/** * @param string $xml * @param DeserializationContext $context * * @return AuthnRequest|LogoutRequest|LogoutResponse|Response|SamlMessage * * @throws \Exception */ public static function fromXML($xml, DeserializationContext $context) { if (false == is_string($xml)) { throw new \InvalidArgumentException('Expecting string'); } $context->getDocument()->loadXML($xml); $node = $context->getDocument()->firstChild; while ($node && $node instanceof \DOMComment) { $node = $node->nextSibling; } if (null === $node) { throw new LightSamlXmlException('Empty XML'); } if (SamlConstants::NS_PROTOCOL !== $node->namespaceURI) { throw new LightSamlXmlException(sprintf("Invalid namespace '%s' of the root XML element, expected '%s'", $context->getDocument()->namespaceURI, SamlConstants::NS_PROTOCOL)); } $map = array('AttributeQuery' => null, 'AuthnRequest' => '\\LightSaml\\Model\\Protocol\\AuthnRequest', 'LogoutResponse' => '\\LightSaml\\Model\\Protocol\\LogoutResponse', 'LogoutRequest' => '\\LightSaml\\Model\\Protocol\\LogoutRequest', 'Response' => '\\LightSaml\\Model\\Protocol\\Response', 'ArtifactResponse' => null, 'ArtifactResolve' => null); $rootElementName = $node->localName; if (array_key_exists($rootElementName, $map)) { if ($class = $map[$rootElementName]) { /** @var SamlElementInterface $result */ $result = new $class(); } else { throw new \LogicException('Deserialization of %s root element is not implemented'); } } else { throw new LightSamlXmlException(sprintf("Unknown SAML message '%s'", $rootElementName)); } $result->deserialize($node, $context); return $result; }
/** * @param string $xml * @param DeserializationContext $context * * @return EntityDescriptor|EntitiesDescriptor * * @throws \Exception */ public static function fromXML($xml, DeserializationContext $context) { if (false == is_string($xml)) { throw new \InvalidArgumentException('Expecting string'); } $context->getDocument()->loadXML($xml); $node = $context->getDocument()->firstChild; while ($node && $node instanceof \DOMComment) { $node = $node->nextSibling; } if (null === $node) { throw new LightSamlXmlException('Empty XML'); } if (SamlConstants::NS_METADATA !== $node->namespaceURI) { throw new LightSamlXmlException(sprintf("Invalid namespace '%s' of the root XML element, expected '%s'", $node->namespaceURI, SamlConstants::NS_METADATA)); } $map = array('EntityDescriptor' => '\\LightSaml\\Model\\Metadata\\EntityDescriptor', 'EntitiesDescriptor' => '\\LightSaml\\Model\\Metadata\\EntitiesDescriptor'); $rootElementName = $node->localName; if (array_key_exists($rootElementName, $map)) { if ($class = $map[$rootElementName]) { /** @var SamlElementInterface $result */ $result = new $class(); } else { throw new \LogicException('Deserialization of %s root element is not implemented'); } } else { throw new LightSamlXmlException(sprintf("Unknown SAML metadata '%s'", $rootElementName)); } $result->deserialize($node, $context); return $result; }
public function test_deserialize_invalid02() { $context = new DeserializationContext(); $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/Response/invalid02.xml'); $response = new Response(); $response->deserialize($context->getDocument(), $context); $this->assertEquals('_274be8a4-c2ba-43ca-a7c6-2f1613762576', $response->getID()); $this->assertEquals('2.0', $response->getVersion()); $this->assertEquals('2013-11-17T12:35:10Z', $response->getIssueInstantString()); $this->assertEquals('_b04e5e6166a0ba08f3ae9327a7145498e9f8a60e2f', $response->getInResponseTo()); $this->assertNotNull($response->getIssuer()); $this->assertEquals('https://sts.windows.net/554fadfe-f04f-4975-90cb-ddc8b147aaa2/', $response->getIssuer()->getValue()); $this->assertNotNull($response->getStatus()); $this->assertEquals(SamlConstants::STATUS_REQUESTER, $response->getStatus()->getStatusCode()->getValue()); $this->assertEquals(SamlConstants::STATUS_UNSUPPORTED_BINDING, $response->getStatus()->getStatusCode()->getStatusCode()->getValue()); $expectedMessage = <<<EOT ACS75006: An error occurred while processing a SAML2 Authentication request. ACS75003: SAML protocol response cannot be sent via bindings other than HTTP POST. Requested binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect Trace ID: d75d5305-d3fc-40b0-9087-d59032682dd9 Correlation ID: ca26b4bd-23d4-4233-9c28-96bc0a336c39 Timestamp: 2013-11-17 12:35:10Z EOT; $expectedMessage = trim(str_replace("\r", '', $expectedMessage)); $this->assertEquals($expectedMessage, trim(str_replace("\r", '', $response->getStatus()->getStatusMessage()))); $this->assertCount(0, $response->getAllAssertions()); }
