/**
* Verify the bundled assertion
*
* Verifies if the bundled assertion is valid.
*
* @access public
* @param int $now Unix timestamp in milliseconds
* @return array Containing the array of certificates as 'certChain', the additional assertion payload as 'payload' and an assertion object as 'assertion'
*/
public function verify($now)
{
// no certs? not okay
if (sizeof($this->certs) == 0) {
throw new \Exception("no certificates provided");
}
// simplify error message
try {
// verify the chain
$certChain = $this->verifyChain($now);
} catch (Exception $e) {
$err = $e->getMessage();
// allow through the malformed signature
if ($err == 'malformed signature' || $err == "assertion issued later than verification date" || $err == "assertion has expired") {
throw $e;
} else {
throw new \Exception("bad signature in chain");
}
}
// what was the last PK in the successful chain?
$lastPK = $certChain[sizeof($certChain) - 1]->getCertParams()->getPublicKey();
$token = WebToken::parse($this->signedAssertion);
if (!$token->verify($lastPK)) {
throw new \Exception("signed assertion was not valid signed");
}
// now verify the assertion
$payload = $token->getPayload();
$assertion = Assertion::deserialize($payload);
if (!$assertion->verify($now)) {
throw new \Exception("assertion is not valid");
}
return array("certChain" => $certChain, "payload" => $payload, "assertion" => $assertion);
}
/**
* Deserialize parameters
*
* Creates an instance based on the parameter object. The used parameters will be removed from params.
*
* @param array $params An array of parameters, used ones will be removed
* @return Cert An instance of a certificate
*/
public static function deserialize($params)
{
$assertion = Assertion::deserialize($params);
$certParams = CertParams::deserialize($params);
return new Cert($assertion, $certParams, $params);
}
