/**
* @param SAML2_Response $response
* @param SAML2_Configuration_IdentityProvider $identityProviderConfiguration
*/
private function verifySignature(SAML2_Response $response, SAML2_Configuration_IdentityProvider $identityProviderConfiguration)
{
if (!$response->isMessageConstructedWithSignature()) {
$this->logger->info(sprintf('SAMLResponse with id "%s" was not signed at root level, not attempting to verify the signature of the' . ' reponse itself', $response->getId()));
return;
}
$this->logger->info(sprintf('Attempting to verify the signature of SAMLResponse with id "%s"', $response->getId()));
$this->responseIsSigned = TRUE;
if (!$this->signatureValidator->hasValidSignature($response, $identityProviderConfiguration)) {
throw new SAML2_Response_Exception_InvalidResponseException();
}
}
/**
* @param SAML2_Assertion|SAML2_EncryptedAssertion $assertion
*
* @return SAML2_Assertion
*/
public function process($assertion)
{
$assertion = $this->decryptAssertion($assertion);
if (!$assertion->getWasSignedAtConstruction()) {
$this->logger->info(sprintf('Assertion with id "%s" was not signed at construction, not verifying the signature', $assertion->getId()));
} else {
$this->logger->info(sprintf('Verifying signature of Assertion with id "%s"', $assertion->getId()));
if (!$this->signatureValidator->hasValidSignature($assertion, $this->identityProviderConfiguration)) {
throw new SAML2_Response_Exception_InvalidSignatureException();
}
}
$this->validateAssertion($assertion);
$assertion = $this->transformAssertion($assertion);
return $assertion;
}
/**
* @expectedException Exception
* @expectedExceptionMessage Reference validation failed
*/
public function testThatASignatureReferencingAnotherAssertionIsNotValid()
{
$assertion = $this->getSignedAssertionWithSignatureThatReferencesAnotherAssertion();
$this->signatureValidator->hasValidSignature($assertion, $this->identityProviderConfiguration);
}
