/** * Add a signature validator based on a SSL context. * * @param SAML2_Message $msg The message we should add a validator to. * @param resource $context The stream context. */ private static function addSSLValidator(SAML2_Message $msg, $context) { $options = stream_context_get_options($context); if (!isset($options['ssl']['peer_certificate'])) { return; } //$out = ''; //openssl_x509_export($options['ssl']['peer_certificate'], $out); $key = openssl_pkey_get_public($options['ssl']['peer_certificate']); if ($key === FALSE) { SimpleSAML_Logger::warning('Unable to get public key from peer certificate.'); return; } $keyInfo = openssl_pkey_get_details($key); if ($keyInfo === FALSE) { SimpleSAML_Logger::warning('Unable to get key details from public key.'); return; } if (!isset($keyInfo['key'])) { SimpleSAML_Logger::warning('Missing key in public key details.'); return; } $msg->addValidator(array('SAML2_SOAPClient', 'validateSSL'), $keyInfo['key']); }