public function test_decrypt() { $xml = <<<EOT <?xml version="1.0"?> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_973220eb0b94e0367859487a8135e7855742ae2431" InResponseTo="_981d6909d57a6131e98da42ac76720776bd2a59d25" Version="2.0" IssueInstant="2015-09-28T07:24:17Z" Destination="https://localhost/lightsaml/lightSAML/web/sp/acs.php"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://lightsaml.local/idp</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_973220eb0b94e0367859487a8135e7855742ae2431"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>FKXI2BoZn0ix6Yc5m3QM3PDV8dQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>o6redfiU43TO5s0RtHUj9R0PSZVJryAs1e39biVOm84Xrd/n9IKCui3vWd9bN/wBAD9/ZZ4b48fMKfLI0hRivNEi9yJZb91uavdU1StjgpckdZtWdt315zf1+p4+xqnFAtDMWcTP3V8XAGuGfBUT+VndsS7VHVjzSjCj6+qC123TBpJ7HvC9sFUbH+uXgJaK71so8b3z79VH3C26Qnly3bmmARLkNZL8bnwlHJA/BrG/kJN5Lgv6tKB6xRbYU0grSGsA1Vt/nk2bpIGYPZU3SOIVVLUoHTkA6gGceKyJNqPcfJQVNpljTxqZjsJy7mZF9coWBSbTr5DRiGjd9pFOUA==</ds:SignatureValue> <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJAJNOFuQd727cMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE5MDE0MFoXDTI1MDkxMDE5MDE0MFowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJAJNOFuQd727cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHkHtwJBoeOhvr06M0MikKc99ze6TqAGvf+QkgFoV1sWGAh3NKcAR+XSlfK+sQWrHGkiia5hWKgAPMMUbkLP9DFWkjbK241isCZZD/LvA1anbV+7Pidn+swZ5dR7ynX2vj0kFYb+VsGPkavNcj8RN/DduhN/Tmi5sQAlWhaw06UAeEqXtFeLbTgLffBaj7PmR0IYjvTZA0X2FdRu0GXRxn7zghjpvSq9nuWa3pGbfdVtL6GIkwYUPcDzjr4OeGXNmIZe/wMCnz6VGZY+LUgzi/4DAC6V3OjMuhdqS/2+o1+CXCwN08CIHQV6+AUBenEVawMsiadLBgx3kFe5iXrYRMA=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_973220eb0b94e0367859487a8135e7855742ae2431"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>yo6ajbd+5N4zfH1IK+Up21KDuQw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ETYMDZA7IzajOPOqxrLjQImiEhC92u3k3ICoeytaI2KtLRK76hsWtNGIABvSAERUaCpHq+Uzit3yxTTXnCz1lHNzhKL27i42YwbMUe5IWRUYCVk1fJVrAcjWYYsnFMeBq7KRP8a5fHeg9PcIAZoEVz48DOUyx+kSArv2eF8B07fayu2Xp6fVGlJHAOcFWh6mK9ahLhEO3u4cLlvzVH0djF3jsY/qcH6xSK+dXu3JIgo84iJCIVayjxHbYYWA85/gnanODQ+t6cQmVqUztTfgebORgJ+PCXi5FxLPgSJM/PzO/uQ5TavKNuG3rmjjc9nHEYTrdFQ2OOU/gkLi+y31Iw==</ds:SignatureValue> <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJAJNOFuQd727cMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE5MDE0MFoXDTI1MDkxMDE5MDE0MFowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJAJNOFuQd727cMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHkHtwJBoeOhvr06M0MikKc99ze6TqAGvf+QkgFoV1sWGAh3NKcAR+XSlfK+sQWrHGkiia5hWKgAPMMUbkLP9DFWkjbK241isCZZD/LvA1anbV+7Pidn+swZ5dR7ynX2vj0kFYb+VsGPkavNcj8RN/DduhN/Tmi5sQAlWhaw06UAeEqXtFeLbTgLffBaj7PmR0IYjvTZA0X2FdRu0GXRxn7zghjpvSq9nuWa3pGbfdVtL6GIkwYUPcDzjr4OeGXNmIZe/wMCnz6VGZY+LUgzi/4DAC6V3OjMuhdqS/2+o1+CXCwN08CIHQV6+AUBenEVawMsiadLBgx3kFe5iXrYRMA=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><xenc:CipherData><xenc:CipherValue>eBXzY5t2TX8r2uNK3aO+4w4K26kGTMgYUaUL22CI4Ntb4Y2tPvenP0R/ncf0GLUXcfwtLLq9dXfV+PI0fucdu9lSZ2yqjj63aBMMZUlxtKA0WXAOI7JX0kj8TG8PFOau+ByLOlUT1oxibCcNT/Xae6YS2muvR3oM3ADn5EOEVKx5Ubzo8WoKxDBjEAluzruikc6gkyoWRexnUlYuhm0XaAnzDz8+9qYIriRoAk+wxmD8eJ6WwRcdahIpCotJ2LaJ/SGmp388x8l6C5G+ITxe5fJScQpUr1bb/UKL3r6mV9NMF0yAe2LfqlJLHQ3iYCcJKRsn59CmLPH1ku+8yd1low==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo> <xenc:CipherData> <xenc:CipherValue>qpFKqOP1rGCRandtetkweGv3rViuWNRaqPmwDyCln4cdMSNsA85umC0GLRzencZB2gMCedBgOf2suiuiorzUz1sAzYDwPD2+xDsKjZQ7aP76LKZDun6To81gp23ZvQHlV59u6QjgW6n2RJaoeBk3x1M9I82KqQ/pp6bqdyvlGkRUBBEJbSikPgpJYpLwF1XAENVDgQ2BX8tk/0iwIN3O/Epn6ZLTxE2UcyI9J0uCMMdmDoKQMnIFe46viEbuz/+idjK58NPdztJGKUJw2Mb62Om3WP0kd5DF8NCcPTVm6Bkyx+mIXKeY/CU58SqPYoCtF9LyaY9NtmhKAl0xVAIkDZgdSGo1nPCWwU+Ee3sBE8eiTVNuoCgwrVQy7gQ94pJ5AAlPF1e/UoIxar0rhPs7m0JpIAy8SEjwGtYpA+Mhgd4xtwC8ffl1H6oovohqT0hTaXxK4R3V0MsRw6a8fNsFskTEGOE7x/39pbvJ0P727YsWXMdzsVJ1pje5mWgtLEKLjePqeQtonZJValnzjSsDdwurmzxBVbDLa373352pEDc8eXCv48erYgCDqV6IOV2TUAIbB17cQbdyGj6lpUmnzjtG7qF5VSuiLQKQbzYU0WV+LbZV8SB8Gt3rSGXgWgB4qhzwMBNjLbKfK59ghcAryz9KN27cutLHIYipHSfkw3BOEg0BsZy0e8TqSI4CSSYHCKhDJzzrWXv8LfhbRd/n8MvmZD4LC9qxkTXnZPC+Vre5ROfv2z41rwpGhPc5iDNBz4pXZild93JuBj/DBJ8FEN/b4Xxxq3/+mnZrWLIR5kckLWMSZ4XQEM+SVIRhMZj9Fk7vuqSRYw9eCSByI5g/ZksaCB/4Cyyhzc34DiQnxxQPA22TXhd0hL3XoZc8LPwWjE6+JqyFYL7VLCRghM5p2vda7W/3/bGWoWlt76BgsJaWfPToY39u2kcLSbm8f+PU6HP6v4g4d6IWGk11o9Pp9UV/9VGdcyO39C+bhfOYQw5d/sxIFy9rVWgvdywbbv1XWv2hU+NU4i0RwTStlNR+JnAu/aYA6riH2GOjShYDgWvHJ7UbUtMUntmNWntY6Ja1lKpwBmJ0O+LotA/mG2jGPCVoXo56x3PXcOsBgdQ3OpOnp8+ckJdhj8qZsOlko8Ye6uK0DgCWLj71Q8BVtSY7btZC4lvFgrCJW5/5WM1biTMb7oub3PAxm6EfIGtdcYz4fN+5bwjdRvOzG4g9smd6vyEFZEhllKkgwbt2OHL6oOdVFMiRxfmO19y0RStcOlKVrG+3DoeZBAWY5qjvQDk/IipR1kVCWD0b+lcn4sJ8jK8+Qw/eneW2Zs3kRiji+hJDMGYtAvkWsRwOz5Yfeu1lZdE5khOykt3cWMjsdxA4nuMhXPEfvSdaHssI0AJfz11RxPCh8CJrxGGlo2X3KC1kRK3kTeIaomYSPwx4TKr7FUkKtuO/JHQbdYpTC4cJYDZbNq6Tz6sc/nburM19VYLR9EcV8WOkT13Ahw02crJHyUSH6eWMvk+QFxGYFuazHajxtCBUcL2aJK1TJ+bd3n7oTMmTLSuTRUt4M4y1+6tKithvw1W8aHlHewaEx9szwZ7xNGYagu44UQxE6uz5G3esZEzOkUPK+wc4AjOuBVIBZ0wqXIoSSMo6DVV70uv1bUHMcHEHj6d7+WmYfWX9fIXrhB41nPr3WZzwenv1aXFyUBW3uOvW3rZGQuMivKPRdHgjExxbPGdnMGXfagGsIYfGlP/KbyWJCKzajFGX7vhLpUl3MZUI9sKNBZ6Jbf3rXg5pZKCc9NcnxP3KzYGwkJRfdSqdXBUsfoeQestoQ0Y3IywFrFHJWgvvPOUf3WFHtE2rYZt8fXK0mPm/kioCfe+i4WnjsUrcwpsQhGXS93nkg0fHcK0Mz8c3Pqu8AyqEFD8OAMy76yuh6hujS1vC83YTQDW0vr+lZUZxJ61AklWcJPASl9pZeqrnV2gNQmIBtsZCcKrFv0QeSShppMyDAXCaqbFwIbsxhAnsVOsTXqpV+dXUeZgwKHnlFqgfTnhh9A0PGoGI8j7xq/fvOinRuigMd9c3F2+jde4btCCGe/llaCUZSNeA9hYw5YJATeCQfgGqzXgariEkSCVeXQju+4XDNtxT33GfhbksjwhdS+lTauFQDAsPgP7yHWBjsA+n3bVr9eaiqK/Yb0VyMGjJYBllcg46+uFazQdp2hgnDiv+xBuQZnod8GdiJbMXjADWm29o85VzIRnR3HESgg9NQdaGcYS89DYJ0jrjEEJEAii0bXYkjbJMqkNII9s/hTh3f1c+QIl42LDo73eh3EcPEc7JIq/ShyDV8WNDTD1zNDbV3RcjpqL4xQ/lZpOGAubRIc6NjIB83OscXkkBO+S1qLKFmeSvsmr2gx5J8nFsVHN2jagX7V0RSr+MpoGss7ncm4dton9bCvoxX0Sr0IYjxCqzKvmr6YCrliR6LKjiYtMbmcfan5yRYv9eIra32vug3MNQhOAVpjZ+395BQMtOHYANKsI+26UpqcZxUcEG+2Sk5Mx5NKIG5JURx+0wuwE9zIqDMVa04ccLZG69Kcv2wM83JS5WGyJHi/R6SgkyYOYpNAXh78ync4+pfb6sQSHNawEqHF1v5x1k39TwMke1OivUOaXew3cmREXwI6vm8vtbgyNHUZpnuzwhLlA6tE2g+hbPkX5i8cbJyiJz9zEwx7Osby27ZggYMqSyxq3cBN0//2U1WnhfkcHMa04Wx4F5oGSYu/2jw9/Ihx17QL/0Ycvxg3jhZia5+BIwtdmHAlF7vzs7eANnKkmpPdhiKT7KC4r840M2J+OZDFLMTASUU72Ws0iRpQjtrpmVAMFTgCeELBIIbp424IBW8aL77WAhhaLLys+WcPWTXuYWJu5/azYuQeFxwfqZiZdBVPSwlQ4LrGgP37qkyHv0RiAQxjLTwuOa9N2IHLQNP6SivwturEwKbs7JnlYWEDOTcKiHteFnAATEm0F8QwrlW/wD1iFMDEAY8j42ufoRdrXFbtwh718gfvJZSkSMTs6Cq2X0jvZreoV4Rq5LiNIjZlr07j8DjeiUQFIL1GJFOKWmSbF25lTiRcKuJ29MmsT9GvztsubjTKdjKhJhhUrqbCn8xRnJ2xfyVglb38csTSmBUs+GEppSMSbyUo5eA/ZoUoDnugKaSEPt8z6fvrStlpEGZSpuZx/HzyoB/78NtzA7WiMYZ12MNmEvsvaRZzQ1NId3aAWXS3vsQ1kIuBpkxQmk42NhmOd5pLNX+EJbujTTRU+3HrsloPVWHHVZ01f2a7XdXiVchcpp4sHx3lx49bnutOHw7LhzkuYRq/Ylips6B6El6O3IpeqCIwnui5BhJFpEdQ8dnT9KfVn27dr/P6/r07Z4PNw0RLaJTCcz/wAti1uZ8Gj6rgfzU3dDXFDB3sGI7iaPwjpku/5EAmPbImz9X/hB0NiRqXkRZlfl5OyRvP//YKdGXaQSC0gVsIU8nkLkEM18ecVEpIQU2rFEr69ruMijS2huhczvumyzFEQ+Rnohc5MUYmRwyWP8Qvvkr3U7WD1vDBJi7BhlEFyI4o+jOJbwOSHcs6z5Oj7JuZ3gGjfXkgKJOBhk9igBEt4sqkN3ZGIYD6g4ClHW0fttBZfR/my26vKtvjOSLeVNxYdDX6Rx0SOfKDV3wo8IA5qPKCOxIvKSmlJ2P2gqrQUR8iR4mnMUVAKYiBCd9hUsLy1GjCTglYngbHOS3BQn9RdHhWgdO8jYnM8ot5lhVzoH8Q9TA1F8UGeMtBFtWm/rCyzGMU0XR4v+BTCn+WvGuYgn1CJOVIAAfl3n/p0TmTZtIUu/dIkrEy7LDNN0Ov+Ov+fh4sjFv3E+1BIkJJhX2+6FkUr8fj54DQj8n8V+WRBOPYkE1n1SUW6iiKn0LVY+yzW0Y9AoDny3BehwljavYkaTgsI+iDs/LYLwYCDYKJ5LDfBk6C5PtoFTTBlqu0czeO7qEH9jP+RObd06M8NbnErZzpAxikA4BiDuMEf4SOchvdSQOdbsl4/oLoiHprLYQvs1Q3jLjdF7zMuMxjtjukzod6IXZbwAnMQJR9fKRpslQ5vkDL4vBRqWU+RDbnlwHqfAhNUjPjFleFM1HKpuzXG+D0TTCmUTt5VHItIDXrgkt4u/g3tqHnncwuC4V944kUV8ZWp6C5k17M9ZlvYWjH+wpjqSeL+PKL/zOL9gLlFFincsrbQravhteRh+iKjAIXIr+mQNwn+MmvjaaLci9HB4R/MHhBX2nw4S37btT/KVO1NgKzimwUEzLoE90Fwd/wzMzaJuey1Kv8MPlYpLaouCn+lr5LfGuK2Traq7BTCDX/RfuE0GkbWg4hica++nstm+xVWvy7WtQf1Jrs+r47VkKP3WJBFFS8RFcdOIxPEQ75CnAgd3fsDVYfQhrf/Z/O+XEdlbxwusDKB2k/Eer/FEZQ0h6p1zoMna0j2I6sQVhgmqlVOW3XW0xSi+L4DylQOGr/WuKmKtCGe/hYUrgD7hKICxo9ouifdLmO3WFkd49hOagXgsWyCGTxAM2JKPC1VGefJh1t5AsiDWx9sgO9WY2U8c3cafqp+X2TOF9d2enH64Vudu34c1WJBvtViv4FUHf69i+Nky8s6+GF273BiYIQ0J761SQvIufw0zOErMJWyGW4Ckr1K2CPO0RKLwDgSpWCHWSthXfwWNWTMYDiQWyxn6vMuxCEgcGufWa7rzizHztKCZZHr0jWtWufUNIT/m1pRH99pu0FRRevcRXSDQdT5piQcpx6x2Jwm7CFJ8PynXZCE9Ln6Zjgiknad7JKAdUcPc6FVw49ukWCjcExFRXbpWEzoKLN13A2HRgmEM2xRl