public function test__signed_serialize_deserialize()
{
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
$privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true);
$authnRequest = new AuthnRequest();
$authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205');
$authnRequest->setIssueInstant('2015-09-13T11:47:33Z');
$authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO');
$authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity'));
$authnRequest->setSignature(new SignatureWriter($certificate, $privateKey));
$serializationContext = new SerializationContext();
$authnRequest->serialize($serializationContext->getDocument(), $serializationContext);
$temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-');
$serializationContext->getDocument()->save($temporaryFilename);
$xml = file_get_contents($temporaryFilename);
$deserializationContext = new DeserializationContext();
$deserializationContext->getDocument()->loadXML($xml);
$authnRequest = new AuthnRequest();
$authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
$signatureReader = $authnRequest->getSignature();
if ($signatureReader instanceof SignatureXmlReader) {
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
$key = KeyHelper::createPublicKey($certificate);
$ok = $signatureReader->validate($key);
$this->assertTrue($ok);
} else {
throw new \LogicException('Expected Signature Xml Reader');
}
}
/**
* Get saml authnRequest.
*
* @param string $consumer_service_url
* @param string $idp_destination
* @param string $issuer
* @param string $saml_crt
* @param string $saml_key
* @return string
*/
public function getAuthnRequest($consumer_service_url, $idp_destination, $issuer, $saml_crt, $saml_key)
{
$authn_request = new AuthnRequest();
$authn_request->setAssertionConsumerServiceURL($consumer_service_url)->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_POST)->setID(Helper::generateID())->setIssueInstant(new DateTime())->setDestination($idp_destination)->setIssuer(new Issuer($issuer));
$certificate = new X509Certificate();
$certificate->loadPem($saml_crt);
$private_key = KeyHelper::createPrivateKey($saml_key, '', false);
$authn_request->setSignature(new SignatureWriter($certificate, $private_key));
$serialization_context = new SerializationContext();
$authn_request->serialize($serialization_context->getDocument(), $serialization_context);
$binding_factory = new BindingFactory();
$redirect_binding = $binding_factory->create(SamlConstants::BINDING_SAML2_HTTP_REDIRECT);
$message_context = new MessageContext();
$message_context->setMessage($authn_request);
/** @var \Symfony\Component\HttpFoundation\RedirectResponse $http_response */
$http_response = $redirect_binding->send($message_context);
return $http_response->getTargetUrl();
}
public function test__serialize()
{
$context = new SerializationContext();
$request = new AuthnRequest();
$request->setID('request-id')->setIssueInstant(new \DateTime('2013-10-10T15:26:20Z'))->setDestination('http://destination.com/authn')->setAssertionConsumerServiceURL('http://sp.com/acs')->setProtocolBinding(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)->setIssuer((new Issuer())->setValue('the-issuer'))->setNameIDPolicy((new NameIDPolicy())->setFormat(SamlConstants::NAME_ID_FORMAT_TRANSIENT)->setAllowCreate(true));
$request->serialize($context->getDocument(), $context);
$context->getDocument()->formatOutput = true;
$xml = $context->getDocument()->saveXML();
$expectedXml = <<<EOT
<?xml version="1.0"?>
<AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="request-id" Version="2.0" IssueInstant="2013-10-10T15:26:20Z" Destination="http://destination.com/authn" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" AssertionConsumerServiceURL="http://sp.com/acs">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">the-issuer</saml:Issuer>
<NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
</AuthnRequest>
EOT;
$xml = trim(str_replace("\r", '', $xml));
$expectedXml = trim(str_replace("\r", '', $expectedXml));
$this->assertEquals($expectedXml, $xml);
}
