public function test_all_returns_all_added() { $entitiesDescriptor = new EntitiesDescriptor(); $entitiesDescriptor->addItem(new EntityDescriptor('http://some.com')); $entitiesDescriptor->addItem(new EntityDescriptor($entityId = 'http://entity.com')); $entitiesDescriptor->addItem(new EntityDescriptor('http://third.com')); $store = new FixedEntityDescriptorStore(); $store->add($entitiesDescriptor); $this->assertCount(3, $entitiesDescriptor->getAllItems()); }
/** * @return EntitiesDescriptor */ public function get() { if (null == $this->entitiesDescriptor) { $this->entitiesDescriptor = new EntitiesDescriptor(); $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->load($this->filename); $this->entitiesDescriptor->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); } return $this->entitiesDescriptor; }
public function test_entities_descriptor_with_xsd() { $entitiesDescriptor = new EntitiesDescriptor(); $entitiesDescriptor->addItem($ed1 = new EntityDescriptor('https://ed1.com')); $entitiesDescriptor->addItem($es1 = new EntitiesDescriptor()); $es1->addItem($ed2 = new EntityDescriptor('https://ed2.com')); $entitiesDescriptor->addItem($ed3 = new EntityDescriptor('https://ed3.com')); $this->fillEntityDescriptor($ed1); $this->fillEntityDescriptor($ed2); $this->fillEntityDescriptor($ed3); $this->sign($entitiesDescriptor); $this->validateMetadata($entitiesDescriptor); }
/** * @param EntityDescriptor|EntitiesDescriptor $entityDescriptor * * @return FixedEntityDescriptorStore * * @throws \InvalidArgumentException */ public function add($entityDescriptor) { if ($entityDescriptor instanceof EntityDescriptor) { if (false == $entityDescriptor->getEntityID()) { throw new \InvalidArgumentException('EntityDescriptor must have entityId set'); } $this->descriptors[$entityDescriptor->getEntityID()] = $entityDescriptor; } elseif ($entityDescriptor instanceof EntitiesDescriptor) { foreach ($entityDescriptor->getAllItems() as $item) { $this->add($item); } } else { throw new \InvalidArgumentException('Expected EntityDescriptor or EntitiesDescriptor'); } return $this; }
private function load() { try { $this->object = EntityDescriptor::load($this->filename); } catch (LightSamlXmlException $ex) { $this->object = EntitiesDescriptor::load($this->filename); } }
private function getBuildContainer($inResponseTo = null, TimeProviderInterface $timeProvider = null) { $buildContainer = new BuildContainer($pimple = new Container()); // OWN $ownCredential = new \LightSaml\Credential\X509Credential(\LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'), \LightSaml\Credential\KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true)); $ownCredential->setEntityId(self::OWN_ENTITY_ID); $ownEntityDescriptor = new \LightSaml\Builder\EntityDescriptor\SimpleEntityDescriptorBuilder(self::OWN_ENTITY_ID, 'https://localhost/lightsaml/lightSAML/web/sp/acs.php', null, $ownCredential->getCertificate()); $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\OwnContainerProvider($ownEntityDescriptor, [$ownCredential])); // SYSTEM $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\SystemContainerProvider(true)); if ($timeProvider) { $pimple[SystemContainer::TIME_PROVIDER] = function () use($timeProvider) { return $timeProvider; }; } // PARTY $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\PartyContainerProvider()); $pimple[PartyContainer::IDP_ENTITY_DESCRIPTOR] = function () { $idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore(); $idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/../../../../../../web/sp/testshib-providers.xml')); $idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/localhost-lightsaml-lightsaml-idp.xml')); $idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/openidp.feide.no.xml')); return $idpProvider; }; // STORE $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\StoreContainerProvider($buildContainer->getSystemContainer())); if ($inResponseTo) { $pimple[StoreContainer::REQUEST_STATE_STORE] = function () use($inResponseTo) { $store = new RequestStateArrayStore(); $store->set(new RequestState($inResponseTo)); return $store; }; } // PROVIDER $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ProviderContainerProvider()); // CREDENTIAL $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\CredentialContainerProvider($buildContainer->getPartyContainer(), $buildContainer->getOwnContainer())); // SERVICE $buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ServiceContainerProvider($buildContainer->getCredentialContainer(), $buildContainer->getStoreContainer(), $buildContainer->getSystemContainer())); return $buildContainer; }
