/** * BC compatible version of the signature check * * @param \SAML2\SignedElement $element * @param \SAML2\Certificate\X509[] $pemCandidates * * @throws \Exception * * @return bool */ protected function validateElementWithKeys(SignedElement $element, $pemCandidates) { $lastException = null; foreach ($pemCandidates as $index => $candidateKey) { $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public')); $key->loadKey($candidateKey->getCertificate()); try { /* * Make sure that we have a valid signature on either the response or the assertion. */ $result = $element->validate($key); if ($result) { $this->logger->debug(sprintf('Validation with key "#%d" succeeded', $index)); return true; } $this->logger->debug(sprintf('Validation with key "#%d" failed without exception.', $index)); } catch (\Exception $e) { $this->logger->debug(sprintf('Validation with key "#%d" failed with exception: %s', $index, $e->getMessage())); $lastException = $e; } } if ($lastException !== null) { throw $lastException; } else { return false; } }