private static function createSubjectConfirmationValidator(SAML2_Configuration_IdentityProvider $identityProvider, SAML2_Configuration_ServiceProvider $serviceProvider, SAML2_Configuration_Destination $currentDestination, SAML2_Response $response)
{
$validator = new SAML2_Assertion_Validation_SubjectConfirmationValidator($identityProvider, $serviceProvider);
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationMethod());
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationNotBefore());
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationNotOnOrAfter());
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationRecipientMatches($currentDestination));
$validator->addConstraintValidator(new SAML2_Assertion_Validation_ConstraintValidator_SubjectConfirmationResponseToMatches($response));
return $validator;
}
/**
* @param SAML2_Assertion $assertion
*/
public function validateAssertion(SAML2_Assertion $assertion)
{
$assertionValidationResult = $this->assertionValidator->validate($assertion);
if (!$assertionValidationResult->isValid()) {
throw new SAML2_Assertion_Exception_InvalidAssertionException(sprintf('Invalid Assertion in SAML Response, erorrs: "%s"', implode('", "', $assertionValidationResult->getErrors())));
}
foreach ($assertion->getSubjectConfirmation() as $subjectConfirmation) {
$subjectConfirmationValidationResult = $this->subjectConfirmationValidator->validate($subjectConfirmation);
if (!$subjectConfirmationValidationResult->isValid()) {
throw new SAML2_Assertion_Exception_InvalidSubjectConfirmationException(sprintf('Invalid SubjectConfirmation in Assertion, errors: "%s"', implode('", "', $subjectConfirmationValidationResult->getErrors())));
}
}
}
