Пример #1
0
 protected function createResponse($testrun, $request, $relayState = NULL)
 {
     $this->log($testrun, 'Creating response with relaystate [' . $relayState . ']');
     $idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata);
     $spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata);
     $requestId = $request->getId();
     $consumerURL = $request->getAssertionConsumerServiceURL();
     $spentityid = $spMetadata->getString('entityid');
     $idpentityid = $idpMetadata->getString('entityid');
     $consumerURLf = $spMetadata->getDefaultEndpoint('AssertionConsumerService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'), $consumerURL);
     $consumerURL = $consumerURLf['Location'];
     #		print_r($spMetadata); exit;
     #		print_r($spMetadata->getString('AssertionConsumerServiceURL'))
     $protocolBinding = SAML2_Const::BINDING_HTTP_POST;
     $config = $this->getConfig($testrun);
     $authnInstant = time();
     // Build assertion
     $a = new sspmod_fedlab_xml_Assertion();
     if ($config['signAssertion']) {
         $keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE);
         $certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE);
         $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
         $privateKey->loadKey($keyArray['PEM'], FALSE);
         $a->setSignatureKey($privateKey);
         if ($certArray === NULL) {
             throw new Exception('No certificates found. [1]');
         }
         if (!array_key_exists('PEM', $certArray)) {
             throw new Exception('No certificates found. [2]');
         }
         $a->setCertificates(array($certArray['PEM']));
     }
     $a->includeAuthn = $config['includeAuthn'];
     $a->addSubjectConfirmationData = $config['addSubjectConfirmationData'];
     $a->iterateSubjectConfirmationData = $config['iterateSubjectConfirmationData'];
     $a->subjectAddresses = $this->getAddresses($testrun, array(NULL));
     if (isset($config['dateFormat'])) {
         $a->dateformat = $config['dateFormat'];
     }
     $a->setIssueInstant(time() + $config['issueInstantMod']);
     $a->extracondition = $config['extracondition'];
     $a->setIssuer($this->getIssuerAssertion($testrun, $idpentityid));
     $a->setDestination($this->getDestinationAssertion($testrun, array($consumerURL)));
     $a->setValidAudiences($this->getValidAudience($testrun, array(array($spentityid))));
     $a->setNotBefore(time() + $config['notBeforeSkew']);
     $assertionLifetime = $config['assertionLifetime'];
     $a->setNotOnOrAfter(time() + $assertionLifetime);
     $a->notOnOrAfterSubjectConfirmationData = time() + $config['SubjectConfirmationDataLifetime'];
     $a->setAuthnContext($this->getAuthnContext($testrun, SAML2_Const::AC_PASSWORD));
     $a->setAuthnInstant($authnInstant);
     $sessionLifetime = $config['sessionLifetime'];
     $a->setSessionNotOnOrAfter(time() + $sessionLifetime);
     $sessionIndex = SimpleSAML_Utilities::generateID();
     $a->setSessionIndex($sessionIndex);
     /* Add attributes. */
     $attributeNameFormat = $config['attributeNameFormat'];
     $a->setAttributeNameFormat($attributeNameFormat);
     $attributes = array('urn:oid:1.3.6.1.4.1.5923.1.1.1.6' => array('*****@*****.**'), 'urn:mace:dir:attribute-def:eduPersonPrincipalName' => array('*****@*****.**'));
     $a->setAttributes($attributes);
     $nameId = array('Format' => $config['nameIdFormat'], 'SPNameQualifier' => $spentityid, 'Value' => SimpleSAML_Utilities::generateID());
     $a->setNameId($nameId);
     // Assertion builded....
