예제 #1
0
 public function testEncryptedNameId()
 {
     $logoutRequest = new SAML2_LogoutRequest();
     $logoutRequest->setNameID(array('Value' => 'NameIDValue'));
     $logoutRequest->encryptNameId(SAML2_CertificatesMock::getPublicKey());
     $logoutRequestElement = $logoutRequest->toUnsignedXML();
     $this->assertCount(1, SAML2_Utils::xpQuery($logoutRequestElement, './saml_assertion:EncryptedID/xenc:EncryptedData'));
 }
 /**
  * Test that signatures no longer validate if the value has been tampered with.
  */
 public function testValidateWithValueTampering()
 {
     // Test modification of SignatureValue.
     $signedMockElementCopy = SAML2_Utils::copyElement($this->signedMockElement);
     $signedMockElementCopy->ownerDocument->appendChild($signedMockElementCopy);
     $digestValueElements = SAML2_Utils::xpQuery($signedMockElementCopy, '/root/ds:Signature/ds:SignatureValue');
     $this->assertCount(1, $digestValueElements);
     $digestValueElements[0]->firstChild->data = 'invalid';
     $tmp = new SAML2_SignedElementHelperMock($signedMockElementCopy);
     $this->setExpectedException('Exception', 'Unable to validate Signature');
     $tmp->validate(SAML2_CertificatesMock::getPublicKey());
 }
예제 #3
0
    /**
     * Due to the fact that the symmetric key is generated each time, we cannot test whether or not the resulting XML
     * matches a specific XML, but we can test whether or not the resulting structure is actually correct, conveying
     * all information required to decrypt the NameId.
     */
    public function testThatAnEncryptedNameIdResultsInTheCorrectXmlStructure()
    {
        // the NameID we're going to encrypt
        $nameId = array('Value' => md5('Arthur Dent'), 'Format' => SAML2_Const::NAMEID_ENCRYPTED);
        // basic AuthnRequest
        $request = new SAML2_AuthnRequest();
        $request->setIssuer('https://gateway.stepup.org/saml20/sp/metadata');
        $request->setDestination('https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO');
        $request->setNameId($nameId);
        // encrypt the NameID
        $key = SAML2_CertificatesMock::getPublicKey();
        $request->encryptNameId($key);
        $expectedStructureDocument = new DOMDocument();
        $expectedStructureDocument->loadXML(<<<AUTHNREQUEST
<samlp:AuthnRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID=""
    Version=""
    IssueInstant=""
    Destination="">
    <saml:Issuer></saml:Issuer>
    <saml:Subject>
        <saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
            <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                    <xenc:EncryptedKey>
                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                        <xenc:CipherData>
                            <xenc:CipherValue></xenc:CipherValue>
                        </xenc:CipherData>
                    </xenc:EncryptedKey>
                </dsig:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue></xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedData>
        </saml:EncryptedID>
    </saml:Subject>
</samlp:AuthnRequest>
AUTHNREQUEST
);
        $expectedStructure = $expectedStructureDocument->documentElement;
        $requestStructure = $request->toUnsignedXML();
        $this->assertEqualXMLStructure($expectedStructure, $requestStructure);
    }