/** * @return X509Certificate */ public function getCertificate() { if (!$this->_certificate) { $this->_certificate = new X509Certificate(); $filename = $this->certificateFile; if ($filename[0] == '@') { $filename = $this->kernel->locateResource($filename); } $this->_certificate->loadFromFile($filename); } return $this->_certificate; }
protected function askForCertificate(DialogHelper $dialog, OutputInterface $output, EntityDescriptor $ed) { $certificatePath = $this->askFile($dialog, $output, 'Signing Certificate path', false); if ($certificatePath) { $certificate = new X509Certificate(); $certificate->loadFromFile($certificatePath); $keyDescriptor = new KeyDescriptor('signing', $certificate); $ed->addItem($keyDescriptor); } }
/** * @dataProvider provider */ public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '') { if ($expectedException) { $this->setExpectedException($expectedException, $expectedExceptionMessage); } $idp = new IdpSsoDescriptor(); foreach ($idpData as $data) { $idp->addService(new SingleSignOnService($data['binding'], $data['url'])); } $edIDP = new EntityDescriptor('idp'); $edIDP->addItem($idp); $sp = new SpSsoDescriptor(); foreach ($spData as $data) { $sp->addService(new AssertionConsumerService($data['binding'], $data['url'])); } $edSP = new EntityDescriptor('sp'); $edSP->addItem($sp); $spMeta = new SpMeta(); foreach ($spMetaData as $name => $value) { $spMeta->{$name}($value); } // without signing $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); // with signing $signature = new SignatureCreator(); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private')); $key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true); $signature->setCertificate($certificate); $signature->setXmlSecurityKey($key); $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta, $signature); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); }
function testOne() { $entityID = 'http://example.com'; $locationLogout = 'http://example.com/logout'; $locationLogin = '******'; $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'); $ed = new EntityDescriptor($entityID, array(new SpSsoDescriptor(array(new SingleLogoutService(Bindings::SAML2_HTTP_REDIRECT, $locationLogout), new AssertionConsumerService(Bindings::SAML2_HTTP_POST, $locationLogin, 0), new AssertionConsumerService(Bindings::SAML2_HTTP_ARTIFACT, $locationLogin, 1)), array(new KeyDescriptor(KeyDescriptor::USE_SIGNING, $certificate), new KeyDescriptor(KeyDescriptor::USE_ENCRYPTION, $certificate))), new IdpSsoDescriptor(array(new SingleLogoutService(Bindings::SAML2_HTTP_REDIRECT, $locationLogout), new SingleLogoutService(Bindings::SAML2_HTTP_POST, $locationLogout), new SingleSignOnService(Bindings::SAML2_HTTP_REDIRECT, $locationLogin), new SingleSignOnService(Bindings::SAML2_HTTP_POST, $locationLogin)), array(new KeyDescriptor(KeyDescriptor::USE_SIGNING, $certificate), new KeyDescriptor(KeyDescriptor::USE_ENCRYPTION, $certificate))))); $context = new SerializationContext(); $ed->getXml($context->getDocument(), $context); $xml = $context->getDocument()->saveXML(); //print "\n $xml \n"; $document = new \DOMDocument(); $document->loadXML($xml); /** @var $root \DOMElement */ $root = $document->firstChild; $this->checkXml($document, $entityID, $locationLogout, $locationLogin, $certificate); $this->checkDeserializaton($root, $entityID, $locationLogout, $locationLogin, $certificate); }
protected function checkRequest(AuthnRequest $request, $id, $time) { $this->assertEquals($id, $request->getID()); $this->assertEquals('2.0', $request->getVersion()); $this->assertEquals($this->destination, $request->getDestination()); $this->assertEquals($this->ascURL, $request->getAssertionConsumerServiceURL()); $this->assertEquals($this->protocolBinding, $request->getProtocolBinding()); $this->assertEquals($time, $request->getIssueInstant()); $this->assertEquals($this->issuer, $request->getIssuer()); $this->assertEquals($this->nameIDPolicyFormat, $request->getNameIdPolicyFormat()); $this->assertTrue($request->getNameIdPolicyAllowCreate()); /** @var SignatureValidatorInterface $signature */ $signature = $request->getSignature(); $this->assertNotNull($signature); $this->assertTrue($signature instanceof SignatureValidatorInterface); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $signature->validate($key); }
private function getSignedXml() { $doc = new \DOMDocument(); $doc->appendChild($doc->createElement('root')); /** @var $root \DOMElement */ $root = $doc->firstChild; $root->setAttribute('foo', 'bar'); $other = $doc->createElement('other'); $root->appendChild($other); $child = $doc->createElement('child', 'something'); $other->appendChild($child); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'); $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private')); $key->loadKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.pem', true); $signatureCreator = new SignatureCreator(); $signatureCreator->setCertificate($certificate); $signatureCreator->setXmlSecurityKey($key); $context = new SerializationContext($doc); $signatureCreator->getXml($root, $context); $xml = $doc->saveXML(); return $xml; }