public function validateSignedElements($signedElements)
{
if (count($signedElements) > 2) {
return false;
}
$responseTag = '{' . OneLogin_Saml2_Constants::NS_SAMLP . '}Response';
$assertionTag = '{' . OneLogin_Saml2_Constants::NS_SAML . '}Assertion';
$ocurrence = array_count_values($signedElements);
if (in_array($responseTag, $signedElements) && $ocurrence[$responseTag] > 1 || in_array($assertionTag, $signedElements) && $ocurrence[$assertionTag] > 1 || !in_array($responseTag, $signedElements) && !in_array($assertionTag, $signedElements)) {
return false;
}
// Check that the signed elements found here, are the ones that will be verified
// by OneLogin_Saml2_Utils->validateSign()
if (in_array($responseTag, $signedElements)) {
$expectedSignatureNodes = OneLogin_Saml2_Utils::query($this->document, OneLogin_Saml2_Utils::RESPONSE_SIGNATURE_XPATH);
if ($expectedSignatureNodes->length != 1) {
throw new Exception("Unexpected number of Response signatures found. SAML Response rejected.");
}
}
if (in_array($assertionTag, $signedElements)) {
$expectedSignatureNodes = $this->_query(OneLogin_Saml2_Utils::ASSERTION_SIGNATURE_XPATH);
if ($expectedSignatureNodes->length != 1) {
throw new Exception("Unexpected number of Assertion signatures found. SAML Response rejected.");
}
}
return true;
}
