/** * Validate the signature on a HTTP-Redirect message. * * Throws an exception if we are unable to validate the signature. * * @param array $data The data we need to validate the query string. * @param XMLSecurityKey $key The key we should validate the query against. * @throws \Exception */ public static function validateSignature(array $data, XMLSecurityKey $key) { assert('array_key_exists("Query", $data)'); assert('array_key_exists("SigAlg", $data)'); assert('array_key_exists("Signature", $data)'); $query = $data['Query']; $sigAlg = $data['SigAlg']; $signature = $data['Signature']; $signature = base64_decode($signature); if ($key->type !== XMLSecurityKey::RSA_SHA1) { throw new \Exception('Invalid key type for validating signature on query string.'); } if ($key->type !== $sigAlg) { $key = Utils::castKey($key, $sigAlg); } if (!$key->verifySignature($query, $signature)) { throw new \Exception('Unable to validate signature on query string.'); } }