From ba61295cdf53944fd2e458161009a9adf28f802b Mon Sep 17 00:00:00 2001
From: Sixto Martin <pitbulk@gmail.com>
Date: Sat, 30 Sep 2023 01:26:57 +0200
Subject: [PATCH] Fix generateNameID tests

---
 tests/src/OneLogin/Saml2/ResponseTest.php | 30 +++++++++++++----------
 tests/src/OneLogin/Saml2/UtilsTest.php    | 22 +++++++++++------
 2 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/tests/src/OneLogin/Saml2/ResponseTest.php b/tests/src/OneLogin/Saml2/ResponseTest.php
index ab0da70e..5bb1d76d 100644
--- a/tests/src/OneLogin/Saml2/ResponseTest.php
+++ b/tests/src/OneLogin/Saml2/ResponseTest.php
@@ -8,6 +8,7 @@
 use OneLogin\Saml2\ValidationError;
 
 use DOMDocument;
+use Exception;
 
 /**
  * Unit tests for Response messages
@@ -136,7 +137,7 @@ public function testReturnNameId()
         $xml3 = file_get_contents(TEST_ROOT . '/data/responses/valid_encrypted_assertion.xml.base64');
         $response3 = new Response($this->_settings, $xml3);
         $this->assertEquals('_68392312d490db6d355555cfbbd8ec95d746516f60', $response3->getNameId());
-        
+
         $xml4 = file_get_contents(TEST_ROOT . '/data/responses/invalids/no_nameid.xml.base64');
         $response4 = new Response($this->_settings, $xml4);
 
@@ -225,7 +226,7 @@ public function testGetNameIdFormat()
         $xml2 = file_get_contents(TEST_ROOT . '/data/responses/response_encrypted_nameid.xml.base64');
         $response2 = new Response($this->_settings, $xml2);
         $this->assertEquals('urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', $response2->getNameIdFormat());
-    
+
         $xml3 = file_get_contents(TEST_ROOT . '/data/responses/valid_encrypted_assertion.xml.base64');
         $response3 = new Response($this->_settings, $xml3);
         $this->assertEquals('urn:oasis:names:tc:SAML:2.0:nameid-format:transient', $response3->getNameIdFormat());
@@ -462,7 +463,7 @@ public function testCheckStatus()
 
         $xmlEnc = file_get_contents(TEST_ROOT . '/data/responses/valid_encrypted_assertion.xml.base64');
         $responseEnc = new Response($this->_settings, $xmlEnc);
-        
+
         $response->checkStatus();
 
         $xml2 = file_get_contents(TEST_ROOT . '/data/responses/invalids/status_code_responder.xml.base64');
@@ -773,11 +774,14 @@ public function testDoesNotAllowSignatureWrappingAttack2()
         $settings = new Settings($settingsInfo);
 
         $xml = file_get_contents(TEST_ROOT . '/data/responses/wrapped_response_3.xml.base64');
-        $response = new Response($settings, $xml);
-
-        $valid = $response->isValid();
-
-        $this->assertFalse($valid);
+        try {
+            $response = new Response($settings, $xml);
+            $valid = $response->isValid();
+            $this->assertFalse($valid);
+            $this->assertEquals('Found an invalid Signed Element. SAML Response rejected', $response->getError());
+        } catch (Exception $e) {
+            $this->assertEquals('DOMDocument::loadXML(): Namespace prefix saml on Assertion is not defined in Entity, line: 1', $e->getMessage());
+        }
     }
 
     /**
@@ -811,7 +815,7 @@ public function testGetSessionNotOnOrAfter()
         $response = new Response($this->_settings, $xml);
 
         $this->assertEquals(1290203857, $response->getSessionNotOnOrAfter());
-        
+
         // An assertion that do not specified Session timeout should return NULL
         $xml2 = file_get_contents(TEST_ROOT . '/data/responses/response2.xml.base64');
         $response2 = new Response($this->_settings, $xml2);
@@ -1330,7 +1334,7 @@ public function testIsInValidRequestId()
         $response2 = new Response($this->_settings, $message);
         $response2->isValid($requestId);
         $this->assertContains('The InResponseTo of the Response', $response2->getError());
-        
+
         $validRequestId = '_57bcbf70-7b1f-012e-c821-782bcb13bb38';
         $response2->isValid($validRequestId);
         $this->assertContains('No Signature found. SAML Response rejected', $response2->getError());
@@ -1500,7 +1504,7 @@ public function testIsInValidEncIssues()
 
