/** * Verify the bundled assertion * * Verifies if the bundled assertion is valid. * * @access public * @param int $now Unix timestamp in milliseconds * @return array Containing the array of certificates as 'certChain', the additional assertion payload as 'payload' and an assertion object as 'assertion' */ public function verify($now) { // no certs? not okay if (sizeof($this->certs) == 0) { throw new \Exception("no certificates provided"); } // simplify error message try { // verify the chain $certChain = $this->verifyChain($now); } catch (Exception $e) { $err = $e->getMessage(); // allow through the malformed signature if ($err == 'malformed signature' || $err == "assertion issued later than verification date" || $err == "assertion has expired") { throw $e; } else { throw new \Exception("bad signature in chain"); } } // what was the last PK in the successful chain? $lastPK = $certChain[sizeof($certChain) - 1]->getCertParams()->getPublicKey(); $token = WebToken::parse($this->signedAssertion); if (!$token->verify($lastPK)) { throw new \Exception("signed assertion was not valid signed"); } // now verify the assertion $payload = $token->getPayload(); $assertion = Assertion::deserialize($payload); if (!$assertion->verify($now)) { throw new \Exception("assertion is not valid"); } return array("certChain" => $certChain, "payload" => $payload, "assertion" => $assertion); }
/** * Deserialize parameters * * Creates an instance based on the parameter object. The used parameters will be removed from params. * * @param array $params An array of parameters, used ones will be removed * @return Cert An instance of a certificate */ public static function deserialize($params) { $assertion = Assertion::deserialize($params); $certParams = CertParams::deserialize($params); return new Cert($assertion, $certParams, $params); }