private function checkRequestXml(\DOMDocument $doc, LogoutRequest $request)
 {
     $xpath = new \DOMXPath($doc);
     $xpath->registerNamespace('samlp', Protocol::SAML2);
     $xpath->registerNamespace('saml', Protocol::NS_ASSERTION);
     $list = $xpath->query('/samlp:LogoutRequest');
     $this->assertEquals(1, $list->length);
     /** @var $node \DOMElement */
     $node = $list->item(0);
     $this->assertEquals($request->getReason(), $node->getAttribute('Reason'));
     $this->assertEquals($request->getID(), $node->getAttribute('ID'));
     $this->assertEquals('2.0', $node->getAttribute('Version'));
     $this->assertEquals($this->destination, $node->getAttribute('Destination'));
     $list = $xpath->query('/samlp:LogoutRequest/saml:Issuer');
     $this->assertEquals(1, $list->length);
     $node = $list->item(0);
     $this->assertEquals($this->issuer, $node->textContent);
     $list = $xpath->query('/samlp:LogoutRequest/saml:NameID');
     $this->assertEquals(1, $list->length);
     $node = $list->item(0);
     $this->assertEquals($request->getNameID()->getFormat(), $node->getAttribute('Format'));
     $this->assertEquals($request->getNameID()->getValue(), $node->textContent);
 }
 /**
  * @param string $nameIDValue
  * @param string|null $nameIDFormat
  * @param string|null $sessionIndex
  * @param string|null $reason
  * @return LogoutRequest
  */
 public function build($nameIDValue, $nameIDFormat = null, $sessionIndex = null, $reason = null)
 {
     $result = new LogoutRequest();
     $edSP = $this->getEdSP();
     $result->setID(Helper::generateID());
     $result->setDestination($this->getDestination());
     $result->setIssueInstant(time());
     if ($reason) {
         $result->setReason($reason);
     }
     if ($sessionIndex) {
         $result->setSessionIndex($sessionIndex);
     }
     $nameID = new NameID();
     $nameID->setValue($nameIDValue);
     if ($nameIDFormat) {
         $nameID->setFormat($nameIDFormat);
     }
     $result->setNameID($nameID);
     $result->setIssuer($edSP->getEntityID());
     return $result;
 }
 /**
  * @param LogoutRequest $request
  * @param ServiceInfo $serviceInfo
  * @return RequestState
  */
 protected function createRequestState(LogoutRequest $request, ServiceInfo $serviceInfo)
 {
     $state = new RequestState();
     $state->setId($request->getID());
     $state->setDestination($serviceInfo->getIdpProvider()->getEntityDescriptor()->getEntityID());
     $this->requestStateStore->set($state);
     return $state;
 }
 /**
  * @param \AerialShip\SamlSPBundle\Config\ServiceInfo $serviceInfo
  * @param LogoutRequest $logoutRequest
  * @throws \RuntimeException
  */
 protected function validateLogoutRequest(ServiceInfo $serviceInfo, LogoutRequest $logoutRequest)
 {
     $idp = $serviceInfo->getIdpProvider()->getEntityDescriptor();
     $keyDescriptors = $idp->getFirstIdpSsoDescriptor()->getKeyDescriptors();
     if (empty($keyDescriptors)) {
         throw new \RuntimeException('IDP must support signing for logout requests');
     }
     /** @var  $signature SignatureValidatorInterface */
     $signature = $logoutRequest->getSignature();
     if (!$signature) {
         throw new \RuntimeException('Logout request must be signed');
     }
     $keys = array();
     foreach ($keyDescriptors as $keyDescriptor) {
         $key = KeyHelper::createPublicKey($keyDescriptor->getCertificate());
         $keys[] = $key;
     }
     $signature->validateMulti($keys);
 }