/** * Test validating a signed authentication request. */ public function testSignedRequestValidation() { $qs = 'SAMLRequest=nVLBauMwEP0Vo7sjW7FpKpJA2rBsoNuGOruHXhZFHm8EsuRqxtv27yvbWWgvYelFgjfvzbx5zBJVazu56enkHuG5B6TktbUO5VhYsT446RUalE61gJK0rDY%2F7qSYZbILnrz2ln2QXFYoRAhkvGPJbrtiv7VoygJEoTJ9LOusXDSFuJ4vdH6cxwoIEGUjsrqoFUt%2BQcCoXLHYKMoRe9g5JOUoQlleprlI8%2FyQz6W4ksXiiSXbuI1xikbViahDyfkRSM2wD40DmjnL0bSdhcE6Hx7BTd3xqnqoIPw1GmbdqWPJNx80jCGtGIUeWLL5t8mtd9i3EM78n493%2FzWr9XVvx%2B58mj39IlUaR%2FQmKOPq4Dtkyf4c9E1EjPtzOePjREL5%2FXDYp%2FuH6sDWy6G3HDML66%2B5ayO7VlHx2dySf2y9nM7pPprabffeGv02ZNcquux5QEydNiNVUlAODTiKMVvrX24DKIJz8nw9jfx8tOt3&RelayState=https%3A%2F%2Fbeta.surfnet.nl%2Fsimplesaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3DBraindrops&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=b%2Bqe%2FXGgICOrEL1v9dwuoy0RJtJ%2FGNAr7gJGYSJzLG0riPKwo7v5CH8GPC2P9IRikaeaNeQrnhBAaf8FCWrO0cLFw4qR6msK9bxRBGk%2BhIaTUYCh54ETrVCyGlmBneMgC5%2FiCRvtEW3ESPXCCqt8Ncu98yZmv9LIVyHSl67Se%2BfbB9sDw3%2FfzwYIHRMqK2aS8jnsnqlgnBGGOXqIqN3%2Bd%2F2dwtCfz14s%2F9odoYzSUv32qfNPiPez6PSNqwhwH7dWE3TlO%2FjZmz0DnOeQ2ft6qdZEi5ZN5KCV6VmNKpkrLMq6DDPnuwPm%2F8oCAoT88R2jG7uf9QZB%2BArWJKMEhDLsCA%3D%3D'; $_SERVER['QUERY_STRING'] = $qs; $hr = new HTTPRedirect(); $request = $hr->receive(); // validate with the correct certificate, should verify $result = $request->validate(CertificatesMock::getPublicKey2Sha1()); $this->assertTrue($result); // validate with another cert, should fail $this->setExpectedException('Exception', 'Unable to validate signature'); $result = $request->validate(CertificatesMock::getPublicKeySha1()); }
/** * Calling validate on an unsigned assertion must return * false, not an exception. */ public function testVerifyUnsignedAssertion() { $xml = <<<XML <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_593e33ddf86449ce4d4c22b60ac48e067d98a0b2bf" Version="2.0" IssueInstant="2010-03-05T13:34:28Z" > <saml:Issuer>testIssuer</saml:Issuer> <saml:Conditions> <saml:AudienceRestriction> <saml:Audience>audience1</saml:Audience> <saml:Audience>audience2</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2010-03-05T13:34:28Z"> <saml:AuthnContext> <saml:AuthnContextClassRef>someAuthnContext</saml:AuthnContextClassRef> <saml:AuthenticatingAuthority>someIdP1</saml:AuthenticatingAuthority> <saml:AuthenticatingAuthority>someIdP2</saml:AuthenticatingAuthority> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> XML; $document = DOMDocumentFactory::fromString($xml); $assertion = new Assertion($document->firstChild); // Was not signed $this->assertFalse($assertion->getWasSignedAtConstruction()); $publicKey = CertificatesMock::getPublicKeySha1(); $result = $assertion->validate($publicKey); $this->assertFalse($result); }