diff --git a/lib/Saml2/Utils.php b/lib/Saml2/Utils.php index 1a7f85f3..c0e35346 100644 --- a/lib/Saml2/Utils.php +++ b/lib/Saml2/Utils.php @@ -208,27 +208,29 @@ public static function treeCopyReplace(DomNode $targetNode, DomNode $sourceNode, /** * Returns a x509 cert (adding header & footer if required). * - * @param string $cert A x509 unformated cert - * @param bool $heads True if we want to include head and footer + * @param string $x509cert A x509 unformated cert + * @param bool $heads True if we want to include head and footer * * @return string $x509 Formatted cert */ + public static function formatCert($x509cert, $heads = true) + { + if (is_null($x509cert)) { + return; + } - public static function formatCert($cert, $heads = true) - { - $x509cert = str_replace(array("\x0D", "\r", "\n"), "", $cert); - if (!empty($x509cert)) { - $x509cert = str_replace('-----BEGIN CERTIFICATE-----', "", $x509cert); - $x509cert = str_replace('-----END CERTIFICATE-----', "", $x509cert); - $x509cert = str_replace(' ', '', $x509cert); - - if ($heads) { - $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n"; - } + if (strpos($x509cert, '-----BEGIN CERTIFICATE-----') !== false) { + $x509cert = static::getStringBetween($x509cert, '-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'); + } - } - return $x509cert; - } + $x509cert = str_replace(array("\x0d", "\r", "\n", " "), '', $x509cert); + + if ($heads && $x509cert !== '') { + $x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n"; + } + + return $x509cert; + } /** * Returns a private key (adding header & footer if required). diff --git a/tests/certs/with.comment.crt b/tests/certs/with.comment.crt new file mode 100644 index 00000000..ed0e9729 --- /dev/null +++ b/tests/certs/with.comment.crt @@ -0,0 +1,17 @@ +# certificate comments should be ignored +-----BEGIN CERTIFICATE----- +MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC +Tk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD +VQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG +9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4 +MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi +ZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl +aWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO +NoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS +KOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d +1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8 +BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n +bK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar +Q4/67OZfHd7R+POBXhophSMv1ZOo +-----END CERTIFICATE----- diff --git a/tests/src/OneLogin/Saml2/AuthTest.php b/tests/src/OneLogin/Saml2/AuthTest.php index 908a7994..86d4e30b 100644 --- a/tests/src/OneLogin/Saml2/AuthTest.php +++ b/tests/src/OneLogin/Saml2/AuthTest.php @@ -817,22 +817,16 @@ public function testProcessSLORequestRelayState() $_GET['SAMLRequest'] = $message; $_GET['RelayState'] = 'http://relaystate.com'; - try { - $this->_auth->setStrict(true); - $this->_auth->processSLO(false); - $this->assertFalse(true); - } catch (Exception $e) { - $this->assertContains('Cannot modify header information', $e->getMessage()); - $trace = $e->getTrace(); - $targetUrl = getUrlFromRedirect($trace); - $parsedQuery = getParamsFromUrl($targetUrl); + $this->_auth->setStrict(true); + $targetUrl = $this->_auth->processSLO(false, null, false, null, true); - $sloUrl = $this->_settingsInfo['idp']['singleLogoutService']['url']; - $this->assertContains($sloUrl, $targetUrl); - $this->assertArrayHasKey('SAMLResponse', $parsedQuery); - $this->assertArrayHasKey('RelayState', $parsedQuery); - $this->assertEquals('http://relaystate.com', $parsedQuery['RelayState']); - } + $parsedQuery = getParamsFromUrl($targetUrl); + + $sloResponseUrl = $this->_settingsInfo['idp']['singleLogoutService']['responseUrl']; + $this->assertContains($sloResponseUrl, $targetUrl); + $this->assertArrayHasKey('SAMLResponse', $parsedQuery); + $this->assertArrayHasKey('RelayState', $parsedQuery); + $this->assertEquals('http://relaystate.com', $parsedQuery['RelayState']); } /** @@ -860,28 +854,22 @@ public function testProcessSLORequestSignedResponse() $plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage); $message = base64_encode(gzdeflate($plainMessage)); + unset($_GET['SAMLResponse']); $_GET['SAMLRequest'] = $message; $_GET['RelayState'] = 'http://relaystate.com'; - try { - $auth->setStrict(true); - $auth->processSLO(false); - $this->assertFalse(true); - } catch (Exception $e) { - $this->assertContains('Cannot modify header information', $e->getMessage()); - $trace = $e->getTrace(); - $targetUrl = getUrlFromRedirect($trace); - $parsedQuery = getParamsFromUrl($targetUrl); - - $sloUrl = $settingsInfo['idp']['singleLogoutService']['url']; - $this->assertContains($sloUrl, $targetUrl); - $this->assertArrayHasKey('SAMLResponse', $parsedQuery); - $this->assertArrayHasKey('RelayState', $parsedQuery); - $this->assertArrayHasKey('SigAlg', $parsedQuery); - $this->assertArrayHasKey('Signature', $parsedQuery); - $this->assertEquals('http://relaystate.com', $parsedQuery['RelayState']); - $this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']); - } + $auth->setStrict(true); + $targetUrl = $auth->processSLO(false, null, false, null, true); + $parsedQuery = getParamsFromUrl($targetUrl); + + $sloUrl = $settingsInfo['idp']['singleLogoutService']['responseUrl']; + $this->assertContains($sloUrl, $targetUrl); + $this->assertArrayHasKey('SAMLResponse', $parsedQuery); + $this->assertArrayHasKey('RelayState', $parsedQuery); + $this->assertArrayHasKey('SigAlg', $parsedQuery); + $this->assertArrayHasKey('Signature', $parsedQuery); + $this->assertEquals('http://relaystate.com', $parsedQuery['RelayState']); + $this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']); } /** diff --git a/tests/src/OneLogin/Saml2/UtilsTest.php b/tests/src/OneLogin/Saml2/UtilsTest.php index c3226c36..b2fcbb8b 100644 --- a/tests/src/OneLogin/Saml2/UtilsTest.php +++ b/tests/src/OneLogin/Saml2/UtilsTest.php @@ -46,7 +46,7 @@ public function testLoadXML() try { $res1 = OneLogin_Saml2_Utils::loadXML($dom, $metadataUnloaded); $this->assertFalse($res1); - } catch (Exception $e) { + } catch (\Exception $e) { $this->assertEquals('DOMDocument::loadXML(): Premature end of data in tag EntityDescriptor line 1 in Entity, line: 1', $e->getMessage()); } @@ -206,6 +206,11 @@ public function testFormatCert() $this->assertNotContains('-----END CERTIFICATE-----', $formatedCert6); $this->assertEquals(strlen($cert2), 860); + $cert = file_get_contents(TEST_ROOT.'/certs/with.comment.crt'); + $formatedCert7 = OneLogin_Saml2_Utils::formatCert($cert, true); + $this->assertContains('-----BEGIN CERTIFICATE-----', $formatedCert7); + $this->assertContains('-----END CERTIFICATE-----', $formatedCert7); + $this->assertNotContains('comments', $formatedCert7); } /**