/**
* Initialize the helper class.
*
* @param \DOMElement|null $xml The XML element which may be signed.
*/
protected function __construct(\DOMElement $xml = null)
{
$this->certificates = array();
$this->validators = array();
if ($xml === null) {
return;
}
/* Validate the signature element of the message. */
try {
$sig = Utils::validateElement($xml);
if ($sig !== false) {
$this->certificates = $sig['Certificates'];
$this->validators[] = array('Function' => array('\\SAML2\\Utils', 'validateSignature'), 'Data' => $sig);
}
} catch (\Exception $e) {
/* Ignore signature validation errors. */
}
}
/**
* Initialize a message.
*
* This constructor takes an optional parameter with a \DOMElement. If this
* parameter is given, the message will be initialized with data from that
* XML element.
*
* If no XML element is given, the message is initialized with suitable
* default values.
*
* @param string $tagName The tag name of the root element.
* @param \DOMElement|null $xml The input message.
* @throws \Exception
*/
protected function __construct($tagName, \DOMElement $xml = null)
{
assert('is_string($tagName)');
$this->tagName = $tagName;
$this->id = Utils::getContainer()->generateId();
$this->issueInstant = Temporal::getTime();
$this->certificates = array();
$this->validators = array();
if ($xml === null) {
return;
}
if (!$xml->hasAttribute('ID')) {
throw new \Exception('Missing ID attribute on SAML message.');
}
$this->id = $xml->getAttribute('ID');
if ($xml->getAttribute('Version') !== '2.0') {
/* Currently a very strict check. */
throw new \Exception('Unsupported version: ' . $xml->getAttribute('Version'));
}
$this->issueInstant = Utils::xsDateTimeToTimestamp($xml->getAttribute('IssueInstant'));
if ($xml->hasAttribute('Destination')) {
$this->destination = $xml->getAttribute('Destination');
}
if ($xml->hasAttribute('Consent')) {
$this->consent = $xml->getAttribute('Consent');
}
$issuer = Utils::xpQuery($xml, './saml_assertion:Issuer');
if (!empty($issuer)) {
$this->issuer = trim($issuer[0]->textContent);
}
/* Validate the signature element of the message. */
try {
$sig = Utils::validateElement($xml);
if ($sig !== false) {
$this->messageContainedSignatureUponConstruction = true;
$this->certificates = $sig['Certificates'];
$this->validators[] = array('Function' => array('\\SAML2\\Utils', 'validateSignature'), 'Data' => $sig);
}
} catch (\Exception $e) {
/* Ignore signature validation errors. */
}
$this->extensions = Extensions::getList($xml);
}
/**
* Validate the signature element of a SAML message, and configure this object appropriately to perform the
* signature verification afterwards.
*
* Please note this method does NOT verify the signature, it just validates the signature construction and prepares
* this object to do the verification.
*
* @param \DOMElement $xml The SAML message whose signature we want to validate.
*/
private function validateSignature(\DOMElement $xml)
{
try {
/** @var null|\DOMAttr $signatureMethod */
$signatureMethod = Utils::xpQuery($xml, './ds:Signature/ds:SignedInfo/ds:SignatureMethod/@Algorithm');
$sig = Utils::validateElement($xml);
if ($sig !== false) {
$this->messageContainedSignatureUponConstruction = true;
$this->certificates = $sig['Certificates'];
$this->validators[] = array('Function' => array('\\SAML2\\Utils', 'validateSignature'), 'Data' => $sig);
$this->signatureMethod = $signatureMethod[0]->value;
}
} catch (\Exception $e) {
// ignore signature validation errors
}
}
/**
* Parse signature on assertion.
*
* @param \DOMElement $xml The assertion XML element.
*/
private function parseSignature(\DOMElement $xml)
{
/** @var null|\DOMAttr $signatureMethod */
$signatureMethod = Utils::xpQuery($xml, './ds:Signature/ds:SignedInfo/ds:SignatureMethod/@Algorithm');
/* Validate the signature element of the message. */
$sig = Utils::validateElement($xml);
if ($sig !== false) {
$this->wasSignedAtConstruction = true;
$this->certificates = $sig['Certificates'];
$this->signatureData = $sig;
$this->signatureMethod = $signatureMethod[0]->value;
}
}
/**
* Parse signature on assertion.
*
* @param \DOMElement $xml The assertion XML element.
*/
private function parseSignature(\DOMElement $xml)
{
/* Validate the signature element of the message. */
$sig = Utils::validateElement($xml);
if ($sig !== false) {
$this->wasSignedAtConstruction = true;
$this->certificates = $sig['Certificates'];
$this->signatureData = $sig;
}
}
