/** * @dataProvider provider */ public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '') { if ($expectedException) { $this->setExpectedException($expectedException, $expectedExceptionMessage); } $idp = new IdpSsoDescriptor(); foreach ($idpData as $data) { $idp->addService(new SingleSignOnService($data['binding'], $data['url'])); } $edIDP = new EntityDescriptor('idp'); $edIDP->addItem($idp); $sp = new SpSsoDescriptor(); foreach ($spData as $data) { $sp->addService(new AssertionConsumerService($data['binding'], $data['url'])); } $edSP = new EntityDescriptor('sp'); $edSP->addItem($sp); $spMeta = new SpMeta(); foreach ($spMetaData as $name => $value) { $spMeta->{$name}($value); } $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); }
protected function askForCertificate(DialogHelper $dialog, OutputInterface $output, EntityDescriptor $ed) { $certificatePath = $this->askFile($dialog, $output, 'Signing Certificate path', false); if ($certificatePath) { $certificate = new X509Certificate(); $certificate->loadFromFile($certificatePath); $keyDescriptor = new KeyDescriptor('signing', $certificate); $ed->addItem($keyDescriptor); } }
/** * @param string $file * @return EntityDescriptor * @throws \InvalidArgumentException */ public static function getEntityDescriptorFromXmlFile($file) { if (!is_file($file)) { throw new \InvalidArgumentException("Specified EntityDescriptor path is not a file {$file}"); } $doc = new \DOMDocument(); $doc->load($file); $result = new EntityDescriptor(); $result->loadFromXml($doc->firstChild); return $result; }
protected function load() { $doc = new \DOMDocument(); $doc->load($this->filename); if ($this->entityId) { $entitiesDescriptor = new EntitiesDescriptor(); $entitiesDescriptor->loadFromXml($doc->firstChild); $this->entityDescriptor = $entitiesDescriptor->getByEntityId($this->entityId); } else { $this->entityDescriptor = new EntityDescriptor(); $this->entityDescriptor->loadFromXml($doc->firstChild); } }
private function checkSP(EntityDescriptor $ed, $url) { $arr = $ed->getAllSpSsoDescriptors(); $this->assertEquals(1, count($arr)); $sp = $arr[0]; $this->assertTrue($sp->getWantAssertionsSigned()); $this->assertEquals(2, count($sp->getKeyDescriptors())); $arr = $sp->findKeyDescriptors(KeyDescriptor::USE_SIGNING); $this->assertEquals(1, count($arr)); $this->assertEquals(KeyDescriptor::USE_SIGNING, $arr[0]->getUse()); $cert = $arr[0]->getCertificate(); $this->assertNotNull($cert); $this->assertGreaterThan(100, strlen($cert->getData())); $arr = $sp->findKeyDescriptors(KeyDescriptor::USE_ENCRYPTION); $this->assertEquals(1, count($arr)); $this->assertEquals(KeyDescriptor::USE_ENCRYPTION, $arr[0]->getUse()); $cert = $arr[0]->getCertificate(); $this->assertNotNull($cert); $this->assertGreaterThan(100, strlen($cert->getData())); $this->assertEquals(2, count($sp->findSingleLogoutServices())); $arr = $sp->findSingleLogoutServices(Bindings::SAML2_HTTP_REDIRECT); $this->assertEquals(1, count($arr)); $this->assertEquals(Bindings::SAML2_HTTP_REDIRECT, $arr[0]->getBinding()); $this->assertEquals($url, $arr[0]->getLocation()); $arr = $sp->findSingleLogoutServices(Bindings::SAML2_HTTP_POST); $this->assertEquals(1, count($arr)); $this->assertEquals(Bindings::SAML2_HTTP_POST, $arr[0]->getBinding()); $this->assertEquals($url, $arr[0]->getLocation()); $this->assertEquals(3, count($sp->findAssertionConsumerServices())); $arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_POST); $this->assertEquals(1, count($arr)); $this->assertEquals(Bindings::SAML2_HTTP_POST, $arr[0]->getBinding()); $this->assertEquals($url, $arr[0]->getLocation()); $this->assertEquals(0, $arr[0]->getIndex()); $arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_ARTIFACT); $this->assertEquals(1, count($arr)); $this->assertEquals(Bindings::SAML2_HTTP_ARTIFACT, $arr[0]->getBinding()); $this->assertEquals($url, $arr[0]->getLocation()); $this->assertEquals(1, $arr[0]->getIndex()); $arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_REDIRECT); $this->assertEquals(1, count($arr)); $this->assertEquals(Bindings::SAML2_HTTP_REDIRECT, $arr[0]->getBinding()); $this->assertEquals($url, $arr[0]->getLocation()); $this->assertEquals(2, $arr[0]->getIndex()); }
/** * @dataProvider provider */ public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '') { if ($expectedException) { $this->setExpectedException($expectedException, $expectedExceptionMessage); } $idp = new IdpSsoDescriptor(); foreach ($idpData as $data) { $idp->addService(new SingleSignOnService($data['binding'], $data['url'])); } $edIDP = new EntityDescriptor('idp'); $edIDP->addItem($idp); $sp = new SpSsoDescriptor(); foreach ($spData as $data) { $sp->addService(new AssertionConsumerService($data['binding'], $data['url'])); } $edSP = new EntityDescriptor('sp'); $edSP->addItem($sp); $spMeta = new SpMeta(); foreach ($spMetaData as $name => $value) { $spMeta->{$name}($value); } // without signing $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); // with signing $signature = new SignatureCreator(); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private')); $key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true); $signature->setCertificate($certificate); $signature->setXmlSecurityKey($key); $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta, $signature); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); }
