getPublicKey() публичный статический Метод

public static getPublicKey ( ) : XMLSecurityKey
Результат RobRichards\XMLSecLibs\XMLSecurityKey
Пример #1
0
 /**
  * Test that signatures no longer validate if the value has been tampered with.
  */
 public function testValidateWithValueTampering()
 {
     // Test modification of SignatureValue.
     $signedMockElementCopy = Utils::copyElement($this->signedMockElement);
     $signedMockElementCopy->ownerDocument->appendChild($signedMockElementCopy);
     $digestValueElements = Utils::xpQuery($signedMockElementCopy, '/root/ds:Signature/ds:SignatureValue');
     $this->assertCount(1, $digestValueElements);
     $digestValueElements[0]->firstChild->data = 'invalid';
     $tmp = new SignedElementHelperMock($signedMockElementCopy);
     $this->setExpectedException('Exception', 'Unable to validate Signature');
     $tmp->validate(CertificatesMock::getPublicKey());
 }
Пример #2
0
    /**
     * Due to the fact that the symmetric key is generated each time, we cannot test whether or not the resulting XML
     * matches a specific XML, but we can test whether or not the resulting structure is actually correct, conveying
     * all information required to decrypt the NameId.
     */
    public function testThatAnEncryptedNameIdResultsInTheCorrectXmlStructure()
    {
        // the NameID we're going to encrypt
        $nameId = array('Value' => md5('Arthur Dent'), 'Format' => Constants::NAMEID_ENCRYPTED);
        // basic AuthnRequest
        $request = new AuthnRequest();
        $request->setIssuer('https://gateway.stepup.org/saml20/sp/metadata');
        $request->setDestination('https://tiqr.stepup.org/idp/profile/saml2/Redirect/SSO');
        $request->setNameId($nameId);
        // encrypt the NameID
        $key = CertificatesMock::getPublicKey();
        $request->encryptNameId($key);
        $expectedXml = <<<AUTHNREQUEST
<samlp:AuthnRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID=""
    Version=""
    IssueInstant=""
    Destination="">
    <saml:Issuer></saml:Issuer>
    <saml:Subject>
        <saml:EncryptedID xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
            <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                    <xenc:EncryptedKey>
                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                        <xenc:CipherData>
                            <xenc:CipherValue></xenc:CipherValue>
                        </xenc:CipherData>
                    </xenc:EncryptedKey>
                </dsig:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue></xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedData>
        </saml:EncryptedID>
    </saml:Subject>
</samlp:AuthnRequest>
AUTHNREQUEST;
        $expectedStructure = DOMDocumentFactory::fromString($expectedXml)->documentElement;
        $requestStructure = $request->toUnsignedXML();
        $this->assertEqualXMLStructure($expectedStructure, $requestStructure);
    }
Пример #3
0
 /**
  * Test validating a signed authentication request.
  */
 public function testSignedRequestValidationWrongKeytype()
 {
     $qs = 'SAMLRequest=nVLBauMwEP0Vo7sjW7FpKpJA2rBsoNuGOruHXhZFHm8EsuRqxtv27yvbWWgvYelFgjfvzbx5zBJVazu56enkHuG5B6TktbUO5VhYsT446RUalE61gJK0rDY%2F7qSYZbILnrz2ln2QXFYoRAhkvGPJbrtiv7VoygJEoTJ9LOusXDSFuJ4vdH6cxwoIEGUjsrqoFUt%2BQcCoXLHYKMoRe9g5JOUoQlleprlI8%2FyQz6W4ksXiiSXbuI1xikbViahDyfkRSM2wD40DmjnL0bSdhcE6Hx7BTd3xqnqoIPw1GmbdqWPJNx80jCGtGIUeWLL5t8mtd9i3EM78n493%2FzWr9XVvx%2B58mj39IlUaR%2FQmKOPq4Dtkyf4c9E1EjPtzOePjREL5%2FXDYp%2FuH6sDWy6G3HDML66%2B5ayO7VlHx2dySf2y9nM7pPprabffeGv02ZNcquux5QEydNiNVUlAODTiKMVvrX24DKIJz8nw9jfx8tOt3&RelayState=https%3A%2F%2Fbeta.surfnet.nl%2Fsimplesaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3DBraindrops&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=b%2Bqe%2FXGgICOrEL1v9dwuoy0RJtJ%2FGNAr7gJGYSJzLG0riPKwo7v5CH8GPC2P9IRikaeaNeQrnhBAaf8FCWrO0cLFw4qR6msK9bxRBGk%2BhIaTUYCh54ETrVCyGlmBneMgC5%2FiCRvtEW3ESPXCCqt8Ncu98yZmv9LIVyHSl67Se%2BfbB9sDw3%2FfzwYIHRMqK2aS8jnsnqlgnBGGOXqIqN3%2Bd%2F2dwtCfz14s%2F9odoYzSUv32qfNPiPez6PSNqwhwH7dWE3TlO%2FjZmz0DnOeQ2ft6qdZEi5ZN5KCV6VmNKpkrLMq6DDPnuwPm%2F8oCAoT88R2jG7uf9QZB%2BArWJKMEhDLsCA%3D%3D';
