상속: extends SAML2\Certificate\Key
예제 #1
0
 /**
  * @test
  * @group signature
  */
 public function signed_message_with_valid_signature_is_validated_correctly()
 {
     $pattern = Certificate::CERTIFICATE_PATTERN;
     preg_match($pattern, CertificatesMock::PUBLIC_KEY_PEM, $matches);
     $certdata = X509::createFromCertificateData($matches[1]);
     $fingerprint = $certdata->getFingerprint();
     $fingerprint_retry = $certdata->getFingerprint();
     $this->assertTrue($fingerprint->equals($fingerprint_retry), 'Cached fingerprint does not match original');
     $config = new IdentityProvider(array('certificateFingerprints' => array($fingerprint->getRaw())));
     $validator = new FingerprintValidator(new SimpleTestLogger(), new FingerprintLoader());
     $doc = DOMDocumentFactory::fromFile(__DIR__ . '/response.xml');
     $response = new Response($doc->firstChild);
     $response->setSignatureKey(CertificatesMock::getPrivateKey());
     $response->setCertificates(array(CertificatesMock::PUBLIC_KEY_PEM));
     // convert to signed response
     $response = new Response($response->toSignedXML());
     $this->assertTrue($validator->canValidate($response, $config), 'Cannot validate the element');
     $this->assertTrue($validator->hasValidSignature($response, $config), 'The signature is not valid');
 }
예제 #2
0
 /**
  * @param \SAML2\SignedElement             $signedElement
  * @param \SAML2\Configuration\CertificateProvider $configuration
  *
  * @return bool
  */
 public function hasValidSignature(SignedElement $signedElement, CertificateProvider $configuration)
 {
     $this->certificates = array_map(function ($certificate) {
         return X509::createFromCertificateData($certificate);
     }, $this->certificates);
     $fingerprintCollection = $this->fingerprintLoader->loadFromConfiguration($configuration);
     $pemCandidates = array();
     foreach ($this->certificates as $certificate) {
         /** @var \SAML2\Certificate\X509 $certificate */
         $certificateFingerprint = $certificate->getFingerprint();
         if ($fingerprintCollection->contains($certificateFingerprint)) {
             $pemCandidates[] = $certificate;
         }
     }
     if (empty($pemCandidates)) {
         $this->logger->debug('Unable to match a certificate of the SignedElement matching a configured fingerprint');
         return false;
     }
     return $this->validateElementWithKeys($signedElement, $pemCandidates);
 }
예제 #3
0
파일: KeyLoader.php 프로젝트: SysBind/saml2
 /**
  * Loads the certificate in the file given
  *
  * @param string $certificateFile the full path to the cert file.
  */
 public function loadCertificateFile($certificateFile)
 {
     $certificate = File::getFileContents($certificateFile);
     if (!Certificate::hasValidStructure($certificate)) {
         throw new InvalidCertificateStructureException(sprintf('Could not find PEM encoded certificate in "%s"', $certificateFile));
     }
     // capture the certificate contents without the delimiters
     preg_match(Certificate::CERTIFICATE_PATTERN, $certificate, $matches);
     $this->loadedKeys->add(X509::createFromCertificateData($matches[1]));
 }