ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
SignedElementHelper.php
Go to the documentation of this file.
1 <?php
2 
3 namespace SAML2;
4 
5 use RobRichards\XMLSecLibs\XMLSecurityKey;
6 
14 class SignedElementHelper implements SignedElement
15 {
23  private $signatureKey;
24 
30  private $certificates;
31 
37  private $validators;
38 
44  protected function __construct(\DOMElement $xml = null)
45  {
46  $this->certificates = array();
47  $this->validators = array();
48 
49  if ($xml === null) {
50  return;
51  }
52 
53  /* Validate the signature element of the message. */
54  try {
55  $sig = Utils::validateElement($xml);
56 
57  if ($sig !== false) {
58  $this->certificates = $sig['Certificates'];
59  $this->validators[] = array(
60  'Function' => array('\SAML2\Utils', 'validateSignature'),
61  'Data' => $sig,
62  );
63  }
64  } catch (\Exception $e) {
65  /* Ignore signature validation errors. */
66  }
67  }
68 
77  public function addValidator($function, $data)
78  {
79  assert(is_callable($function));
80 
81  $this->validators[] = array(
82  'Function' => $function,
83  'Data' => $data,
84  );
85  }
86 
98  public function validate(XMLSecurityKey $key)
99  {
100  if (count($this->validators) === 0) {
101  return false;
102  }
103 
104  $exceptions = array();
105 
106  foreach ($this->validators as $validator) {
107  $function = $validator['Function'];
108  $data = $validator['Data'];
109 
110  try {
111  call_user_func($function, $data, $key);
112  /* We were able to validate the message with this validator. */
113 
114  return true;
115  } catch (\Exception $e) {
116  $exceptions[] = $e;
117  }
118  }
119 
120  /* No validators were able to validate the message. */
121  throw $exceptions[0];
122  }
123 
129  public function getSignatureKey()
130  {
131  return $this->signatureKey;
132  }
133 
141  public function setSignatureKey(XMLSecurityKey $signatureKey = null)
142  {
143  $this->signatureKey = $signatureKey;
144  }
145 
153  public function setCertificates(array $certificates)
154  {
155  $this->certificates = $certificates;
156  }
157 
163  public function getCertificates()
164  {
165  return $this->certificates;
166  }
167 
173  public function getValidatingCertificates()
174  {
175  $ret = array();
176  foreach ($this->certificates as $cert) {
177 
178  /* Construct a PEM formatted certificate */
179  $pemCert = "-----BEGIN CERTIFICATE-----\n" .
180  chunk_split($cert, 64) .
181  "-----END CERTIFICATE-----\n";
182 
183  /* Extract the public key from the certificate for validation. */
184  $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public'));
185  $key->loadKey($pemCert);
186 
187  try {
188  /* Check the signature. */
189  if ($this->validate($key)) {
190  $ret[] = $cert;
191  }
192  } catch (\Exception $e) {
193  /* This certificate does not sign this element. */
194  }
195  }
196 
197  return $ret;
198  }
199 
207  protected function signElement(\DOMElement $root, \DOMElement $insertBefore = null)
208  {
209  if ($this->signatureKey === null) {
210  /* We cannot sign this element. */
211 
212  return null;
213  }
214 
215  Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore);
216 
217  return $root;
218  }
219 }
SAML2\SignedElementHelper\addValidator
addValidator($function, $data)
Add a method for validating this element.
Definition: SignedElementHelper.php:77
SAML2\SignedElementHelper\getSignatureKey
getSignatureKey()
Retrieve the private key we should use to sign the message.
Definition: SignedElementHelper.php:129
SAML2\SignedElementHelper\setCertificates
setCertificates(array $certificates)
Set the certificates that should be included in the message.
Definition: SignedElementHelper.php:153
SAML2\SignedElementHelper\getValidatingCertificates
getValidatingCertificates()
Retrieve certificates that sign this element.
Definition: SignedElementHelper.php:173
SAML2\SignedElementHelper\setSignatureKey
setSignatureKey(XMLSecurityKey $signatureKey=null)
Set the private key we should use to sign the message.
Definition: SignedElementHelper.php:141
SAML2\SignedElementHelper\validate
validate(XMLSecurityKey $key)
Validate this element against a public key.
Definition: SignedElementHelper.php:98
$certificates
$certificates
Definition: metarefresh.php:39
SAML2\SignedElementHelper\getCertificates
getCertificates()
Retrieve the certificates that are included in the message.
Definition: SignedElementHelper.php:163
$xml
$xml
Definition: metadata.php:240
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SAML2\SignedElementHelper\signElement
signElement(\DOMElement $root, \DOMElement $insertBefore=null)
Sign the given XML element.
Definition: SignedElementHelper.php:207
$ret
$ret
Definition: parser.php:6
$function
$function
Definition: cas.php:28
SAML2\SignedElementHelper\__construct
__construct(\DOMElement $xml=null)
Initialize the helper class.
Definition: SignedElementHelper.php:44
$exceptions
$exceptions
Definition: Utf8Test.php:67
$key
$key
Definition: croninfo.php:18