/**
* @dataProvider provider
*/
public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '')
{
if ($expectedException) {
$this->setExpectedException($expectedException, $expectedExceptionMessage);
}
$idp = new IdpSsoDescriptor();
foreach ($idpData as $data) {
$idp->addService(new SingleSignOnService($data['binding'], $data['url']));
}
$edIDP = new EntityDescriptor('idp');
$edIDP->addItem($idp);
$sp = new SpSsoDescriptor();
foreach ($spData as $data) {
$sp->addService(new AssertionConsumerService($data['binding'], $data['url']));
}
$edSP = new EntityDescriptor('sp');
$edSP->addItem($sp);
$spMeta = new SpMeta();
foreach ($spMetaData as $name => $value) {
$spMeta->{$name}($value);
}
$builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta);
$message = $builder->build();
$response = $builder->send($message);
$this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
$this->assertInstanceOf($expectedResponseType, $response, $name);
$this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
$this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
}
protected function askForCertificate(DialogHelper $dialog, OutputInterface $output, EntityDescriptor $ed)
{
$certificatePath = $this->askFile($dialog, $output, 'Signing Certificate path', false);
if ($certificatePath) {
$certificate = new X509Certificate();
$certificate->loadFromFile($certificatePath);
$keyDescriptor = new KeyDescriptor('signing', $certificate);
$ed->addItem($keyDescriptor);
}
}
/**
* @param string $file
* @return EntityDescriptor
* @throws \InvalidArgumentException
*/
public static function getEntityDescriptorFromXmlFile($file)
{
if (!is_file($file)) {
throw new \InvalidArgumentException("Specified EntityDescriptor path is not a file {$file}");
}
$doc = new \DOMDocument();
$doc->load($file);
$result = new EntityDescriptor();
$result->loadFromXml($doc->firstChild);
return $result;
}
protected function load()
{
$doc = new \DOMDocument();
$doc->load($this->filename);
if ($this->entityId) {
$entitiesDescriptor = new EntitiesDescriptor();
$entitiesDescriptor->loadFromXml($doc->firstChild);
$this->entityDescriptor = $entitiesDescriptor->getByEntityId($this->entityId);
} else {
$this->entityDescriptor = new EntityDescriptor();
$this->entityDescriptor->loadFromXml($doc->firstChild);
}
}
private function checkSP(EntityDescriptor $ed, $url)
{
$arr = $ed->getAllSpSsoDescriptors();
$this->assertEquals(1, count($arr));
$sp = $arr[0];
$this->assertTrue($sp->getWantAssertionsSigned());
$this->assertEquals(2, count($sp->getKeyDescriptors()));
$arr = $sp->findKeyDescriptors(KeyDescriptor::USE_SIGNING);
$this->assertEquals(1, count($arr));
$this->assertEquals(KeyDescriptor::USE_SIGNING, $arr[0]->getUse());
$cert = $arr[0]->getCertificate();
$this->assertNotNull($cert);
$this->assertGreaterThan(100, strlen($cert->getData()));
$arr = $sp->findKeyDescriptors(KeyDescriptor::USE_ENCRYPTION);
$this->assertEquals(1, count($arr));
$this->assertEquals(KeyDescriptor::USE_ENCRYPTION, $arr[0]->getUse());
$cert = $arr[0]->getCertificate();
$this->assertNotNull($cert);
$this->assertGreaterThan(100, strlen($cert->getData()));
$this->assertEquals(2, count($sp->findSingleLogoutServices()));
$arr = $sp->findSingleLogoutServices(Bindings::SAML2_HTTP_REDIRECT);
$this->assertEquals(1, count($arr));
$this->assertEquals(Bindings::SAML2_HTTP_REDIRECT, $arr[0]->getBinding());
$this->assertEquals($url, $arr[0]->getLocation());
$arr = $sp->findSingleLogoutServices(Bindings::SAML2_HTTP_POST);
$this->assertEquals(1, count($arr));
$this->assertEquals(Bindings::SAML2_HTTP_POST, $arr[0]->getBinding());
$this->assertEquals($url, $arr[0]->getLocation());
$this->assertEquals(3, count($sp->findAssertionConsumerServices()));
$arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_POST);
$this->assertEquals(1, count($arr));
$this->assertEquals(Bindings::SAML2_HTTP_POST, $arr[0]->getBinding());
$this->assertEquals($url, $arr[0]->getLocation());
$this->assertEquals(0, $arr[0]->getIndex());
$arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_ARTIFACT);
$this->assertEquals(1, count($arr));
$this->assertEquals(Bindings::SAML2_HTTP_ARTIFACT, $arr[0]->getBinding());
$this->assertEquals($url, $arr[0]->getLocation());
$this->assertEquals(1, $arr[0]->getIndex());
$arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_REDIRECT);
$this->assertEquals(1, count($arr));
$this->assertEquals(Bindings::SAML2_HTTP_REDIRECT, $arr[0]->getBinding());
$this->assertEquals($url, $arr[0]->getLocation());
$this->assertEquals(2, $arr[0]->getIndex());
}
/**
* @dataProvider provider
*/
public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '')
{
if ($expectedException) {
$this->setExpectedException($expectedException, $expectedExceptionMessage);
}
$idp = new IdpSsoDescriptor();
foreach ($idpData as $data) {
$idp->addService(new SingleSignOnService($data['binding'], $data['url']));
}
$edIDP = new EntityDescriptor('idp');
$edIDP->addItem($idp);
$sp = new SpSsoDescriptor();
foreach ($spData as $data) {
$sp->addService(new AssertionConsumerService($data['binding'], $data['url']));
}
$edSP = new EntityDescriptor('sp');
$edSP->addItem($sp);
$spMeta = new SpMeta();
foreach ($spMetaData as $name => $value) {
$spMeta->{$name}($value);
}
// without signing
$builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta);