9Jss/gZLRSR5wkALRCh64UJmSRo3/J07in/TDPNp+QDgx+feUFwYw0/eGx9RjiLJOK5JJh+fsZ1OgzvpyWhhaQ3+OspPjc4Cfq1cvdIQaagma52UW5j3LPhMPT7PpDNyiU3QQUh/21mGie1ZAQg10+cuO0AAyev+8e3ztlGCLaiy2gASiJhnO8Ou8J4NCbhXtakTPvfL5LXxPunxRZwE6xG1QHKEa0dKYmKD6tW0s2r14KNPl7OqfuKef+MxDF9nQ+Z3mZvQrb3RPzVh3853/YaRSPmr+XMb31sOvMwC+HCgC5ye/broZ4jTvBhjY0r3l7EgqlZi83avpDh7ZRLpBOrhkjEHVGEuRico5vxM5bR9tMJRmEDW1AdJYXOix4OB9j0MjRU/NBOb7idV1MMlaJWO8mdcLfob86LF2mMu/4LbZG3uTOz/KxnwBdmfDF5H+ZCZZMM8rTCFA80I53BcLQhq5TEWmWwCSiC3dg5DGK8Qzg0b3ruzpXPDfKpAV8C0gt28+02HO8ThhDh1i+LssR8/nUO+0E6bKDmFADnFb/ISx3L8fj1MCyrDrwo0P9WUhYd9a0UDg2ty8Slb+8FLjtwqxY6ADphwgtkfbTJbZgCkDu7+bOScTZ31+cSqEFqEDljrdKIljvH2vMMty3mnUm59IahghWy3UIgtmW3UjtUC/IRxCk63vgjOKVhs/RzCQzOCk5hUO/W4L0XNEYo7dpEauRDNCVkMJ70PRWognr5u6Yoq2zM=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData></saml:EncryptedAssertion></samlp:Response> EOT; $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->loadXML($xml); $response = new Response(); $response->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); $credential = new X509Credential(X509Certificate::fromFile(__DIR__ . '/../../../../../../resources/sample/Certificate/lightsaml-idp.crt'), KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../resources/sample/Certificate/lightsaml-idp.key', '', true)); $decryptDeserializeContext = new DeserializationContext(); /** @var EncryptedAssertionReader $reader */ $reader = $response->getFirstEncryptedAssertion(); $assertion = $reader->decryptMultiAssertion([$credential], $decryptDeserializeContext); $this->assertEquals('_c9cbe081e1b1294c9ea31d98f4a473a081466502a0', $assertion->getId()); $this->assertEquals('https://lightsaml.local/idp', $assertion->getIssuer()->getValue()); $this->assertEquals('*****@*****.**', $assertion->getSubject()->getNameID()->getValue()); $this->assertEquals('common-name', $assertion->getFirstAttributeStatement()->getFirstAttributeByName(ClaimTypes::COMMON_NAME)->getFirstAttributeValue()); $this->assertEquals('*****@*****.**', $assertion->getFirstAttributeStatement()->getFirstAttributeByName(ClaimTypes::EMAIL_ADDRESS)->getFirstAttributeValue()); }
public function test__signed_serialize_deserialize() { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true); $authnRequest = new AuthnRequest(); $authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205'); $authnRequest->setIssueInstant('2015-09-13T11:47:33Z'); $authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO'); $authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity')); $authnRequest->setSignature(new SignatureWriter($certificate, $privateKey)); $serializationContext = new SerializationContext(); $authnRequest->serialize($serializationContext->getDocument(), $serializationContext); $temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-'); $serializationContext->getDocument()->save($temporaryFilename); $xml = file_get_contents($temporaryFilename); $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->loadXML($xml); $authnRequest = new AuthnRequest(); $authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); $signatureReader = $authnRequest->getSignature(); if ($signatureReader instanceof SignatureXmlReader) { $certificate = new X509Certificate(); $certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt'); $key = KeyHelper::createPublicKey($certificate); $ok = $signatureReader->validate($key); $this->assertTrue($ok); } else { throw new \LogicException('Expected Signature Xml Reader'); } }
/** * @param \DOMElement $dom * @param DeserializationContext $deserializationContext * * @return Assertion */ protected function getAssertionFromDom(\DOMElement $dom, DeserializationContext $deserializationContext) { $deserializationContext->setDocument($dom->ownerDocument); $assertion = new Assertion(); $assertion->deserialize($dom, $deserializationContext); return $assertion; }
/** * @expectedException \LogicException * @expectedExceptionMessage SignatureWriter can not be deserialized */ public function test_throws_logic_exception_on_deserialize() { $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->loadXML('<a></a>'); $writer = new SignatureWriter(); $writer->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); }
