You are here

public function XMLSecurityDSig::processRefNode in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

Parameters

DOMNode $refNode:

Return value

bool

1 call to XMLSecurityDSig::processRefNode()
XMLSecurityDSig::validateReference in includes/XMLSecurityKey.php

File

includes/XMLSecurityKey.php, line 1176

Class

XMLSecurityDSig

Code

public function processRefNode($refNode) {
  $dataObject = null;

  /*
   * Depending on the URI, we may not want to include comments in the result
   * See: http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel
   */
  $includeCommentNodes = true;
  if ($uri = $refNode
    ->getAttribute("URI")) {
    $arUrl = parse_url($uri);
    if (empty($arUrl['path'])) {
      if ($identifier = $arUrl['fragment']) {

        /* This reference identifies a node with the given id by using
         * a URI on the form "#identifier". This should not include comments.
         */
        $includeCommentNodes = false;
        $xPath = new DOMXPath($refNode->ownerDocument);
        if ($this->idNS && is_array($this->idNS)) {
          foreach ($this->idNS as $nspf => $ns) {
            $xPath
              ->registerNamespace($nspf, $ns);
          }
        }
        $iDlist = '@Id="' . XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE) . '"';
        if (is_array($this->idKeys)) {
          foreach ($this->idKeys as $idKey) {
            $iDlist .= " or @" . XPath::filterAttrName($idKey) . '="' . XPath::filterAttrValue($identifier, XPath::DOUBLE_QUOTE) . '"';
          }
        }
        $query = '//*[' . $iDlist . ']';
        $dataObject = $xPath
          ->query($query)
          ->item(0);
      }
      else {
        $dataObject = $refNode->ownerDocument;
      }
    }
  }
  else {

    /* This reference identifies the root node with an empty URI. This should
     * not include comments.
     */
    $includeCommentNodes = false;
    $dataObject = $refNode->ownerDocument;
  }
  $data = $this
    ->processTransforms($refNode, $dataObject, $includeCommentNodes);
  if (!$this
    ->validateDigest($refNode, $data)) {
    return false;
  }
  if ($dataObject instanceof DOMNode) {

    /* Add this node to the list of validated nodes. */
    if (!empty($identifier)) {
      $this->validatedNodes[$identifier] = $dataObject;
    }
    else {
      $this->validatedNodes[] = $dataObject;
    }
  }
  return true;
}