SAML-Toolkits · AlexanderOMara · Apr 5, 2022
diff --git a/src/Saml2/Auth.php b/src/Saml2/Auth.php
@@ -231,7 +231,7 @@ public function processResponse($requestId = null)
         $this->_lastError = $this->_lastErrorException = null;
         if (isset($_POST['SAMLResponse'])) {
             // AuthnResponse -- HTTP_POST Binding
-            $response = new Response($this->_settings, $_POST['SAMLResponse']);
+            $response = $this->buildResponse($this->_settings, $_POST['SAMLResponse']);
             $this->_lastResponse = $response->getXMLDocument();
 
             if ($response->isValid($requestId)) {
@@ -279,7 +279,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie
         $this->_errors = array();
         $this->_lastError = $this->_lastErrorException = null;
         if (isset($_GET['SAMLResponse'])) {
-            $logoutResponse = new LogoutResponse($this->_settings, $_GET['SAMLResponse']);
+            $logoutResponse = $this->buildLogoutResponse($this->_settings, $_GET['SAMLResponse']);
             $this->_lastResponse = $logoutResponse->getXML();
             if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) {
                 $this->_errors[] = 'invalid_logout_response';
@@ -299,7 +299,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie
                 }
             }
         } else if (isset($_GET['SAMLRequest'])) {
-            $logoutRequest = new LogoutRequest($this->_settings, $_GET['SAMLRequest']);
+            $logoutRequest = $this->buildLogoutRequest($this->_settings, $_GET['SAMLRequest']);
             $this->_lastRequest = $logoutRequest->getXML();
             if (!$logoutRequest->isValid($retrieveParametersFromServer)) {
                 $this->_errors[] = 'invalid_logout_request';
@@ -315,7 +315,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie
                 }
                 $inResponseTo = $logoutRequest->id;
                 $this->_lastMessageId = $logoutRequest->id;
-                $responseBuilder = new LogoutResponse($this->_settings);
+                $responseBuilder = $this->buildLogoutResponse($this->_settings);
                 $responseBuilder->build($inResponseTo);
                 $this->_lastResponse = $responseBuilder->getXML();
 
@@ -594,7 +594,7 @@ public function logout($returnTo = null, array $parameters = array(), $nameId =
             $nameIdFormat = $this->_nameidFormat;
         }
 
-        $logoutRequest = new LogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier);
+        $logoutRequest = $this->buildLogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier);
 
         $this->_lastRequest = $logoutRequest->getXML();
         $this->_lastRequestID = $logoutRequest->id;
@@ -675,6 +675,69 @@ public function buildAuthnRequest($settings, $forceAuthn, $isPassive, $setNameId
         return new AuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq);
     }
 
+    /**
+     * Creates a Response.
+     *
+     * @param Settings $settings        Setting data
+     * @param string   $response        A UUEncoded SAML response from the IdP
+     *
+     * @return Response The Response object
+     *
+     * @throws Exception
+     * @throws ValidationError
+     */
+    public function buildResponse($settings, $response)
+    {
+        return new Response($settings, $response);
+    }
+
+    /**
+     * Creates a LogoutRequest.
+     *
+     * @param Settings    $settings              Setting data
+     * @param string|null $request               A UUEncoded Logout Request
+     * @param string|null $nameId                The NameID that will be set in the LogoutRequest
+     * @param string|null $sessionIndex          The SessionIndex (taken from the SAML Response in the SSO process)
+     * @param string|null $nameIdFormat          The NameID Format will be set in the LogoutRequest
+     * @param string|null $nameIdNameQualifier   The NameID NameQualifier will be set in the LogoutRequest
+     * @param string|null $nameIdSPNameQualifier The NameID SP NameQualifier will be set in the LogoutRequest
+     *
+     * @return LogoutRequest The LogoutRequest object
+     */
+    public function buildLogoutRequest($settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null)
+    {
+        return new LogoutRequest($settings, $request, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier);
+    }
+
+    /**
+     * Creates a LogoutResponse.
+     *
+     * @param Settings    $settings Setting data
+     * @param string|null $response An UUEncoded SAML Logout response from the IdP
+     *
+     * @return LogoutResponse The LogoutResponse object
+     *
+     * @throws Error
+     * @throws Exception
+     */
+    public function buildLogoutResponse($settings, $response = null)
+    {
+        return new LogoutResponse($settings, $response);
+    }
+
+    /**
+     * Creates an XMLSecurityKey.
+     *
+     * @param string     $type   Key type
+     * @param null|array $params Key params
+     *
+     * @throws Exception
+     */
+    public function buildXMLSecurityKey($type, $params=null)
+    {
+        return new XMLSecurityKey($type, $params);
+    }
+
     /**
      * Generates the Signature for a SAML Request
      *
@@ -735,7 +798,7 @@ private function buildMessageSignature($samlMessage, $relayState, $signAlgorithm
             throw new Error($errorMsg, Error::PRIVATE_KEY_NOT_FOUND);
         }
 
-        $objKey = new XMLSecurityKey($signAlgorithm, array('type' => 'private'));
+        $objKey = $this->buildXMLSecurityKey($signAlgorithm, array('type' => 'private'));
         $objKey->loadKey($key, false);
 
         $security = $this->_settings->getSecurityData();