/**
* Add a signature validator based on a SSL context.
*
* @param SAML2_Message $msg The message we should add a validator to.
* @param resource $context The stream context.
*/
private static function addSSLValidator(SAML2_Message $msg, $context)
{
$options = stream_context_get_options($context);
if (!isset($options['ssl']['peer_certificate'])) {
return;
}
//$out = '';
//openssl_x509_export($options['ssl']['peer_certificate'], $out);
$key = openssl_pkey_get_public($options['ssl']['peer_certificate']);
if ($key === FALSE) {
SimpleSAML_Logger::warning('Unable to get public key from peer certificate.');
return;
}
$keyInfo = openssl_pkey_get_details($key);
if ($keyInfo === FALSE) {
SimpleSAML_Logger::warning('Unable to get key details from public key.');
return;
}
if (!isset($keyInfo['key'])) {
SimpleSAML_Logger::warning('Missing key in public key details.');
return;
}
$msg->addValidator(array('SAML2_SOAPClient', 'validateSSL'), $keyInfo['key']);
}
