SAML2\Signature\FingerprintValidator::hasValidSignature PHP Method

FingerprintValidator Class Documentation Usage Examples Of SAML2\Signature\FingerprintValidator::hasValidSignature Show file Open project: simplesamlphp/saml2

hasValidSignature() public method

public hasValidSignature ( SAML2\SignedElement $signedElement, SAML2\Configuration\CertificateProvider $configuration ) : boolean
$signedElement	SAML2\SignedElement
$configuration	SAML2\Configuration\CertificateProvider
return	boolean

    public function hasValidSignature(SignedElement $signedElement, CertificateProvider $configuration)
    {
        $this->certificates = array_map(function ($certificate) {
            return X509::createFromCertificateData($certificate);
        }, $this->certificates);
        $fingerprintCollection = $this->fingerprintLoader->loadFromConfiguration($configuration);
        $pemCandidates = array();
        foreach ($this->certificates as $certificate) {
            /** @var \SAML2\Certificate\X509 $certificate */
            $certificateFingerprint = $certificate->getFingerprint();
            if ($fingerprintCollection->contains($certificateFingerprint)) {
                $pemCandidates[] = $certificate;
            }
        }
        if (empty($pemCandidates)) {
            $this->logger->debug('Unable to match a certificate of the SignedElement matching a configured fingerprint');
            return false;
        }
        return $this->validateElementWithKeys($signedElement, $pemCandidates);
    }

Usage Example

Example #1

Show file

File: FingerprintValidatorTest.php Project: SysBind/saml2

 /**
  * @test
  * @group signature
  */
 public function signed_message_with_valid_signature_is_validated_correctly()
 {
     $pattern = Certificate::CERTIFICATE_PATTERN;
     preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches);
     $certdata = X509::createFromCertificateData($matches[1]);
     $fingerprint = $certdata->getFingerprint();
     $fingerprint_retry = $certdata->getFingerprint();
     $this->assertTrue($fingerprint->equals($fingerprint_retry), 'Cached fingerprint does not match original');
     $config = new IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw())));
     $validator = new FingerprintValidator(new SimpleTestLogger(), new FingerprintLoader());
     $doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml');
     $response = new Response($doc->firstChild);
     $response->setSignatureKey(CertificatesMock::getPrivateKey());
     $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM));
     // convert to signed response
     $response = new Response($response->toSignedXML());
     $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
     $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
 }

FingerprintValidator

__construct

canValidate

hasValidSignature