Add some more tests.

simplesamlphp · Nov 21, 2018 · 2330914 · 2330914
1 parent d59e436
commit 2330914
Show file tree

Hide file tree

Showing 5 changed files with 164 additions and 9 deletions.
diff --git a/src/SAML2/SubjectQuery.php b/src/SAML2/SubjectQuery.php
@@ -54,7 +54,7 @@ private function parseSubject(\DOMElement $xml)
             /* No Subject node. */
             throw new \Exception('Missing subject in subject query.');
         } elseif (count($subject) > 1) {
-            throw new \Exception('More than one <saml:Subject> in <saml:Assertion>.');
+            throw new \Exception('More than one <saml:Subject> in subject query.');
         }
         $subject = $subject[0];
 

diff --git a/tests/SAML2/AttributeQueryTest.php b/tests/SAML2/AttributeQueryTest.php
@@ -95,6 +95,10 @@ public function testUnmarshalling()
         // Sanity check
         $this->assertEquals('https://example.org/', $aq->getIssuer());
 
+        $nameid = $aq->getNameId();
+        $this->assertInstanceOf('SAML2\XML\saml\NameID', $nameid);
+        $this->assertEquals('urn:example:subject', $nameid->value);
+
         $attributes = array_keys($aq->getAttributes());
         $this->assertCount(3, $attributes);
         $this->assertEquals('urn:oid:1.3.6.1.4.1.5923.1.1.1.7', $attributes[0]);
@@ -235,4 +239,85 @@ public function testMissingNameOnAttributeThrowsException()
         $aq = new AttributeQuery($document->firstChild);
     }
 
+    public function testNoSubjectThrowsException()
+    {
+        $xml = <<<XML
+  <samlp:AttributeQuery xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2017-09-06T11:49:27Z">
+	<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://example.org/</saml:Issuer>
+	<saml:Attribute
+	  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+	  Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
+	  FriendlyName="entitlements">
+	</saml:Attribute>
+</samlp:AttributeQuery>
+XML;
+        $document = DOMDocumentFactory::fromString($xml);
+        $this->setExpectedException('Exception', 'Missing subject in subject');
+        $aq = new AttributeQuery($document->firstChild);
+    }
+
+    public function testTooManySubjectsThrowsException()
+    {
+        $xml = <<<XML
+  <samlp:AttributeQuery xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2017-09-06T11:49:27Z">
+	<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://example.org/</saml:Issuer>
+	<saml:Subject>
+	  <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">urn:example:subject</saml:NameID>
+	</saml:Subject>
+	<saml:Subject>
+	  <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">urn:example:another:subject</saml:NameID>
+	</saml:Subject>
+	<saml:Attribute
+	  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+	  Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
+	  FriendlyName="entitlements">
+	</saml:Attribute>
+</samlp:AttributeQuery>
+XML;
+        $document = DOMDocumentFactory::fromString($xml);
+        $this->setExpectedException('Exception', 'More than one <saml:Subject> in subject');
+        $aq = new AttributeQuery($document->firstChild);
+    }
+
+    public function testNoNameIDinSubjectThrowsException()
+    {
+        $xml = <<<XML
+  <samlp:AttributeQuery xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2017-09-06T11:49:27Z">
+	<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://example.org/</saml:Issuer>
+	<saml:Subject>
+	  <saml:something>example</saml:something>
+	</saml:Subject>
+	<saml:Attribute
+	  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+	  Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
+	  FriendlyName="entitlements">
+	</saml:Attribute>
+</samlp:AttributeQuery>
+XML;
+        $document = DOMDocumentFactory::fromString($xml);
+        $this->setExpectedException('Exception', 'Missing <saml:NameID> in <saml:Subject>');
+        $aq = new AttributeQuery($document->firstChild);
+    }
+
+    public function testTooManyNameIDsThrowsException()
+    {
+        $xml = <<<XML
+  <samlp:AttributeQuery xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2017-09-06T11:49:27Z">
+	<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://example.org/</saml:Issuer>
+	<saml:Subject>
+	  <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">urn:example:subject</saml:NameID>
+	  <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">urn:example:another:subject</saml:NameID>
+	</saml:Subject>
+	<saml:Attribute
+	  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+	  Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
+	  FriendlyName="entitlements">
+	</saml:Attribute>
+</samlp:AttributeQuery>
+XML;
+        $document = DOMDocumentFactory::fromString($xml);
+        $this->setExpectedException('Exception', 'More than one <saml:NameID> in <saml:Subject>');
+        $aq = new AttributeQuery($document->firstChild);
+    }
+
 }
diff --git a/tests/SAML2/LogoutRequestTest.php b/tests/SAML2/LogoutRequestTest.php
@@ -84,6 +84,7 @@ public function testUnmarshalling()
         $this->assertCount(2, $sessionIndexElements);
         $this->assertEquals('SomeSessionIndex1', $sessionIndexElements[0]);
         $this->assertEquals('SomeSessionIndex2', $sessionIndexElements[1]);
+        $this->assertEquals('SomeSessionIndex1', $logoutRequest->getSessionIndex());
 
         $logoutRequest->decryptNameId(CertificatesMock::getPrivateKey());
 
@@ -114,6 +115,15 @@ public function testDecryptingNameId()
         $this->assertEquals('TheNameIDValue', $nameId->value);
     }
 
+    public function testDecryptingNameIdForgotToDecryptThrowsException()
+    {
+        $logoutRequest = new LogoutRequest($this->logoutRequestElement);
+        $this->assertTrue($logoutRequest->isNameIdEncrypted());
+
+        $this->setExpectedException('Exception', "Attempted to retrieve encrypted NameID without decrypting it first.");
+        $nameId = $logoutRequest->getNameId();
+    }
+
     public function testPlainNameIDUnmarshalling()
     {
         $xml = <<<XML
@@ -126,9 +136,11 @@ public function testPlainNameIDUnmarshalling()
         $this->logoutRequestElement = $document->firstChild;
 
