certFingerprintAlgorithm support when validating responses

pitbulk · pitbulk · commit 8eeb263a5325 · 2015-04-09T14:55:40.000+02:00
diff --git a/lib/Saml2/Response.php b/lib/Saml2/Response.php
@@ -257,6 +257,7 @@ public function isValid($requestId = null)
             if (!empty($signedElements)) {
                 $cert = $idpData['x509cert'];
                 $fingerprint = $idpData['certFingerprint'];
+                $fingerprintalg = $idpData['certFingerprintAlgorithm'];
 
                 // Only validates the first signed element
                 if (in_array('Response', $signedElements)) {
@@ -271,7 +272,7 @@ public function isValid($requestId = null)
                     }
                 }
 
-                if (!OneLogin_Saml2_Utils::validateSign($documentToValidate, $cert, $fingerprint)) {
+                if (!OneLogin_Saml2_Utils::validateSign($documentToValidate, $cert, $fingerprint, $fingerprintalg)) {
                     throw new Exception('Signature validation failed. SAML Response rejected');
                 }
             } else {

Original file line number	Diff line number	Diff line change
`@@ -257,6 +257,7 @@ public function isValid($requestId = null)`
`257`	`257`	`if (!empty($signedElements)) {`
`258`	`258`	`$cert = $idpData['x509cert'];`
`259`	`259`	`$fingerprint = $idpData['certFingerprint'];`
	`260`	`+ $fingerprintalg = $idpData['certFingerprintAlgorithm'];`
`260`	`261`
`261`	`262`	`// Only validates the first signed element`
`262`	`263`	`if (in_array('Response', $signedElements)) {`
`@@ -271,7 +272,7 @@ public function isValid($requestId = null)`
`271`	`272`	`}`
`272`	`273`	`}`
`273`	`274`
`274`		`- if (!OneLogin_Saml2_Utils::validateSign($documentToValidate, $cert, $fingerprint)) {`
	`275`	`+ if (!OneLogin_Saml2_Utils::validateSign($documentToValidate, $cert, $fingerprint, $fingerprintalg)) {`
`275`	`276`	`throw new Exception('Signature validation failed. SAML Response rejected');`
`276`	`277`	`}`
`277`	`278`	`} else {`