当前位置: 首页>>代码示例>>PHP>>正文


PHP XMLSecurityDSig::getValidatedNodes方法代码示例

本文整理汇总了PHP中XMLSecurityDSig::getValidatedNodes方法的典型用法代码示例。如果您正苦于以下问题:PHP XMLSecurityDSig::getValidatedNodes方法的具体用法?PHP XMLSecurityDSig::getValidatedNodes怎么用?PHP XMLSecurityDSig::getValidatedNodes使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在XMLSecurityDSig的用法示例。


在下文中一共展示了XMLSecurityDSig::getValidatedNodes方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: validateElement

 /**
  * Check the Signature in a XML element.
  *
  * This function expects the XML element to contain a Signature-element
  * which contains a reference to the XML-element. This is common for both
  * messages and assertions.
  *
  * Note that this function only validates the element itself. It does not
  * check this against any local keys.
  *
  * If no Signature-element is located, this function will return FALSE. All
  * other validation errors result in an exception. On successful validation
  * an array will be returned. This array contains the information required to
  * check the signature against a public key.
  *
  * @param  DOMElement  $root The element which should be validated.
  * @return array|bool An array with information about the Signature-element.
  * @throws Exception
  */
 public static function validateElement(DOMElement $root)
 {
     /* Create an XML security object. */
     $objXMLSecDSig = new XMLSecurityDSig();
     /* Both SAML messages and SAML assertions use the 'ID' attribute. */
     $objXMLSecDSig->idKeys[] = 'ID';
     /* Locate the XMLDSig Signature element to be used. */
     $signatureElement = self::xpQuery($root, './ds:Signature');
     if (count($signatureElement) === 0) {
         /* We don't have a signature element ot validate. */
         return FALSE;
     } elseif (count($signatureElement) > 1) {
         throw new Exception('XMLSec: more than one signature element in root.');
     }
     $signatureElement = $signatureElement[0];
     $objXMLSecDSig->sigNode = $signatureElement;
     /* Canonicalize the XMLDSig SignedInfo element in the message. */
     $objXMLSecDSig->canonicalizeSignedInfo();
     /* Validate referenced xml nodes. */
     if (!$objXMLSecDSig->validateReference()) {
         throw new Exception('XMLsec: digest validation failed');
     }
     /* Check that $root is one of the signed nodes. */
     $rootSigned = FALSE;
     /** @var DOMNode $signedNode */
     foreach ($objXMLSecDSig->getValidatedNodes() as $signedNode) {
         if ($signedNode->isSameNode($root)) {
             $rootSigned = TRUE;
             break;
         } elseif ($root->parentNode instanceof DOMDocument && $signedNode->isSameNode($root->ownerDocument)) {
             /* $root is the root element of a signed document. */
             $rootSigned = TRUE;
             break;
         }
     }
     if (!$rootSigned) {
         throw new Exception('XMLSec: The root element is not signed.');
     }
     /* Now we extract all available X509 certificates in the signature element. */
     $certificates = array();
     foreach (self::xpQuery($signatureElement, './ds:KeyInfo/ds:X509Data/ds:X509Certificate') as $certNode) {
         $certData = trim($certNode->textContent);
         $certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData);
         $certificates[] = $certData;
     }
     $ret = array('Signature' => $objXMLSecDSig, 'Certificates' => $certificates);
     return $ret;
 }
开发者ID:dutchbridge,项目名称:saml2,代码行数:67,代码来源:Utils.php

示例2: __construct

 /**
  * This function initializes the validator.
  *
  * @param $xmlNode  The XML node which contains the Signature element.
  * @param $idAttribute  The ID attribute which is used in node references. If this attribute is
  *                      NULL (the default), then we will use whatever is the default ID.
  */
 public function __construct($xmlNode, $idAttribute = NULL, $publickey = FALSE)
 {
     assert('$xmlNode instanceof DOMNode');
     /* Create an XML security object. */
     $objXMLSecDSig = new XMLSecurityDSig();
     /* Add the id attribute if the user passed in an id attribute. */
     if ($idAttribute !== NULL) {
         assert('is_string($idAttribute)');
         $objXMLSecDSig->idKeys[] = $idAttribute;
     }
     /* Locate the XMLDSig Signature element to be used. */
     $signatureElement = $objXMLSecDSig->locateSignature($xmlNode);
     if (!$signatureElement) {
         throw new Exception('Could not locate XML Signature element.');
     }
     /* Canonicalize the XMLDSig SignedInfo element in the message. */
     $objXMLSecDSig->canonicalizeSignedInfo();
     /* Validate referenced xml nodes. */
     if (!$objXMLSecDSig->validateReference()) {
         throw new Exception('XMLsec: digest validation failed');
     }
     /* Find the key used to sign the document. */
     $objKey = $objXMLSecDSig->locateKey();
     if (empty($objKey)) {
         throw new Exception('Error loading key to handle XML signature');
     }
     /* Load the key data. */
     if ($publickey) {
         $objKey->loadKey($publickey);
     } else {
         if (!XMLSecEnc::staticLocateKeyInfo($objKey, $signatureElement)) {
             throw new Exception('Error finding key data for XML signature validation.');
         }
     }
     /* Check the signature. */
     if (!$objXMLSecDSig->verify($objKey)) {
         throw new Exception("Unable to validate Signature");
     }
     /* Extract the certificate fingerprint. */
     $this->x509Fingerprint = $objKey->getX509Fingerprint();
     /* Find the list of validated nodes. */
     $this->validNodes = $objXMLSecDSig->getValidatedNodes();
 }
开发者ID:stefanotirati,项目名称:moodle-google-apps,代码行数:50,代码来源:Validator.php

