public function test_creates_composite_store()
{
$factory = new CredentialFactory();
$idpStore = new FixedEntityDescriptorStore();
$idpStore->add(EntityDescriptor::load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/idp-ed.xml'));
$spStore = new FixedEntityDescriptorStore();
$spStore->add(EntityDescriptor::load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/sp-ed2.xml'));
$ownCredential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.pem', '', true));
$ownCredential->setEntityId('own');
$extraCredential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/lightsaml-idp.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/lightsaml-idp.key', '', true));
$extraCredential->setEntityId('extra');
$store = $factory->build($idpStore, $spStore, [$ownCredential], [$extraCredential]);
/** @var X509Credential[] $credentials */
$credentials = $store->getByEntityId('https://sts.windows.net/554fadfe-f04f-4975-90cb-ddc8b147aaa2/');
$this->assertCount(1, $credentials);
$this->assertEquals('https://sts.windows.net/554fadfe-f04f-4975-90cb-ddc8b147aaa2/', $credentials[0]->getEntityId());
$this->assertEquals(['CN' => 'accounts.accesscontrol.windows.net'], $credentials[0]->getCertificate()->getSubject());
$this->assertEquals(UsageType::SIGNING, $credentials[0]->getUsageType());
$credentials = $store->getByEntityId('https://mt.evo.team/simplesaml/module.php/saml/sp/metadata.php/default-sp');
$this->assertCount(2, $credentials);
$this->assertEquals('https://mt.evo.team/simplesaml/module.php/saml/sp/metadata.php/default-sp', $credentials[0]->getEntityId());
$subject = $credentials[0]->getCertificate()->getSubject();
$this->assertEquals('mt.evo.team', $subject['CN']);
$this->assertEquals(UsageType::SIGNING, $credentials[0]->getUsageType());
$this->assertEquals(UsageType::ENCRYPTION, $credentials[1]->getUsageType());
$credentials = $store->getByEntityId('own');
$this->assertCount(1, $credentials);
$credentials = $store->getByEntityId('extra');
$this->assertCount(1, $credentials);
}
private function load()
{
try {
$this->object = EntityDescriptor::load($this->filename);
} catch (LightSamlXmlException $ex) {
$this->object = EntitiesDescriptor::load($this->filename);
}
}
/**
* @param string $ownRole
* @param SamlMessage $inboundMessage
* @param Endpoint $endpoint
* @param EntityDescriptor $partyEntityDescriptor
* @param string $profileId
*
* @return \LightSaml\Context\Profile\ProfileContext
*/
protected function createContext($ownRole = ProfileContext::ROLE_IDP, SamlMessage $inboundMessage = null, Endpoint $endpoint = null, EntityDescriptor $partyEntityDescriptor = null, $profileId = Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST)
{
$context = TestHelper::getProfileContext($profileId, $ownRole);
if ($endpoint) {
$context->getEndpointContext()->setEndpoint($endpoint);
}
if (null == $partyEntityDescriptor) {
$partyEntityDescriptor = EntityDescriptor::load(__DIR__ . '/../../../../../../../resources/sample/EntityDescriptor/idp2-ed-formatted.xml');
}
$context->getPartyEntityContext()->setEntityDescriptor($partyEntityDescriptor);
if ($inboundMessage) {
$context->getInboundContext()->setMessage($inboundMessage);
}
return $context;
}
private function getBuildContainer($inResponseTo = null, TimeProviderInterface $timeProvider = null)
{
$buildContainer = new BuildContainer($pimple = new Container());
// OWN
$ownCredential = new \LightSaml\Credential\X509Credential(\LightSaml\Credential\X509Certificate::fromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'), \LightSaml\Credential\KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true));
$ownCredential->setEntityId(self::OWN_ENTITY_ID);
$ownEntityDescriptor = new \LightSaml\Builder\EntityDescriptor\SimpleEntityDescriptorBuilder(self::OWN_ENTITY_ID, 'https://localhost/lightsaml/lightSAML/web/sp/acs.php', null, $ownCredential->getCertificate());
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\OwnContainerProvider($ownEntityDescriptor, [$ownCredential]));
// SYSTEM
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\SystemContainerProvider(true));
if ($timeProvider) {
$pimple[SystemContainer::TIME_PROVIDER] = function () use($timeProvider) {
return $timeProvider;
};
}
// PARTY
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\PartyContainerProvider());
$pimple[PartyContainer::IDP_ENTITY_DESCRIPTOR] = function () {
$idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
$idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/../../../../../../web/sp/testshib-providers.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/localhost-lightsaml-lightsaml-idp.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/../../../../../../web/sp/openidp.feide.no.xml'));
return $idpProvider;
};
// STORE
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\StoreContainerProvider($buildContainer->getSystemContainer()));
if ($inResponseTo) {
$pimple[StoreContainer::REQUEST_STATE_STORE] = function () use($inResponseTo) {
$store = new RequestStateArrayStore();
$store->set(new RequestState($inResponseTo));
return $store;
};
}
// PROVIDER
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ProviderContainerProvider());
// CREDENTIAL
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\CredentialContainerProvider($buildContainer->getPartyContainer(), $buildContainer->getOwnContainer()));
// SERVICE
$buildContainer->getPimple()->register(new \LightSaml\Bridge\Pimple\Container\Factory\ServiceContainerProvider($buildContainer->getCredentialContainer(), $buildContainer->getStoreContainer(), $buildContainer->getSystemContainer()));
return $buildContainer;
}
/**
* @return \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore
*/
private function buildSpEntityStore()
{
$idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/localhost-lightsaml-demosp.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/localhost-lightsaml-lightsaml.xml'));
return $idpProvider;
}
/**
* @return \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore
*/
private function buildIdpEntityStore()
{
$idpProvider = new \LightSaml\Store\EntityDescriptor\FixedEntityDescriptorStore();
$idpProvider->add(\LightSaml\Model\Metadata\EntitiesDescriptor::load(__DIR__ . '/testshib-providers.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/localhost-lightsaml-lightsaml-idp.xml'));
$idpProvider->add(\LightSaml\Model\Metadata\EntityDescriptor::load(__DIR__ . '/openidp.feide.no.xml'));
return $idpProvider;
}
/**
* @expectedException \LightSaml\Error\LightSamlXmlException
* @expectedExceptionMessage Expected 'EntityDescriptor' xml node and 'urn:oasis:names:tc:SAML:2.0:metadata' namespace but got node 'EntitiesDescriptor' and namespace 'urn:oasis:names:tc:SAML:2.0:metadata'
*/
public function test_throws_on_entities_descriptor_document()
{
EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntitiesDescriptor/testshib-providers.xml');
}
/**
* @return \LightSaml\Resolver\Credential\CredentialResolverInterface
*/
private function getResolver()
{
$provider = new FixedEntityDescriptorStore();
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp2-ed.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp-ed.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/ed01-formatted-certificate.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/sp-ed2.xml'));
$metadataStore = new MetadataCredentialStore($provider);
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../resources/sample/Certificate/saml.crt');
$credential = new X509Credential($certificate, KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../resources/sample/Certificate/saml.pem', '', true));
$credential->setUsageType(UsageType::ENCRYPTION)->setEntityId('https://mt.evo.loc/sp');
$staticStore = new StaticCredentialStore();
$staticStore->add($credential);
$compositeStore = new CompositeCredentialStore();
$compositeStore->add($metadataStore)->add($staticStore);
$resolverFactory = new CredentialResolverFactory($compositeStore);
$resolver = $resolverFactory->build();
return $resolver;
}
