예제 #1
0
 /**
  * @param Assertion $assertion
  * @param int       $now
  * @param int       $allowedSecondsSkew
  */
 protected function validateSubject(Assertion $assertion, $now, $allowedSecondsSkew)
 {
     if (false == $assertion->getSubject()) {
         return;
     }
     foreach ($assertion->getSubject()->getAllSubjectConfirmations() as $subjectConfirmation) {
         if ($subjectConfirmation->getSubjectConfirmationData()) {
             if (false == Helper::validateNotBefore($subjectConfirmation->getSubjectConfirmationData()->getNotBeforeTimestamp(), $now, $allowedSecondsSkew)) {
                 throw new LightSamlValidationException('SubjectConfirmationData.NotBefore must not be in the future');
             }
             if (false == Helper::validateNotOnOrAfter($subjectConfirmation->getSubjectConfirmationData()->getNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) {
                 throw new LightSamlValidationException('SubjectConfirmationData.NotOnOrAfter must not be in the past');
             }
         }
     }
 }
예제 #2
0
 /**
  * @param Assertion $assertion
  *
  * @return null|string
  */
 private function getUsernameFromAssertion(Assertion $assertion)
 {
     foreach ($this->attributes as $attributeName) {
         if (self::NAME_ID == $attributeName) {
             if ($assertion->getSubject() && $assertion->getSubject()->getNameID() && $assertion->getSubject()->getNameID()->getValue()) {
                 return $assertion->getSubject()->getNameID()->getValue();
             }
         } else {
             foreach ($assertion->getAllAttributeStatements() as $attributeStatement) {
                 $attribute = $attributeStatement->getFirstAttributeByName($attributeName);
                 if ($attribute && $attribute->getFirstAttributeValue()) {
                     return $attribute->getFirstAttributeValue();
                 }
             }
         }
     }
     return null;
 }
예제 #3
0
 public function test_does_nothing_if_recipient_matches_own_acs_service_location()
 {
     $action = new RecipientValidatorAction($loggerMock = TestHelper::getLoggerMock($this), $endpointResolver = TestHelper::getEndpointResolverMock($this));
     $assertionContext = TestHelper::getAssertionContext($assertion = new Assertion());
     $assertion->addItem(new AuthnStatement());
     $assertion->setSubject(new Subject());
     $assertion->getSubject()->addSubjectConfirmation($subjectConfirmation = (new SubjectConfirmation())->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER));
     $subjectConfirmation->setSubjectConfirmationData((new SubjectConfirmationData())->setRecipient($recipient = 'http://recipient.com'));
     $profileContext = TestHelper::getProfileContext();
     $profileContext->getOwnEntityContext()->setEntityDescriptor($ownEntityDescriptor = new EntityDescriptor());
     $assertionContext->setParent($profileContext);
     $endpointResolver->expects($this->once())->method('resolve')->willReturnCallback(function () use($recipient) {
         return [TestHelper::getEndpointReferenceMock($this, new AssertionConsumerService())];
     });
     $action->execute($assertionContext);
 }
예제 #4
0
 /**
  * @param Assertion $assertion
  *
  * @throws LightSamlValidationException
  */
 protected function validateSubject(Assertion $assertion)
 {
     if (false == $assertion->getSubject()) {
         if (false == $assertion->getAllItems()) {
             throw new LightSamlValidationException('Assertion with no Statements must have a subject.');
         }
         foreach ($assertion->getAllItems() as $item) {
             if ($item instanceof AuthnStatement || $item instanceof AttributeStatement) {
                 throw new LightSamlValidationException('AuthnStatement, AuthzDecisionStatement and AttributeStatement require a subject.');
             }
         }
     } else {
         $this->subjectValidator->validateSubject($assertion->getSubject());
     }
 }
예제 #5
0
 /**
  * @param SsoState  $ssoState
  * @param Assertion $assertion
  * @param string    $ownEntityId
  * @param string    $partyEntityId
  *
  * @return \LightSaml\State\Sso\SsoSessionState[]
  */
 protected function filterSessions(SsoState $ssoState, Assertion $assertion, $ownEntityId, $partyEntityId)
 {
     return $ssoState->filter($partyEntityId, $ownEntityId, $assertion->getSubject()->getNameID()->getValue(), $assertion->getSubject()->getNameID()->getFormat(), $assertion->getFirstAuthnStatement()->getSessionIndex());
 }
예제 #6
0
 public function test_sets_unknown_assertion_id_to_store()
 {
     $action = new RepeatedIdValidatorAction($loggerMock = TestHelper::getLoggerMock($this), $idStoreMock = TestHelper::getIdStoreMock($this));
     $assertionContext = TestHelper::getAssertionContext($assertion = new Assertion());
     $assertion->setId($assertionId = '123');
     $assertion->setIssuer(new Issuer($issuer = 'http://issuer.com'));
     $assertion->addItem(new AuthnStatement());
     $assertion->setSubject(new Subject());
     $assertion->getSubject()->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation());
     $subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER);
     $subjectConfirmation->setSubjectConfirmationData(new SubjectConfirmationData());
     $subjectConfirmation->getSubjectConfirmationData()->setNotOnOrAfter(new \DateTime());
     $idStoreMock->expects($this->once())->method('has')->with($issuer, $assertionId)->willReturn(false);
     $idStoreMock->expects($this->once())->method('set')->with($issuer, $assertionId, $this->isInstanceOf(\DateTime::class));
     $action->execute($assertionContext);
 }