/**
* @param SubjectConfirmation $subjectConfirmation
*
* @throws \LightSaml\Error\LightSamlValidationException
*/
protected function validateSubjectConfirmation(SubjectConfirmation $subjectConfirmation)
{
if (false == Helper::validateRequiredString($subjectConfirmation->getMethod())) {
throw new LightSamlValidationException('Method attribute of SubjectConfirmation MUST contain at least one non-whitespace character');
}
if (false == Helper::validateWellFormedUriString($subjectConfirmation->getMethod())) {
throw new LightSamlValidationException('SubjectConfirmation element has Method attribute which is not a wellformed absolute uri.');
}
if ($subjectConfirmation->getNameID()) {
$this->nameIdValidator->validateNameId($subjectConfirmation->getNameID());
}
if ($subjectConfirmation->getSubjectConfirmationData()) {
$this->validateSubjectConfirmationData($subjectConfirmation->getSubjectConfirmationData());
}
}
public function test_adds_known_in_response_to_request_state_to_context()
{
$action = new InResponseToValidatorAction(TestHelper::getLoggerMock($this), $requestStateMock = TestHelper::getRequestStateStoreMock($this));
$context = TestHelper::getAssertionContext($assertion = new Assertion());
$assertion->setSubject($subject = new Subject());
$subject->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation());
$subjectConfirmation->setSubjectConfirmationData(new SubjectConfirmationData());
$subjectConfirmation->getSubjectConfirmationData()->setInResponseTo($inResponseTo = '123123123');
$requestStateMock->expects($this->once())->method('get')->with($inResponseTo)->willReturn(new RequestState($inResponseTo));
$action->execute($context);
/** @var RequestStateContext $requestStateContext */
$requestStateContext = $context->getSubContext(ProfileContexts::REQUEST_STATE);
$this->assertInstanceOf(RequestStateContext::class, $requestStateContext);
$this->assertEquals($inResponseTo, $requestStateContext->getRequestState()->getId());
}
/**
* @param AssertionContext $context
* @param SubjectConfirmation $subjectConfirmation
*/
protected function validateSubjectConfirmation(AssertionContext $context, SubjectConfirmation $subjectConfirmation)
{
$recipient = $subjectConfirmation->getSubjectConfirmationData()->getRecipient();
if (null == $recipient) {
$message = 'Bearer SubjectConfirmation must contain Recipient attribute';
$this->logger->error($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
$criteriaSet = new CriteriaSet([new DescriptorTypeCriteria(SpSsoDescriptor::class), new ServiceTypeCriteria(AssertionConsumerService::class), new LocationCriteria($recipient)]);
$ownEntityDescriptor = $context->getProfileContext()->getOwnEntityDescriptor();
$arrEndpoints = $this->endpointResolver->resolve($criteriaSet, $ownEntityDescriptor->getAllEndpoints());
if (empty($arrEndpoints)) {
$message = sprintf("Recipient '%s' does not match SP descriptor", $recipient);
$this->logger->error($message, LogHelper::getActionErrorContext($context, $this, ['recipient' => $recipient]));
throw new LightSamlContextException($context, $message);
}
}
public function test_sets_unknown_assertion_id_to_store()
{
$action = new RepeatedIdValidatorAction($loggerMock = TestHelper::getLoggerMock($this), $idStoreMock = TestHelper::getIdStoreMock($this));
$assertionContext = TestHelper::getAssertionContext($assertion = new Assertion());
$assertion->setId($assertionId = '123');
$assertion->setIssuer(new Issuer($issuer = 'http://issuer.com'));
$assertion->addItem(new AuthnStatement());
$assertion->setSubject(new Subject());
$assertion->getSubject()->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation());
$subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER);
$subjectConfirmation->setSubjectConfirmationData(new SubjectConfirmationData());
$subjectConfirmation->getSubjectConfirmationData()->setNotOnOrAfter(new \DateTime());
$idStoreMock->expects($this->once())->method('has')->with($issuer, $assertionId)->willReturn(false);
$idStoreMock->expects($this->once())->method('set')->with($issuer, $assertionId, $this->isInstanceOf(\DateTime::class));
$action->execute($assertionContext);
}
