/** * @param Assertion $assertion * @param int $now * @param int $allowedSecondsSkew */ protected function validateConditions(Assertion $assertion, $now, $allowedSecondsSkew) { if (false == $assertion->getConditions()) { return; } if (false == Helper::validateNotBefore($assertion->getConditions()->getNotBeforeTimestamp(), $now, $allowedSecondsSkew)) { throw new LightSamlValidationException('Conditions.NotBefore must not be in the future'); } if (false == Helper::validateNotOnOrAfter($assertion->getConditions()->getNotOnOrAfterTimestamp(), $now, $allowedSecondsSkew)) { throw new LightSamlValidationException('Conditions.NotOnOrAfter must not be in the past'); } }
protected function validateConditions(Assertion $assertion) { if (false == $assertion->getConditions()) { return; } $this->validateConditionsInterval($assertion->getConditions()); $oneTimeUseSeen = $proxyRestrictionSeen = false; foreach ($assertion->getConditions()->getAllItems() as $item) { if ($item instanceof OneTimeUse) { if ($oneTimeUseSeen) { throw new LightSamlValidationException('Assertion contained more than one condition of type OneTimeUse'); } $oneTimeUseSeen = true; } elseif ($item instanceof ProxyRestriction) { if ($proxyRestrictionSeen) { throw new LightSamlValidationException('Assertion contained more than one condition of type ProxyRestriction'); } $proxyRestrictionSeen = true; $this->validateProxyRestriction($item); } elseif ($item instanceof AudienceRestriction) { $this->validateAudienceRestriction($item); } } }