SOAPClient: Support for multiple signing certificates.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2512 44740490-163a-0410-bde0-09ae8108e29a

SOAPClient: Support for multiple signing certificates.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2512 44740490-163a-0410-bde0-09ae8108e29a
1130073f · Olav Morken · a492fd4a · 1130073f
Commit 1130073f authored 14 years ago by Olav Morken
--- a/lib/SAML2/SOAPClient.php
+++ b/lib/SAML2/SOAPClient.php
@@ -53,8 +53,16 @@ class SAML2_SOAPClient {

 		// do peer certificate verification
 		if ($dstMetadata !== NULL) {
-			$peerPublicKey = SimpleSAML_Utilities::loadPublicKey($dstMetadata, TRUE);
-			$certData = $peerPublicKey['PEM'];
+			$peerPublicKeys = $dstMetadata->getPublicKeys('signing', TRUE);
+			$certData = '';
+			foreach ($peerPublicKeys as $key) {
+				if ($key['type'] !== 'X509Certificate') {
+					continue;
+				}
+				$certData .= "-----BEGIN CERTIFICATE-----\n" .
+					chunk_split($key['X509Certificate'], 64) .
+					"-----END CERTIFICATE-----\n";
+			}
 			$peerCertFile = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.pem';
 			if (!file_exists($peerCertFile)) {
 				SimpleSAML_Utilities::writeFile($peerCertFile, $certData);