function testOne() { $doc = new \DOMDocument(); $doc->load(__DIR__ . '/../../../../../../../resources/sample/Response/response01.xml'); $xpath = new \DOMXPath($doc); $xpath->registerNamespace('samlp', Protocol::SAML2); $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG); $xpath->registerNamespace('a', Protocol::NS_ASSERTION); $list = $xpath->query('/samlp:Response/a:Assertion/ds:Signature'); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $signatureNode = $list->item(0); $signatureValidator = new SignatureXmlValidator(); $signatureValidator->loadFromXml($signatureNode); $list = $xpath->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $signatureNode); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $certificateDataNode = $list->item(0); $certData = $certificateDataNode->textContent; $certificate = new X509Certificate(); $certificate->setData($certData); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureValidator->validate($key); $this->assertTrue($ok); }
/** * @return \XMLSecurityKey */ public function getPrivateKey() { if (!$this->_key) { $filename = $this->keyFile; if ($filename[0] == '@') { $filename = $this->kernel->locateResource($filename); } $this->_key = KeyHelper::createPrivateKey($filename, $this->keyPass, true, false); } return $this->_key; }
/** * @param \XMLSecurityKey $key * @return bool True if validated, False if validation was not performed * @throws \AerialShip\LightSaml\Error\SecurityException If validation fails */ public function validate(\XMLSecurityKey $key) { if ($this->getSignature() == null) { return false; } if ($key->type !== \XMLSecurityKey::RSA_SHA1) { throw new SecurityException('Invalid key type for validating signature on query string'); } if ($key->type !== $this->getAlgorithm()) { $key = KeyHelper::castKey($key, $this->getAlgorithm()); } $signature = base64_decode($this->getSignature()); if (!$key->verifySignature($this->getData(), $signature)) { throw new SecurityException('Unable to validate signature on query string'); } return true; }
private function verifySignature($xml) { $doc = new \DOMDocument(); $doc->loadXML($xml); $xpath = new \DOMXPath($doc); $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG); $list = $xpath->query('/root/ds:Signature'); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $signatureNode = $list->item(0); $signatureValidator = new SignatureXmlValidator(); $signatureValidator->loadFromXml($signatureNode); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureValidator->validate($key); $this->assertTrue($ok); }
protected function checkRequest(AuthnRequest $request, $id, $time) { $this->assertEquals($id, $request->getID()); $this->assertEquals('2.0', $request->getVersion()); $this->assertEquals($this->destination, $request->getDestination()); $this->assertEquals($this->ascURL, $request->getAssertionConsumerServiceURL()); $this->assertEquals($this->protocolBinding, $request->getProtocolBinding()); $this->assertEquals($time, $request->getIssueInstant()); $this->assertEquals($this->issuer, $request->getIssuer()); $this->assertEquals($this->nameIDPolicyFormat, $request->getNameIdPolicyFormat()); $this->assertTrue($request->getNameIdPolicyAllowCreate()); /** @var SignatureValidatorInterface $signature */ $signature = $request->getSignature(); $this->assertNotNull($signature); $this->assertTrue($signature instanceof SignatureValidatorInterface); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $signature->validate($key); }
/** * @param \AerialShip\SamlSPBundle\Config\ServiceInfo $serviceInfo * @param LogoutRequest $logoutRequest * @throws \RuntimeException */ protected function validateLogoutRequest(ServiceInfo $serviceInfo, LogoutRequest $logoutRequest) { $idp = $serviceInfo->getIdpProvider()->getEntityDescriptor(); $keyDescriptors = $idp->getFirstIdpSsoDescriptor()->getKeyDescriptors(); if (empty($keyDescriptors)) { throw new \RuntimeException('IDP must support signing for logout requests'); } /** @var $signature SignatureValidatorInterface */ $signature = $logoutRequest->getSignature(); if (!$signature) { throw new \RuntimeException('Logout request must be signed'); } $keys = array(); foreach ($keyDescriptors as $keyDescriptor) { $key = KeyHelper::createPublicKey($keyDescriptor->getCertificate()); $keys[] = $key; } $signature->validateMulti($keys); }
/** * @test */ public function shouldCreatePublicKeyWhenLoadedFromPem() { $cert = new X509Certificate(); $cert->loadPem($this->getPEM()); KeyHelper::createPublicKey($cert); }
/** * @param \AerialShip\SamlSPBundle\Config\ServiceInfo $metaProvider * @return null|\XMLSecurityKey */ protected function getSigningKey(ServiceInfo $metaProvider) { $result = null; $edIDP = $metaProvider->getIdpProvider()->getEntityDescriptor(); if ($edIDP) { $arr = $edIDP->getAllIdpSsoDescriptors(); if ($arr) { $idp = $arr[0]; $arr = $idp->findKeyDescriptors('signing'); if ($arr) { $keyDescriptor = $arr[0]; $certificate = $keyDescriptor->getCertificate(); $result = KeyHelper::createPublicKey($certificate); } } } return $result; }
/** * @return \XMLSecurityKey */ private function getXmlKey() { $cert = $this->getCertificate(); return KeyHelper::createPublicKey($cert); }
/** * @param \XMLSecurityKey $key * @return \XMLSecurityKey */ private function castKeyIfNecessary(\XMLSecurityKey $key) { $algorithm = $this->getAlgorithm(); if ($key->type === \XMLSecurityKey::RSA_SHA1 && $algorithm !== $key->type) { $key = KeyHelper::castKey($key, $algorithm); } return $key; }