function testOne() { $doc = new \DOMDocument(); $doc->load(__DIR__ . '/../../../../../../../resources/sample/Response/response01.xml'); $xpath = new \DOMXPath($doc); $xpath->registerNamespace('samlp', Protocol::SAML2); $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG); $xpath->registerNamespace('a', Protocol::NS_ASSERTION); $list = $xpath->query('/samlp:Response/a:Assertion/ds:Signature'); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $signatureNode = $list->item(0); $signatureValidator = new SignatureXmlValidator(); $signatureValidator->loadFromXml($signatureNode); $list = $xpath->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $signatureNode); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $certificateDataNode = $list->item(0); $certData = $certificateDataNode->textContent; $certificate = new X509Certificate(); $certificate->setData($certData); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureValidator->validate($key); $this->assertTrue($ok); }
private function verifySignature($xml) { $doc = new \DOMDocument(); $doc->loadXML($xml); $xpath = new \DOMXPath($doc); $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG); $list = $xpath->query('/root/ds:Signature'); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $signatureNode = $list->item(0); $signatureValidator = new SignatureXmlValidator(); $signatureValidator->loadFromXml($signatureNode); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureValidator->validate($key); $this->assertTrue($ok); }
protected function checkRequest(AuthnRequest $request, $id, $time) { $this->assertEquals($id, $request->getID()); $this->assertEquals('2.0', $request->getVersion()); $this->assertEquals($this->destination, $request->getDestination()); $this->assertEquals($this->ascURL, $request->getAssertionConsumerServiceURL()); $this->assertEquals($this->protocolBinding, $request->getProtocolBinding()); $this->assertEquals($time, $request->getIssueInstant()); $this->assertEquals($this->issuer, $request->getIssuer()); $this->assertEquals($this->nameIDPolicyFormat, $request->getNameIdPolicyFormat()); $this->assertTrue($request->getNameIdPolicyAllowCreate()); /** @var SignatureValidatorInterface $signature */ $signature = $request->getSignature(); $this->assertNotNull($signature); $this->assertTrue($signature instanceof SignatureValidatorInterface); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $signature->validate($key); }
/** * @param \AerialShip\SamlSPBundle\Config\ServiceInfo $serviceInfo * @param LogoutRequest $logoutRequest * @throws \RuntimeException */ protected function validateLogoutRequest(ServiceInfo $serviceInfo, LogoutRequest $logoutRequest) { $idp = $serviceInfo->getIdpProvider()->getEntityDescriptor(); $keyDescriptors = $idp->getFirstIdpSsoDescriptor()->getKeyDescriptors(); if (empty($keyDescriptors)) { throw new \RuntimeException('IDP must support signing for logout requests'); } /** @var $signature SignatureValidatorInterface */ $signature = $logoutRequest->getSignature(); if (!$signature) { throw new \RuntimeException('Logout request must be signed'); } $keys = array(); foreach ($keyDescriptors as $keyDescriptor) { $key = KeyHelper::createPublicKey($keyDescriptor->getCertificate()); $keys[] = $key; } $signature->validateMulti($keys); }
/** * @test */ public function shouldCreatePublicKeyWhenLoadedFromPem() { $cert = new X509Certificate(); $cert->loadPem($this->getPEM()); KeyHelper::createPublicKey($cert); }
/** * @param \AerialShip\SamlSPBundle\Config\ServiceInfo $metaProvider * @return null|\XMLSecurityKey */ protected function getSigningKey(ServiceInfo $metaProvider) { $result = null; $edIDP = $metaProvider->getIdpProvider()->getEntityDescriptor(); if ($edIDP) { $arr = $edIDP->getAllIdpSsoDescriptors(); if ($arr) { $idp = $arr[0]; $arr = $idp->findKeyDescriptors('signing'); if ($arr) { $keyDescriptor = $arr[0]; $certificate = $keyDescriptor->getCertificate(); $result = KeyHelper::createPublicKey($certificate); } } } return $result; }
/** * @return \XMLSecurityKey */ private function getXmlKey() { $cert = $this->getCertificate(); return KeyHelper::createPublicKey($cert); }