You are here

public function XMLSecurityKey::verifySignature in SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 7

Verifies the data (string) against the given signature using the extension assigned to the type in the constructor.

Returns in case of openSSL: 1 on succesful signature verification, 0 when signature verification failed, -1 if an error occurred during processing.

NOTE: be very careful when checking the return value, because in PHP, -1 will be cast to True when in boolean context. So always check the return value in a strictly typed way, e.g. "$obj->verify(...) === 1".

Parameters

string $data:

string $signature:

Return value

bool|int

File

includes/XMLSecurityKey.php, line 599

Class

XMLSecurityKey

Code

public function verifySignature($data, $signature) {
  switch ($this->cryptParams['library']) {
    case 'openssl':
      return $this
        ->verifyOpenSSL($data, $signature);
    case self::HMAC_SHA1:
      $expectedSignature = hash_hmac("sha1", $data, $this->key, true);
      return strcmp($signature, $expectedSignature) == 0;
  }
}