bugfix: Check for supported signature algorithms when casting a key.

simplesamlphp · Feb 26, 2018 · 28448b8 · 28448b8
1 parent 0cc66be
commit 28448b8
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/SAML2/Utils.php b/src/SAML2/Utils.php
@@ -107,6 +107,15 @@ public static function castKey(XMLSecurityKey $key, $algorithm, $type = 'public'
             return $key;
         }
 
+        if (!in_array($algorithm, array(
+            XMLSecurityKey::RSA_SHA1,
+            XMLSecurityKey::RSA_SHA256,
+            XMLSecurityKey::RSA_SHA384,
+            XMLSecurityKey::RSA_SHA512
+        ))) {
+            throw new \Exception('Unsupported signing algorithm.');
+        }
+
         $keyInfo = openssl_pkey_get_details($key->key);
         if ($keyInfo === FALSE) {
             throw new Exception('Unable to get key details from XMLSecurityKey.');