/** * @param SubjectConfirmation $subjectConfirmation * * @throws \LightSaml\Error\LightSamlValidationException */ protected function validateSubjectConfirmation(SubjectConfirmation $subjectConfirmation) { if (false == Helper::validateRequiredString($subjectConfirmation->getMethod())) { throw new LightSamlValidationException('Method attribute of SubjectConfirmation MUST contain at least one non-whitespace character'); } if (false == Helper::validateWellFormedUriString($subjectConfirmation->getMethod())) { throw new LightSamlValidationException('SubjectConfirmation element has Method attribute which is not a wellformed absolute uri.'); } if ($subjectConfirmation->getNameID()) { $this->nameIdValidator->validateNameId($subjectConfirmation->getNameID()); } if ($subjectConfirmation->getSubjectConfirmationData()) { $this->validateSubjectConfirmationData($subjectConfirmation->getSubjectConfirmationData()); } }
/** * @param ProfileContext $context * * @return void */ protected function doExecute(ProfileContext $context) { $message = MessageContextHelper::asSamlMessage($context->getInboundContext()); if (false == $message->getIssuer()) { $message = 'Inbound message must have Issuer element'; $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } if ($this->allowedFormat && $message->getIssuer()->getValue() && $message->getIssuer()->getFormat() && $message->getIssuer()->getFormat() != $this->allowedFormat) { $message = sprintf("Response Issuer Format if set must have value '%s' but it was '%s'", $this->allowedFormat, $message->getIssuer()->getFormat()); $this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } try { $this->nameIdValidator->validateNameId($message->getIssuer()); } catch (LightSamlValidationException $ex) { throw new LightSamlContextException($context, $ex->getMessage(), 0, $ex); } }
/** * @param Assertion $assertion * * @throws LightSamlValidationException */ protected function validateAssertionAttributes(Assertion $assertion) { if (false == Helper::validateRequiredString($assertion->getVersion())) { throw new LightSamlValidationException('Assertion element must have the Version attribute set.'); } if ($assertion->getVersion() != SamlConstants::VERSION_20) { throw new LightSamlValidationException('Assertion element must have the Version attribute value equal to 2.0.'); } if (false == Helper::validateRequiredString($assertion->getId())) { throw new LightSamlValidationException('Assertion element must have the ID attribute set.'); } if (false == Helper::validateIdString($assertion->getId())) { throw new LightSamlValidationException('Assertion element must have an ID attribute with at least 16 characters (the equivalent of 128 bits).'); } if (false == $assertion->getIssueInstantTimestamp()) { throw new LightSamlValidationException('Assertion element must have the IssueInstant attribute set.'); } if (false == $assertion->getIssuer()) { throw new LightSamlValidationException('Assertion element must have an issuer element.'); } $this->nameIdValidator->validateNameId($assertion->getIssuer()); }