/** * @param \SAML2\Assertion|\SAML2\EncryptedAssertion $assertion * * @return \SAML2\Assertion */ public function process($assertion) { $assertion = $this->decryptAssertion($assertion); if (!$assertion->getWasSignedAtConstruction()) { $this->logger->info(sprintf('Assertion with id "%s" was not signed at construction, not verifying the signature', $assertion->getId())); } else { $this->logger->info(sprintf('Verifying signature of Assertion with id "%s"', $assertion->getId())); if (!$this->signatureValidator->hasValidSignature($assertion, $this->identityProviderConfiguration)) { throw new InvalidSignatureException(); } } $this->validateAssertion($assertion); $assertion = $this->transformAssertion($assertion); return $assertion; }
/** * @param \SAML2\Response $response * @param \SAML2\Configuration\IdentityProvider $identityProviderConfiguration */ private function verifySignature(Response $response, IdentityProvider $identityProviderConfiguration) { if (!$response->isMessageConstructedWithSignature()) { $this->logger->info(sprintf('SAMLResponse with id "%s" was not signed at root level, not attempting to verify the signature of the' . ' reponse itself', $response->getId())); return; } $this->logger->info(sprintf('Attempting to verify the signature of SAMLResponse with id "%s"', $response->getId())); $this->responseIsSigned = true; if (!$this->signatureValidator->hasValidSignature($response, $identityProviderConfiguration)) { throw new InvalidResponseException(); } }
/** * @expectedException Exception * @expectedExceptionMessage Reference validation failed */ public function testThatASignatureReferencingAnotherAssertionIsNotValid() { $assertion = $this->getSignedAssertionWithSignatureThatReferencesAnotherAssertion(); $this->signatureValidator->hasValidSignature($assertion, $this->identityProviderConfiguration); }