/**
* Add a signature validator based on a SSL context.
*
* @param \SAML2\Message $msg The message we should add a validator to.
* @param resource $context The stream context.
*/
private static function addSSLValidator(Message $msg, $context)
{
$options = stream_context_get_options($context);
if (!isset($options['ssl']['peer_certificate'])) {
return;
}
//$out = '';
//openssl_x509_export($options['ssl']['peer_certificate'], $out);
$key = openssl_pkey_get_public($options['ssl']['peer_certificate']);
if ($key === false) {
Utils::getContainer()->getLogger()->warning('Unable to get public key from peer certificate.');
return;
}
$keyInfo = openssl_pkey_get_details($key);
if ($keyInfo === false) {
Utils::getContainer()->getLogger()->warning('Unable to get key details from public key.');
return;
}
if (!isset($keyInfo['key'])) {
Utils::getContainer()->getLogger()->warning('Missing key in public key details.');
return;
}
$msg->addValidator(array('\\SAML2\\SOAPClient', 'validateSSL'), $keyInfo['key']);
}