/** * Parse saml response. * * @param array $payload * @return Response */ public function parseSamlResponse(array $payload) { $deserialization_context = new DeserializationContext(); $deserialization_context->getDocument()->loadXML(base64_decode($payload['SAMLResponse'])); $saml_response = new Response(); $saml_response->deserialize($deserialization_context->getDocument()->firstChild, $deserialization_context); return $saml_response; }
/** * @param string $xml * * @return EntitiesDescriptor */ public static function loadXml($xml) { $context = new DeserializationContext(); $context->getDocument()->loadXML($xml); $ed = new self(); $ed->deserialize($context->getDocument()->firstChild, $context); return $ed; }
public function test_deserialize_ukfederation_metadata() { $context = new DeserializationContext(); $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntitiesDescriptor/ukfederation-metadata.xml'); $entitiesDescriptor = new EntitiesDescriptor(); $entitiesDescriptor->deserialize($context->getDocument(), $context); $this->assertCount(2935, $entitiesDescriptor->getAllEntityDescriptors()); }
/** * @return EntitiesDescriptor */ public function get() { if (null == $this->entitiesDescriptor) { $this->entitiesDescriptor = new EntitiesDescriptor(); $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->load($this->filename); $this->entitiesDescriptor->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext); } return $this->entitiesDescriptor; }
/** * @param string $xml * @param string $class */ private function deserializeAndVerify($xml, $class) { $deserializationContext = new DeserializationContext(); $deserializationContext->getDocument()->loadXML($xml); /** @var SamlMessage $samlMessage */ $samlMessage = new $class(); $samlMessage->deserialize($deserializationContext->getDocument(), $deserializationContext); /** @var AbstractSignatureReader $signatureReader */ $signatureReader = $samlMessage->getSignature(); $ok = $signatureReader->validate(KeyHelper::createPublicKey($this->getCertificate())); $this->assertTrue($ok); }
public function test__deserialize_formatted_certificate() { $context = new DeserializationContext(); $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntityDescriptor/ed01-formatted-certificate.xml'); $ed = new EntityDescriptor(); $ed->deserialize($context->getDocument()->firstChild, $context); $this->assertNotNull($ed->getFirstIdpSsoDescriptor()); $arr = $ed->getFirstIdpSsoDescriptor()->getAllKeyDescriptors(); $this->assertCount(1, $arr); /** @var KeyDescriptor $kd */ $kd = array_shift($arr); $crt = openssl_x509_parse($kd->getCertificate()->toPem()); $this->assertEquals('idp.testshib.org', $crt['subject']['CN']); }
/** * @param \DOMNode $node * @param DeserializationContext $context */ public function deserialize(\DOMNode $node, DeserializationContext $context) { $list = $context->getXpath()->query('xenc:EncryptedData', $node); if (0 == $list->length) { throw new LightSamlXmlException('Missing encrypted data in <saml:EncryptedAssertion>'); } if (1 != $list->length) { throw new LightSamlXmlException('More than one encrypted data element in <saml:EncryptedAssertion>'); } /** @var \DOMElement $encryptedData */ $encryptedData = $list->item(0); $this->xmlEnc = new XMLSecEnc(); $this->xmlEnc->setNode($encryptedData); $this->xmlEnc->type = $encryptedData->getAttribute('Type'); $this->symmetricKey = $this->loadSymmetricKey(); $this->symmetricKeyInfo = $this->loadSymmetricKeyInfo($this->symmetricKey); }
public function test__send_authn_request() { $expectedRelayState = 'relayState'; $expectedDestination = 'https://destination.com/auth'; $request = $this->getAuthnRequest(); $request->setRelayState($expectedRelayState); $request->setDestination($expectedDestination); $biding = new HttpRedirectBinding(); $eventDispatcherMock = $this->getEventDispatcherMock(); $eventDispatcherMock->expects($this->once())->method('dispatch')->willReturnCallback(function ($name, GenericEvent $event) { $this->assertEquals(Events::BINDING_MESSAGE_SENT, $name); $this->assertNotEmpty($event->getSubject()); $doc = new \DOMDocument(); $doc->loadXML($event->getSubject()); $this->assertEquals('AuthnRequest', $doc->firstChild->localName); }); $biding->setEventDispatcher($eventDispatcherMock); $this->assertSame($eventDispatcherMock, $biding->getEventDispatcher()); $messageContext = new