/**
* @test
* @group signature
*/
public function signed_message_with_valid_signature_is_validated_correctly()
{
$pattern = Certificate::CERTIFICATE_PATTERN;
preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches);
$certdata = X509::createFromCertificateData($matches[1]);
$fingerprint = $certdata->getFingerprint();
$fingerprint_retry = $certdata->getFingerprint();
$this->assertTrue($fingerprint->equals($fingerprint_retry), 'Cached fingerprint does not match original');
$config = new IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw())));
$validator = new FingerprintValidator(new SimpleTestLogger(), new FingerprintLoader());
$doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml');
$response = new Response($doc->firstChild);
$response->setSignatureKey(CertificatesMock::getPrivateKey());
$response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM));
// convert to signed response
$response = new Response($response->toSignedXML());
$this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
$this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
}
/**
* @param \SAML2\SignedElement $signedElement
* @param \SAML2\Configuration\CertificateProvider $configuration
*
* @return bool
*/
public function hasValidSignature(SignedElement $signedElement, CertificateProvider $configuration)
{
$this->certificates = array_map(function ($certificate) {
return X509::createFromCertificateData($certificate);
}, $this->certificates);
$fingerprintCollection = $this->fingerprintLoader->loadFromConfiguration($configuration);
$pemCandidates = array();
foreach ($this->certificates as $certificate) {
/** @var \SAML2\Certificate\X509 $certificate */
$certificateFingerprint = $certificate->getFingerprint();
if ($fingerprintCollection->contains($certificateFingerprint)) {
$pemCandidates[] = $certificate;
}
}
if (empty($pemCandidates)) {
$this->logger->debug('Unable to match a certificate of the SignedElement matching a configured fingerprint');
return false;
}
return $this->validateElementWithKeys($signedElement, $pemCandidates);
}
/**
* Loads the certificate in the file given
*
* @param string $certificateFile the full path to the cert file.
*/
public function loadCertificateFile($certificateFile)
{
$certificate = File::getFileContents($certificateFile);
if (!Certificate::hasValidStructure($certificate)) {
throw new InvalidCertificateStructureException(sprintf('Could not find PEM encoded certificate in "%s"', $certificateFile));
}
// capture the certificate contents without the delimiters
preg_match(Certificate::CERTIFICATE_PATTERN, $certificate, $matches);
$this->loadedKeys->add(X509::createFromCertificateData($matches[1]));
}