/**
* @param SubjectConfirmation $subjectConfirmation
*
* @throws \LightSaml\Error\LightSamlValidationException
*/
protected function validateSubjectConfirmation(SubjectConfirmation $subjectConfirmation)
{
if (false == Helper::validateRequiredString($subjectConfirmation->getMethod())) {
throw new LightSamlValidationException('Method attribute of SubjectConfirmation MUST contain at least one non-whitespace character');
}
if (false == Helper::validateWellFormedUriString($subjectConfirmation->getMethod())) {
throw new LightSamlValidationException('SubjectConfirmation element has Method attribute which is not a wellformed absolute uri.');
}
if ($subjectConfirmation->getNameID()) {
$this->nameIdValidator->validateNameId($subjectConfirmation->getNameID());
}
if ($subjectConfirmation->getSubjectConfirmationData()) {
$this->validateSubjectConfirmationData($subjectConfirmation->getSubjectConfirmationData());
}
}
/**
* @param ProfileContext $context
*
* @return void
*/
protected function doExecute(ProfileContext $context)
{
$message = MessageContextHelper::asSamlMessage($context->getInboundContext());
if (false == $message->getIssuer()) {
$message = 'Inbound message must have Issuer element';
$this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
if ($this->allowedFormat && $message->getIssuer()->getValue() && $message->getIssuer()->getFormat() && $message->getIssuer()->getFormat() != $this->allowedFormat) {
$message = sprintf("Response Issuer Format if set must have value '%s' but it was '%s'", $this->allowedFormat, $message->getIssuer()->getFormat());
$this->logger->emergency($message, LogHelper::getActionErrorContext($context, $this));
throw new LightSamlContextException($context, $message);
}
try {
$this->nameIdValidator->validateNameId($message->getIssuer());
} catch (LightSamlValidationException $ex) {
throw new LightSamlContextException($context, $ex->getMessage(), 0, $ex);
}
}
/**
* @param Assertion $assertion
*
* @throws LightSamlValidationException
*/
protected function validateAssertionAttributes(Assertion $assertion)
{
if (false == Helper::validateRequiredString($assertion->getVersion())) {
throw new LightSamlValidationException('Assertion element must have the Version attribute set.');
}
if ($assertion->getVersion() != SamlConstants::VERSION_20) {
throw new LightSamlValidationException('Assertion element must have the Version attribute value equal to 2.0.');
}
if (false == Helper::validateRequiredString($assertion->getId())) {
throw new LightSamlValidationException('Assertion element must have the ID attribute set.');
}
if (false == Helper::validateIdString($assertion->getId())) {
throw new LightSamlValidationException('Assertion element must have an ID attribute with at least 16 characters (the equivalent of 128 bits).');
}
if (false == $assertion->getIssueInstantTimestamp()) {
throw new LightSamlValidationException('Assertion element must have the IssueInstant attribute set.');
}
if (false == $assertion->getIssuer()) {
throw new LightSamlValidationException('Assertion element must have an issuer element.');
}
$this->nameIdValidator->validateNameId($assertion->getIssuer());
}
