/**
* @group certificate
*
* @test
*/
public function x509_certificate_contents_must_be_stripped_of_whitespace()
{
$toTest = array('X509Certificate' => ' Should No Longer Have Whitespaces');
$viaConstructor = new SAML2_Certificate_X509($toTest);
$viaSetting = new SAML2_Certificate_X509(array());
$viaSetting['X509Certificate'] = $toTest['X509Certificate'];
$viaFactory = SAML2_Certificate_X509::createFromCertificateData($toTest['X509Certificate']);
$this->assertEquals($viaConstructor['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
$this->assertEquals($viaSetting['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
$this->assertEquals($viaFactory['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
}
/**
* @test
* @group signature
*/
public function signed_message_with_valid_signature_is_validated_correctly()
{
$pattern = SAML2_Utilities_Certificate::CERTIFICATE_PATTERN;
preg_match($pattern, SAML2_CertificatesMock::PUBLIC_KEY_PEM, $matches);
$fingerprint = SAML2_Certificate_X509::createFromCertificateData($matches[1])->getFingerprint();
$config = new SAML2_Configuration_IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw())));
$validator = new SAML2_Signature_FingerprintValidator(new SAML2_SimpleTestLogger(), new SAML2_Certificate_FingerprintLoader());
$doc = new DOMDocument();
$doc->load(__DIR__ . '/response.xml');
$response = new SAML2_Response($doc->firstChild);
$response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey());
$response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM));
// convert to signed response
$response = new SAML2_Response($response->toSignedXML());
$this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
$this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
}
/**
* @param SAML2_SignedElement $signedElement
* @param SAML2_Configuration_CertificateProvider $configuration
*
* @return bool
*/
public function hasValidSignature(SAML2_SignedElement $signedElement, SAML2_Configuration_CertificateProvider $configuration)
{
$this->certificates = array_map(function ($certificate) {
return SAML2_Certificate_X509::createFromCertificateData($certificate);
}, $this->certificates);
$fingerprintCollection = $this->fingerprintLoader->loadFromConfiguration($configuration);
$pemCandidates = array();
foreach ($this->certificates as $certificate) {
/** @var SAML2_Certificate_X509 $certificate */
$certificateFingerprint = $certificate->getFingerprint();
if ($fingerprintCollection->contains($certificateFingerprint)) {
$pemCandidates[] = $certificate;
}
}
if (empty($pemCandidates)) {
$this->logger->debug('Unable to match a certificate of the SignedElement matching a configured fingerprint');
return FALSE;
}
return $this->validateElementWithKeys($signedElement, $pemCandidates);
}
public function get_X509_certificate()
{
foreach ($this->get_IDP_SSO_descriptor()->KeyDescriptor as $key_descriptor) {
foreach ($key_descriptor->KeyInfo->info as $key_info) {
if ($key_info instanceof SAML2_XML_ds_X509Data) {
foreach ($key_info->data as $data) {
if ($data instanceof SAML2_XML_ds_X509Certificate) {
return SAML2_Certificate_X509::createFromCertificateData($data->certificate)->getCertificate();
}
}
}
}
}
throw new RuntimeException("No X509 Certificate data");
}
public function get_X509_certificate()
{
$cert = null;
foreach ($this->get_IDP_SSO_descriptor()->KeyDescriptor as $key_descriptor) {
foreach ($key_descriptor->KeyInfo->info as $key_info) {
if ($key_info instanceof SAML2_XML_ds_X509Data) {
foreach ($key_info->data as $data) {
if ($data instanceof SAML2_XML_ds_X509Certificate) {
$cert = SAML2_Certificate_X509::createFromCertificateData($data->certificate)->getCertificate();
}
}
}
}
}
return $cert;
}
/**
* Loads the certificate in the file given
*
* @param string $certificateFile the full path to the cert file.
*/
public function loadCertificateFile($certificateFile)
{
$certificate = SAML2_Utilities_File::getFileContents($certificateFile);
if (!SAML2_Utilities_Certificate::hasValidStructure($certificate)) {
throw new SAML2_Certificate_Exception_InvalidCertificateStructureException(sprintf('Could not find PEM encoded certificate in "%s"', $certificateFile));
}
// capture the certificate contents without the delimiters
preg_match(SAML2_Utilities_Certificate::CERTIFICATE_PATTERN, $certificate, $matches);
$this->loadedKeys->add(SAML2_Certificate_X509::createFromCertificateData($matches[1]));
}