public function test_does_nothing_if_there_is_bearer_assertion() { $action = new HasBearerAssertionsValidatorAction(TestHelper::getLoggerMock($this)); $context = new ProfileContext(Profiles::SSO_IDP_RECEIVE_AUTHN_REQUEST, ProfileContext::ROLE_IDP); $context->getInboundContext()->setMessage($response = new Response()); $response->addAssertion($assertion = new Assertion()); $assertion->addItem(new AuthnStatement()); $assertion->setSubject($subject = new Subject()); $subject->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation()); $subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER); $action->execute($context); }
public function test_adds_known_in_response_to_request_state_to_context() { $action = new InResponseToValidatorAction(TestHelper::getLoggerMock($this), $requestStateMock = TestHelper::getRequestStateStoreMock($this)); $context = TestHelper::getAssertionContext($assertion = new Assertion()); $assertion->setSubject($subject = new Subject()); $subject->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation()); $subjectConfirmation->setSubjectConfirmationData(new SubjectConfirmationData()); $subjectConfirmation->getSubjectConfirmationData()->setInResponseTo($inResponseTo = '123123123'); $requestStateMock->expects($this->once())->method('get')->with($inResponseTo)->willReturn(new RequestState($inResponseTo)); $action->execute($context); /** @var RequestStateContext $requestStateContext */ $requestStateContext = $context->getSubContext(ProfileContexts::REQUEST_STATE); $this->assertInstanceOf(RequestStateContext::class, $requestStateContext); $this->assertEquals($inResponseTo, $requestStateContext->getRequestState()->getId()); }
/** * @param AssertionContext $context * @param SubjectConfirmation $subjectConfirmation */ protected function validateSubjectConfirmation(AssertionContext $context, SubjectConfirmation $subjectConfirmation) { $recipient = $subjectConfirmation->getSubjectConfirmationData()->getRecipient(); if (null == $recipient) { $message = 'Bearer SubjectConfirmation must contain Recipient attribute'; $this->logger->error($message, LogHelper::getActionErrorContext($context, $this)); throw new LightSamlContextException($context, $message); } $criteriaSet = new CriteriaSet([new DescriptorTypeCriteria(SpSsoDescriptor::class), new ServiceTypeCriteria(AssertionConsumerService::class), new LocationCriteria($recipient)]); $ownEntityDescriptor = $context->getProfileContext()->getOwnEntityDescriptor(); $arrEndpoints = $this->endpointResolver->resolve($criteriaSet, $ownEntityDescriptor->getAllEndpoints()); if (empty($arrEndpoints)) { $message = sprintf("Recipient '%s' does not match SP descriptor", $recipient); $this->logger->error($message, LogHelper::getActionErrorContext($context, $this, ['recipient' => $recipient])); throw new LightSamlContextException($context, $message); } }
/** * @param AssertionContext $context * * @return void */ protected function doExecute(AssertionContext $context) { $profileContext = $context->getProfileContext(); $inboundMessage = $profileContext->getInboundContext()->getMessage(); $endpoint = $profileContext->getEndpoint(); $data = new SubjectConfirmationData(); if ($inboundMessage) { $data->setInResponseTo($inboundMessage->getID()); } $data->setAddress($profileContext->getHttpRequest()->getClientIp()); $data->setNotOnOrAfter($this->timeProvider->getTimestamp() + $this->expirationSeconds); $data->setRecipient($endpoint->getLocation()); $subjectConfirmation = new SubjectConfirmation(); $subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER); $subjectConfirmation->setSubjectConfirmationData($data); if (null === $context->getAssertion()->getSubject()) { $context->getAssertion()->setSubject(new Subject()); } $context->getAssertion()->getSubject()->addSubjectConfirmation($subjectConfirmation); }
/** * @param SubjectConfirmation $subjectConfirmation * * @throws \LightSaml\Error\LightSamlValidationException */ protected function validateSubjectConfirmation(SubjectConfirmation $subjectConfirmation) { if (false == Helper::validateRequiredString($subjectConfirmation->getMethod())) { throw new LightSamlValidationException('Method attribute of SubjectConfirmation MUST contain at least one non-whitespace character'); } if (false == Helper::validateWellFormedUriString($subjectConfirmation->getMethod())) { throw new LightSamlValidationException('SubjectConfirmation element has Method attribute which is not a wellformed absolute uri.'); } if ($subjectConfirmation->getNameID()) { $this->nameIdValidator->validateNameId($subjectConfirmation->getNameID()); } if ($subjectConfirmation->getSubjectConfirmationData()) { $this->validateSubjectConfirmationData($subjectConfirmation->getSubjectConfirmationData()); } }
public function test_sets_unknown_assertion_id_to_store() { $action = new RepeatedIdValidatorAction($loggerMock = TestHelper::getLoggerMock($this), $idStoreMock = TestHelper::getIdStoreMock($this)); $assertionContext = TestHelper::getAssertionContext($assertion = new Assertion()); $assertion->setId($assertionId = '123'); $assertion->setIssuer(new Issuer($issuer = 'http://issuer.com')); $assertion->addItem(new AuthnStatement()); $assertion->setSubject(new Subject()); $assertion->getSubject()->addSubjectConfirmation($subjectConfirmation = new SubjectConfirmation()); $subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER); $subjectConfirmation->setSubjectConfirmationData(new SubjectConfirmationData()); $subjectConfirmation->getSubjectConfirmationData()->setNotOnOrAfter(new \DateTime()); $idStoreMock->expects($this->once())->method('has')->with($issuer, $assertionId)->willReturn(false); $idStoreMock->expects($this->once())->method('set')->with($issuer, $assertionId, $this->isInstanceOf(\DateTime::class)); $action->execute($assertionContext); }
/** * @expectedException \LightSaml\Error\LightSamlValidationException * @expectedExceptionMessage SubjectConfirmationData NotBefore MUST be less than NotOnOrAfter */ public function test_fails_on_not_on_or_after_less_then_not_before() { $subject = new Subject(); $subjectConfirmationData = new SubjectConfirmationData(); $subjectConfirmationData->setNotOnOrAfter(999)->setNotBefore(1000); $subjectConfirmation = new SubjectConfirmation(); $subjectConfirmation->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER); $subjectConfirmation->setSubjectConfirmationData($subjectConfirmationData); $subject->addSubjectConfirmation($subjectConfirmation); $validator = new SubjectValidator($this->getNameIdValidatorMock()); $validator->validateSubject($subject); }