/**
* BC compatible version of the signature check
*
* @param SAML2_SignedElement $element
* @param SAML2_Certificate_X509[] $pemCandidates
*
* @throws Exception
*
* @return bool
*/
protected function validateElementWithKeys(SAML2_SignedElement $element, $pemCandidates)
{
$lastException = NULL;
foreach ($pemCandidates as $index => $candidateKey) {
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
$key->loadKey($candidateKey->getCertificate());
try {
/*
* Make sure that we have a valid signature on either the response or the assertion.
*/
$result = $element->validate($key);
if ($result) {
$this->logger->debug(sprintf('Validation with key "#%d" succeeded', $index));
return TRUE;
}
$this->logger->debug(sprintf('Validation with key "#%d" failed without exception.', $index));
} catch (Exception $e) {
$this->logger->debug(sprintf('Validation with key "#%d" failed with exception: %s', $index, $e->getMessage()));
$lastException = $e;
}
}
if ($lastException !== NULL) {
throw $lastException;
} else {
return FALSE;
}
}
