Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/mautic.corals.io/vendor/litesaml/lightsaml/src/Model/XmlDSig/ |
<?php
namespace LightSaml\Model\XmlDSig;
use Exception;
use LightSaml\Error\LightSamlSecurityException;
use LightSaml\Error\LightSamlXmlException;
use LightSaml\Model\Context\DeserializationContext;
use LightSaml\Model\Context\SerializationContext;
use LightSaml\SamlConstants;
use RobRichards\XMLSecLibs\XMLSecEnc;
use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
class SignatureXmlReader extends AbstractSignatureReader
{
/** @var XMLSecurityDSig */
protected $signature;
/** @var string[] */
protected $certificates = [];
/**
* @param string $certificate
*/
public function addCertificate($certificate)
{
$this->certificates[] = (string) $certificate;
}
/**
* @return string[]
*/
public function getAllCertificates()
{
return $this->certificates;
}
public function setSignature(XMLSecurityDSig $signature)
{
$this->signature = $signature;
}
/**
* @return XMLSecurityDSig
*/
public function getSignature()
{
return $this->signature;
}
/**
* @return bool
*
* @throws LightSamlSecurityException|Exception
*/
public function validate(XMLSecurityKey $key)
{
if (null == $this->signature) {
return false;
}
try {
$this->signature->validateReference();
} catch (Exception $e) {
throw new LightSamlSecurityException('Digest validation failed', $e->getCode(), $e);
}
$key = $this->castKeyIfNecessary($key);
if (false == $this->signature->verify($key)) {
throw new LightSamlSecurityException('Unable to verify Signature');
}
return true;
}
/**
* @return string
*
* @throws \LightSaml\Error\LightSamlXmlException
*/
public function getAlgorithm()
{
$xpath = new \DOMXPath(
$this->signature->sigNode instanceof \DOMDocument
? $this->signature->sigNode
: $this->signature->sigNode->ownerDocument
);
$xpath->registerNamespace('ds', XMLSecurityDSig::XMLDSIGNS);
$list = $xpath->query('./ds:SignedInfo/ds:SignatureMethod', $this->signature->sigNode);
if (!$list || 0 == $list->length) {
throw new LightSamlXmlException('Missing SignatureMethod element');
}
/** @var $sigMethod \DOMElement */
$sigMethod = $list->item(0);
if (!$sigMethod->hasAttribute('Algorithm')) {
throw new LightSamlXmlException('Missing Algorithm-attribute on SignatureMethod element.');
}
$algorithm = $sigMethod->getAttribute('Algorithm');
return $algorithm;
}
/**
* @throws \LogicException
*/
public function serialize(\DOMNode $parent, SerializationContext $context)
{
throw new \LogicException('SignatureXmlReader can not be serialized');
}
/**
* @throws Exception
*/
public function deserialize(\DOMNode $node, DeserializationContext $context)
{
$this->checkXmlNodeName($node, 'Signature', SamlConstants::NS_XMLDSIG);
$this->signature = new XMLSecurityDSig();
$this->signature->idKeys[] = $this->getIDName();
$this->signature->sigNode = $node;
$this->signature->canonicalizeSignedInfo();
$this->key = null;
$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'public']);
XMLSecEnc::staticLocateKeyInfo($key, $node);
if ($key->name || $key->key) {
$this->key = $key;
}
$this->certificates = [];
$list = $context->getXpath()->query('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', $node);
foreach ($list as $certNode) {
$certData = trim($certNode->textContent);
$certData = str_replace(["\r", "\n", "\t", ' '], '', $certData);
$this->certificates[] = $certData;
}
}
}