示例3: __construct

 /**
  * This function initializes the validator.
  *
  * This function accepts an optional parameter $publickey, which is the public key
  * or certificate which should be used to validate the signature. This parameter can
  * take the following values:
  * - NULL/FALSE: No validation will be performed. This is the default.
  * - A string: Assumed to be a PEM-encoded certificate / public key.
  * - An array: Assumed to be an array returned by SimpleSAML_Utilities::loadPublicKey.
  *
  * @param DOMNode $xmlNode  The XML node which contains the Signature element.
  * @param string|array $idAttribute  The ID attribute which is used in node references. If
  *          this attribute is NULL (the default), then we will use whatever is the default
  *          ID. Can be eigther a string with one value, or an array with multiple ID
  *          attrbute names.
  * @param array $publickey  The public key / certificate which should be used to validate the XML node.
  */
 public function __construct($xmlNode, $idAttribute = NULL, $publickey = FALSE)
 {
     assert('$xmlNode instanceof DOMNode');
     if ($publickey === NULL) {
         $publickey = FALSE;
     } elseif (is_string($publickey)) {
         $publickey = array('PEM' => $publickey);
     } else {
         assert('$publickey === FALSE || is_array($publickey)');
     }
     /* Create an XML security object. */
     $objXMLSecDSig = new XMLSecurityDSig();
     /* Add the id attribute if the user passed in an id attribute. */
     if ($idAttribute !== NULL) {
         if (is_string($idAttribute)) {
             $objXMLSecDSig->idKeys[] = $idAttribute;
         } elseif (is_array($idAttribute)) {
             foreach ($idAttribute as $ida) {
                 $objXMLSecDSig->idKeys[] = $ida;
             }
         }
     }
     /* Locate the XMLDSig Signature element to be used. */
     $signatureElement = $objXMLSecDSig->locateSignature($xmlNode);
     if (!$signatureElement) {
         throw new Exception('Could not locate XML Signature element.');
     }
     /* Canonicalize the XMLDSig SignedInfo element in the message. */
     $objXMLSecDSig->canonicalizeSignedInfo();
     /* Validate referenced xml nodes. */
     if (!$objXMLSecDSig->validateReference()) {
         throw new Exception('XMLsec: digest validation failed');
     }
     /* Find the key used to sign the document. */
     $objKey = $objXMLSecDSig->locateKey();
     if (empty($objKey)) {
         throw new Exception('Error loading key to handle XML signature');
     }
     /* Load the key data. */
     if ($publickey !== FALSE && array_key_exists('PEM', $publickey)) {
         /* We have PEM data for the public key / certificate. */
         $objKey->loadKey($publickey['PEM']);
     } else {
         /* No PEM data. Search for key in signature. */
         if (!XMLSecEnc::staticLocateKeyInfo($objKey, $signatureElement)) {
             throw new Exception('Error finding key data for XML signature validation.');
         }
         if ($publickey !== FALSE) {
             /* $publickey is set, and should therefore contain one or more fingerprints.
              * Check that the response contains a certificate with a matching
              * fingerprint.
              */
             assert('is_array($publickey["certFingerprint"])');
             $certificate = $objKey->getX509Certificate();
             if ($certificate === NULL) {
                 /* Wasn't signed with an X509 certificate. */
                 throw new Exception('Message wasn\'t signed with an X509 certificate,' . ' and no public key was provided in the metadata.');
             }
             self::validateCertificateFingerprint($certificate, $publickey['certFingerprint']);
             /* Key OK. */
         }
     }
     /* Check the signature. */
     if (!$objXMLSecDSig->verify($objKey)) {
         throw new Exception("Unable to validate Signature");
     }
     /* Extract the certificate. */
     $this->x509Certificate = $objKey->getX509Certificate();
     /* Find the list of validated nodes. */
     $this->validNodes = $objXMLSecDSig->getValidatedNodes();
 }
开发者ID:danielkjfrog,项目名称:docker,代码行数:88,代码来源:Validator.php


注:本文中的XMLSecurityDSig::getValidatedNodes方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。