protected function build() { $this->entityDescriptor = new EntityDescriptor($this->config['entity_id']); $sp = new SpSsoDescriptor(); $this->entityDescriptor->addItem($sp); $sp->setWantAssertionsSigned($this->config['want_assertions_signed']); if ($this->signingProvider->isEnabled()) { $sp->addKeyDescriptor(new KeyDescriptor('signing', $this->signingProvider->getCertificate())); } $slo = new SingleLogoutService(); $sp->addService($slo); $slo->setBinding(Bindings::SAML2_HTTP_REDIRECT); $slo->setLocation($this->buildPath($this->logoutPath)); $slo = new SingleLogoutService(); $sp->addService($slo); $slo->setBinding(Bindings::SAML2_HTTP_POST); $slo->setLocation($this->buildPath($this->logoutPath)); $sp->addService(new AssertionConsumerService(Bindings::SAML2_HTTP_POST, $this->buildPath($this->checkPath), 0)); $sp->addService(new AssertionConsumerService(Bindings::SAML2_HTTP_REDIRECT, $this->buildPath($this->checkPath), 1)); }
private function checkSP(EntityDescriptor $ed) { $arr = $ed->getAllSpSsoDescriptors(); $this->assertEquals(0, count($arr)); }
/** * @param EntitiesDescriptor|EntityDescriptor $item * @return $this|EntitiesDescriptor * @throws \InvalidArgumentException */ public function addItem($item) { if (!$item instanceof EntitiesDescriptor && !$item instanceof EntityDescriptor) { throw new \InvalidArgumentException('Expected EntitiesDescriptor or EntityDescriptor'); } if ($item === $this) { throw new \InvalidArgumentException('Circular reference detected'); } if ($item instanceof EntitiesDescriptor) { if ($item->containsItem($this)) { throw new \InvalidArgumentException('Circular reference detected'); } } $this->items[] = $item; return $this; }
/** * @return \AerialShip\LightSaml\Security\X509Certificate */ private function getCertificate() { $ed = new EntityDescriptor(); $doc = new \DOMDocument(); $doc->load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/idp2-ed.xml'); $ed->loadFromXml($doc->firstChild); $arrIdp = $ed->getAllIdpSsoDescriptors(); $idp = $arrIdp[0]; $arrKeys = $idp->findKeyDescriptors('signing'); $k = $arrKeys[0]; $cert = $k->getCertificate(); return $cert; }
private function checkDeserializaton(\DOMElement $root, $entityID, $locationLogout, $locationLogin, X509Certificate $certificate) { $ed = new EntityDescriptor(); $ed->loadFromXml($root); $this->assertEquals($entityID, $ed->getEntityID()); $items = $ed->getItems(); $this->assertEquals(2, count($items)); $this->assertTrue($items[0] instanceof SpSsoDescriptor); $arrSP = $ed->getItemsByType('SpSsoDescriptor'); $this->assertNotEmpty($arrSP); /** @var $sp SpSsoDescriptor */ $sp = $arrSP[0]; $this->assertNotNull($sp); $this->assertTrue($sp instanceof SpSsoDescriptor); $keys = $sp->getKeyDescriptors(); $this->assertEquals(2, count($keys)); $this->assertEquals(KeyDescriptor::USE_SIGNING, $keys[0]->getUse()); $this->assertEquals($certificate->getData(), $keys[0]->getCertificate()->getData()); $this->assertEquals(KeyDescriptor::USE_ENCRYPTION, $keys[1]->getUse()); $this->assertEquals($certificate->getData(), $keys[1]->getCertificate()->getData()); $this->assertEquals(Protocol::SAML2, $sp->getProtocolSupportEnumeration()); $items = $sp->getServices(); $this->assertEquals(3, count($items), print_r($items, true)); $arrLogout = $sp->findSingleLogoutServices(); $this->assertNotEmpty($arrLogout); $logout = $arrLogout[0]; $this->assertNotNull($logout); $this->assertEquals(Bindings::SAML2_HTTP_REDIRECT, $logout->getBinding()); $this->assertEquals($locationLogout, $logout->getLocation()); $arr = $sp->findAssertionConsumerServices(); $this->assertEquals(2, count($arr)); $arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_POST); $this->assertNotEmpty($arr); $as1 = $arr[0]; $this->assertNotNull($as1); $this->assertEquals(Bindings::SAML2_HTTP_POST, $as1->getBinding()); $this->assertEquals($locationLogin, $as1->getLocation()); $this->assertEquals(0, $as1->getIndex()); $arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_ARTIFACT); $this->assertNotEmpty($arr); $as2 = $arr[0]; $this->assertNotNull($as2); $this->assertEquals(Bindings::SAML2_HTTP_ARTIFACT, $as2->getBinding()); $this->assertEquals($locationLogin, $as2->getLocation()); $this->assertEquals(1, $as2->getIndex()); }