private function checkRequestXml(\DOMDocument $doc, LogoutRequest $request)
{
$xpath = new \DOMXPath($doc);
$xpath->registerNamespace('samlp', Protocol::SAML2);
$xpath->registerNamespace('saml', Protocol::NS_ASSERTION);
$list = $xpath->query('/samlp:LogoutRequest');
$this->assertEquals(1, $list->length);
/** @var $node \DOMElement */
$node = $list->item(0);
$this->assertEquals($request->getReason(), $node->getAttribute('Reason'));
$this->assertEquals($request->getID(), $node->getAttribute('ID'));
$this->assertEquals('2.0', $node->getAttribute('Version'));
$this->assertEquals($this->destination, $node->getAttribute('Destination'));
$list = $xpath->query('/samlp:LogoutRequest/saml:Issuer');
$this->assertEquals(1, $list->length);
$node = $list->item(0);
$this->assertEquals($this->issuer, $node->textContent);
$list = $xpath->query('/samlp:LogoutRequest/saml:NameID');
$this->assertEquals(1, $list->length);
$node = $list->item(0);
$this->assertEquals($request->getNameID()->getFormat(), $node->getAttribute('Format'));
$this->assertEquals($request->getNameID()->getValue(), $node->textContent);
}
/**
* @param string $nameIDValue
* @param string|null $nameIDFormat
* @param string|null $sessionIndex
* @param string|null $reason
* @return LogoutRequest
*/
public function build($nameIDValue, $nameIDFormat = null, $sessionIndex = null, $reason = null)
{
$result = new LogoutRequest();
$edSP = $this->getEdSP();
$result->setID(Helper::generateID());
$result->setDestination($this->getDestination());
$result->setIssueInstant(time());
if ($reason) {
$result->setReason($reason);
}
if ($sessionIndex) {
$result->setSessionIndex($sessionIndex);
}
$nameID = new NameID();
$nameID->setValue($nameIDValue);
if ($nameIDFormat) {
$nameID->setFormat($nameIDFormat);
}
$result->setNameID($nameID);
$result->setIssuer($edSP->getEntityID());
return $result;
}
/**
* @param LogoutRequest $request
* @param ServiceInfo $serviceInfo
* @return RequestState
*/
protected function createRequestState(LogoutRequest $request, ServiceInfo $serviceInfo)
{
$state = new RequestState();
$state->setId($request->getID());
$state->setDestination($serviceInfo->getIdpProvider()->getEntityDescriptor()->getEntityID());
$this->requestStateStore->set($state);
return $state;
}
/**
* @param \AerialShip\SamlSPBundle\Config\ServiceInfo $serviceInfo
* @param LogoutRequest $logoutRequest
* @throws \RuntimeException
*/
protected function validateLogoutRequest(ServiceInfo $serviceInfo, LogoutRequest $logoutRequest)
{
$idp = $serviceInfo->getIdpProvider()->getEntityDescriptor();
$keyDescriptors = $idp->getFirstIdpSsoDescriptor()->getKeyDescriptors();
if (empty($keyDescriptors)) {
throw new \RuntimeException('IDP must support signing for logout requests');
}
/** @var $signature SignatureValidatorInterface */
$signature = $logoutRequest->getSignature();
if (!$signature) {
throw new \RuntimeException('Logout request must be signed');
}
$keys = array();
foreach ($keyDescriptors as $keyDescriptor) {
$key = KeyHelper::createPublicKey($keyDescriptor->getCertificate());
$keys[] = $key;
}
$signature->validateMulti($keys);
}
