protected function validateSubjectConfirmationData(SubjectConfirmationData $subjectConfirmationData)
{
if ($subjectConfirmationData->getRecipient()) {
if (false == Helper::validateWellFormedUriString($subjectConfirmationData->getRecipient())) {
throw new LightSamlValidationException('Recipient of SubjectConfirmationData must be a wellformed absolute URI.');
}
}
if ($subjectConfirmationData->getNotBeforeTimestamp() && $subjectConfirmationData->getNotOnOrAfterTimestamp() && $subjectConfirmationData->getNotBeforeTimestamp() >= $subjectConfirmationData->getNotOnOrAfterTimestamp()) {
throw new LightSamlValidationException('SubjectConfirmationData NotBefore MUST be less than NotOnOrAfter');
}
}
private function validateAuthnContext(AuthnContext $authnContext)
{
if (false == $authnContext->getAuthnContextClassRef() && false == $authnContext->getAuthnContextDecl() && false == $authnContext->getAuthnContextDeclRef()) {
throw new LightSamlValidationException('AuthnContext element MUST contain at least one AuthnContextClassRef, AuthnContextDecl or AuthnContextDeclRef element');
}
if ($authnContext->getAuthnContextClassRef() && $authnContext->getAuthnContextDecl() && $authnContext->getAuthnContextDeclRef()) {
throw new LightSamlValidationException('AuthnContext MUST NOT contain more than two elements.');
}
if ($authnContext->getAuthnContextClassRef()) {
if (false == Helper::validateWellFormedUriString($authnContext->getAuthnContextClassRef())) {
throw new LightSamlValidationException('AuthnContextClassRef has a value which is not a wellformed absolute uri');
}
}
if ($authnContext->getAuthnContextDeclRef()) {
if (false === Helper::validateWellFormedUriString($authnContext->getAuthnContextDeclRef())) {
throw new LightSamlValidationException('AuthnContextDeclRef has a value which is not a wellformed absolute uri');
}
}
}
/**
* @param AudienceRestriction $item
*
* @throws LightSamlValidationException
*/
protected function validateAudienceRestriction(AudienceRestriction $item)
{
if (false == $item->getAllAudience()) {
return;
}
foreach ($item->getAllAudience() as $audience) {
if (false == Helper::validateWellFormedUriString($audience)) {
throw new LightSamlValidationException('AudienceRestriction MUST BE a wellformed uri');
}
}
}
public function test__validate_well_formed_uri_string_returns_false_for_valid_string()
{
$this->assertTrue(Helper::validateWellFormedUriString('http://example.com'));
$this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::NS_ASSERTION));
$this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::PROTOCOL_SAML2));
$this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::NAME_ID_FORMAT_EMAIL));
$this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::BINDING_SAML2_HTTP_REDIRECT));
$this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::STATUS_SUCCESS));
$this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::AUTHN_CONTEXT_PASSWORD));
}
/**
* @param AbstractNameID $nameId
*/
protected function validateFormat(AbstractNameID $nameId)
{
if (false == Helper::validateWellFormedUriString($nameId->getFormat())) {
throw new LightSamlValidationException(sprintf("NameID element has Format attribute '%s' which is not a wellformed absolute uri", $nameId->getFormat()));
}
}
