ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
FingerprintValidator.php
Go to the documentation of this file.
1<?php
2
3namespace SAML2\Signature;
4
5use Psr\Log\LoggerInterface;
6use SAML2\Certificate\FingerprintLoader;
7use SAML2\Certificate\X509;
8use SAML2\Configuration\CertificateProvider;
9use SAML2\SignedElement;
10
16class FingerprintValidator extends AbstractChainedValidator
17{
21 private $certificates;
22
26 private $fingerprintLoader;
27
31 public function __construct(
32 LoggerInterface $logger,
33 FingerprintLoader $fingerprintLoader
34 ) {
35 $this->fingerprintLoader = $fingerprintLoader;
36
37 parent::__construct($logger);
38 }
39
40 public function canValidate(
41 SignedElement $signedElement,
42 CertificateProvider $configuration
43 ) {
44 if ($configuration->getCertificateFingerprints() === null) {
45 $this->logger->debug(
46 'Configuration does not have "certFingerprint" value, cannot validate signature with fingerprint'
47 );
48 return false;
49 }
50
51 // use internal cache to prevent doing certificate extraction twice.
52 $this->certificates = $signedElement->getCertificates();
53 if (empty($this->certificates)) {
54 $this->logger->debug(
55 'Signed element does not have certificates, cannot validate signature with fingerprint'
56 );
57 return false;
58 }
59
60 return true;
61 }
62
69 public function hasValidSignature(
70 SignedElement $signedElement,
71 CertificateProvider $configuration
72 ) {
73 $this->certificates = array_map(function ($certificate) {
74 return X509::createFromCertificateData($certificate);
75 }, $this->certificates);
76
77 $fingerprintCollection = $this->fingerprintLoader->loadFromConfiguration($configuration);
78
79 $pemCandidates = array();
80 foreach ($this->certificates as $certificate) {
82 $certificateFingerprint = $certificate->getFingerprint();
83 if ($fingerprintCollection->contains($certificateFingerprint)) {
84 $pemCandidates[] = $certificate;
85 }
86 }
87
88 if (empty($pemCandidates)) {
89 $this->logger->debug(
90 'Unable to match a certificate of the SignedElement matching a configured fingerprint'
91 );
92
93 return false;
94 }
95
96 return $this->validateElementWithKeys($signedElement, $pemCandidates);
97 }
98}
php
An exception for terminatinating execution or to throw for unit testing.
SAML2\Certificate\X509
Specific Certificate Key.
Definition: X509.php:9
SAML2\Certificate\X509\createFromCertificateData
static createFromCertificateData($certificateContents)
Definition: X509.php:15
SAML2\Signature\AbstractChainedValidator\validateElementWithKeys
validateElementWithKeys(SignedElement $element, $pemCandidates)
BC compatible version of the signature check.
Definition: AbstractChainedValidator.php:31
SAML2\Signature\FingerprintValidator
Validates the signature based on the fingerprint of the certificate.
Definition: FingerprintValidator.php:17
SAML2\Signature\FingerprintValidator\canValidate
canValidate(SignedElement $signedElement, CertificateProvider $configuration)
Test whether or not this link in the chain can validate the signedElement signature.
Definition: FingerprintValidator.php:40
SAML2\Signature\FingerprintValidator\__construct
__construct(LoggerInterface $logger, FingerprintLoader $fingerprintLoader)
Definition: FingerprintValidator.php:31
$certificate
if(@file_exists(dirname(__FILE__).'/lang/eng.php')) $certificate
Definition: example_052.php:77
Psr\Log\LoggerInterface
Describes a logger instance.
Definition: LoggerInterface.php:21
SAML2\Configuration\CertificateProvider\getCertificateFingerprints
getCertificateFingerprints()
Returns an array or \Traversable where each element represents a certificate fingerprint.
SAML2\Signature\ValidatorInterface\hasValidSignature
hasValidSignature(SignedElement $signedElement, CertificateProvider $configuration)
Validate the signature of the signed Element based on the configuration.
SAML2\SignedElement\getCertificates
getCertificates()
Retrieve the certificates that are included in the element (if any).