         $this->assertFalse($response3->isValid());
         $this->assertEquals('The assertion of the Response is not encrypted and the SP requires it', $response3->getError());
-        
+
         $settingsInfo['security']['wantAssertionsEncrypted'] = false;
         $settingsInfo['security']['wantNameIdEncrypted'] = true;
         $settingsInfo['strict'] = false;
@@ -1679,7 +1683,7 @@ public function testIsValidSign()
         $xml = file_get_contents(TEST_ROOT . '/data/responses/signed_message_response.xml.base64');
         $response = new Response($this->_settings, $xml);
         $this->assertTrue($response->isValid());
-        
+
         $xml2 = file_get_contents(TEST_ROOT . '/data/responses/signed_assertion_response.xml.base64');
         $response2 = new Response($this->_settings, $xml2);
         $this->assertTrue($response2->isValid());
@@ -1738,7 +1742,7 @@ public function testIsValidSignUsingX509certMulti()
     {
         $settingsDir = TEST_ROOT .'/settings/';
         include $settingsDir.'settings6.php';
-        
+
         $settings = new Settings($settingsInfo);
 
         $xml = file_get_contents(TEST_ROOT . '/data/responses/signed_message_response.xml.base64');
diff --git a/tests/src/OneLogin/Saml2/UtilsTest.php b/tests/src/OneLogin/Saml2/UtilsTest.php
index e353cb89..21a4e8a6 100644
--- a/tests/src/OneLogin/Saml2/UtilsTest.php
+++ b/tests/src/OneLogin/Saml2/UtilsTest.php
@@ -31,8 +31,12 @@ public function testLoadXML()
         $dom = new DOMDocument();
 
         $metadataUnloaded = '<xml><EntityDescriptor>';
-        $res1 = Utils::loadXML($dom, $metadataUnloaded);
-        $this->assertFalse($res1);
+        try {
+            $res1 = Utils::loadXML($dom, $metadataUnloaded);
+            $this->assertFalse($res1);
+        } catch (Exception $e) {
+          $this->assertEquals('DOMDocument::loadXML(): Premature end of data in tag EntityDescriptor line 1 in Entity, line: 1', $e->getMessage());
+        }
 
         $metadataInvalid = file_get_contents(TEST_ROOT .'/data/metadata/noentity_metadata_settings1.xml');
         $res2 = Utils::loadXML($dom, $metadataInvalid);
@@ -53,7 +57,7 @@ public function testXMLAttacks()
         $dom = new DOMDocument();
 
         $attackXXE = '<?xml version="1.0" encoding="ISO-8859-1"?>
-                      <!DOCTYPE foo [  
+                      <!DOCTYPE foo [
                       <!ELEMENT foo ANY >
                       <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>';
         try {
@@ -851,12 +855,15 @@ public function testGenerateNameIdWithSPNameQualifier()
             $key
         );
 
-        $nameidExpectedEnc = '<saml:EncryptedID><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>';
-        $this->assertContains($nameidExpectedEnc, $nameIdEnc);
+        $nameidExpectedEncId = '<saml:EncryptedID><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"';
+        $nameidExpectedEncData = '<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>';
+
+        $this->assertContains($nameidExpectedEncId, $nameIdEnc);
+        $this->assertContains($nameidExpectedEncData, $nameIdEnc);
 
         // Check AES128_GCM support
         if (version_compare(phpversion(), '7.1.0', '>=') && in_array("aes-128-gcm", openssl_get_cipher_methods())) {
-            $nameidExpectedEnc = '<saml:EncryptedID><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><xenc:CipherData><xenc:CipherValue>';
+            $nameidExpectedEncData = '<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><xenc:CipherData><xenc:CipherValue>';
 
             $nameIdEnc = Utils::generateNameId(
                 $nameIdValue,
@@ -866,7 +873,8 @@ public function testGenerateNameIdWithSPNameQualifier()
                 null,
                 XMLSecurityKey::AES128_GCM
             );
-            $this->assertContains($nameidExpectedEnc, $nameIdEnc);
+            $this->assertContains($nameidExpectedEncId, $nameIdEnc);
+            $this->assertContains($nameidExpectedEncData, $nameIdEnc);
         }
     }