PHP SAML2_Response::setSignatureKey Exemples

Exemple #1

Fichier : PublicKeyValidatorTest.php Projet : Shalmezad/saml2

 /**
  * @test
  * @group signature
  */
 public function signed_message_with_valid_signature_is_validated_correctly()
 {
     $pattern = SAML2_Utilities_Certificate::CERTIFICATE_PATTERN;
     preg_match($pattern, SAML2_CertificatesMock::PUBLIC_KEY_PEM, $matches);
     $config = new SAML2_Configuration_IdentityProvider(array('certificateData' => $matches[1]));
     $validator = new SAML2_Signature_PublicKeyValidator(new SAML2_SimpleTestLogger(), new SAML2_Certificate_KeyLoader());
     $doc = SAML2_DOMDocumentFactory::fromFile(__DIR__ . '/response.xml');
     $response = new SAML2_Response($doc->firstChild);
     $response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey());
     $response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM));
     // convert to signed response
     $response = new SAML2_Response($response->toSignedXML());
     $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
     $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
 }

Exemple #2

Fichier : FingerprintValidatorTest.php Projet : Shalmezad/saml2

 /**
  * @test
  * @group signature
  */
 public function signed_message_with_valid_signature_is_validated_correctly()
 {
     $pattern = SAML2_Utilities_Certificate::CERTIFICATE_PATTERN;
     preg_match($pattern, SAML2_CertificatesMock::PUBLIC_KEY_PEM, $matches);
     $certdata = SAML2_Certificate_X509::createFromCertificateData($matches[1]);
     $fingerprint = $certdata->getFingerprint();
     $fingerprint_retry = $certdata->getFingerprint();
     $this->assertTrue($fingerprint->equals($fingerprint_retry), 'Cached fingerprint does not match original');
     $config = new SAML2_Configuration_IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw())));
     $validator = new SAML2_Signature_FingerprintValidator(new SAML2_SimpleTestLogger(), new SAML2_Certificate_FingerprintLoader());
     $doc = SAML2_DOMDocumentFactory::fromFile(__DIR__ . '/response.xml');
     $response = new SAML2_Response($doc->firstChild);
     $response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey());
     $response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM));
     // convert to signed response
     $response = new SAML2_Response($response->toSignedXML());
     $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
     $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
 }

Exemple #3

Fichier : SignatureValidationTest.php Projet : Shalmezad/saml2

 /**
  * @return SAML2_Response
  */
 private function getSignedResponseWithSignedAssertion()
 {
     $doc = new DOMDocument();
     $doc->load(__DIR__ . '/response.xml');
     $response = new SAML2_Response($doc->firstChild);
     $response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey());
     $response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM));
     $assertions = $response->getAssertions();
     $assertion = $assertions[0];
     $assertion->setSignatureKey(SAML2_CertificatesMock::getPrivateKey());
     $assertion->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM));
     return new SAML2_Response($response->toSignedXML());
 }

Exemple #4

Fichier : SAML2ResponseGenerator.php Projet : odin-public/saml2-utils

 private static function combine_response(array $values, \SAML2_Response $response = NULL)
 {
     if (!isset($response)) {
         $response = new \SAML2_Response();
     }
     $presented_assertions = $response->getAssertions();
     $assertion = empty($presented_assertions) ? new \SAML2_Assertion() : $presented_assertions[0];
     if (self::original_spid_isset($values)) {
         $response->setInResponseTo($values['InResponseTo']);
     }
     if (array_key_exists('ResponseID', $values)) {
         $response->setId($values['ResponseID']);
     }
     if (array_key_exists('AssertionID', $values)) {
         $assertion->setId($values['AssertionID']);
     }
     if (array_key_exists('Issuer', $values)) {
         $response->setIssuer($values['Issuer']);
         $assertion->setIssuer($values['Issuer']);
     }
     if (array_key_exists('NameID', $values)) {
         $assertion->setNameId(self::build_name_id($values['NameID']));
     }
     $not_on_or_after_time = time();
     if (array_key_exists('AllowedTimeDelta', $values)) {
         $not_on_or_after_time += $values['AllowedTimeDelta'];
         $assertion->setNotBefore(time() - $values['AllowedTimeDelta']);
         $assertion->setNotOnOrAfter($not_on_or_after_time);
     } else {
         $not_on_or_after_time += DEFAULT_RESPONSE_TIME_DELTA;
     }
     if (array_key_exists('Audience', $values)) {
         $assertion->setValidAudiences(array($values['Audience']));
     }
     if (array_key_exists('Attributes', $values)) {
         $assertion->setAttributes($values['Attributes']);
     }
     $assertion->setAuthnInstant(time());
     if (array_key_exists('AuthnContextClassRef', $values)) {
         $assertion->setAuthnContextClassRef($values['AuthnContextClassRef']);
     }
     if (array_key_exists('SessionIndex', $values)) {
         $assertion->setSessionIndex($values['SessionIndex']);
     }
     if (self::original_spid_isset($values) || array_key_exists('Destination', $values)) {
         $original_confirmations = $assertion->getSubjectConfirmation();
         $confirmation = NULL;
         if (empty($original_confirmations)) {
             $confirmation = new \SAML2_XML_saml_SubjectConfirmation();
             $confirmation->Method = SAML_CONFIGURATION_METHOD;
         } else {
             $confirmation = $original_confirmations[0];
         }
         $original_data = $confirmation->SubjectConfirmationData;
         $data = NULL;
         if (empty($original_data)) {
             $data = new \SAML2_XML_saml_SubjectConfirmationData();
             $data->NotOnOrAfter = $not_on_or_after_time;
         } else {
             $data = $original_data;
             if (empty($data->NotOnOrAfter)) {
                 $data->NotOnOrAfter = $not_on_or_after_time;
             }
         }
         if (array_key_exists('Destination', $values)) {
             $data->Recipient = $values['Destination'];
         }
         if (self::original_spid_isset($values)) {
             $data->InResponseTo = $values['InResponseTo'];
         }
         $confirmation->SubjectConfirmationData = $data;
         $assertion->setSubjectConfirmation(array($confirmation));
     }
     if (array_key_exists('Destination', $values)) {
         $response->setDestination($values['Destination']);
     }
     if (self::need_sign($values)) {
         if (array_key_exists('SHA256KeyFile', $values)) {
             $ekey = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
             $ekey->loadKey($values['SHA256KeyFile'], true);
             if (self::need_sign_attributes($values)) {
                 $assertion->setSignatureKey($ekey);
             }
             if (self::need_sign_message($values)) {
                 $response->setSignatureKey($ekey);
             }
         }
         if (array_key_exists('SHA256CertFile', $values)) {
             $certifictaes = array(file_get_contents($values['SHA256CertFile']));
             if (self::need_sign_attributes($values)) {
                 $assertion->setCertificates($certifictaes);
             }
             if (self::need_sign_message($values)) {
                 $response->setCertificates($certifictaes);
             }
         }
     }
     $response->setAssertions(array($assertion));
     return $response;
 }