protected function validateSubjectConfirmationData(SubjectConfirmationData $subjectConfirmationData) { if ($subjectConfirmationData->getRecipient()) { if (false == Helper::validateWellFormedUriString($subjectConfirmationData->getRecipient())) { throw new LightSamlValidationException('Recipient of SubjectConfirmationData must be a wellformed absolute URI.'); } } if ($subjectConfirmationData->getNotBeforeTimestamp() && $subjectConfirmationData->getNotOnOrAfterTimestamp() && $subjectConfirmationData->getNotBeforeTimestamp() >= $subjectConfirmationData->getNotOnOrAfterTimestamp()) { throw new LightSamlValidationException('SubjectConfirmationData NotBefore MUST be less than NotOnOrAfter'); } }
private function validateAuthnContext(AuthnContext $authnContext) { if (false == $authnContext->getAuthnContextClassRef() && false == $authnContext->getAuthnContextDecl() && false == $authnContext->getAuthnContextDeclRef()) { throw new LightSamlValidationException('AuthnContext element MUST contain at least one AuthnContextClassRef, AuthnContextDecl or AuthnContextDeclRef element'); } if ($authnContext->getAuthnContextClassRef() && $authnContext->getAuthnContextDecl() && $authnContext->getAuthnContextDeclRef()) { throw new LightSamlValidationException('AuthnContext MUST NOT contain more than two elements.'); } if ($authnContext->getAuthnContextClassRef()) { if (false == Helper::validateWellFormedUriString($authnContext->getAuthnContextClassRef())) { throw new LightSamlValidationException('AuthnContextClassRef has a value which is not a wellformed absolute uri'); } } if ($authnContext->getAuthnContextDeclRef()) { if (false === Helper::validateWellFormedUriString($authnContext->getAuthnContextDeclRef())) { throw new LightSamlValidationException('AuthnContextDeclRef has a value which is not a wellformed absolute uri'); } } }
/** * @param AudienceRestriction $item * * @throws LightSamlValidationException */ protected function validateAudienceRestriction(AudienceRestriction $item) { if (false == $item->getAllAudience()) { return; } foreach ($item->getAllAudience() as $audience) { if (false == Helper::validateWellFormedUriString($audience)) { throw new LightSamlValidationException('AudienceRestriction MUST BE a wellformed uri'); } } }
public function test__validate_well_formed_uri_string_returns_false_for_valid_string() { $this->assertTrue(Helper::validateWellFormedUriString('http://example.com')); $this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::NS_ASSERTION)); $this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::PROTOCOL_SAML2)); $this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::NAME_ID_FORMAT_EMAIL)); $this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::BINDING_SAML2_HTTP_REDIRECT)); $this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::STATUS_SUCCESS)); $this->assertTrue(Helper::validateWellFormedUriString(SamlConstants::AUTHN_CONTEXT_PASSWORD)); }
/** * @param AbstractNameID $nameId */ protected function validateFormat(AbstractNameID $nameId) { if (false == Helper::validateWellFormedUriString($nameId->getFormat())) { throw new LightSamlValidationException(sprintf("NameID element has Format attribute '%s' which is not a wellformed absolute uri", $nameId->getFormat())); } }