ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
SignedElementHelper.php
Go to the documentation of this file.
1<?php
2
3namespace SAML2;
4
6
15{
24
31
37 private $validators;
38
44 protected function __construct(\DOMElement $xml = null)
45 {
46 $this->certificates = array();
47 $this->validators = array();
48
49 if ($xml === null) {
50 return;
51 }
52
53 /* Validate the signature element of the message. */
54 try {
55 $sig = Utils::validateElement($xml);
56
57 if ($sig !== false) {
58 $this->certificates = $sig['Certificates'];
59 $this->validators[] = array(
60 'Function' => array('\SAML2\Utils', 'validateSignature'),
61 'Data' => $sig,
62 );
63 }
64 } catch (\Exception $e) {
65 /* Ignore signature validation errors. */
66 }
67 }
68
77 public function addValidator($function, $data)
78 {
79 assert(is_callable($function));
80
81 $this->validators[] = array(
82 'Function' => $function,
83 'Data' => $data,
84 );
85 }
86
98 public function validate(XMLSecurityKey $key)
99 {
100 if (count($this->validators) === 0) {
101 return false;
102 }
103
104 $exceptions = array();
105
106 foreach ($this->validators as $validator) {
107 $function = $validator['Function'];
108 $data = $validator['Data'];
109
110 try {
111 call_user_func($function, $data, $key);
112 /* We were able to validate the message with this validator. */
113
114 return true;
115 } catch (\Exception $e) {
116 $exceptions[] = $e;
117 }
118 }
119
120 /* No validators were able to validate the message. */
121 throw $exceptions[0];
122 }
123
129 public function getSignatureKey()
130 {
131 return $this->signatureKey;
132 }
133
141 public function setSignatureKey(XMLSecurityKey $signatureKey = null)
142 {
143 $this->signatureKey = $signatureKey;
144 }
145
153 public function setCertificates(array $certificates)
154 {
155 $this->certificates = $certificates;
156 }
157
163 public function getCertificates()
164 {
165 return $this->certificates;
166 }
167
174 {
175 $ret = array();
176 foreach ($this->certificates as $cert) {
177
178 /* Construct a PEM formatted certificate */
179 $pemCert = "-----BEGIN CERTIFICATE-----\n" .
180 chunk_split($cert, 64) .
181 "-----END CERTIFICATE-----\n";
182
183 /* Extract the public key from the certificate for validation. */
184 $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public'));
185 $key->loadKey($pemCert);
186
187 try {
188 /* Check the signature. */
189 if ($this->validate($key)) {
190 $ret[] = $cert;
191 }
192 } catch (\Exception $e) {
193 /* This certificate does not sign this element. */
194 }
195 }
196
197 return $ret;
198 }
199
207 protected function signElement(\DOMElement $root, \DOMElement $insertBefore = null)
208 {
209 if ($this->signatureKey === null) {
210 /* We cannot sign this element. */
211
212 return null;
213 }
214
215 Utils::insertSignature($this->signatureKey, $this->certificates, $root, $insertBefore);
216
217 return $root;
218 }
219}
$exceptions
Definition: Utf8Test.php:67
$function
Definition: cas.php:28
An exception for terminatinating execution or to throw for unit testing.
signElement(\DOMElement $root, \DOMElement $insertBefore=null)
Sign the given XML element.
setSignatureKey(XMLSecurityKey $signatureKey=null)
Set the private key we should use to sign the message.
addValidator($function, $data)
Add a method for validating this element.
setCertificates(array $certificates)
Set the certificates that should be included in the message.
getSignatureKey()
Retrieve the private key we should use to sign the message.
__construct(\DOMElement $xml=null)
Initialize the helper class.
validate(XMLSecurityKey $key)
Validate this element against a public key.
getCertificates()
Retrieve the certificates that are included in the message.
getValidatingCertificates()
Retrieve certificates that sign this element.
$key
Definition: croninfo.php:18
$xml
Definition: metadata.php:240
$certificates
Definition: metarefresh.php:39
$ret
Definition: parser.php:6