function testOne() { $doc = new \DOMDocument(); $doc->load(__DIR__ . '/../../../../../../../resources/sample/Response/response01.xml'); $xpath = new \DOMXPath($doc); $xpath->registerNamespace('samlp', Protocol::SAML2); $xpath->registerNamespace('ds', Protocol::NS_XMLDSIG); $xpath->registerNamespace('a', Protocol::NS_ASSERTION); $list = $xpath->query('/samlp:Response/a:Assertion/ds:Signature'); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $signatureNode = $list->item(0); $signatureValidator = new SignatureXmlValidator(); $signatureValidator->loadFromXml($signatureNode); $list = $xpath->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $signatureNode); $this->assertEquals(1, $list->length); /** @var $signatureNode \DOMElement */ $certificateDataNode = $list->item(0); $certData = $certificateDataNode->textContent; $certificate = new X509Certificate(); $certificate->setData($certData); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureValidator->validate($key); $this->assertTrue($ok); }
protected function askForCertificate(DialogHelper $dialog, OutputInterface $output, EntityDescriptor $ed) { $certificatePath = $this->askFile($dialog, $output, 'Signing Certificate path', false); if ($certificatePath) { $certificate = new X509Certificate(); $certificate->loadFromFile($certificatePath); $keyDescriptor = new KeyDescriptor('signing', $certificate); $ed->addItem($keyDescriptor); } }
/** * @return X509Certificate */ public function getCertificate() { if (!$this->_certificate) { $this->_certificate = new X509Certificate(); $filename = $this->certificateFile; if ($filename[0] == '@') { $filename = $this->kernel->locateResource($filename); } $this->_certificate->loadFromFile($filename); } return $this->_certificate; }
/** * @dataProvider provider */ public function testAuthnRequestBuilder($name, array $idpData, array $spData, array $spMetaData, $expectedSendUrl, $expectedResponseType, $expectedReceiveUrl, $expectedReceiveBinding, $expectedException = null, $expectedExceptionMessage = '') { if ($expectedException) { $this->setExpectedException($expectedException, $expectedExceptionMessage); } $idp = new IdpSsoDescriptor(); foreach ($idpData as $data) { $idp->addService(new SingleSignOnService($data['binding'], $data['url'])); } $edIDP = new EntityDescriptor('idp'); $edIDP->addItem($idp); $sp = new SpSsoDescriptor(); foreach ($spData as $data) { $sp->addService(new AssertionConsumerService($data['binding'], $data['url'])); } $edSP = new EntityDescriptor('sp'); $edSP->addItem($sp); $spMeta = new SpMeta(); foreach ($spMetaData as $name => $value) { $spMeta->{$name}($value); } // without signing $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); // with signing $signature = new SignatureCreator(); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private')); $key->loadKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', true); $signature->setCertificate($certificate); $signature->setXmlSecurityKey($key); $builder = new AuthnRequestBuilder($edSP, $edIDP, $spMeta, $signature); $message = $builder->build(); $response = $builder->send($message); $this->assertStringStartsWith($expectedSendUrl, $response->getDestination(), $name); $this->assertInstanceOf($expectedResponseType, $response, $name); $this->assertEquals($expectedReceiveUrl, $message->getAssertionConsumerServiceURL(), $name); $this->assertEquals($expectedReceiveBinding, $message->getProtocolBinding(), $name); }
protected function checkRequest(AuthnRequest $request, $id, $time) { $this->assertEquals($id, $request->getID()); $this->assertEquals('2.0', $request->getVersion()); $this->assertEquals($this->destination, $request->getDestination()); $this->assertEquals($this->ascURL, $request->getAssertionConsumerServiceURL()); $this->assertEquals($this->protocolBinding, $request->getProtocolBinding()); $this->assertEquals($time, $request->getIssueInstant()); $this->assertEquals($this->issuer, $request->getIssuer()); $this->assertEquals($this->nameIDPolicyFormat, $request->getNameIdPolicyFormat()); $this->assertTrue($request->getNameIdPolicyAllowCreate()); /** @var SignatureValidatorInterface $signature */ $signature = $request->getSignature(); $this->assertNotNull($signature); $this->assertTrue($signature instanceof SignatureValidatorInterface); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $signature->validate($key); }
