/**
* Tests the isValid method of the OneLogin_Saml2_Response
* Case valid sign response / sign assertion / both signed
*
* Strict mode will always fail due destination problem, if we manipulate it
* the sign will fail.
*
* @covers OneLogin_Saml2_Response::isValid
*/
public function testIsValidSign()
{
$xml = file_get_contents(TEST_ROOT . '/data/responses/signed_message_response.xml.base64');
$response = new OneLogin_Saml2_Response($this->_settings, $xml);
$this->assertTrue($response->isValid());
$xml2 = file_get_contents(TEST_ROOT . '/data/responses/signed_assertion_response.xml.base64');
$response2 = new OneLogin_Saml2_Response($this->_settings, $xml2);
$this->assertTrue($response2->isValid());
$xml3 = file_get_contents(TEST_ROOT . '/data/responses/double_signed_response.xml.base64');
$response3 = new OneLogin_Saml2_Response($this->_settings, $xml3);
$this->assertTrue($response3->isValid());
$dom = new DOMDocument();
$dom->loadXML(base64_decode($xml));
$dom->firstChild->firstChild->nodeValue = 'https://example.com/other-idp';
$xml4 = base64_encode($dom->saveXML());
$response4 = new OneLogin_Saml2_Response($this->_settings, $xml4);
$this->assertFalse($response4->isValid());
$this->assertEquals('Reference validation failed', $response4->getError());
$dom2 = new DOMDocument();
$dom2->loadXML(base64_decode($xml2));
$dom2->firstChild->firstChild->nodeValue = 'https://example.com/other-idp';
$xml5 = base64_encode($dom2->saveXML());
$response5 = new OneLogin_Saml2_Response($this->_settings, $xml5);
$this->assertTrue($response5->isValid());
$dom3 = new DOMDocument();
$dom3->loadXML(base64_decode($xml3));
$dom3->firstChild->firstChild->nodeValue = 'https://example.com/other-idp';
$xml6 = base64_encode($dom3->saveXML());
$response6 = new OneLogin_Saml2_Response($this->_settings, $xml6);
$this->assertFalse($response6->isValid());
$this->assertEquals('Reference validation failed', $response6->getError());
}
