diff options
Diffstat (limited to 'lib/SAML2')
| -rw-r--r-- | lib/SAML2/Utils.php | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/lib/SAML2/Utils.php b/lib/SAML2/Utils.php index 00e5a33..79576a2 100644 --- a/lib/SAML2/Utils.php +++ b/lib/SAML2/Utils.php @@ -133,8 +133,18 @@ class SAML2_Utils { } $algo = $sigMethod->getAttribute('Algorithm'); - if ($key->type === XMLSecurityKey::RSA_SHA1 && $algo === XMLSecurityKey::RSA_SHA256) { - $key = self::castKey($key, XMLSecurityKey::RSA_SHA256); + if ($key->type === XMLSecurityKey::RSA_SHA1) { + switch ($algo) { + case XMLSecurityKey::RSA_SHA256: + $key = self::castKey($key, XMLSecurityKey::RSA_SHA256); + break; + case XMLSecurityKey::RSA_SHA384: + $key = self::castKey($key, XMLSecurityKey::RSA_SHA384); + break; + case XMLSecurityKey::RSA_SHA512: + $key = self::castKey($key, XMLSecurityKey::RSA_SHA512); + break; + } } /* Check the signature. */ @@ -314,9 +324,23 @@ class SAML2_Utils { $objXMLSecDSig = new XMLSecurityDSig(); $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); + switch ($key->type) { + case XMLSecurityKey::RSA_SHA256: + $type = XMLSecurityDSig::SHA256; + break; + case XMLSecurityKey::RSA_SHA384: + $type = XMLSecurityDSig::SHA384; + break; + case XMLSecurityKey::RSA_SHA512: + $type = XMLSecurityDSig::SHA512; + break; + default: + $type = XMLSecurityDSig::SHA1; + } + $objXMLSecDSig->addReferenceList( array($root), - XMLSecurityDSig::SHA1, + $type, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('id_name' => 'ID', 'overwrite' => FALSE) ); |