public function test__signed_serialize_deserialize()
{
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
$privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true);
$authnRequest = new AuthnRequest();
$authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205');
$authnRequest->setIssueInstant('2015-09-13T11:47:33Z');
$authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO');
$authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity'));
$authnRequest->setSignature(new SignatureWriter($certificate, $privateKey));
$serializationContext = new SerializationContext();
$authnRequest->serialize($serializationContext->getDocument(), $serializationContext);
$temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-');
$serializationContext->getDocument()->save($temporaryFilename);
$xml = file_get_contents($temporaryFilename);
$deserializationContext = new DeserializationContext();
$deserializationContext->getDocument()->loadXML($xml);
$authnRequest = new AuthnRequest();
$authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
$signatureReader = $authnRequest->getSignature();
if ($signatureReader instanceof SignatureXmlReader) {
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
$key = KeyHelper::createPublicKey($certificate);
$ok = $signatureReader->validate($key);
$this->assertTrue($ok);
} else {
throw new \LogicException('Expected Signature Xml Reader');
}
}
public function test_private_key()
{
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
$privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', null, true);
$credential = new X509Credential($certificate, $privateKey);
$this->assertSame($certificate, $credential->getCertificate());
$this->assertNotNull($credential->getPublicKey());
$this->assertEquals($certificate->toPem(), $credential->getPublicKey()->getX509Certificate());
$this->assertNotNull($credential->getPrivateKey());
}
public function test_get_info()
{
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
$info = $certificate->getInfo();
$this->assertArrayHasKey('name', $info);
$this->assertArrayHasKey('subject', $info);
$this->assertArrayHasKey('serialNumber', $info);
$this->assertArrayHasKey('validFrom', $info);
$this->assertArrayHasKey('validTo', $info);
$this->assertArrayHasKey('validFrom_time_t', $info);
$this->assertArrayHasKey('validTo_time_t', $info);
}
/**
* @return AuthnRequest
*/
private function getAuthnRequest()
{
$authnRequest = new AuthnRequest();
$authnRequest->setIssueInstant('2014-01-01T12:00:00Z');
$authnRequest->setID('_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7');
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../resources/sample/Certificate/saml.crt');
$key = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../resources/sample/Certificate/saml.pem', '', true);
$authnRequest->setSignature(new SignatureWriter($certificate, $key));
return $authnRequest;
}
/**
* @return \LightSaml\Resolver\Credential\CredentialResolverInterface
*/
private function getResolver()
{
$provider = new FixedEntityDescriptorStore();
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp2-ed.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/idp-ed.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/ed01-formatted-certificate.xml'));
$provider->add(EntityDescriptor::load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/sp-ed2.xml'));
$metadataStore = new MetadataCredentialStore($provider);
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../resources/sample/Certificate/saml.crt');
$credential = new X509Credential($certificate, KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../resources/sample/Certificate/saml.pem', '', true));
$credential->setUsageType(UsageType::ENCRYPTION)->setEntityId('https://mt.evo.loc/sp');
$staticStore = new StaticCredentialStore();
$staticStore->add($credential);
$compositeStore = new CompositeCredentialStore();
$compositeStore->add($metadataStore)->add($staticStore);
$resolverFactory = new CredentialResolverFactory($compositeStore);
$resolver = $resolverFactory->build();
return $resolver;
}
/**
* @expectedException \InvalidArgumentException
* @expectedExceptionMessage File not found '/non/existing/file/123'
*/
public function test_error_on_invalid_load_from_file()
{
$certificate = new X509Certificate();
$certificate->loadFromFile('/non/existing/file/123');
}
