You are here

Home » API reference » SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7 » Utilities.php » Utilities

public static function Utilities::validateSignature in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

2 calls to Utilities::validateSignature()
SAML2_Assertion::validate in includes/Assertion.php
Validate this assertion against a public key.
Utilities::checkSign in includes/Utilities.php

File

includes/Utilities.php, line 846

Class

Utilities
This file is part of miniOrange SAML plugin.

Code

public static function validateSignature(array $info, XMLSecurityKey $key) {

  //assert('array_key_exists("Signature", $info)');

  /** @var XMLSecurityDSig $objXMLSecDSig */
  $objXMLSecDSig = $info['Signature'];
  $sigMethod = self::xpQuery($objXMLSecDSig->sigNode, './ds:SignedInfo/ds:SignatureMethod');
  if (empty($sigMethod)) {
    echo sprintf('Missing SignatureMethod element');
    exit;
  }
  $sigMethod = $sigMethod[0];
  if (!$sigMethod
    ->hasAttribute('Algorithm')) {
    echo sprintf('Missing Algorithm-attribute on SignatureMethod element.');
    exit;
  }
  $algo = $sigMethod
    ->getAttribute('Algorithm');
  if ($key->type === XMLSecurityKey::RSA_SHA1 && $algo !== $key->type) {
    $key = self::castKey($key, $algo);
  }

  /* Check the signature. */
  if (!$objXMLSecDSig
    ->verify($key)) {
    echo sprintf('Unable to validate Sgnature');
    exit;
  }
}