diff options
| author | Olav Morken <olav.morken@uninett.no> | 2010-08-03 07:16:47 +0000 |
|---|---|---|
| committer | Olav Morken <olav.morken@uninett.no> | 2010-08-03 07:16:47 +0000 |
| commit | 5bb023ff991289466f705cd609505a12e22b69ab (patch) | |
| tree | dcea5ea8821d678062d3710dee30fb5aea89e30e /lib/SAML2 | |
| parent | 13d477c03725de034ee9d8768177a22d8a36b096 (diff) | |
| download | simplesamlphp-5bb023ff991289466f705cd609505a12e22b69ab.zip simplesamlphp-5bb023ff991289466f705cd609505a12e22b69ab.tar.gz simplesamlphp-5bb023ff991289466f705cd609505a12e22b69ab.tar.bz2 | |
SAML2/SignedElementHelper: Fix getValidatingCertificates.
This function did not properly validate signatures containing multiple
certificates (as is typical for metadata with certificate chains. The
fix is to ignore exceptions during validation.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2461 44740490-163a-0410-bde0-09ae8108e29a
Diffstat (limited to 'lib/SAML2')
| -rw-r--r-- | lib/SAML2/SignedElementHelper.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/SAML2/SignedElementHelper.php b/lib/SAML2/SignedElementHelper.php index ecae866..8036f4f 100644 --- a/lib/SAML2/SignedElementHelper.php +++ b/lib/SAML2/SignedElementHelper.php @@ -185,9 +185,13 @@ class SAML2_SignedElementHelper implements SAML2_SignedElement { $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public')); $key->loadKey($pemCert); - /* Check the signature. */ - if ($this->validate($key)) { - $ret[] = $cert; + try { + /* Check the signature. */ + if ($this->validate($key)) { + $ret[] = $cert; + } + } catch (Exception $e) { + /* This certificate does not sign this element. */ } } |