/** * @group certificate * * @test */ public function x509_certificate_contents_must_be_stripped_of_whitespace() { $toTest = array('X509Certificate' => ' Should No Longer Have Whitespaces'); $viaConstructor = new SAML2_Certificate_X509($toTest); $viaSetting = new SAML2_Certificate_X509(array()); $viaSetting['X509Certificate'] = $toTest['X509Certificate']; $viaFactory = SAML2_Certificate_X509::createFromCertificateData($toTest['X509Certificate']); $this->assertEquals($viaConstructor['X509Certificate'], 'ShouldNoLongerHaveWhitespaces'); $this->assertEquals($viaSetting['X509Certificate'], 'ShouldNoLongerHaveWhitespaces'); $this->assertEquals($viaFactory['X509Certificate'], 'ShouldNoLongerHaveWhitespaces'); }
/** * @test * @group signature */ public function signed_message_with_valid_signature_is_validated_correctly() { $pattern = SAML2_Utilities_Certificate::CERTIFICATE_PATTERN; preg_match($pattern, SAML2_CertificatesMock::PUBLIC_KEY_PEM, $matches); $fingerprint = SAML2_Certificate_X509::createFromCertificateData($matches[1])->getFingerprint(); $config = new SAML2_Configuration_IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw()))); $validator = new SAML2_Signature_FingerprintValidator(new SAML2_SimpleTestLogger(), new SAML2_Certificate_FingerprintLoader()); $doc = new DOMDocument(); $doc->load(__DIR__ . '/response.xml'); $response = new SAML2_Response($doc->firstChild); $response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey()); $response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM)); // convert to signed response $response = new SAML2_Response($response->toSignedXML()); $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element'); $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid'); }
/** * @param SAML2_SignedElement $signedElement * @param SAML2_Configuration_CertificateProvider $configuration * * @return bool */ public function hasValidSignature(SAML2_SignedElement $signedElement, SAML2_Configuration_CertificateProvider $configuration) { $this->certificates = array_map(function ($certificate) { return SAML2_Certificate_X509::createFromCertificateData($certificate); }, $this->certificates); $fingerprintCollection = $this->fingerprintLoader->loadFromConfiguration($configuration); $pemCandidates = array(); foreach ($this->certificates as $certificate) { /** @var SAML2_Certificate_X509 $certificate */ $certificateFingerprint = $certificate->getFingerprint(); if ($fingerprintCollection->contains($certificateFingerprint)) { $pemCandidates[] = $certificate; } } if (empty($pemCandidates)) { $this->logger->debug('Unable to match a certificate of the SignedElement matching a configured fingerprint'); return FALSE; } return $this->validateElementWithKeys($signedElement, $pemCandidates); }
public function get_X509_certificate() { foreach ($this->get_IDP_SSO_descriptor()->KeyDescriptor as $key_descriptor) { foreach ($key_descriptor->KeyInfo->info as $key_info) { if ($key_info instanceof SAML2_XML_ds_X509Data) { foreach ($key_info->data as $data) { if ($data instanceof SAML2_XML_ds_X509Certificate) { return SAML2_Certificate_X509::createFromCertificateData($data->certificate)->getCertificate(); } } } } } throw new RuntimeException("No X509 Certificate data"); }
public function get_X509_certificate() { $cert = null; foreach ($this->get_IDP_SSO_descriptor()->KeyDescriptor as $key_descriptor) { foreach ($key_descriptor->KeyInfo->info as $key_info) { if ($key_info instanceof SAML2_XML_ds_X509Data) { foreach ($key_info->data as $data) { if ($data instanceof SAML2_XML_ds_X509Certificate) { $cert = SAML2_Certificate_X509::createFromCertificateData($data->certificate)->getCertificate(); } } } } } return $cert; }
/** * Loads the certificate in the file given * * @param string $certificateFile the full path to the cert file. */ public function loadCertificateFile($certificateFile) { $certificate = SAML2_Utilities_File::getFileContents($certificateFile); if (!SAML2_Utilities_Certificate::hasValidStructure($certificate)) { throw new SAML2_Certificate_Exception_InvalidCertificateStructureException(sprintf('Could not find PEM encoded certificate in "%s"', $certificateFile)); } // capture the certificate contents without the delimiters preg_match(SAML2_Utilities_Certificate::CERTIFICATE_PATTERN, $certificate, $matches); $this->loadedKeys->add(SAML2_Certificate_X509::createFromCertificateData($matches[1])); }