private function getSignedXml() { $doc = new \DOMDocument(); $doc->appendChild($doc->createElement('root')); /** @var $root \DOMElement */ $root = $doc->firstChild; $root->setAttribute('foo', 'bar'); $other = $doc->createElement('other'); $root->appendChild($other); $child = $doc->createElement('child', 'something'); $other->appendChild($child); $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.crt'); $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'private')); $key->loadKey(__DIR__ . '/../../../../../../../resources/sample/Certificate/saml.pem', true); $signatureCreator = new SignatureCreator(); $signatureCreator->setCertificate($certificate); $signatureCreator->setXmlSecurityKey($key); $context = new SerializationContext($doc); $signatureCreator->getXml($root, $context); $xml = $doc->saveXML(); return $xml; }
/** * @param \DOMElement $xml * @throws \AerialShip\LightSaml\Error\InvalidXmlException */ public function loadFromXml(\DOMElement $xml) { if ($xml->localName != 'KeyDescriptor' || $xml->namespaceURI != Protocol::NS_METADATA) { throw new InvalidXmlException('Expected KeyDescriptor element and ' . Protocol::NS_METADATA . ' namespace but got ' . $xml->localName); } $this->setUse($xml->getAttribute('use')); $xpath = new \DOMXPath($xml instanceof \DOMDocument ? $xml : $xml->ownerDocument); $xpath->registerNamespace('ds', \XMLSecurityDSig::XMLDSIGNS); $list = $xpath->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $xml); if ($list->length != 1) { throw new InvalidXmlException("Missing X509Certificate node"); } /** @var $x509CertificateNode \DOMElement */ $x509CertificateNode = $list->item(0); $certificateData = trim($x509CertificateNode->nodeValue); if (!$certificateData) { throw new InvalidXmlException("Missing certificate data"); } $this->certificate = new X509Certificate(); $this->certificate->setData($certificateData); }
/** * @param X509Certificate $certificate * @return \XMLSecurityKey */ static function createPublicKey(X509Certificate $certificate) { $key = new \XMLSecurityKey(\XMLSecurityKey::RSA_SHA1, array('type' => 'public')); $key->loadKey($certificate->toPem(), false, true); return $key; }
/** * @test */ public function shouldCreatePublicKeyWhenLoadedFromPem() { $cert = new X509Certificate(); $cert->loadPem($this->getPEM()); KeyHelper::createPublicKey($cert); }
private function checkDeserializaton(\DOMElement $root, $entityID, $locationLogout, $locationLogin, X509Certificate $certificate) { $ed = new EntityDescriptor(); $ed->loadFromXml($root); $this->assertEquals($entityID, $ed->getEntityID()); $items = $ed->getItems(); $this->assertEquals(2, count($items)); $this->assertTrue($items[0] instanceof SpSsoDescriptor); $arrSP = $ed->getItemsByType('SpSsoDescriptor'); $this->assertNotEmpty($arrSP); /** @var $sp SpSsoDescriptor */ $sp = $arrSP[0]; $this->assertNotNull($sp); $this->assertTrue($sp instanceof SpSsoDescriptor); $keys = $sp->getKeyDescriptors(); $this->assertEquals(2, count($keys)); $this->assertEquals(KeyDescriptor::USE_SIGNING, $keys[0]->getUse()); $this->assertEquals($certificate->getData(), $keys[0]->getCertificate()->getData()); $this->assertEquals(KeyDescriptor::USE_ENCRYPTION, $keys[1]->getUse()); $this->assertEquals($certificate->getData(), $keys[1]->getCertificate()->getData()); $this->assertEquals(Protocol::SAML2, $sp->getProtocolSupportEnumeration()); $items = $sp->getServices(); $this->assertEquals(3, count($items), print_r($items, true)); $arrLogout = $sp->findSingleLogoutServices(); $this->assertNotEmpty($arrLogout); $logout = $arrLogout[0]; $this->assertNotNull($logout); $this->assertEquals(Bindings::SAML2_HTTP_REDIRECT, $logout->getBinding()); $this->assertEquals($locationLogout, $logout->getLocation()); $arr = $sp->findAssertionConsumerServices(); $this->assertEquals(2, count($arr)); $arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_POST); $this->assertNotEmpty($arr); $as1 = $arr[0]; $this->assertNotNull($as1); $this->assertEquals(Bindings::SAML2_HTTP_POST, $as1->getBinding()); $this->assertEquals($locationLogin, $as1->getLocation()); $this->assertEquals(0, $as1->getIndex()); $arr = $sp->findAssertionConsumerServices(Bindings::SAML2_HTTP_ARTIFACT); $this->assertNotEmpty($arr); $as2 = $arr[0]; $this->assertNotNull($as2); $this->assertEquals(Bindings::SAML2_HTTP_ARTIFACT, $as2->getBinding()); $this->assertEquals($locationLogin, $as2->getLocation()); $this->assertEquals(1, $as2->getIndex()); }