public function test__signed_serialize_deserialize() { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true); $authnRequest = new AuthnRequest(); $authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205'); $authnRequest->setIssueInstant('2015-09-13T11:47:33Z'); $authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO'); $authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity')); $authnRequest->setSignature(new SignatureWriter($certificate, $privateKey)); $serializationContext = new SerializationContext(); $authnRequest->serialize($serializationContext->getDocument(), $serializationContext); $temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-'); $serializationContext->getDocument()->save($temporaryFilename); $xml = file_get_contents($temporaryFilename); $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->loadXML($xml); $authnRequest = new AuthnRequest(); $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); $signatureReader = $authnRequest->getSignature(); if ($signatureReader instanceof SignatureXmlReader) { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureReader->validate($key); $this->assertTrue($ok); } else { throw new \LogicException('Expected Signature Xml Reader'); } }
public function test_warning_logged_if_no_verification() { $action = new MessageSignatureValidatorAction($logger = TestHelper::getLoggerMock($this), $signatureValidator = $this->getSignatureValidatorMock()); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($message = new AuthnRequest()); $message->setSignature($signature = new SignatureStringReader()); $message->setIssuer(new Issuer($issuerValue = 'http://localhost/issuer')); $signatureValidator->expects($this->once())->method('validate')->willReturn(null); $logger->expects($this->never())->method('debug'); $logger->expects($this->once())->method('warning')->with('Signature verification was not performed', $this->isType('array')); $action->execute($context); }
/** * Get saml authnRequest. * * @param string $consumer_service_url * @param string $idp_destination * @param string $issuer * @param string $saml_crt * @param string $saml_key * @return string */ public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key) { $authn_request = new AuthnRequest(); $authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer)); $certificate = new X509Certificate(); $certificate->loadPem($saml_crt); $private_key = KeyHelper::createPrivateKey($saml_key, '', false); $authn_request->setSignature(new SignatureWriter($certificate, $private_key)); $serialization_context = new SerializationContext(); $authn_request->serialize($serialization_context->getDocument(), $serialization_context); $binding_factory = new BindingFactory(); $redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT); $message_context = new MessageContext(); $message_context->setMessage($authn_request); /** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */ $http_response = $redirect_binding->send($message_context); return $http_response->getTargetUrl(); }
/** * @return AuthnRequest */ private function getAuthnRequest() { $authnRequest = new AuthnRequest(); $authnRequest->setIssueInstant('2014-01-01T12:00:00Z'); $authnRequest->setID('_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7'); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true); $authnRequest->setSignature(new SignatureWriter($certificate, $key)); return $authnRequest; }