From 5e12d7ec0d2d64b45aaa31bbf235d1be4d6450b5 Mon Sep 17 00:00:00 2001 From: Pieter van der Meulen Date: Thu, 1 Dec 2016 18:01:52 +0100 Subject: [PATCH] Add test for #81 --- tests/SAML2/AssertionTest.php | 16 ++++++++++++ tests/SAML2/CertificatesMock.php | 44 ++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/tests/SAML2/AssertionTest.php b/tests/SAML2/AssertionTest.php index dbf8e599b..be05a02a1 100644 --- a/tests/SAML2/AssertionTest.php +++ b/tests/SAML2/AssertionTest.php @@ -879,6 +879,22 @@ public function testVerifySignedAssertionWrongKey() $assertion->validate($publicKey); } + /** + * Try to verify an assertion signed with RSA with a DSA public key. + * Must yield a signature validation exception. + */ + public function testVerifySignedAssertionWrongKeyDSA() + { + $doc = new \DOMDocument(); + $doc->load(__DIR__ . '/signedassertion.xml'); + + $publicKey = CertificatesMock::getPublicKeyDSAasRSA(); + + $assertion = new Assertion($doc->firstChild); + $this->setExpectedException('Exception', 'Unable to validate Signature'); + $assertion->validate($publicKey); + } + /** * Calling validate on an unsigned assertion must return * false, not an exception. diff --git a/tests/SAML2/CertificatesMock.php b/tests/SAML2/CertificatesMock.php index 9651e5c82..72d77df6a 100644 --- a/tests/SAML2/CertificatesMock.php +++ b/tests/SAML2/CertificatesMock.php @@ -69,6 +69,28 @@ class CertificatesMock g6/ROR7vJgbSqrBLraXvl8HDUq5+lSF/II4LHVzNM8TpQlMY4ynRP6GEjcNUTH3I FKPQk+NwBYQqJ83Uil/36kbXsHQ81o/Vp6it7tlvLBOP1EN9jNGUXZuAqvFphNkw EJpABx1x4ukY8bZVl6QzQ79P48oGxOaIy27/g1FVkGqRtA4UPABcn0sJ +-----END CERTIFICATE-----'; + + const PUBLIC_KEY_DSA_PEM = '-----BEGIN CERTIFICATE----- +MIIDXTCCAxqgAwIBAgIJAO/P24rWSVJKMAsGCWCGSAFlAwQDAjBmMQswCQYDVQQG +EwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEQMA4GA1UE +CgwHU1VSRm5ldDEhMB8GA1UEAwwYQ2VydGlmaWNhdGUgd2l0aCBEU0Ega2V5MB4X +DTE2MTEyOTE1MzU0MloXDTE2MTIyOTE1MzU0MlowZjELMAkGA1UEBhMCTkwxEDAO +BgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxEDAOBgNVBAoMB1NVUkZu +ZXQxITAfBgNVBAMMGENlcnRpZmljYXRlIHdpdGggRFNBIGtleTCCAbcwggEsBgcq +hkjOOAQBMIIBHwKBgQDymea94rRzJ9Xtj7EoaXuYH8X9a2E0Ei8wfx+9lZK5C8Fm +5wgTYeTGXV45Tf4VZ+eqz6sU4XQC6ehVIlxdO9PvodYgQdB3aGlDW9mhcVM/kL9v +AIRgLMHMwyph6FDWD/uKyw6hH4A7XKer09SIfmqwhUqg27Xm5pKVH3kYOUGsBwIV +ANooxK2eY8ojkNRjxebok0tbKD/tAoGBAMQawu3dHEDtKzYuGrSD9NxGLRB5NI0k +h4qvliwD6ur2IDrrnxmN/VY0QqwOT6AWChiIur5glBP7zlG2GBR03FrMaJRF727r +ExSzWETQKKgXx9vQpw6jcwIiHoQhullzjLr8qFQsOsNRnXeKmSvZxEJKRKhAUSAu +0yEnLkJc4F44A4GEAAKBgF6rEBWslH8aV/iM07JjC+kcLPcG5Yp619KLcSfWt030 +CU2A8azmtNeQZ1FB/sg2PjciQ8qgcxFXBRHkUS/173WXb+6dDTuFBxwTYBVJM+ZD +Zmm5GEXjGbZN2tV0s1ULp+plbOwROLC8F5oyZE2fvTAvqZ9XHeWIZkgyoVwSuvXO +o1AwTjAdBgNVHQ4EFgQUC12Td80rgZbLXfvMefDul5w/S/YwHwYDVR0jBBgwFoAU +C12Td80rgZbLXfvMefDul5w/S/YwDAYDVR0TBAUwAwEB/zALBglghkgBZQMEAwID +MAAwLQIUKvKKf7u2pLv5JAsc5E5QOpZ9JWoCFQCVymKmF6aYAOJxuSlUj+vF1n6p +UQ== -----END CERTIFICATE-----'; /** @@ -102,6 +124,17 @@ public static function getPublicKey2() } + /** + * @return XMLSecurityKey + */ + public static function getPublicKey3() + { + $publicKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public')); + $publicKey->loadKey(self::PUBLIC_KEY_3_PEM); + return $publicKey; + } + + /** * @return XMLSecurityKey */ @@ -122,6 +155,17 @@ public static function getPublicKey2Sha1() return $publicKey; } + /** + * Load a X.509 certificate with a DSA public key as RSA key + * @return XMLSecurityKey + */ + public static function getPublicKeyDSAasRSA() + { + $publicKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public')); + $publicKey->loadKey(self::PUBLIC_KEY_DSA_PEM); + return $publicKey; + } + public static function getPlainPublicKey() { return self::PUBLIC_KEY_PEM;