/**
* Validate the signature on a HTTP-Redirect message.
*
* Throws an exception if we are unable to validate the signature.
*
* @param array $data The data we need to validate the query string.
* @param XMLSecurityKey $key The key we should validate the query against.
* @throws Exception
*/
public static function validateSignature(array $data, XMLSecurityKey $key)
{
assert('array_key_exists("Query", $data)');
assert('array_key_exists("SigAlg", $data)');
assert('array_key_exists("Signature", $data)');
$query = $data['Query'];
$sigAlg = $data['SigAlg'];
$signature = $data['Signature'];
$signature = base64_decode($signature);
if ($key->type !== XMLSecurityKey::RSA_SHA1) {
throw new Exception('Invalid key type for validating signature on query string.');
}
if ($key->type !== $sigAlg) {
$key = SAML2_Utils::castKey($key, $sigAlg);
}
if (!$key->verifySignature($query, $signature)) {
throw new Exception('Unable to validate signature on query string.');
}
}
