public function validateReference()
{
$docElem = $this->sigNode->ownerDocument->documentElement;
if (!$docElem->isSameNode($this->sigNode)) {
$this->sigNode->parentNode->removeChild($this->sigNode);
}
$xpath = $this->getXPathObj();
$query = "./secdsig:SignedInfo/secdsig:Reference";
$nodeset = $xpath->query($query, $this->sigNode);
if ($nodeset->length == 0) {
throw new Exception("Reference nodes not found");
}
/* Initialize/reset the list of validated nodes. */
$this->validatedNodes = array();
foreach ($nodeset as $refNode) {
if (!$this->processRefNode($refNode)) {
/* Clear the list of validated nodes. */
$this->validatedNodes = null;
throw new Exception("Reference validation failed");
}
}
return true;
} /**
* @return bool
* @throws Exception
*/
public function isValid()
{
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($this->_document);
if (!$objDSig) {
throw new Exception('Cannot locate Signature Node');
}
$objXMLSecDSig->canonicalizeSignedInfo();
$objXMLSecDSig->idKeys = array('ID');
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
throw new Exception('Reference Validation Failed');
}
$singleAssertion = $this->validateNumAssertions();
if (!$singleAssertion) {
throw new Exception('Multiple assertions are not supported');
}
$validTimestamps = $this->validateTimestamps();
if (!$validTimestamps) {
throw new Exception('Timing issues (please check your clock settings)
');
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
throw new Exception('We have no idea about the key');
}
XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
$objKey->loadKey($this->_settings->idpPublicCertificate, FALSE, TRUE);
return $objXMLSecDSig->verify($objKey) === 1;
}