public function test__deserialize_test_shib() { $context = new DeserializationContext(); $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntitiesDescriptor/testshib-providers.xml'); $entitiesDescriptor = new EntitiesDescriptor(); $entitiesDescriptor->deserialize($context->getDocument()->firstChild, $context); $this->assertEquals('urn:mace:shibboleth:testshib:two', $entitiesDescriptor->getName()); $this->assertCount(2, $entitiesDescriptor->getAllEntityDescriptors()); //region IDP $ed = $entitiesDescriptor->getByEntityId('https://idp.testshib.org/idp/shibboleth'); $this->assertNotNull($ed); $this->assertEquals('https://idp.testshib.org/idp/shibboleth', $ed->getEntityID()); $this->assertCount(1, $ed->getAllIdpSsoDescriptors()); $idp = $ed->getFirstIdpSsoDescriptor(); $this->assertNotNull($idp); $this->assertEquals('urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol', $idp->getProtocolSupportEnumeration()); $this->assertCount(1, $idp->getAllKeyDescriptors()); KeyDescriptorChecker::checkCertificateCN($this, null, 'idp.testshib.org', $idp->getFirstKeyDescriptor()); NameIdFormatChecker::check($this, $idp, array(SamlConstants::NAME_ID_FORMAT_TRANSIENT, SamlConstants::NAME_ID_FORMAT_SHIB_NAME_ID)); $this->assertCount(4, $idp->getAllSingleSignOnServices()); EndpointChecker::check($this, SamlConstants::BINDING_SHIB1_AUTHN_REQUEST, 'https://idp.testshib.org/idp/profile/Shibboleth/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SHIB1_AUTHN_REQUEST)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://idp.testshib.org/idp/profile/SAML2/POST/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_HTTP_POST)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_REDIRECT, 'https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_SOAP, 'https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_SOAP)); $this->assertEmpty($idp->getAllSingleLogoutServices()); $this->assertEmpty($idp->getAllAttributes()); $this->assertEmpty($idp->getAllOrganizations()); $this->assertEmpty($idp->getAllContactPersons()); $this->assertCount(1, $ed->getAllOrganizations()); OrganizationChecker::check($this, 'TestShib Two Identity Provider', 'TestShib Two', 'http://www.testshib.org/testshib-two/', $ed->getFirstOrganization()); $this->assertCount(1, $ed->getAllContactPersons()); ContactPersonChecker::check($this, ContactPerson::TYPE_TECHNICAL, null, 'Nate', 'Klingenstein', '*****@*****.**', null, $ed->getFirstContactPerson()); unset($idp); //endregion //region SP $ed = $entitiesDescriptor->getByEntityId('https://sp.testshib.org/shibboleth-sp'); $this->assertNotNull($ed); $this->assertEquals('https://sp.testshib.org/shibboleth-sp', $ed->getEntityID()); $this->assertCount(1, $ed->getAllSpSsoDescriptors()); $sp = $ed->getFirstSpSsoDescriptor(); $this->assertNotNull($sp); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext', $sp->getProtocolSupportEnumeration()); $this->assertCount(1, $sp->getAllKeyDescriptors()); KeyDescriptorChecker::checkCertificateCN($this, null, 'sp.testshib.org', $sp->getFirstKeyDescriptor()); $this->assertCount(4, $sp->getAllSingleLogoutServices()); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_SOAP, 'https://sp.testshib.org/Shibboleth.sso/SLO/SOAP', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_SOAP)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_REDIRECT, 'https://sp.testshib.org/Shibboleth.sso/SLO/Redirect', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://sp.testshib.org/Shibboleth.sso/SLO/POST', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_POST)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_ARTIFACT, 'https://sp.testshib.org/Shibboleth.sso/SLO/Artifact', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_ARTIFACT)); NameIdFormatChecker::check($this, $sp, array(SamlConstants::NAME_ID_FORMAT_TRANSIENT, SamlConstants::NAME_ID_FORMAT_SHIB_NAME_ID)); $this->assertCount(8, $sp->getAllAssertionConsumerServices()); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://sp.testshib.org/Shibboleth.sso/SAML2/POST', 