MessageContext(); $messageContext->setMessage($request); /** @var RedirectResponse $response */ $response = $biding->send($messageContext); $this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $response); $url = $response->getTargetUrl(); $this->assertNotEmpty($url); $urlInfo = parse_url($url); $this->assertEquals($expectedDestination, $urlInfo['scheme'] . '://' . $urlInfo['host'] . $urlInfo['path']); $query = array(); parse_str($urlInfo['query'], $query); $this->assertArrayHasKey('SAMLRequest', $query); $this->assertArrayHasKey('RelayState', $query); $this->assertArrayHasKey('SigAlg', $query); $this->assertArrayHasKey('Signature', $query); $this->assertEquals('RY/NCsIwEITvPkXI3TaptY3BKkIvBb2oePAiMUmxYBPtbsXHdxFEGBgY5tuf5frd39nLD9DFUHGZCL5eTZabEW9h75+jB2TUCFDxcQg6GuhAB9N70Gj1YbPb6iwR+jFEjDbeOWvqil+Us7ZYqHlbuEU7IxfXq8vnReZblSvfzowvlVOlKzk7/XbTHMIBRt8EQBOQIiHzqZCko8y0EKQzZzUd1QWDX+qG+ACdpu4fJjb2qaEPeLqafAA=', $query['SAMLRequest']); $this->assertEquals($expectedRelayState, $query['RelayState']); $this->assertEquals('http://www.w3.org/2000/09/xmldsig#rsa-sha1', $query['SigAlg']); $this->assertEquals('tm8dkiHro6oQkvleMAeAIWOLGKn116VVs/lRM+QpeR3YuKCjXcNFhI4xIunGYhfF+f2Li0GNdh6PqoyX3YVd7KVbm5hDTstJwx+PRYzMiBqwNMB5wCTtbZMiBiYbCT28ANU9ObWnYXbfKVNQJq/z8Uj2PFPXr+gVy30ttIXlHFKmGnYAwrlTEEYRDZ4clJ2tNEIxHZwwqHuPy1sd2xdWT8uKHJeRxTbvF2Vzw6ytzFeyQBIIPy/lk46czhi5a8uOb89y0XrDgSqHlwv2Vk/a5iWdYla235vWjAfuKSj6wD9Z0PnyNVPxlCl4B2bnRCWq1XBzYwsS12RYvd0vhO8DEA==', $query['Signature']); $xml = gzinflate(base64_decode($query['SAMLRequest'])); $context = new DeserializationContext(); $context->getDocument()->loadXML($xml); $receivedAuthnRequest = new AuthnRequest(); $receivedAuthnRequest->deserialize($context->getDocument()->firstChild, $context); $this->assertEquals($request->getID(), $receivedAuthnRequest->getID()); $this->assertEquals($request->getIssueInstantTimestamp(), $receivedAuthnRequest->getIssueInstantTimestamp()); }
public function test__deserialize_logout_request01() { $context = new DeserializationContext(); $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/Request/logoutrequest01.xml'); $request = new LogoutRequest(); $request->deserialize($context->getDocument(), $context); $this->assertEquals('_6210989d671b429f1c82467626ffd0be990ded60bd', $request->getID()); $this->assertEquals('2.0', $request->getVersion()); $this->assertEquals('2013-11-07T16:07:25Z', $request->getIssueInstantString()); $this->assertEquals('https://b1.bead.loc/adfs/ls/', $request->getDestination()); $this->assertEquals('2013-11-07T16:07:25Z', $request->getNotOnOrAfterString()); $this->assertNotNull($request->getIssuer()); $this->assertEquals('https://mt.evo.team/simplesaml/module.php/saml/sp/metadata.php/default-sp', $request->getIssuer()->getValue()); $this->assertNotNull($request->getNameID()); $this->assertEquals('user', $request->getNameID()->getValue()); $this->assertEquals(SamlConstants::NAME_ID_FORMAT_TRANSIENT, $request->getNameID()->getFormat()); $this->assertEquals('_677952a2-7fb3-4e7a-b439-326366e677db', $request->getSessionIndex()); }
/** * @param \DOMElement $node * @param DeserializationContext $context * * @throws \LightSaml\Error\LightSamlSecurityException */ public function deserialize(\DOMElement $node, DeserializationContext $context) { $this->checkXmlNodeName($node, 'Signature', SamlConstants::NS_XMLDSIG); $this->signature = new XMLSecurityDSig(); $this->signature->idKeys[] = $this->getIDName(); $this->signature->sigNode = $node; $this->signature->canonicalizeSignedInfo(); $this->key = null; $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public')); XMLSecEnc::staticLocateKeyInfo($key, $node); if ($key->name || $key->key) { $this->key = $key; } $this->certificates = array(); $list = $context->getXpath()->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $node); foreach ($list as $certNode) { $certData = trim($certNode->textContent); $certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData); $this->certificates[] = $certData; } }
