/**
* @param SubjectConfirmation $subjectConfirmation
*
* @throws \LightSaml\Error\LightSamlValidationException
*/
protected function validateSubjectConfirmation(SubjectConfirmation $subjectConfirmation)
{
if (false == Helper::validateRequiredString($subjectConfirmation->getMethod())) {
throw new LightSamlValidationException('Method attribute of SubjectConfirmation MUST contain at least one non-whitespace character');
}
if (false == Helper::validateWellFormedUriString($subjectConfirmation->getMethod())) {
throw new LightSamlValidationException('SubjectConfirmation element has Method attribute which is not a wellformed absolute uri.');
}
if ($subjectConfirmation->getNameID()) {
$this->nameIdValidator->validateNameId($subjectConfirmation->getNameID());
}
if ($subjectConfirmation->getSubjectConfirmationData()) {
$this->validateSubjectConfirmationData($subjectConfirmation->getSubjectConfirmationData());
}
}
/**
* @param Assertion $assertion
*
* @throws LightSamlValidationException
*/
protected function validateAssertionAttributes(Assertion $assertion)
{
if (false == Helper::validateRequiredString($assertion->getVersion())) {
throw new LightSamlValidationException('Assertion element must have the Version attribute set.');
}
if ($assertion->getVersion() != SamlConstants::VERSION_20) {
throw new LightSamlValidationException('Assertion element must have the Version attribute value equal to 2.0.');
}
if (false == Helper::validateRequiredString($assertion->getId())) {
throw new LightSamlValidationException('Assertion element must have the ID attribute set.');
}
if (false == Helper::validateIdString($assertion->getId())) {
throw new LightSamlValidationException('Assertion element must have an ID attribute with at least 16 characters (the equivalent of 128 bits).');
}
if (false == $assertion->getIssueInstantTimestamp()) {
throw new LightSamlValidationException('Assertion element must have the IssueInstant attribute set.');
}
if (false == $assertion->getIssuer()) {
throw new LightSamlValidationException('Assertion element must have an issuer element.');
}
$this->nameIdValidator->validateNameId($assertion->getIssuer());
}
public function test__validate_required_string_returns_false_for_non_string()
{
$this->assertFalse(Helper::validateRequiredString(123));
$this->assertFalse(Helper::validateRequiredString(array()));
}
/**
* @param Attribute $attribute
*
* @throws LightSamlValidationException
*
* @return void
*/
private function validateAttribute(Attribute $attribute)
{
if (false == Helper::validateRequiredString($attribute->getName())) {
throw new LightSamlValidationException('Name attribute of Attribute element MUST contain at least one non-whitespace character');
}
}
/**
* @param AbstractNameID $nameId
*/
protected function validateTransientFormat(AbstractNameID $nameId)
{
if (false == Helper::validateRequiredString($nameId->getValue())) {
throw new LightSamlValidationException('NameID with Transient Format attribute MUST contain a Value that contains more than whitespace characters');
}
if (strlen($nameId->getValue()) > 256) {
throw new LightSamlValidationException('NameID with Transient Format attribute MUST have a Value that contains no more than 256 characters');
}
if (false == Helper::validateIdString($nameId->getValue())) {
throw new LightSamlValidationException(sprintf("NameID '%s' with Transient Format attribute MUST have a Value with at least 16 characters (the equivalent of 128 bits)", $nameId->getValue()));
}
}
