public function canValidate(SAML2_SignedElement $signedElement, SAML2_Configuration_CertificateProvider $configuration) { if ($configuration->getCertificateFingerprints() === NULL) { $this->logger->debug('Configuration does not have "certFingerprint" value, cannot validate signature with fingerprint'); return FALSE; } // use internal cache to prevent doing certificate extraction twice. $this->certificates = $signedElement->getCertificates(); if (empty($this->certificates)) { $this->logger->debug('Signed element does not have certificates, cannot validate signature with fingerprint'); return FALSE; } return TRUE; }
/** * Loads the fingerprints from a configurationValue * * @param SAML2_Configuration_CertificateProvider $configuration * * @return SAML2_Certificate_FingerprintCollection */ public function loadFingerprints(SAML2_Configuration_CertificateProvider $configuration) { $fingerprints = $configuration->getCertificateFingerprints(); if (!is_array($fingerprints) && !$fingerprints instanceof \Traversable) { throw SAML2_Exception_InvalidArgumentException::invalidType('array or instanceof \\Traversable', $fingerprints); } $collection = new SAML2_Certificate_FingerprintCollection(); foreach ($fingerprints as $fingerprint) { if (!is_string($fingerprint) && !(is_object($fingerprint) && method_exists($fingerprint, '__toString'))) { throw SAML2_Exception_InvalidArgumentException::invalidType('fingerprint as string or object that can be casted to string', $fingerprint); } $collection->add(new SAML2_Certificate_Fingerprint((string) $fingerprint)); } return $collection; }
/** * @param SAML2_Configuration_CertificateProvider $config * @param NULL|string $usage * @param bool $required * * @return SAML2_Certificate_KeyCollection */ public function loadKeysFromConfiguration(SAML2_Configuration_CertificateProvider $config, $usage = NULL, $required = FALSE) { $keys = $config->getKeys(); $certificateData = $config->getCertificateData(); $certificateFile = $config->getCertificateFile(); if ($keys) { $this->loadKeys($keys, $usage); } elseif ($certificateData) { $this->loadCertificateData($certificateData); } elseif ($certificateFile) { $this->loadCertificateFile($certificateFile); } if ($required && !$this->hasKeys()) { throw new SAML2_Certificate_Exception_NoKeysFoundException('No keys found in configured metadata, please ensure that either the "keys", "certData" or ' . '"certificate" entries is available.'); } return $this->getKeys(); }