$message = $builder->build();
$response = $builder->send($message);
$this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
$this->assertInstanceOf($expectedResponseType, $response, $name);
$this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
$this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
// with signing
$signature = new SignatureCreator();
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
$key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
$key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true);
$signature->setCertificate($certificate);
$signature->setXmlSecurityKey($key);
$builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta, $signature);
$message = $builder->build();
$response = $builder->send($message);
$this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name);
$this->assertInstanceOf($expectedResponseType, $response, $name);
$this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name);
$this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name);
}
protected function build()
{
$this->entityDescriptor = new EntityDescriptor($this->config['entity_id']);
$sp = new SpSsoDescriptor();
$this->entityDescriptor->addItem($sp);
$sp->setWantAssertionsSigned($this->config['want_assertions_signed']);
if ($this->signingProvider->isEnabled()) {
$sp->addKeyDescriptor(new KeyDescriptor('signing', $this->signingProvider->getCertificate()));
}
$slo = new SingleLogoutService();
$sp->addService($slo);
$slo->setBinding(Bindings::SAML2_HTTP_REDIRECT);
$slo->setLocation($this->buildPath($this->logoutPath));
$slo = new SingleLogoutService();
$sp->addService($slo);
$slo->setBinding(Bindings::SAML2_HTTP_POST);
$slo->setLocation($this->buildPath($this->logoutPath));
$sp->addService(new AssertionConsumerService(Bindings::SAML2_HTTP_POST, $this->buildPath($this->checkPath), 0));
$sp->addService(new AssertionConsumerService(Bindings::SAML2_HTTP_REDIRECT, $this->buildPath($this->checkPath), 1));
}
private function checkSP(EntityDescriptor $ed)
{
$arr = $ed->getAllSpSsoDescriptors();
$this->assertEquals(0, count($arr));
}
/**
* @param EntitiesDescriptor|EntityDescriptor $item
* @return $this|EntitiesDescriptor
* @throws \InvalidArgumentException
*/
public function addItem($item)
{
if (!$item instanceof EntitiesDescriptor && !$item instanceof EntityDescriptor) {
throw new \InvalidArgumentException('Expected EntitiesDescriptor or EntityDescriptor');
}
if ($item === $this) {
throw new \InvalidArgumentException('Circular reference detected');
}
if ($item instanceof EntitiesDescriptor) {
if ($item->containsItem($this)) {
throw new \InvalidArgumentException('Circular reference detected');
}
}
$this->items[] = $item;
return $this;
}
/**
* @return \AerialShip\LightSaml\Security\X509Certificate
*/
private function getCertificate()
{
$ed = new EntityDescriptor();
$doc = new \DOMDocument();
$doc->load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/idp2-ed.xml');
$ed->loadFromXml($doc->firstChild);
$arrIdp = $ed->getAllIdpSsoDescriptors();
$idp = $arrIdp[0];
$arrKeys = $idp->findKeyDescriptors('signing');
$k = $arrKeys[0];
$cert = $k->getCertificate();
return $cert;
}
private function checkDeserializaton(\DOMElement $root, $entityID, $locationLogout, $locationLogin, X509Certificate $certificate)
{
$ed = new EntityDescriptor();
$ed->loadFromXml($root);
$this->assertEquals($entityID, $ed->getEntityID());
$items = $ed->getItems();
$this->assertEquals(2, count($items));
$this->assertTrue($items[0] instanceof SpSsoDescriptor);
$arrSP = $ed->getItemsByType('SpSsoDescriptor');
$this->assertNotEmpty($arrSP);
/** @var $sp SpSsoDescriptor */
$sp = $arrSP[0];
$this->assertNotNull($sp);
$this->assertTrue($sp instanceof SpSsoDescriptor);
$keys = $sp->getKeyDescriptors();
$this->assertEquals(2, count($keys));
$this->assertEquals(KeyDescriptor::USE_SIGNING, $keys[0]->getUse());
$this->assertEquals($certificate->getData(), $keys[0]->getCertificate()->getData());
$this->assertEquals(KeyDescriptor::USE_ENCRYPTION, $keys[1]->getUse());
$this->assertEquals($certificate->getData(), $keys[1]->getCertificate()->getData());
$this->assertEquals(Protocol::SAML2, $sp->getProtocolSupportEnumeration());
$items = $sp->getServices();
$this->assertEquals(3, count($items), print_r($items, true));
$arrLogout = $sp->findSingleLogoutServices();
$this->assertNotEmpty($arrLogout);
$logout = $arrLogout[0];
$this->assertNotNull($logout);
$this->assertEquals(Bindings::SAML2_HTTP_REDIRECT, $logout->getBinding());
$this->assertEquals($locationLogout, $logout->getLocation());
$arr = $sp->findAssertionConsumerServices();
$this->assertEquals(2, count($arr));
$arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_POST);
$this->assertNotEmpty($arr);
$as1 = $arr[0];
$this->assertNotNull($as1);
$this->assertEquals(Bindings::SAML2_HTTP_POST, $as1->getBinding());
$this->assertEquals($locationLogin, $as1->getLocation());
$this->assertEquals(0, $as1->getIndex());
$arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_ARTIFACT);
$this->assertNotEmpty($arr);
$as2 = $arr[0];
$this->assertNotNull($as2);
$this->assertEquals(Bindings::SAML2_HTTP_ARTIFACT, $as2->getBinding());
$this->assertEquals($locationLogin, $as2->getLocation());
$this->assertEquals(1, $as2->getIndex());
}
