示例#1
0
 /**
  * @group certificate
  *
  * @test
  */
 public function x509_certificate_contents_must_be_stripped_of_whitespace()
 {
     $toTest = array('X509Certificate' => ' Should   No Longer  Have Whitespaces');
     $viaConstructor = new SAML2_Certificate_X509($toTest);
     $viaSetting = new SAML2_Certificate_X509(array());
     $viaSetting['X509Certificate'] = $toTest['X509Certificate'];
     $viaFactory = SAML2_Certificate_X509::createFromCertificateData($toTest['X509Certificate']);
     $this->assertEquals($viaConstructor['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
     $this->assertEquals($viaSetting['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
     $this->assertEquals($viaFactory['X509Certificate'], 'ShouldNoLongerHaveWhitespaces');
 }
 /**
  * @test
  * @group signature
  */
 public function signed_message_with_valid_signature_is_validated_correctly()
 {
     $pattern = SAML2_Utilities_Certificate::CERTIFICATE_PATTERN;
     preg_match($pattern, SAML2_CertificatesMock::PUBLIC_KEY_PEM, $matches);
     $fingerprint = SAML2_Certificate_X509::createFromCertificateData($matches[1])->getFingerprint();
     $config = new SAML2_Configuration_IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw())));
     $validator = new SAML2_Signature_FingerprintValidator(new SAML2_SimpleTestLogger(), new SAML2_Certificate_FingerprintLoader());
     $doc = new DOMDocument();
     $doc->load(__DIR__ . '/response.xml');
     $response = new SAML2_Response($doc->firstChild);
     $response->setSignatureKey(SAML2_CertificatesMock::getPrivateKey());
     $response->setCertificates(array(SAML2_CertificatesMock::PUBLIC_KEY_PEM));
     // convert to signed response
     $response = new SAML2_Response($response->toSignedXML());
     $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
     $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
 }
示例#3
0
 /**
  * @param SAML2_SignedElement             $signedElement
  * @param SAML2_Configuration_CertificateProvider $configuration
  *
  * @return bool
  */
 public function hasValidSignature(SAML2_SignedElement $signedElement, SAML2_Configuration_CertificateProvider $configuration)
 {
     $this->certificates = array_map(function ($certificate) {
         return SAML2_Certificate_X509::createFromCertificateData($certificate);
     }, $this->certificates);
     $fingerprintCollection = $this->fingerprintLoader->loadFromConfiguration($configuration);
     $pemCandidates = array();
     foreach ($this->certificates as $certificate) {
         /** @var SAML2_Certificate_X509 $certificate */
         $certificateFingerprint = $certificate->getFingerprint();
         if ($fingerprintCollection->contains($certificateFingerprint)) {
             $pemCandidates[] = $certificate;
         }
     }
     if (empty($pemCandidates)) {
         $this->logger->debug('Unable to match a certificate of the SignedElement matching a configured fingerprint');
         return FALSE;
     }
     return $this->validateElementWithKeys($signedElement, $pemCandidates);
 }
 public function get_X509_certificate()
 {
     foreach ($this->get_IDP_SSO_descriptor()->KeyDescriptor as $key_descriptor) {
         foreach ($key_descriptor->KeyInfo->info as $key_info) {
             if ($key_info instanceof SAML2_XML_ds_X509Data) {
                 foreach ($key_info->data as $data) {
                     if ($data instanceof SAML2_XML_ds_X509Certificate) {
                         return SAML2_Certificate_X509::createFromCertificateData($data->certificate)->getCertificate();
                     }
                 }
             }
         }
     }
     throw new RuntimeException("No X509 Certificate data");
 }
 public function get_X509_certificate()
 {
     $cert = null;
     foreach ($this->get_IDP_SSO_descriptor()->KeyDescriptor as $key_descriptor) {
         foreach ($key_descriptor->KeyInfo->info as $key_info) {
             if ($key_info instanceof SAML2_XML_ds_X509Data) {
                 foreach ($key_info->data as $data) {
                     if ($data instanceof SAML2_XML_ds_X509Certificate) {
                         $cert = SAML2_Certificate_X509::createFromCertificateData($data->certificate)->getCertificate();
                     }
                 }
             }
         }
     }
     return $cert;
 }
示例#6
0
 /**
  * Loads the certificate in the file given
  *
  * @param string $certificateFile the full path to the cert file.
  */
 public function loadCertificateFile($certificateFile)
 {
     $certificate = SAML2_Utilities_File::getFileContents($certificateFile);
     if (!SAML2_Utilities_Certificate::hasValidStructure($certificate)) {
         throw new SAML2_Certificate_Exception_InvalidCertificateStructureException(sprintf('Could not find PEM encoded certificate in "%s"', $certificateFile));
     }
     // capture the certificate contents without the delimiters
     preg_match(SAML2_Utilities_Certificate::CERTIFICATE_PATTERN, $certificate, $matches);
     $this->loadedKeys->add(SAML2_Certificate_X509::createFromCertificateData($matches[1]));
 }