From 5bb023ff991289466f705cd609505a12e22b69ab Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 3 Aug 2010 07:16:47 +0000
Subject: [PATCH] SAML2/SignedElementHelper: Fix getValidatingCertificates.

This function did not properly validate signatures containing multiple
certificates (as is typical for metadata with certificate chains. The
fix is to ignore exceptions during validation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2461 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SAML2/SignedElementHelper.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/SAML2/SignedElementHelper.php b/lib/SAML2/SignedElementHelper.php
index ecae866c9..8036f4f4b 100644
--- a/lib/SAML2/SignedElementHelper.php
+++ b/lib/SAML2/SignedElementHelper.php
@@ -185,9 +185,13 @@ class SAML2_SignedElementHelper implements SAML2_SignedElement {
 			$key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public'));
 			$key->loadKey($pemCert);
 
-			/* Check the signature. */
-			if ($this->validate($key)) {
-				$ret[] = $cert;
+			try {
+				/* Check the signature. */
+				if ($this->validate($key)) {
+					$ret[] = $cert;
+				}
+			} catch (Exception $e) {
+				/* This certificate does not sign this element. */
 			}
 		}
 
-- 
GitLab