public function test__deserialize_test_shib() { $context = new DeserializationContext(); $context->getDocument()->load(__DIR__ . '/../../../../../../resources/sample/EntitiesDescriptor/testshib-providers.xml'); $entitiesDescriptor = new EntitiesDescriptor(); $entitiesDescriptor->deserialize($context->getDocument()->firstChild, $context); $this->assertEquals('urn:mace:shibboleth:testshib:two', $entitiesDescriptor->getName()); $this->assertCount(2, $entitiesDescriptor->getAllEntityDescriptors()); //region IDP $ed = $entitiesDescriptor->getByEntityId('https://idp.testshib.org/idp/shibboleth'); $this->assertNotNull($ed); $this->assertEquals('https://idp.testshib.org/idp/shibboleth', $ed->getEntityID()); $this->assertCount(1, $ed->getAllIdpSsoDescriptors()); $idp = $ed->getFirstIdpSsoDescriptor(); $this->assertNotNull($idp); $this->assertEquals('urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol', $idp->getProtocolSupportEnumeration()); $this->assertCount(1, $idp->getAllKeyDescriptors()); KeyDescriptorChecker::checkCertificateCN($this, null, 'idp.testshib.org', $idp->getFirstKeyDescriptor()); NameIdFormatChecker::check($this, $idp, array(SamlConstants::NAME_ID_FORMAT_TRANSIENT, SamlConstants::NAME_ID_FORMAT_SHIB_NAME_ID)); $this->assertCount(4, $idp->getAllSingleSignOnServices()); EndpointChecker::check($this, SamlConstants::BINDING_SHIB1_AUTHN_REQUEST, 'https://idp.testshib.org/idp/profile/Shibboleth/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SHIB1_AUTHN_REQUEST)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://idp.testshib.org/idp/profile/SAML2/POST/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_HTTP_POST)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_REDIRECT, 'https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_SOAP, 'https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP', $idp->getFirstSingleSignOnService(SamlConstants::BINDING_SAML2_SOAP)); $this->assertEmpty($idp->getAllSingleLogoutServices()); $this->assertEmpty($idp->getAllAttributes()); $this->assertEmpty($idp->getAllOrganizations()); $this->assertEmpty($idp->getAllContactPersons()); $this->assertCount(1, $ed->getAllOrganizations()); OrganizationChecker::check($this, 'TestShib Two Identity Provider', 'TestShib Two', 'http://www.testshib.org/testshib-two/', $ed->getFirstOrganization()); $this->assertCount(1, $ed->getAllContactPersons()); ContactPersonChecker::check($this, ContactPerson::TYPE_TECHNICAL, null, 'Nate', 'Klingenstein', '*****@*****.**', null, $ed->getFirstContactPerson()); unset($idp); //endregion //region SP $ed = $entitiesDescriptor->getByEntityId('https://sp.testshib.org/shibboleth-sp'); $this->assertNotNull($ed); $this->assertEquals('https://sp.testshib.org/shibboleth-sp', $ed->getEntityID()); $this->assertCount(1, $ed->getAllSpSsoDescriptors()); $sp = $ed->getFirstSpSsoDescriptor(); $this->assertNotNull($sp); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext', $sp->getProtocolSupportEnumeration()); $this->assertCount(1, $sp->getAllKeyDescriptors()); KeyDescriptorChecker::checkCertificateCN($this, null, 'sp.testshib.org', $sp->getFirstKeyDescriptor()); $this->assertCount(4, $sp->getAllSingleLogoutServices()); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_SOAP, 'https://sp.testshib.org/Shibboleth.sso/SLO/SOAP', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_SOAP)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_REDIRECT, 'https://sp.testshib.org/Shibboleth.sso/SLO/Redirect', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://sp.testshib.org/Shibboleth.sso/SLO/POST', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_POST)); EndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_ARTIFACT, 'https://sp.testshib.org/Shibboleth.sso/SLO/Artifact', $sp->getFirstSingleLogoutService(SamlConstants::BINDING_SAML2_HTTP_ARTIFACT)); NameIdFormatChecker::check($this, $sp, array(SamlConstants::NAME_ID_FORMAT_TRANSIENT, SamlConstants::NAME_ID_FORMAT_SHIB_NAME_ID)); $this->assertCount(8, $sp->getAllAssertionConsumerServices()); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST, 'https://sp.testshib.org/Shibboleth.sso/SAML2/POST', 1, true, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_POST)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN, 'https://sp.testshib.org/Shibboleth.sso/SAML2/POST-SimpleSign', 2, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_POST_SIMPLE_SIGN)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML2_HTTP_ARTIFACT, 'https://sp.testshib.org/Shibboleth.sso/SAML2/Artifact', 3, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML2_HTTP_ARTIFACT)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML1_BROWSER_POST, 'https://sp.testshib.org/Shibboleth.sso/SAML/POST', 4, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML1_BROWSER_POST)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_SAML1_ARTIFACT1, 'https://sp.testshib.org/Shibboleth.sso/SAML/Artifact', 5, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_SAML1_ARTIFACT1)); IndexedEndpointChecker::check($this, SamlConstants::BINDING_WS_FED_WEB_SVC, 'https://sp.testshib.org/Shibboleth.sso/ADFS', 6, false, $sp->getFirstAssertionConsumerService(SamlConstants::BINDING_WS_FED_WEB_SVC)); $this->assertCount(1, $ed->getAllOrganizations()); OrganizationChecker::check($this, 'TestShib Two Service Provider', 'TestShib Two', 'http://www.testshib.org/testshib-two/', $ed->getFirstOrganization()); $this->assertCount(1, $ed->getAllContactPersons()); ContactPersonChecker::check($this, ContactPerson::TYPE_TECHNICAL, null, 'Nate', 'Klingenstein', '*****@*****.**', null, $ed->getFirstContactPerson()); unset($sp); //endregion }
public function test__deserialize() { $xml = <<<EOT <?xml version="1.0"?> <md:EntitiesDescriptor ID="esd1" Name="first" validUntil="2013-10-27T11:55:37.035Z" cacheDuration="P1D" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"> <md:EntityDescriptor entityID="ed1"/> <md:EntityDescriptor entityID="ed2"/> <md:EntitiesDescriptor ID="esd2" Name="second"> <md:EntityDescriptor entityID="ed3"/> </md:EntitiesDescriptor> </md:EntitiesDescriptor> EOT; $context = new DeserializationContext(); $context->getDocument()->loadXML($xml); $esd = new EntitiesDescriptor(); $esd->deserialize($context->getDocument(), $context); $this->assertEquals('esd1', $esd->getId()); $this->assertEquals('first', $esd->getName()); $this->assertEquals(1382874937, $esd->getValidUntilTimestamp()); $this->assertEquals('P1D', $esd->getCacheDuration()); $items = $esd->getAllItems(); $this->assertCount(3, $items); $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntityDescriptor', $items[0]); $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntityDescriptor', $items[1]); $this->assertInstanceOf('LightSaml\\Model\\Metadata\\EntitiesDescriptor', $items[2]); }
/** * @param \DOMElement $node * @param DeserializationContext $context * @param string $elementName * @param string $class * @param string $namespacePrefix * * @throws \LogicException */ protected function oneElementFromXml(\DOMElement $node, DeserializationContext $context, $elementName, $class, $namespacePrefix) { if ($namespacePrefix) { $query = sprintf('./%s:%s', $namespacePrefix, $elementName); } else { $query = sprintf('./%s', $elementName); } $arr = $context->getXpath()->query($query, $node); $value = $arr->length > 0 ? $arr->item(0) : null; if ($value) { $setter = 'set' . $elementName; if (false == method_exists($this, $setter)) { throw new \LogicException(sprintf("Unable to find setter for element '%s' in class '%s'", $elementName, get_class($this))); } if ($class) { /** @var AbstractSamlModel $object */ $object = new $class(); if (false == $object instanceof \LightSaml\Model\SamlElementInterface) { throw new \LogicException(sprintf("Specified class '%s' for element '%s' must implement SamlElementInterface", $class, $elementName)); } $object->deserialize($value, $context); } else { $object = $value->textContent; } $this->{$setter}($object); } }
/** * @param \DOMElement $node * @param DeserializationContext $context * * @throws LightSamlXmlException * * @return void */ public function deserialize(\DOMElement $node, DeserializationContext $context) { $this->checkXmlNodeName($node, 'KeyDescriptor', SamlConstants::NS_METADATA); $this->attributesFromXml($node, array('use')); $list = $context->getXpath()->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $node); if (1 != $list->length) { throw new LightSamlXmlException('Missing X509Certificate node'); } /** @var $x509CertificateNode \DOMElement */ $x509CertificateNode = $list->item(0); $certificateData = trim($x509CertificateNode->textContent); if (false == $certificateData) { throw new LightSamlXmlException('Missing certificate data'); } $this->certificate = new X509Certificate(); $this->certificate->setData($certificateData); }