Convert this assertion to an XML element.
public toXML ( DOMNode $parentElement = null ) : DOMElement | ||
$parentElement | DOMNode | The DOM node the assertion should be created in. |
return | DOMElement | This assertion. |
/** * Set the assertion. * * @param \SAML2\Assertion $assertion The assertion. * @param XMLSecurityKey $key The key we should use to encrypt the assertion. * @throws \Exception */ public function setAssertion(Assertion $assertion, XMLSecurityKey $key) { $xml = $assertion->toXML(); Utils::getContainer()->debugMessage($xml, 'encrypt'); $enc = new XMLSecEnc(); $enc->setNode($xml); $enc->type = XMLSecEnc::Element; switch ($key->type) { case XMLSecurityKey::TRIPLEDES_CBC: case XMLSecurityKey::AES128_CBC: case XMLSecurityKey::AES192_CBC: case XMLSecurityKey::AES256_CBC: $symmetricKey = $key; break; case XMLSecurityKey::RSA_1_5: case XMLSecurityKey::RSA_OAEP_MGF1P: $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); $symmetricKey->generateSessionKey(); $enc->encryptKey($key, $symmetricKey); break; default: throw new \Exception('Unknown key type for encryption: ' . $key->type); } $this->encryptedData = $enc->encryptNode($symmetricKey); }
public function testMarshalling() { // Create an assertion $assertion = new Assertion(); $assertion->setIssuer('testIssuer'); $assertion->setValidAudiences(array('audience1', 'audience2')); $assertion->setAuthnContext('someAuthnContext'); // Marshall it to a \DOMElement $assertionElement = $assertion->toXML(); // Test for an Issuer $issuerElements = Utils::xpQuery($assertionElement, './saml_assertion:Issuer'); $this->assertCount(1, $issuerElements); $this->assertEquals('testIssuer', $issuerElements[0]->textContent); // Test for an AudienceRestriction $audienceElements = Utils::xpQuery($assertionElement, './saml_assertion:Conditions/saml_assertion:AudienceRestriction/saml_assertion:Audience'); $this->assertCount(2, $audienceElements); $this->assertEquals('audience1', $audienceElements[0]->textContent); $this->assertEquals('audience2', $audienceElements[1]->textContent); // Test for an Authentication Context $authnContextElements = Utils::xpQuery($assertionElement, './saml_assertion:AuthnStatement/saml_assertion:AuthnContext/saml_assertion:AuthnContextClassRef'); $this->assertCount(1, $authnContextElements); $this->assertEquals('someAuthnContext', $authnContextElements[0]->textContent); }
public function testTypedEncryptedAttributeValuesAreParsedCorrectly() { $xml = <<<XML <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="_93af655219464fb403b34436cfb0c5cb1d9a5502" IssueInstant="1970-01-01T01:33:31Z"> <saml:Issuer>Provider</saml:Issuer> <saml:Conditions/> <saml:AttributeStatement> <saml:Attribute Name="urn:some:string"> <saml:AttributeValue xsi:type="xs:string">string</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="urn:some:integer"> <saml:AttributeValue xsi:type="xs:integer">42</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> XML; $privateKey = CertificatesMock::getPublicKey(); $assertion = new Assertion(DOMDocumentFactory::fromString($xml)->firstChild); $assertion->setEncryptionKey($privateKey); $assertion->setEncryptedAttributes(true); $encryptedAssertion = $assertion->toXML()->ownerDocument->saveXML(); $assertionToVerify = new Assertion(DOMDocumentFactory::fromString($encryptedAssertion)->firstChild); $this->assertTrue($assertionToVerify->hasEncryptedAttributes()); $assertionToVerify->decryptAttributes(CertificatesMock::getPrivateKey()); $attributes = $assertionToVerify->getAttributes(); $this->assertInternalType('int', $attributes['urn:some:integer'][0]); $this->assertInternalType('string', $attributes['urn:some:string'][0]); $this->assertXmlStringEqualsXmlString($xml, $assertionToVerify->toXML()->ownerDocument->saveXML()); }
/** * @group Assertion */ public function testCorrectSignatureMethodCanBeExtracted() { $document = new \DOMDocument(); $document->loadXML(<<<XML <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_93af655219464fb403b34436cfb0c5cb1d9a5502" IssueInstant="1970-01-01T01:33:31Z"> <saml:Issuer>Provider</saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">s00000000:123456789</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="2011-08-31T08:51:05Z" Recipient="https://sp.example.com/assertion_consumer" InResponseTo="_13603a6565a69297e9809175b052d115965121c8" /> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotOnOrAfter="2011-08-31T08:51:05Z" NotBefore="2011-08-31T08:51:05Z"> <saml:AudienceRestriction> <saml:Audience>ServiceProvider</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2011-08-31T08:51:05Z" SessionIndex="_93af655219464fb403b34436cfb0c5cb1d9a5502"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </saml:AuthnContext> <saml:SubjectLocality Address="127.0.0.1"/> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="urn:ServiceID"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="urn:EntityConcernedID"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="urn:EntityConcernedSubID"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> XML ); $privateKey = CertificatesMock::getPrivateKey(); $unsignedAssertion = new Assertion($document->firstChild); $unsignedAssertion->setSignatureKey($privateKey); $unsignedAssertion->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM)); $signedAssertion = new Assertion($unsignedAssertion->toXML()); $signatureMethod = $signedAssertion->getSignatureMethod(); $this->assertEquals($privateKey->getAlgorith(), $signatureMethod); }
/** * Test NameID Encryption and Decryption. */ public function testNameIdEncryption() { // Create an assertion $assertion = new Assertion(); $assertion->setIssuer('testIssuer'); $assertion->setValidAudiences(array('audience1', 'audience2')); $assertion->setAuthnContext('someAuthnContext'); $assertion->setNameId(array("Value" => "just_a_basic_identifier", "Format" => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient")); $this->assertFalse($assertion->isNameIdEncrypted()); $publicKey = CertificatesMock::getPublicKey(); $assertion->encryptNameId($publicKey); $this->assertTrue($assertion->isNameIdEncrypted()); // Marshall it to a \DOMElement $assertionElement = $assertion->toXML()->ownerDocument->saveXML(); $assertionToVerify = new Assertion(DOMDocumentFactory::fromString($assertionElement)->firstChild); $this->assertTrue($assertionToVerify->isNameIdEncrypted()); $privateKey = CertificatesMock::getPrivateKey(); $assertionToVerify->decryptNameId($privateKey); $this->assertFalse($assertionToVerify->isNameIdEncrypted()); $nameID = $assertionToVerify->getNameID(); $this->assertEquals('just_a_basic_identifier', $nameID['Value']); $this->assertEquals('urn:oasis:names:tc:SAML:2.0:nameid-format:transient', $nameID['Format']); }