Formates a fingerprint.
public static formatFingerPrint ( string $fingerprint ) : string | ||
$fingerprint | string | fingerprint |
return | string | Formatted fingerprint |
/** * Tests the formatFingerPrint method of the OneLogin_Saml2_Utils * * @covers OneLogin_Saml2_Utils::formatFingerPrint */ public function testFormatFingerPrint() { $fingerPrint1 = 'AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9'; $this->assertEquals('afe71c28ef740bc87425be13a2263d37971da1f9', OneLogin_Saml2_Utils::formatFingerPrint($fingerPrint1)); $fingerPrint2 = 'afe71c28ef740bc87425be13a2263d37971da1f9'; $this->assertEquals('afe71c28ef740bc87425be13a2263d37971da1f9', OneLogin_Saml2_Utils::formatFingerPrint($fingerPrint2)); }
/** * Validates a signature (Message or Assertion). * * @param string|DomDocument $xml The element we should validate * @param string|null $cert The pubic cert * @param string|null $fingerprint The fingerprint of the public cert */ public static function validateSign($xml, $cert = null, $fingerprint = null) { if ($xml instanceof DOMDocument) { $dom = clone $xml; } else { if ($xml instanceof DOMElement) { $dom = clone $xml->ownerDocument; } else { $dom = new DOMDocument(); $dom = self::loadXML($dom, $xml); } } $objXMLSecDSig = new XMLSecurityDSig(); $objXMLSecDSig->idKeys = array('ID'); $objDSig = $objXMLSecDSig->locateSignature($dom); if (!$objDSig) { throw new Exception('Cannot locate Signature Node'); } $objKey = $objXMLSecDSig->locateKey(); if (!$objKey) { throw new Exception('We have no idea about the key'); } $objXMLSecDSig->canonicalizeSignedInfo(); try { $retVal = $objXMLSecDSig->validateReference(); } catch (Exception $e) { throw $e; } XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig); if (!empty($cert)) { $objKey->loadKey($cert, false, true); return $objXMLSecDSig->verify($objKey) === 1; } else { $domCert = $objKey->getX509Certificate(); $domCertFingerprint = OneLogin_Saml2_Utils::calculateX509Fingerprint($domCert); if (OneLogin_Saml2_Utils::formatFingerPrint($fingerprint) !== $domCertFingerprint) { return false; } else { $objKey->loadKey($domCert, false, true); return $objXMLSecDSig->verify($objKey) === 1; } } }
/** * Validates a signature (Message or Assertion). * * @param string|DomDocument $xml The element we should validate * @param string|null $cert The pubic cert * @param string|null $fingerprint The fingerprint of the public cert * @param string|null $fingerprintalg The algorithm used to get the fingerprint */ public static function validateSign($xml, $cert = null, $fingerprint = null, $fingerprintalg = 'sha1') { if ($xml instanceof DOMDocument) { $dom = clone $xml; } else { if ($xml instanceof DOMElement) { $dom = clone $xml->ownerDocument; } else { $dom = new DOMDocument(); $dom = self::loadXML($dom, $xml); } } # Check if Reference URI is empty try { $signatureElems = $dom->getElementsByTagName('Signature'); foreach ($signatureElems as $signatureElem) { $referenceElems = $dom->getElementsByTagName('Reference'); if (count($referenceElems) > 0) { $referenceElem = $referenceElems->item(0); if ($referenceElem->getAttribute('URI') == '') { $referenceElem->setAttribute('URI', '#' . $signatureElem->parentNode->getAttribute('ID')); } } } } catch (Exception $e) { continue; } $objXMLSecDSig = new XMLSecurityDSig(); $objXMLSecDSig->idKeys = array('ID'); $objDSig = $objXMLSecDSig->locateSignature($dom); if (!$objDSig) { throw new Exception('Cannot locate Signature Node'); } $objKey = $objXMLSecDSig->locateKey(); if (!$objKey) { throw new Exception('We have no idea about the key'); } $objXMLSecDSig->canonicalizeSignedInfo(); try { $retVal = $objXMLSecDSig->validateReference(); } catch (Exception $e) { throw $e; } XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig); if (!empty($cert)) { $objKey->loadKey($cert, false, true); return $objXMLSecDSig->verify($objKey) === 1; } else { $domCert = $objKey->getX509Certificate(); $domCertFingerprint = OneLogin_Saml2_Utils::calculateX509Fingerprint($domCert, $fingerprintalg); if (OneLogin_Saml2_Utils::formatFingerPrint($fingerprint) !== $domCertFingerprint) { return false; } else { $objKey->loadKey($domCert, false, true); return $objXMLSecDSig->verify($objKey) === 1; } } }