     #		print_r($requestId);
     $inresponseto = $this->getInResponseToAssertion($testrun, $requestId);
     if (!empty($inresponseto)) {
         $a->setInResponseTo($inresponseto);
     }
     // $assertion->setAuthenticatingAuthority($state['saml:AuthenticatingAuthority']);
     /* Maybe encrypt the assertion. */
     // $a = sspmod_saml2_Message::encryptAssertion($idpMetadata, $spMetadata, $a);
     // Build the response
     $signResponse = $config['signResponse'];
     $response = new sspmod_fedlab_xml_Response();
     $response->setIssuer($this->getIssuerResponse($testrun, $idpentityid));
     $response->setDestination($this->getDestinationResponse($testrun, $consumerURL));
     if ($signResponse) {
         // self::addSign($srcMetadata, $dstMetadata, $r);
         $keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE);
         $certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE);
         $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
         $privateKey->loadKey($keyArray['PEM'], FALSE);
         $response->setSignatureKey($privateKey);
         if ($certArray === NULL) {
             throw new Exception('No certificates found. [1]');
         }
         if (!array_key_exists('PEM', $certArray)) {
             throw new Exception('No certificates found. [2]');
         }
         $response->setCertificates(array($certArray['PEM']));
     }
     $inresponseto = $this->getInResponseToResponse($testrun, $requestId);
     if (!empty($inresponseto)) {
         $response->setInResponseTo($inresponseto);
     }
     $response->setRelayState($this->getRelayState($testrun, $relayState));
     $response->setAssertions(array($a));
     $this->tweakResponse($testrun, $response);
     $msgStr = $response->toSignedXML();
     $this->tweakResponseDOM($testrun, $msgStr);
     $msgStr = $msgStr->ownerDocument->saveXML($msgStr);
     $this->tweakResponseText($testrun, $msgStr);
     #		echo '<pre>'; echo(htmlspecialchars($msgStr)); exit;
     #		$msgStr = base64_encode($msgStr);
     #		$msgStr = htmlspecialchars($msgStr);
     return array('url' => $consumerURL, 'Response' => $msgStr, 'NameID' => $nameId, 'SessionIndex' => $sessionIndex, 'RelayState' => $relayState);
 }
Пример #2
0
 protected function getAssertion($testrun, $request, $attributes = NULL, $sign = FALSE, $includeAuthn = TRUE)
 {
     $idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata);
     $spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata);
     $requestId = $request->getId();
     $consumerURL = $request->getAssertionConsumerServiceURL();
     $spentityid = $spMetadata->getString('entityid');
     $idpentityid = $idpMetadata->getString('entityid');
     $consumerURLf = $spMetadata->getDefaultEndpoint('AssertionConsumerService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'), $consumerURL);
     $consumerURL = $consumerURLf['Location'];
     $config = $this->getConfig($testrun);
     $authnInstant = time();
     // Build assertion
     $a = new sspmod_fedlab_xml_Assertion();
     if ($sign) {
         $keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE);
         $certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE);
         $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
         $privateKey->loadKey($keyArray['PEM'], FALSE);
         $a->setSignatureKey($privateKey);
         if ($certArray === NULL) {
             throw new Exception('No certificates found. [1]');
         }
         if (!array_key_exists('PEM', $certArray)) {
             throw new Exception('No certificates found. [2]');
         }
         $a->setCertificates(array($certArray['PEM']));
     }
     $a->includeAuthn = $includeAuthn;
     $a->addSubjectConfirmationData = $config['addSubjectConfirmationData'];
     $a->iterateSubjectConfirmationData = $config['iterateSubjectConfirmationData'];
     $a->subjectAddresses = $this->getAddresses($testrun, array(NULL));
     if (isset($config['dateFormat'])) {
         $a->dateformat = $config['dateFormat'];
     }
     $a->setIssueInstant(time() + $config['issueInstantMod']);
     $a->extracondition = $config['extracondition'];
     $a->setIssuer($this->getIssuerAssertion($testrun, $idpentityid));
     $a->setDestination($this->getDestinationAssertion($testrun, array($consumerURL)));
     $a->setValidAudiences($this->getValidAudience($testrun, array(array($spentityid))));
     $a->setNotBefore(time() + $config['notBeforeSkew']);
     $assertionLifetime = $config['assertionLifetime'];
     $a->setNotOnOrAfter(time() + $assertionLifetime);
     $a->notOnOrAfterSubjectConfirmationData = time() + $config['SubjectConfirmationDataLifetime'];
     $a->setAuthnContext($this->getAuthnContext($testrun, SAML2_Const::AC_PASSWORD));
     $a->setAuthnInstant($authnInstant);
     $sessionLifetime = $config['sessionLifetime'];
     $a->setSessionNotOnOrAfter(time() + $sessionLifetime);
     $a->setSessionIndex(SimpleSAML_Utilities::generateID());
     /* Add attributes. */
     $attributeNameFormat = $config['attributeNameFormat'];
     $a->setAttributeNameFormat($attributeNameFormat);
     // $attributes = array(
     // 		'urn:oid:1.3.6.1.4.1.5923.1.1.1.6' => array('*****@*****.**'),
     // 		'urn:mace:dir:attribute-def:eduPersonPrincipalName' => array('*****@*****.**'),
     // 	);
     $a->setAttributes($attributes);
     $nameId = array('Format' => $config['nameIdFormat'], 'SPNameQualifier' => $spentityid, 'Value' => SimpleSAML_Utilities::generateID());
     $a->setNameId($nameId);
     // Assertion builded....
     $inresponseto = $this->getInResponseToAssertion($testrun, $requestId);
     if (!empty($inresponseto)) {
         $a->setInResponseTo($inresponseto);
     }
     // $assertion->setAuthenticatingAuthority($state['saml:AuthenticatingAuthority']);
     /* Maybe encrypt the assertion. */
     // $a = sspmod_saml2_Message::encryptAssertion($idpMetadata, $spMetadata, $a);
     return $a;
 }