Signs the metadata with the key/cert provided
/** * Tests the signMetadata method of the OneLogin_Saml2_Metadata * * @covers OneLogin_Saml2_Metadata::signMetadata */ public function testSignMetadata() { $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; $settings = new OneLogin_Saml2_Settings($settingsInfo); $spData = $settings->getSPData(); $security = $settings->getSecurityData(); $metadata = OneLogin_Saml2_Metadata::builder($spData, $security['authnRequestsSigned'], $security['wantAssertionsSigned']); $this->assertNotEmpty($metadata); $certPath = $settings->getCertPath(); $key = file_get_contents($certPath . 'sp.key'); $cert = file_get_contents($certPath . 'sp.crt'); $signedMetadata = OneLogin_Saml2_Metadata::signMetadata($metadata, $key, $cert); $this->assertContains('<md:SPSSODescriptor', $signedMetadata); $this->assertContains('entityID="http://stuff.com/endpoints/metadata.php"', $signedMetadata); $this->assertContains('AuthnRequestsSigned="false"', $signedMetadata); $this->assertContains('WantAssertionsSigned="false"', $signedMetadata); $this->assertContains('<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"', $signedMetadata); $this->assertContains('Location="http://stuff.com/endpoints/endpoints/acs.php"', $signedMetadata); $this->assertContains('<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"', $signedMetadata); $this->assertContains(' Location="http://stuff.com/endpoints/endpoints/sls.php"/>', $signedMetadata); $this->assertContains('<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</md:NameIDFormat>', $signedMetadata); $this->assertContains('<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>', $signedMetadata); $this->assertContains('<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>', $signedMetadata); $this->assertContains('<ds:Reference', $signedMetadata); $this->assertContains('<ds:KeyInfo><ds:X509Data><ds:X509Certificate>', $signedMetadata); try { $signedMetadata2 = OneLogin_Saml2_Metadata::signMetadata('', $key, $cert); $this->assertFalse(true); } catch (Exception $e) { $this->assertContains('Empty string supplied as input', $e->getMessage()); } }
/** * Gets the SP metadata. The XML representation. * * @return string SP metadata (xml) */ public function getSPMetadata() { $metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], null, null, $this->getContacts(), $this->getOrganization()); $cert = $this->getSPcert(); if (!empty($cert)) { $metadata = OneLogin_Saml2_Metadata::addX509KeyDescriptors($metadata, $cert); } //Sign Metadata if (isset($this->_security['signMetadata']) && $this->_security['signMetadata'] !== false) { if ($this->_security['signMetadata'] === true) { $keyMetadata = $this->getSPkey(); $certMetadata = $cert; if (!$keyMetadata) { throw new OneLogin_Saml2_Error('Private key not found.', OneLogin_Saml2_Error::PRIVATE_KEY_FILE_NOT_FOUND); } if (!$certMetadata) { throw new OneLogin_Saml2_Error('Public cert file not found.', OneLogin_Saml2_Error::PUBLIC_CERT_FILE_NOT_FOUND); } } else { if (!isset($this->_security['signMetadata']['keyFileName']) || !isset($this->_security['signMetadata']['certFileName'])) { throw new OneLogin_Saml2_Error('Invalid Setting: signMetadata value of the sp is not valid', OneLogin_Saml2_Error::SETTINGS_INVALID_SYNTAX); } $keyFileName = $this->_security['signMetadata']['keyFileName']; $certFileName = $this->_security['signMetadata']['certFileName']; $keyMetadataFile = $this->_paths['cert'] . $keyFileName; $certMetadataFile = $this->_paths['cert'] . $certFileName; if (!file_exists($keyMetadataFile)) { throw new OneLogin_Saml2_Error('Private key file not found: %s', OneLogin_Saml2_Error::PRIVATE_KEY_FILE_NOT_FOUND, array($keyMetadataFile)); } if (!file_exists($certMetadataFile)) { throw new OneLogin_Saml2_Error('Public cert file not found: %s', OneLogin_Saml2_Error::PUBLIC_CERT_FILE_NOT_FOUND, array($certMetadataFile)); } $keyMetadata = file_get_contents($keyMetadataFile); $certMetadata = file_get_contents($certMetadataFile); } $metadata = OneLogin_Saml2_Metadata::signMetadata($metadata, $keyMetadata, $certMetadata); } return $metadata; }