWSER_POST));
IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML1_ARTIFACT1, 'https://sp.testshib.org/Shibboleth.sso/SAML/Artifact', 5, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML1_ARTIFACT1));
IndexedEndpointChecker::check($this, SamlConstants::BINDING_WS_FED_WEB_SVC, 'https://sp.testshib.org/Shibboleth.sso/ADFS', 6, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_WS_FED_WEB_SVC));
$this->assertCount(1, $ed->getAllOrganizations());
OrganizationChecker::check($this, 'TestShib Two Service Provider', 'TestShib Two', 'http://www.testshib.org/testshib-two/', $ed->getFirstOrganization());
$this->assertCount(1, $ed->getAllContactPersons());
ContactPersonChecker::check($this, ContactPerson::TYPE_TECHNICAL, null, 'Nate', 'Klingenstein', '*****@*****.**', null, $ed->getFirstContactPerson());
unset($sp);
//endregion
}
public function test__deserialize()
{
$xml = <<<EOT
<?xml version="1.0"?>
<md:EntitiesDescriptor ID="esd1" Name="first" validUntil="2013-10-27T11:55:37.035Z" cacheDuration="P1D" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:EntityDescriptor entityID="ed1"/>
<md:EntityDescriptor entityID="ed2"/>
<md:EntitiesDescriptor ID="esd2" Name="second">
<md:EntityDescriptor entityID="ed3"/>
</md:EntitiesDescriptor>
</md:EntitiesDescriptor>
EOT;
$context = new DeserializationContext();
$context->getDocument()->loadXML($xml);
$esd = new EntitiesDescriptor();
$esd->deserialize($context->getDocument(), $context);
$this->assertEquals('esd1', $esd->getId());
$this->assertEquals('first', $esd->getName());
$this->assertEquals(1382874937, $esd->getValidUntilTimestamp());
$this->assertEquals('P1D', $esd->getCacheDuration());
$items = $esd->getAllItems();
$this->assertCount(3, $items);
$this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntityDescriptor', $items[0]);
$this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntityDescriptor', $items[1]);
$this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntitiesDescriptor', $items[2]);
}
/**
* @param EntitiesDescriptor|EntityDescriptor $item
*
* @return EntitiesDescriptor
*
* @throws \InvalidArgumentException
*/
public function addItem($item)
{
if (false == $item instanceof self && false == $item instanceof EntityDescriptor) {
throw new \InvalidArgumentException('Expected EntitiesDescriptor or EntityDescriptor');
}
if ($item === $this) {
throw new \InvalidArgumentException('Circular reference detected');
}
if ($item instanceof self) {
if ($item->containsItem($this)) {
throw new \InvalidArgumentException('Circular reference detected');
}
}
$this->items[] = $item;
return $this;
}
/**
* @param SamlMessage|EntityDescriptor|EntitiesDescriptor|Assertion $object
*/
protected function sign($object)
{
$object->setSignature(new SignatureWriter($this->getX509Certificate(), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true)));
}
/**
* @return \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore
*/
private function buildIdpEntityStore()
{
$idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
$idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/testshib-providers.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/localhost-lightsaml-lightsaml-idp.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/openidp.feide.no.xml'));
return $idpProvider;
}
/**
* @expectedException \LightSaml\Error\LightSamlXmlException
* @expectedExceptionMessage Expected 'EntitiesDescriptor' xml node and 'urn:oasis:names:tc:SAML:2.0:metadata' namespace but got node 'EntityDescriptor' and namespace 'urn:oasis:names:tc:SAML:2.0:metadata'
*/
public function test_throws_on_entity_descriptor()
{
EntitiesDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp-ed.xml');
}