public function locateSignature($objDoc, $pos = 0)
{
if ($objDoc instanceof DOMDocument) {
$doc = $objDoc;
} else {
$doc = $objDoc->ownerDocument;
}
if ($doc) {
$xpath = new DOMXPath($doc);
$xpath->registerNamespace('secdsig', XMLSecurityDSig::XMLDSIGNS);
$query = ".//secdsig:Signature";
$nodeset = $xpath->query($query, $objDoc);
$this->sigNode = $nodeset->item($pos);
return $this->sigNode;
}
return null;
} public function is_valid()
{
$objXMLSecDSig = new XMLSecurityDSig();
$objDSig = $objXMLSecDSig->locateSignature($this->document);
if (!$objDSig) {
throw new Exception("Cannot locate Signature Node");
}
$objXMLSecDSig->canonicalizeSignedInfo();
$objXMLSecDSig->idKeys = array('ID');
$retVal = $objXMLSecDSig->validateReference();
if (!$retVal) {
throw new Exception("Reference Validation Failed");
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
throw new Exception("We have no idea about the key");
}
$key = null;
$singleAssertion = $this->validateNumAssertions();
if (!$singleAssertion) {
throw new Exception("Only one SAMLAssertion allowed");
}
$validTimestamps = $this->validateTimestamps();
if (!$validTimestamps) {
throw new Exception("SAMLAssertion conditions not met");
}
$objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
$objKey->loadKey($this->settings->x509certificate, false, true);
$result = $objXMLSecDSig->verify($objKey);
return $result;
}
