Formates a fingerprint.
| public static formatFingerPrint ( string $fingerprint ) : string | ||
| $fingerprint | string | fingerprint |
| 리턴 | string | Formatted fingerprint |
/**
* Tests the formatFingerPrint method of the OneLogin_Saml2_Utils
*
* @covers OneLogin_Saml2_Utils::formatFingerPrint
*/
public function testFormatFingerPrint()
{
$fingerPrint1 = 'AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9';
$this->assertEquals('afe71c28ef740bc87425be13a2263d37971da1f9', OneLogin_Saml2_Utils::formatFingerPrint($fingerPrint1));
$fingerPrint2 = 'afe71c28ef740bc87425be13a2263d37971da1f9';
$this->assertEquals('afe71c28ef740bc87425be13a2263d37971da1f9', OneLogin_Saml2_Utils::formatFingerPrint($fingerPrint2));
}
/**
* Validates a signature (Message or Assertion).
*
* @param string|DomDocument $xml The element we should validate
* @param string|null $cert The pubic cert
* @param string|null $fingerprint The fingerprint of the public cert
*/
public static function validateSign($xml, $cert = null, $fingerprint = null)
{
if ($xml instanceof DOMDocument) {
$dom = clone $xml;
} else {
if ($xml instanceof DOMElement) {
$dom = clone $xml->ownerDocument;
} else {
$dom = new DOMDocument();
$dom = self::loadXML($dom, $xml);
}
}
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('ID');
$objDSig = $objXMLSecDSig->locateSignature($dom);
if (!$objDSig) {
throw new Exception('Cannot locate Signature Node');
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
throw new Exception('We have no idea about the key');
}
$objXMLSecDSig->canonicalizeSignedInfo();
try {
$retVal = $objXMLSecDSig->validateReference();
} catch (Exception $e) {
throw $e;
}
XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
if (!empty($cert)) {
$objKey->loadKey($cert, false, true);
return $objXMLSecDSig->verify($objKey) === 1;
} else {
$domCert = $objKey->getX509Certificate();
$domCertFingerprint = OneLogin_Saml2_Utils::calculateX509Fingerprint($domCert);
if (OneLogin_Saml2_Utils::formatFingerPrint($fingerprint) !== $domCertFingerprint) {
return false;
} else {
$objKey->loadKey($domCert, false, true);
return $objXMLSecDSig->verify($objKey) === 1;
}
}
}
/**
* Validates a signature (Message or Assertion).
*
* @param string|DomDocument $xml The element we should validate
* @param string|null $cert The pubic cert
* @param string|null $fingerprint The fingerprint of the public cert
* @param string|null $fingerprintalg The algorithm used to get the fingerprint
*/
public static function validateSign($xml, $cert = null, $fingerprint = null, $fingerprintalg = 'sha1')
{
if ($xml instanceof DOMDocument) {
$dom = clone $xml;
} else {
if ($xml instanceof DOMElement) {
$dom = clone $xml->ownerDocument;
} else {
$dom = new DOMDocument();
$dom = self::loadXML($dom, $xml);
}
}
# Check if Reference URI is empty
try {
$signatureElems = $dom->getElementsByTagName('Signature');
foreach ($signatureElems as $signatureElem) {
$referenceElems = $dom->getElementsByTagName('Reference');
if (count($referenceElems) > 0) {
$referenceElem = $referenceElems->item(0);
if ($referenceElem->getAttribute('URI') == '') {
$referenceElem->setAttribute('URI', '#' . $signatureElem->parentNode->getAttribute('ID'));
}
}
}
} catch (Exception $e) {
continue;
}
$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->idKeys = array('ID');
$objDSig = $objXMLSecDSig->locateSignature($dom);
if (!$objDSig) {
throw new Exception('Cannot locate Signature Node');
}
$objKey = $objXMLSecDSig->locateKey();
if (!$objKey) {
throw new Exception('We have no idea about the key');
}
$objXMLSecDSig->canonicalizeSignedInfo();
try {
$retVal = $objXMLSecDSig->validateReference();
} catch (Exception $e) {
throw $e;
}
XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
if (!empty($cert)) {
$objKey->loadKey($cert, false, true);
return $objXMLSecDSig->verify($objKey) === 1;
} else {
$domCert = $objKey->getX509Certificate();
$domCertFingerprint = OneLogin_Saml2_Utils::calculateX509Fingerprint($domCert, $fingerprintalg);
if (OneLogin_Saml2_Utils::formatFingerPrint($fingerprint) !== $domCertFingerprint) {
return false;
} else {
$objKey->loadKey($domCert, false, true);
return $objXMLSecDSig->verify($objKey) === 1;
}
}
}