     $_SERVER['QUERY_STRING'] = $qs;
     $hr = new HTTPRedirect();
     $request = $hr->receive();
     // validate with wrong type of cert
     $this->setExpectedException('Exception', 'Invalid key type for validating signature');
     $result = $request->validate(CertificatesMock::getPublicKey());
 }
Пример #4
0
    public function testTypedEncryptedAttributeValuesAreParsedCorrectly()
    {
        $xml = <<<XML
            <saml:Assertion
                    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    xmlns:xs="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    Version="2.0"
                    ID="_93af655219464fb403b34436cfb0c5cb1d9a5502"
                    IssueInstant="1970-01-01T01:33:31Z">
      <saml:Issuer>Provider</saml:Issuer>
      <saml:Conditions/>
      <saml:AttributeStatement>
        <saml:Attribute Name="urn:some:string">
            <saml:AttributeValue xsi:type="xs:string">string</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="urn:some:integer">
            <saml:AttributeValue xsi:type="xs:integer">42</saml:AttributeValue>
        </saml:Attribute>
      </saml:AttributeStatement>
    </saml:Assertion>
XML;
        $privateKey = CertificatesMock::getPublicKey();
        $assertion = new Assertion(DOMDocumentFactory::fromString($xml)->firstChild);
        $assertion->setEncryptionKey($privateKey);
        $assertion->setEncryptedAttributes(true);
        $encryptedAssertion = $assertion->toXML()->ownerDocument->saveXML();
        $assertionToVerify = new Assertion(DOMDocumentFactory::fromString($encryptedAssertion)->firstChild);
        $this->assertTrue($assertionToVerify->hasEncryptedAttributes());
        $assertionToVerify->decryptAttributes(CertificatesMock::getPrivateKey());
        $attributes = $assertionToVerify->getAttributes();
        $this->assertInternalType('int', $attributes['urn:some:integer'][0]);
        $this->assertInternalType('string', $attributes['urn:some:string'][0]);
        $this->assertXmlStringEqualsXmlString($xml, $assertionToVerify->toXML()->ownerDocument->saveXML());
    }
Пример #5
0
 /**
  * Test NameID Encryption and Decryption.
  */
 public function testNameIdEncryption()
 {
     // Create an assertion
     $assertion = new Assertion();
     $assertion->setIssuer('testIssuer');
     $assertion->setValidAudiences(array('audience1', 'audience2'));
     $assertion->setAuthnContext('someAuthnContext');
     $assertion->setNameId(array("Value" => "just_a_basic_identifier", "Format" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
     $this->assertFalse($assertion->isNameIdEncrypted());
     $publicKey = CertificatesMock::getPublicKey();
     $assertion->encryptNameId($publicKey);
     $this->assertTrue($assertion->isNameIdEncrypted());
     // Marshall it to a \DOMElement
     $assertionElement = $assertion->toXML()->ownerDocument->saveXML();
     $assertionToVerify = new Assertion(DOMDocumentFactory::fromString($assertionElement)->firstChild);
     $this->assertTrue($assertionToVerify->isNameIdEncrypted());
     $privateKey = CertificatesMock::getPrivateKey();
     $assertionToVerify->decryptNameId($privateKey);
     $this->assertFalse($assertionToVerify->isNameIdEncrypted());
     $nameID = $assertionToVerify->getNameID();
     $this->assertEquals('just_a_basic_identifier', $nameID['Value']);
     $this->assertEquals('urn:oasis:names:tc:SAML:2.0:nameid-format:transient', $nameID['Format']);
 }