         $logoutRequest = new LogoutRequest($this->logoutRequestElement);
-	$this->assertEquals("frits", $logoutRequest->getNameId()->value);
-	$this->assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", $logoutRequest->getNameId()->Format);
+        $this->assertEquals("frits", $logoutRequest->getNameId()->value);
+        $this->assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", $logoutRequest->getNameId()->Format);
+
         $this->assertFalse($logoutRequest->isNameIdEncrypted());
+        $this->assertNull($logoutRequest->decryptNameId(CertificatesMock::getPrivateKey()));
     }
 
     public function testMissingNameIDThrowsException()
@@ -161,7 +173,7 @@ public function testMultipleNameIDThrowsException()
         $logoutRequest = new LogoutRequest($this->logoutRequestElement);
     }
 
-    public function testNotOnOrAfter()
+    public function testGetNotOnOrAfter()
     {
         $xml = <<<XML
 <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="SomeIDValue" Version="2.0" IssueInstant="2010-07-22T11:30:19Z" NotOnOrAfter="2018-11-28T19:33:12Z">
@@ -173,7 +185,49 @@ public function testNotOnOrAfter()
         $this->logoutRequestElement = $document->firstChild;
 
         $logoutRequest = new LogoutRequest($this->logoutRequestElement);
-	$this->assertEquals(1543433592, $logoutRequest->getNotOnOrAfter());
+        $this->assertEquals(1543433592, $logoutRequest->getNotOnOrAfter());
+    }
+
+    public function testSetNotOnOrAfter()
+    {
+        $time = time();
+
+        $logoutRequest = new LogoutRequest();
+        $logoutRequest->setNameID(['Value' => 'NameIDValue']);
+        $logoutRequest->setNotOnOrAfter($time);
+        $logoutRequestElement = $logoutRequest->toUnsignedXML();
+
+        $logoutRequest2 = new LogoutRequest($logoutRequestElement);
+        $this->assertEquals($time, $logoutRequest2->getNotOnOrAfter());
+    }
+
+    public function testWithOutSessionIndices()
+    {
+        $xml = <<<XML
+<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="SomeIDValue" Version="2.0" IssueInstant="2010-07-22T11:30:19Z">
+  <saml:Issuer>TheIssuer</saml:Issuer>
+  <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified">frits</saml:NameID>
+</samlp:LogoutRequest>
+XML;
+        $document = DOMDocumentFactory::fromString($xml);
+        $this->logoutRequestElement = $document->firstChild;
+
+        $logoutRequest = new LogoutRequest($this->logoutRequestElement);
+        $this->assertCount(0, $logoutRequest->getSessionIndexes());
+        $this->assertNull($logoutRequest->getSessionIndex());
     }
 
+    public function testSetSessionIndicesVariants()
+    {
+        $logoutRequest = new LogoutRequest();
+        $logoutRequest->setSessionIndexes(['SessionIndexValue1', 'SessionIndexValue2']);
+        $this->assertCount(2, $logoutRequest->getSessionIndexes());
+        $logoutRequest->setSessionIndex(null);
+        $this->assertCount(0, $logoutRequest->getSessionIndexes());
+        $logoutRequest->setSessionIndexes(['SessionIndexValue1', 'SessionIndexValue2']);
+        $this->assertCount(2, $logoutRequest->getSessionIndexes());
+        $logoutRequest->setSessionIndex('SessionIndexValue3');
+        $this->assertCount(1, $logoutRequest->getSessionIndexes());
+        $this->assertEquals('SessionIndexValue3', $logoutRequest->getSessionIndex());
+    }
 }
diff --git a/tests/SAML2/SignedElementHelperTest.php b/tests/SAML2/SignedElementHelperTest.php
@@ -119,4 +119,22 @@ public function testGetValidatingCertificates()
         $this->assertCount(1, $certs);
         $this->assertEquals($certData, $certs[0]);
     }
+
+    function testGetSignatureKeyCertificates()
+    {
+        $seh = new SignedElementHelperMock();
+        $origkey = CertificatesMock::getPrivateKey();
+        $origcerts = [CertificatesMock::PUBLIC_KEY_PEM];
+
+        $seh->setSignatureKey($origkey);
+        $seh->setCertificates($origcerts);
+
+        $key = $seh->getSignatureKey();
+
+        $this->assertInstanceOf('RobRichards\XMLSecLibs\XMLSecurityKey', $key);
+        $this->assertEquals($origkey, $key);
+
+        $certs = $seh->getCertificates();
+        $this->assertEquals($origcerts, $certs);
+    }
 }
diff --git a/tests/SAML2/Utilities/FileTest.php b/tests/SAML2/Utilities/FileTest.php
@@ -7,22 +7,20 @@ class FileTest extends \PHPUnit_Framework_TestCase
     /**
      * @group utilities
      * @test
-     *
-     * @expectedException \SAML2\Exception\RuntimeException
      */
     public function when_loading_a_non_existant_file_an_exception_is_thrown()
     {
+        $this->setExpectedException('SAML2\Exception\RuntimeException', 'File "/foo/bar/baz/quux" does not exist or is not readable');
         File::getFileContents('/foo/bar/baz/quux');
     }
 
    /**
      * @group utilities
      * @test
-     *
-     * @expectedException \SAML2\Exception\InvalidArgumentException
      */
     public function passing_nonstring_filename_throws_exception()
     {
+        $this->setExpectedException('SAML2\Exception\InvalidArgumentException', 'Invalid Argument type: "string" expected, "NULL" given');
         File::getFileContents(null);
     }