From 1aa69fe29daf53a005a5ae2b2925b69917b4eba1 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Sat, 6 Jan 2018 16:01:29 +0100
Subject: [PATCH] Fix build after accidentally breaking it in 9d33e88
---
lib/SimpleSAML/Configuration.php | 6 ++--
lib/SimpleSAML/Metadata/SAMLBuilder.php | 20 ++++++------
lib/SimpleSAML/Utils/Crypto.php | 2 +-
lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 2 +-
modules/saml/lib/IdP/SAML2.php | 34 +++++++++++++--------
modules/saml/lib/Message.php | 2 +-
6 files changed, 37 insertions(+), 29 deletions(-)
diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php
index aa0a84b8c..464af92d9 100644
--- a/lib/SimpleSAML/Configuration.php
+++ b/lib/SimpleSAML/Configuration.php
@@ -1356,9 +1356,11 @@ class SimpleSAML_Configuration implements \SimpleSAML\Utils\ClearableState
'X509Certificate' => $certData,
),
);
+ } elseif ($required === true) {
+ throw new SimpleSAML_Error_Exception($this->location.': Missing certificate in metadata.');
+ } else {
+ return array();
}
-
- throw new SimpleSAML_Error_Exception($this->location.': Missing certificate in metadata.');
}
/**
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index 38d15a6f3..c21df33a5 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -755,17 +755,15 @@ class SimpleSAML_Metadata_SAMLBuilder
private function addCertificate(\SAML2\XML\md\RoleDescriptor $rd, SimpleSAML_Configuration $metadata)
{
$keys = $metadata->getPublicKeys();
- if ($keys !== null) {
- foreach ($keys as $key) {
- if ($key['type'] !== 'X509Certificate') {
- continue;
- }
- if (!isset($key['signing']) || $key['signing'] === true) {
- $this->addX509KeyDescriptor($rd, 'signing', $key['X509Certificate']);
- }
- if (!isset($key['encryption']) || $key['encryption'] === true) {
- $this->addX509KeyDescriptor($rd, 'encryption', $key['X509Certificate']);
- }
+ foreach ($keys as $key) {
+ if ($key['type'] !== 'X509Certificate') {
+ continue;
+ }
+ if (!isset($key['signing']) || $key['signing'] === true) {
+ $this->addX509KeyDescriptor($rd, 'signing', $key['X509Certificate']);
+ }
+ if (!isset($key['encryption']) || $key['encryption'] === true) {
+ $this->addX509KeyDescriptor($rd, 'encryption', $key['X509Certificate']);
}
}
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 7da5bd294..749d9d2db 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -269,7 +269,7 @@ class Crypto
}
$keys = $metadata->getPublicKeys(null, false, $prefix);
- if ($keys !== null) {
+ if (!empty($keys)) {
foreach ($keys as $key) {
if ($key['type'] !== 'X509Certificate') {
continue;
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 28a9fc14c..61a8f32ba 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -102,7 +102,7 @@ class AuthnResponse
$md = $metadata->getMetaDataConfig($issuer, 'shib13-idp-remote');
$publicKeys = $md->getPublicKeys('signing');
- if ($publicKeys !== null) {
+ if (!empty($publicKeys)) {
$certFingerprints = array();
foreach ($publicKeys as $key) {
if ($key['type'] !== 'X509Certificate') {
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index fbd6ec2f0..30d95781d 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -1073,20 +1073,28 @@ class sspmod_saml_IdP_SAML2
$key->loadKey($sharedKey);
} else {
$keys = $spMetadata->getPublicKeys('encryption', true);
- $key = $keys[0];
- switch ($key['type']) {
- case 'X509Certificate':
- $pemKey = "-----BEGIN CERTIFICATE-----\n".
- chunk_split($key['X509Certificate'], 64).
- "-----END CERTIFICATE-----\n";
- break;
- default:
- throw new SimpleSAML_Error_Exception('Unsupported encryption key type: '.$key['type']);
- }
+ if (!empty($keys)) {
+ $key = $keys[0];
+ switch ($key['type']) {
+ case 'X509Certificate':
+ $pemKey = "-----BEGIN CERTIFICATE-----\n".
+ chunk_split($key['X509Certificate'], 64).
+ "-----END CERTIFICATE-----\n";
+ break;
+ default:
+ throw new SimpleSAML_Error_Exception('Unsupported encryption key type: '.$key['type']);
+ }
- // extract the public key from the certificate for encryption
- $key = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public'));
- $key->loadKey($pemKey);
+ // extract the public key from the certificate for encryption
+ $key = new XMLSecurityKey(XMLSecurityKey::RSA_OAEP_MGF1P, array('type' => 'public'));
+ $key->loadKey($pemKey);
+ } else {
+ throw new SimpleSAML_Error_ConfigurationError(
+ 'Missing encryption key for entity `' . $spMetadata->getString('entityid') . '`',
+ null,
+ $spMetadata->getString('metadata-set') . '.php'
+ );
+ }
}
$ea = new \SAML2\EncryptedAssertion();
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 3ba905a8b..b80391fbc 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -160,7 +160,7 @@ class sspmod_saml_Message
{
// find the public key that should verify signatures by this entity
$keys = $srcMetadata->getPublicKeys('signing');
- if ($keys !== null) {
+ if (!empty($keys)) {
$pemKeys = array();
foreach ($keys as $key) {
switch ($key['type']) {
--
GitLab