コード例 #1
0
 /**
  * @param Request $request
  * @return AuthnRequest
  * @throws \Exception
  *
  * @SuppressWarnings(PHPMD.CyclomaticComplexity)
  * @SuppressWarnings(PHPMD.NPathComplexity)
  */
 public function processRequest(Request $request)
 {
     if (!$this->entityRepository) {
         throw new LogicException('RedirectBinding::processRequest requires a ServiceProviderRepository to be configured');
     }
     $rawSamlRequest = $request->get(AuthnRequest::PARAMETER_REQUEST);
     if (!$rawSamlRequest) {
         throw new BadRequestHttpException(sprintf('Required GET parameter "%s" is missing', AuthnRequest::PARAMETER_REQUEST));
     }
     if ($request->get(AuthnRequest::PARAMETER_SIGNATURE) && !$request->get(AuthnRequest::PARAMETER_SIGNATURE_ALGORITHM)) {
         throw new BadRequestHttpException(sprintf('The request includes a signature "%s", but does not include the signature algorithm (SigAlg) parameter', $request->get('Signature')));
     }
     $authnRequest = AuthnRequestFactory::createFromHttpRequest($request);
     $currentUri = $this->getFullRequestUri($request);
     if (!$authnRequest->getDestination() === $currentUri) {
         throw new BadRequestHttpException(sprintf('Actual Destination "%s" does no match the AuthnRequest Destination "%s"', $currentUri, $authnRequest->getDestination()));
     }
     if (!$this->entityRepository->hasServiceProvider($authnRequest->getServiceProvider())) {
         throw new UnknownServiceProviderException($authnRequest->getServiceProvider());
     }
     if (!$authnRequest->isSigned()) {
         return $authnRequest;
     }
     if (!$authnRequest->getSignatureAlgorithm()) {
         throw new BadRequestHttpException(sprintf('The SAMLRequest has to be signed with SHA256 algorithm: "%s"', XMLSecurityKey::RSA_SHA256));
     }
     $serviceProvider = $this->entityRepository->getServiceProvider($authnRequest->getServiceProvider());
     if (!$this->signatureVerifier->hasValidSignature($authnRequest, $serviceProvider)) {
         throw new BadRequestHttpException('The SAMLRequest has been signed, but the signature could not be validated');
     }
     return $authnRequest;
 }
コード例 #2
0
 /**
  * @param $authnRequest
  */
 private function verifySignature(AuthnRequest $authnRequest)
 {
     if (!$authnRequest->isSigned()) {
         throw new BadRequestHttpException('The SAMLRequest has to be signed');
     }
     if (!$authnRequest->getSignatureAlgorithm()) {
         throw new BadRequestHttpException(sprintf('The SAMLRequest has to be signed with SHA256 algorithm: "%s"', XMLSecurityKey::RSA_SHA256));
     }
     $serviceProvider = $this->entityRepository->getServiceProvider($authnRequest->getServiceProvider());
     if (!$this->signatureVerifier->hasValidSignature($authnRequest, $serviceProvider)) {
         throw new BadRequestHttpException('The SAMLRequest has been signed, but the signature could not be validated');
     }
 }