Skip to content
Permalink
Browse files Browse the repository at this point in the history
Check for supported signature algorithms
  • Loading branch information
tmilos committed Mar 5, 2018
1 parent 44447a7 commit 47cef07
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion src/LightSaml/Model/XmlDSig/AbstractSignatureReader.php
Expand Up @@ -62,7 +62,7 @@ public function validateMulti(array $credentialCandidates)
$result = $this->validate($credential->getPublicKey());

if ($result === false) {
return;
return null;
}

return $credential;
Expand Down Expand Up @@ -91,6 +91,16 @@ abstract public function getAlgorithm();
protected function castKeyIfNecessary(XMLSecurityKey $key)
{
$algorithm = $this->getAlgorithm();

if (!in_array($algorithm, [
XMLSecurityKey::RSA_SHA1,
XMLSecurityKey::RSA_SHA256,
XMLSecurityKey::RSA_SHA384,
XMLSecurityKey::RSA_SHA512,
])) {
throw new LightSamlSecurityException(sprintf('Unsupported signing algorithm: "%s"', $algorithm));
}

if ($algorithm != $key->type) {
$key = KeyHelper::castKey($key, $algorithm);
}
Expand Down

0 comments on commit 47cef07

Please sign in to comment.