1, true, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_POST)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN, 'https://sp.testshib.org/Shibboleth.sso/SAML2/POST-SimpleSign', 2, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_ARTIFACT, 'https://sp.testshib.org/Shibboleth.sso/SAML2/Artifact', 3, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_ARTIFACT)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML1_BROWSER_POST, 'https://sp.testshib.org/Shibboleth.sso/SAML/POST', 4, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML1_BROWSER_POST)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML1_ARTIFACT1, 'https://sp.testshib.org/Shibboleth.sso/SAML/Artifact', 5, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML1_ARTIFACT1)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_WS_FED_WEB_SVC, 'https://sp.testshib.org/Shibboleth.sso/ADFS', 6, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_WS_FED_WEB_SVC)); $this->assertCount(1, $ed->getAllOrganizations()); OrganizationChecker::check($this, 'TestShib Two Service Provider', 'TestShib Two', 'http://www.testshib.org/testshib-two/', $ed->getFirstOrganization()); $this->assertCount(1, $ed->getAllContactPersons()); ContactPersonChecker::check($this, ContactPerson::TYPE_TECHNICAL, null, 'Nate', 'Klingenstein', '*****@*****.**', null, $ed->getFirstContactPerson()); unset($sp); //endregion }
public function test__deserialize() { $xml = <<<EOT <?xml version="1.0"?> <md:EntitiesDescriptor ID="esd1" Name="first" validUntil="2013-10-27T11:55:37.035Z" cacheDuration="P1D" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"> <md:EntityDescriptor entityID="ed1"/> <md:EntityDescriptor entityID="ed2"/> <md:EntitiesDescriptor ID="esd2" Name="second"> <md:EntityDescriptor entityID="ed3"/> </md:EntitiesDescriptor> </md:EntitiesDescriptor> EOT; $context = new DeserializationContext(); $context->getDocument()->loadXML($xml); $esd = new EntitiesDescriptor(); $esd->deserialize($context->getDocument(), $context); $this->assertEquals('esd1', $esd->getId()); $this->assertEquals('first', $esd->getName()); $this->assertEquals(1382874937, $esd->getValidUntilTimestamp()); $this->assertEquals('P1D', $esd->getCacheDuration()); $items = $esd->getAllItems(); $this->assertCount(3, $items); $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntityDescriptor', $items[0]); $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntityDescriptor', $items[1]); $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntitiesDescriptor', $items[2]); }
/** * @param EntitiesDescriptor|EntityDescriptor $item * * @return EntitiesDescriptor * * @throws \InvalidArgumentException */ public function addItem($item) { if (false == $item instanceof self && false == $item instanceof EntityDescriptor) { throw new \InvalidArgumentException('Expected EntitiesDescriptor or EntityDescriptor'); } if ($item === $this) { throw new \InvalidArgumentException('Circular reference detected'); } if ($item instanceof self) { if ($item->containsItem($this)) { throw new \InvalidArgumentException('Circular reference detected'); } } $this->items[] = $item; return $this; }
/** * @param SamlMessage|EntityDescriptor|EntitiesDescriptor|Assertion $object */ protected function sign($object) { $object->setSignature(new SignatureWriter($this->getX509Certificate(), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true))); }
/** * @return \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore */ private function buildIdpEntityStore() { $idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore(); $idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/testshib-providers.xml')); $idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/localhost-lightsaml-lightsaml-idp.xml')); $idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/openidp.feide.no.xml')); return $idpProvider; }
/** * @expectedException \LightSaml\Error\LightSamlXmlException * @expectedExceptionMessage Expected 'EntitiesDescriptor' xml node and 'urn:oasis:names:tc:SAML:2.0:metadata' namespace but got node 'EntityDescriptor' and namespace 'urn:oasis:names:tc:SAML:2.0:metadata' */ public function test_throws_on_entity_descriptor() { EntitiesDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp-ed.xml'); }