/** * @test * @group signature */ public function signed_message_with_valid_signature_is_validated_correctly() { $pattern = SAML2_Utilities_Certificate::CERTIFICATE_PATTERN; preg_match($pattern, SAML2_CertificatesMock::PUBLIC_KEY_PEM, $matches); $config = new SAML2_Configuration_IdentityProvider(array('certificateData' => $matches[1])); $validator = new SAML2_Signature_PublicKeyValidator(new SAML2_SimpleTestLogger(), new SAML2_Certificate_KeyLoader()); $doc = SAML2_DOMDocumentFactory::fromFile(__DIR__ . '/response.xml'); $response = new SAML2_Response($doc->firstChild); $response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey()); $response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM)); // convert to signed response $response = new SAML2_Response($response->toSignedXML()); $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element'); $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid'); }
/** * @test * @group signature */ public function signed_message_with_valid_signature_is_validated_correctly() { $pattern = SAML2_Utilities_Certificate::CERTIFICATE_PATTERN; preg_match($pattern, SAML2_CertificatesMock::PUBLIC_KEY_PEM, $matches); $certdata = SAML2_Certificate_X509::createFromCertificateData($matches[1]); $fingerprint = $certdata->getFingerprint(); $fingerprint_retry = $certdata->getFingerprint(); $this->assertTrue($fingerprint->equals($fingerprint_retry), 'Cached fingerprint does not match original'); $config = new SAML2_Configuration_IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw()))); $validator = new SAML2_Signature_FingerprintValidator(new SAML2_SimpleTestLogger(), new SAML2_Certificate_FingerprintLoader()); $doc = SAML2_DOMDocumentFactory::fromFile(__DIR__ . '/response.xml'); $response = new SAML2_Response($doc->firstChild); $response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey()); $response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM)); // convert to signed response $response = new SAML2_Response($response->toSignedXML()); $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element'); $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid'); }
/** * @return SAML2_Response */ private function getSignedResponseWithSignedAssertion() { $doc = new DOMDocument(); $doc->load(__DIR__ . '/response.xml'); $response = new SAML2_Response($doc->firstChild); $response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey()); $response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM)); $assertions = $response->getAssertions(); $assertion = $assertions[0]; $assertion->setSignatureKey(SAML2_CertificatesMock::getPrivateKey()); $assertion->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM)); return new SAML2_Response($response->toSignedXML()); }
private static function to_str(\SAML2_Response $response, array $values) { $xml = self::need_sign($values) ? $response->toSignedXML() : $response->toUnsignedXML(); return XMLConverter::xml_to_str($xml); }