function testOne()
 {
     $doc = new \DOMDocument();
     $doc->load(__DIR__ . '/../../../../../../../resources/sample/Response/response01.xml');
     $xpath = new \DOMXPath($doc);
     $xpath->registerNamespace('samlp', Protocol::SAML2);
     $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG);
     $xpath->registerNamespace('a', Protocol::NS_ASSERTION);
     $list = $xpath->query('/samlp:Response/a:Assertion/ds:Signature');
     $this->assertEquals(1, $list->length);
     /** @var $signatureNode \DOMElement */
     $signatureNode = $list->item(0);
     $signatureValidator = new SignatureXmlValidator();
     $signatureValidator->loadFromXml($signatureNode);
     $list = $xpath->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $signatureNode);
     $this->assertEquals(1, $list->length);
     /** @var $signatureNode \DOMElement */
     $certificateDataNode = $list->item(0);
     $certData = $certificateDataNode->textContent;
     $certificate = new X509Certificate();
     $certificate->setData($certData);
     $key = KeyHelper::createPublicKey($certificate);
     $ok = $signatureValidator->validate($key);
     $this->assertTrue($ok);
 }
 /**
  * @return \XMLSecurityKey
  */
 public function getPrivateKey()
 {
     if (!$this->_key) {
         $filename = $this->keyFile;
         if ($filename[0] == '@') {
             $filename = $this->kernel->locateResource($filename);
         }
         $this->_key = KeyHelper::createPrivateKey($filename, $this->keyPass, true, false);
     }
     return $this->_key;
 }
 /**
  * @param \XMLSecurityKey $key
  * @return bool True if validated, False if validation was not performed
  * @throws \AerialShip\LightSaml\Error\SecurityException If validation fails
  */
 public function validate(\XMLSecurityKey $key)
 {
     if ($this->getSignature() == null) {
         return false;
     }
     if ($key->type !== \XMLSecurityKey::RSA_SHA1) {
         throw new SecurityException('Invalid key type for validating signature on query string');
     }
     if ($key->type !== $this->getAlgorithm()) {
         $key = KeyHelper::castKey($key, $this->getAlgorithm());
     }
     $signature = base64_decode($this->getSignature());
     if (!$key->verifySignature($this->getData(), $signature)) {
         throw new SecurityException('Unable to validate signature on query string');
     }
     return true;
 }
 private function verifySignature($xml)
 {
     $doc = new \DOMDocument();
     $doc->loadXML($xml);
     $xpath = new \DOMXPath($doc);
     $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG);
     $list = $xpath->query('/root/ds:Signature');
     $this->assertEquals(1, $list->length);
     /** @var $signatureNode \DOMElement */
     $signatureNode = $list->item(0);
     $signatureValidator = new SignatureXmlValidator();
     $signatureValidator->loadFromXml($signatureNode);
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt');
     $key = KeyHelper::createPublicKey($certificate);
     $ok = $signatureValidator->validate($key);
     $this->assertTrue($ok);
 }
Пример #5
0
 protected function checkRequest(AuthnRequest $request, $id, $time)
 {
     $this->assertEquals($id, $request->getID());
     $this->assertEquals('2.0', $request->getVersion());
     $this->assertEquals($this->destination, $request->getDestination());
     $this->assertEquals($this->ascURL, $request->getAssertionConsumerServiceURL());
     $this->assertEquals($this->protocolBinding, $request->getProtocolBinding());
     $this->assertEquals($time, $request->getIssueInstant());
     $this->assertEquals($this->issuer, $request->getIssuer());
     $this->assertEquals($this->nameIDPolicyFormat, $request->getNameIdPolicyFormat());
     $this->assertTrue($request->getNameIdPolicyAllowCreate());
     /** @var SignatureValidatorInterface $signature */
     $signature = $request->getSignature();
     $this->assertNotNull($signature);
     $this->assertTrue($signature instanceof SignatureValidatorInterface);
     $certificate = new X509Certificate();
     $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
     $key = KeyHelper::createPublicKey($certificate);
     $signature->validate($key);
 }
 /**
  * @param \AerialShip\SamlSPBundle\Config\ServiceInfo $serviceInfo
  * @param LogoutRequest $logoutRequest
  * @throws \RuntimeException
  */
 protected function validateLogoutRequest(ServiceInfo $serviceInfo, LogoutRequest $logoutRequest)
 {
     $idp = $serviceInfo->getIdpProvider()->getEntityDescriptor();
     $keyDescriptors = $idp->getFirstIdpSsoDescriptor()->getKeyDescriptors();
     if (empty($keyDescriptors)) {
         throw new \RuntimeException('IDP must support signing for logout requests');
     }
     /** @var  $signature SignatureValidatorInterface */
     $signature = $logoutRequest->getSignature();
     if (!$signature) {
         throw new \RuntimeException('Logout request must be signed');
     }
     $keys = array();
     foreach ($keyDescriptors as $keyDescriptor) {
         $key = KeyHelper::createPublicKey($keyDescriptor->getCertificate());
         $keys[] = $key;
     }
     $signature->validateMulti($keys);
 }
 /**
  * @test
  */
 public function shouldCreatePublicKeyWhenLoadedFromPem()
 {
     $cert = new X509Certificate();
     $cert->loadPem($this->getPEM());
     KeyHelper::createPublicKey($cert);
 }
Пример #8
0
 /**
  * @param \AerialShip\SamlSPBundle\Config\ServiceInfo $metaProvider
  * @return null|\XMLSecurityKey
  */
 protected function getSigningKey(ServiceInfo $metaProvider)
 {
     $result = null;
     $edIDP = $metaProvider->getIdpProvider()->getEntityDescriptor();
     if ($edIDP) {
         $arr = $edIDP->getAllIdpSsoDescriptors();
         if ($arr) {
             $idp = $arr[0];
             $arr = $idp->findKeyDescriptors('signing');
             if ($arr) {
                 $keyDescriptor = $arr[0];
                 $certificate = $keyDescriptor->getCertificate();
                 $result = KeyHelper::createPublicKey($certificate);
             }
         }
     }
     return $result;
 }
 /**
  * @return \XMLSecurityKey
  */
 private function getXmlKey()
 {
     $cert = $this->getCertificate();
     return KeyHelper::createPublicKey($cert);
 }
 /**
  * @param \XMLSecurityKey $key
  * @return \XMLSecurityKey
  */
 private function castKeyIfNecessary(\XMLSecurityKey $key)
 {
     $algorithm = $this->getAlgorithm();
     if ($key->type === \XMLSecurityKey::RSA_SHA1 && $algorithm !== $key->type) {
         $key = KeyHelper::castKey($key, $algorithm);
     }
     return $key;
 }