ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
FingerprintValidator.php
Go to the documentation of this file.
1 <?php
2 
3 namespace SAML2\Signature;
4 
5 use Psr\Log\LoggerInterface;
6 use SAML2\Certificate\FingerprintLoader;
7 use SAML2\Certificate\X509;
8 use SAML2\Configuration\CertificateProvider;
9 use SAML2\SignedElement;
10 
16 class FingerprintValidator extends AbstractChainedValidator
17 {
21  private $certificates;
22 
26  private $fingerprintLoader;
27 
31  public function __construct(
32  LoggerInterface $logger,
33  FingerprintLoader $fingerprintLoader
34  ) {
35  $this->fingerprintLoader = $fingerprintLoader;
36 
37  parent::__construct($logger);
38  }
39 
40  public function canValidate(
41  SignedElement $signedElement,
42  CertificateProvider $configuration
43  ) {
44  if ($configuration->getCertificateFingerprints() === null) {
45  $this->logger->debug(
46  'Configuration does not have "certFingerprint" value, cannot validate signature with fingerprint'
47  );
48  return false;
49  }
50 
51  // use internal cache to prevent doing certificate extraction twice.
52  $this->certificates = $signedElement->getCertificates();
53  if (empty($this->certificates)) {
54  $this->logger->debug(
55  'Signed element does not have certificates, cannot validate signature with fingerprint'
56  );
57  return false;
58  }
59 
60  return true;
61  }
62 
69  public function hasValidSignature(
70  SignedElement $signedElement,
71  CertificateProvider $configuration
72  ) {
73  $this->certificates = array_map(function ($certificate) {
74  return X509::createFromCertificateData($certificate);
75  }, $this->certificates);
76 
77  $fingerprintCollection = $this->fingerprintLoader->loadFromConfiguration($configuration);
78 
79  $pemCandidates = array();
80  foreach ($this->certificates as $certificate) {
82  $certificateFingerprint = $certificate->getFingerprint();
83  if ($fingerprintCollection->contains($certificateFingerprint)) {
84  $pemCandidates[] = $certificate;
85  }
86  }
87 
88  if (empty($pemCandidates)) {
89  $this->logger->debug(
90  'Unable to match a certificate of the SignedElement matching a configured fingerprint'
91  );
92 
93  return false;
94  }
95 
96  return $this->validateElementWithKeys($signedElement, $pemCandidates);
97  }
98 }
SAML2\Signature\AbstractChainedValidator\validateElementWithKeys
validateElementWithKeys(SignedElement $element, $pemCandidates)
BC compatible version of the signature check.
Definition: AbstractChainedValidator.php:31
SAML2\Configuration\CertificateProvider
CertificateProvider interface.
Definition: CertificateProvider.php:8
$certificate
if(@file_exists(dirname(__FILE__).'/lang/eng.php')) $certificate
Definition: example_052.php:77
SAML2\SignedElement\getCertificates
getCertificates()
Retrieve the certificates that are included in the element (if any).
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SAML2\Certificate\X509\createFromCertificateData
static createFromCertificateData($certificateContents)
Definition: X509.php:15
SAML2\Signature\ValidatorInterface\hasValidSignature
hasValidSignature(SignedElement $signedElement, CertificateProvider $configuration)
Validate the signature of the signed Element based on the configuration.
Psr\Log\LoggerInterface
Describes a logger instance.
Definition: LoggerInterface.php:20
SAML2\Signature\FingerprintValidator\__construct
__construct(LoggerInterface $logger, FingerprintLoader $fingerprintLoader)
Definition: FingerprintValidator.php:31
SAML2\Signature\FingerprintValidator
Validates the signature based on the fingerprint of the certificate.
Definition: FingerprintValidator.php:16
SAML2\Configuration\CertificateProvider\getCertificateFingerprints
getCertificateFingerprints()
Returns an array or where each element represents a certificate fingerprint.
SAML2\Signature\FingerprintValidator\canValidate
canValidate(SignedElement $signedElement, CertificateProvider $configuration)
Test whether or not this link in the chain can validate the signedElement signature.
Definition: FingerprintValidator.php:40