From 1130073f341f9787918164461a228c7473e8bb80 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 10 Aug 2010 11:26:59 +0000
Subject: [PATCH] SOAPClient: Support for multiple signing certificates.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2512 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SAML2/SOAPClient.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/SAML2/SOAPClient.php b/lib/SAML2/SOAPClient.php
index 25eef679e..219d03f9d 100644
--- a/lib/SAML2/SOAPClient.php
+++ b/lib/SAML2/SOAPClient.php
@@ -53,8 +53,16 @@ class SAML2_SOAPClient {
 
 		// do peer certificate verification
 		if ($dstMetadata !== NULL) {
-			$peerPublicKey = SimpleSAML_Utilities::loadPublicKey($dstMetadata, TRUE);
-			$certData = $peerPublicKey['PEM'];
+			$peerPublicKeys = $dstMetadata->getPublicKeys('signing', TRUE);
+			$certData = '';
+			foreach ($peerPublicKeys as $key) {
+				if ($key['type'] !== 'X509Certificate') {
+					continue;
+				}
+				$certData .= "-----BEGIN CERTIFICATE-----\n" .
+					chunk_split($key['X509Certificate'], 64) .
+					"-----END CERTIFICATE-----\n";
+			}
 			$peerCertFile = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.pem';
 			if (!file_exists($peerCertFile)) {
 				SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
-- 
GitLab