Skip to content

Commit 0c195d5

Browse files
pitbulkpitbulk
authored
Merge pull request #620 from SAML-Toolkits/improve_validate_binary_sign_v3
Improve validate binary sign [3.x-dev]
2 parents 1de3574 + 3537c0f commit 0c195d5

File tree

3 files changed

+463
-0
lines changed

3 files changed

+463
-0
lines changed

src/Saml2/Error.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ class Error extends Exception
4040
const SAML_SINGLE_LOGOUT_NOT_SUPPORTED = 12;
4141
const PRIVATE_KEY_NOT_FOUND = 13;
4242
const UNSUPPORTED_SETTINGS_OBJECT = 14;
43+
const INVALID_PARAMETER = 15;
4344

4445
/**
4546
* Constructor

src/Saml2/Utils.php

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -743,6 +743,10 @@ protected static function buildWithBaseURLPath($info)
743743
*/
744744
public static function extractOriginalQueryParam($name)
745745
{
746+
if (!isset($_SERVER['QUERY_STRING']) || empty($_SERVER['QUERY_STRING'])) {
747+
return '';
748+
}
749+
746750
$index = strpos($_SERVER['QUERY_STRING'], $name.'=');
747751
$substring = substr($_SERVER['QUERY_STRING'], $index + strlen($name) + 1);
748752
$end = strpos($substring, '&');
@@ -1541,13 +1545,43 @@ public static function validateBinarySign($messageType, $getData, $idpData, $ret
15411545
$signAlg = $getData['SigAlg'];
15421546
}
15431547

1548+
15441549
if ($retrieveParametersFromServer) {
1550+
if (!isset($_SERVER['QUERY_STRING']) || empty($_SERVER['QUERY_STRING'])) {
1551+
throw new Error(
1552+
"No query string provided",
1553+
Error::INVALID_PARAMETER
1554+
);
1555+
}
1556+
$keys = ["SAMLRequest", "SAMLResponse", "RelayState", "SigAlg", "Signature"];
1557+
foreach ($keys as $key) {
1558+
if (substr_count($_SERVER['QUERY_STRING'], $key) > 1) {
1559+
throw new Error(
1560+
"Duplicate parameter in query string",
1561+
Error::INVALID_PARAMETER
1562+
);
1563+
}
1564+
}
1565+
if (substr_count($_SERVER['QUERY_STRING'], "SAMLRequest") > 0 && substr_count($_SERVER['QUERY_STRING'], "SAMLResponse") > 0) {
1566+
throw new Error(
1567+
"Both SAMLRequest and SAMLResponse provided",
1568+
Error::INVALID_PARAMETER
1569+
);
1570+
}
1571+
15451572
$signedQuery = $messageType.'='.Utils::extractOriginalQueryParam($messageType);
15461573
if (isset($getData['RelayState'])) {
15471574
$signedQuery .= '&RelayState='.Utils::extractOriginalQueryParam('RelayState');
15481575
}
15491576
$signedQuery .= '&SigAlg='.Utils::extractOriginalQueryParam('SigAlg');
15501577
} else {
1578+
if (isset($getData['SAMLRequest']) && isset($getData['SAMLResponse'])) {
1579+
throw new Error(
1580+
"Both SAMLRequest and SAMLResponse provided",
1581+
Error::INVALID_PARAMETER
1582+
);
1583+
}
1584+
15511585
$signedQuery = $messageType.'='.urlencode($getData[$messageType]);
15521586
if (isset($getData['RelayState'])) {
15531587
$signedQuery .= '&RelayState='.urlencode($getData['RelayState']);

0 commit comments

Comments
 (0)