Skip to content
This repository was archived by the owner on Oct 9, 2020. It is now read-only.

Commit 9d6d799

Browse files
author
Christian Pedersen
committed
merge
2 parents 35bc67e + f8d5aaa commit 9d6d799

File tree

1 file changed

+38
-3
lines changed

1 file changed

+38
-3
lines changed

lib/onelogin/saml/xmlsec.php

Lines changed: 38 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
<?php
2+
23
require(dirname(__FILE__) . '/../../xmlseclibs/xmlseclibs.php');
34

45
/**
@@ -29,13 +30,37 @@ function __construct($settings, $document) {
2930
$this->document = $document;
3031
}
3132

33+
3234
/**
3335
* Determine if the document passes the security test.
3436
*
3537
* @return
3638
* TRUE if the document passes. This could throw a generic Exception
3739
* if the document or key cannot be found.
3840
*/
41+
42+
function validateNumAssertions(){
43+
$rootNode = $this->doc; //->documentElement->ownerDocument;
44+
$assertionNodes = $rootNode->getElementsByTagName('Assertion');
45+
return ($assertionNodes->length == 1);
46+
}
47+
48+
function validateTimestamps(){
49+
$rootNode = $this->doc;
50+
$timestampNodes = $rootNode->getElementsByTagName('Conditions');
51+
for($i=0;$i<$timestampNodes->length;$i++){
52+
$nbAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotBefore");
53+
$naAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotOnOrAfter");
54+
if($nbAttribute && strtotime($nbAttribute->textContent) > time()){
55+
return false;
56+
}
57+
if($naAttribute && strtotime($naAttribute->textContent) <= time()){
58+
return false;
59+
}
60+
}
61+
return true;
62+
}
63+
3964
function is_valid() {
4065
$objXMLSecDSig = new XMLSecurityDSig();
4166

@@ -47,7 +72,6 @@ function is_valid() {
4772
$objXMLSecDSig->idKeys = array('ID');
4873

4974
$retVal = $objXMLSecDSig->validateReference();
50-
5175
if (! $retVal) {
5276
throw new Exception("Reference Validation Failed");
5377
}
@@ -58,13 +82,24 @@ function is_valid() {
5882
}
5983
$key = NULL;
6084

85+
$singleAssertion = $this->validateNumAssertions();
86+
if (!$singleAssertion){
87+
throw new Exception("Only ONE SamlAssertion allowed");
88+
}
89+
90+
$validTimestamps = $this->validateTimestamps();
91+
if (!$validTimestamps){
92+
throw new Exception("Check your timestamp conditions");
93+
}
94+
6195
$objKeyInfo = XMLSecEnc::staticLocateKeyInfo($objKey, $objDSig);
6296

6397
$objKey->loadKey($this->settings->x509certificate, FALSE, true);
6498

6599
$result = $objXMLSecDSig->verify($objKey);
66100
return $result;
67101
}
68-
}
69102

70-
?>
103+
}
104+
105+
?>

0 commit comments

Comments
 (0)