From 40f4b1cd819cb1410f065a5e472f0b27b60da958 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 11 Mar 2008 14:08:33 +0000
Subject: [PATCH] Improved error handling when parsing authentication requests
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@384 44740490-163a-0410-bde0-09ae8108e29a
---
.../Bindings/SAML20/HTTPRedirect.php | 22 ++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php b/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
index c7d26d786..a060f4def 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
@@ -32,6 +32,11 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
return $query;
}
+ if (!array_key_exists('privatekey', $md)) {
+ throw new Exception('If you set request.signing to be true in the metadata, you also have to add the privatekey parameter.');
+ }
+
+
/* Load the private key. */
$privatekey = $this->configuration->getPathValue('certdir') . $md['privatekey'];
@@ -198,19 +203,26 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
$relaystate = $get['RelayState'];
} else {
$relaystate = NULL;
+ }
+
+ $decodedRequest = @base64_decode($rawRequest, TRUE);
+ if (!$decodedRequest) {
+ throw new Exception('Could not base64 decode SAMLRequest GET parameter');
+ }
+
+ $samlRequestXML = @gzinflate($decodedRequest);
+ if (!$samlRequestXML) {
+ $error = error_get_last();
+ throw new Exception('Could not gzinflate base64 decoded SAMLRequest: ' . $error['message'] );
}
- $samlRequestXML = gzinflate(base64_decode( $rawRequest ));
-
$samlRequest = new SimpleSAML_XML_SAML20_AuthnRequest($this->configuration, $this->metadata);
$samlRequest->setXML($samlRequestXML);
- if (isset($relaystate)) {
+ if (!is_null($relaystate)) {
$samlRequest->setRelayState($relaystate);
}
-
- #echo("Authn response = " . $samlResponse );
return $samlRequest;
--
GitLab