public function test__signed_serialize_deserialize() { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true); $authnRequest = new AuthnRequest(); $authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205'); $authnRequest->setIssueInstant('2015-09-13T11:47:33Z'); $authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO'); $authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity')); $authnRequest->setSignature(new SignatureWriter($certificate, $privateKey)); $serializationContext = new SerializationContext(); $authnRequest->serialize($serializationContext->getDocument(), $serializationContext); $temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-'); $serializationContext->getDocument()->save($temporaryFilename); $xml = file_get_contents($temporaryFilename); $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->loadXML($xml); $authnRequest = new AuthnRequest(); $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); $signatureReader = $authnRequest->getSignature(); if ($signatureReader instanceof SignatureXmlReader) { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureReader->validate($key); $this->assertTrue($ok); } else { throw new \LogicException('Expected Signature Xml Reader'); } }
public function test_creates_request_state_with_outbound_message_id() { $action = new SaveRequestStateAction(TestHelper::getLoggerMock($this), $requestStateStoreMock = TestHelper::getRequestStateStoreMock($this)); $context = TestHelper::getProfileContext(); $context->getOutboundContext()->setMessage($message = new AuthnRequest()); $message->setID($id = '123123123'); $requestStateStoreMock->expects($this->once())->method('set')->with($this->isInstanceOf(RequestState::class))->willReturnCallback(function (RequestState $requestState) use($id) { $this->assertEquals($id, $requestState->getId()); }); $action->execute($context); }
public function test__serialize() { $context = new SerializationContext(); $request = new AuthnRequest(); $request->setID('request-id')->setIssueInstant(new \DateTime('2013-10-10T15:26:20Z'))->setDestination('http://destination.com/authn')->setAssertionConsumerServiceURL('http://sp.com/acs')->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)->setIssuer((new Issuer())->setValue('the-issuer'))->setNameIDPolicy((new NameIDPolicy())->setFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->setAllowCreate(true)); $request->serialize($context->getDocument(), $context); $context->getDocument()->formatOutput = true; $xml = $context->getDocument()->saveXML(); $expectedXml = <<<EOT <?xml version="1.0"?> <AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="request-id" Version="2.0" IssueInstant="2013-10-10T15:26:20Z" Destination="http://destination.com/authn" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" AssertionConsumerServiceURL="http://sp.com/acs"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">the-issuer</saml:Issuer> <NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/> </AuthnRequest> EOT; $xml = trim(str_replace("\r", '', $xml)); $expectedXml = trim(str_replace("\r", '', $expectedXml)); $this->assertEquals($expectedXml, $xml); }
/** * @return AuthnRequest */ private function getAuthnRequest() { $authnRequest = new AuthnRequest(); $authnRequest->setIssueInstant('2014-01-01T12:00:00Z'); $authnRequest->setID('_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7'); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true); $authnRequest->setSignature(new SignatureWriter($certificate, $key)); return $authnRequest; }