public function test__signed_serialize_deserialize() { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true); $authnRequest = new AuthnRequest(); $authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205'); $authnRequest->setIssueInstant('2015-09-13T11:47:33Z'); $authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO'); $authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity')); $authnRequest->setSignature(new SignatureWriter($certificate, $privateKey)); $serializationContext = new SerializationContext(); $authnRequest->serialize($serializationContext->getDocument(), $serializationContext); $temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-'); $serializationContext->getDocument()->save($temporaryFilename); $xml = file_get_contents($temporaryFilename); $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->loadXML($xml); $authnRequest = new AuthnRequest(); $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); $signatureReader = $authnRequest->getSignature(); if ($signatureReader instanceof SignatureXmlReader) { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureReader->validate($key); $this->assertTrue($ok); } else { throw new \LogicException('Expected Signature Xml Reader'); } }
public function test_signs_message_when_signing_enabled() { $action = new SignMessageAction($loggerMock = TestHelper::getLoggerMock($this), $signatureResolverMock = TestHelper::getSignatureResolverMock($this)); $context = TestHelper::getProfileContext(); $context->getPartyEntityContext()->setTrustOptions(new TrustOptions()); $context->getTrustOptions()->setSignAuthnRequest(true); $context->getOutboundContext()->setMessage($message = new AuthnRequest()); $signature = new SignatureWriter($certificateMock = TestHelper::getX509CertificateMock($this)); $certificateMock->expects($this->any())->method('getInfo')->willReturn($expectedInfo = ['a' => 1]); $certificateMock->expects($this->any())->method('getFingerprint')->willReturn($expectedFingerprint = '123123123'); $signatureResolverMock->expects($this->once())->method('getSignature')->with($context)->willReturn($signature); $loggerMock->expects($this->once())->method('debug')->with('Message signed with fingerprint "123123123"', $this->isType('array')); $action->execute($context); $this->assertSame($signature, $message->getSignature()); }
/** * @param AuthnRequest $message * @throws Exception */ private function validateSignature(AuthnRequest $message) { $key = KeyHelper::createPublicKey(X509Certificate::fromFile($this->saml_crt)); /** @var SignatureStringReader $signature_reader */ $signature_reader = $message->getSignature(); try { if ($signature_reader->validate($key)) { return; } throw new Exception('Signature not validated'); } catch (Exception $e) { if ($this->logger) { $this->logger->error("AuthnRequest validation failed with message {$e->getMessage()}.", ['exception' => $e]); } throw $e; } }