diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php index f804e43931ecb4852a1951913bc5100fb7398c88..0b27c03c4ae7ff8b92e04f1e51fee5e0e98471c2 100644 --- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php +++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php @@ -142,7 +142,7 @@ class SimpleSAML_Bindings_Shib13_Artifact { SimpleSAML\Utils\System::writeFile($file, $certData); } - $spKeyCertFile = SimpleSAML_Utilities::resolveCert($spMetadata->getString('privatekey')); + $spKeyCertFile = \SimpleSAML\Utils\Config::getCertPath($spMetadata->getString('privatekey')); $opts = array( 'ssl' => array( diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php index 529c9f7a94c3f35003003b4c52b703f6a4b01f70..deff4a67ab3374468414ffd4033b866987b4dba6 100644 --- a/lib/SimpleSAML/Configuration.php +++ b/lib/SimpleSAML/Configuration.php @@ -1118,7 +1118,7 @@ class SimpleSAML_Configuration { ); } elseif ($this->hasValue($prefix . 'certificate')) { $file = $this->getString($prefix . 'certificate'); - $file = SimpleSAML_Utilities::resolveCert($file); + $file = \SimpleSAML\Utils\Config::getCertPath($file); $data = @file_get_contents($file); if ($data === FALSE) { diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php index 7c36dfddd7685571602a1a7312530cf209628377..c141a5c92e8e14a635d0856854239e242c26873f 100644 --- a/lib/SimpleSAML/Metadata/SAMLParser.php +++ b/lib/SimpleSAML/Metadata/SAMLParser.php @@ -1311,7 +1311,7 @@ class SimpleSAML_Metadata_SAMLParser { public function validateSignature($certificates) { foreach ($certificates as $cert) { assert('is_string($cert)'); - $certFile = SimpleSAML_Utilities::resolveCert($cert); + $certFile = \SimpleSAML\Utils\Config::getCertPath($cert); if (!file_exists($certFile)) { throw new Exception('Could not find certificate file [' . $certFile . '], which is needed to validate signature'); } diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php index 51c29d315a87089f52f8f5576e44b5cd23beeb99..a53201b254181684459202eab30be3eeb911d2a7 100644 --- a/lib/SimpleSAML/Metadata/Signer.php +++ b/lib/SimpleSAML/Metadata/Signer.php @@ -142,13 +142,13 @@ class SimpleSAML_Metadata_Signer { $keyCertFiles = self::findKeyCert($config, $entityMetadata, $type); - $keyFile = SimpleSAML_Utilities::resolveCert($keyCertFiles['privatekey']); + $keyFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['privatekey']); if (!file_exists($keyFile)) { throw new Exception('Could not find private key file [' . $keyFile . '], which is needed to sign the metadata'); } $keyData = file_get_contents($keyFile); - $certFile = SimpleSAML_Utilities::resolveCert($keyCertFiles['certificate']); + $certFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['certificate']); if (!file_exists($certFile)) { throw new Exception('Could not find certificate file [' . $certFile . '], which is needed to sign the metadata'); } diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php index 3f74486314dc1333d3baa1e94b57d35b2606dd61..5762603c7a3e994f428212945089118cf1fe7c57 100644 --- a/lib/SimpleSAML/Utilities.php +++ b/lib/SimpleSAML/Utilities.php @@ -417,17 +417,10 @@ class SimpleSAML_Utilities { /** - * Resolves a path that may be relative to the cert-directory. - * - * @param string $path The (possibly relative) path to the file. - * @return string The file path. + * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\Config::getCertPath() instead. */ public static function resolveCert($path) { - assert('is_string($path)'); - - $globalConfig = SimpleSAML_Configuration::getInstance(); - $base = $globalConfig->getPathValue('certdir', 'cert/'); - return \SimpleSAML\Utils\System::resolvePath($path, $base); + return \SimpleSAML\Utils\Config::getCertPath($path); } diff --git a/lib/SimpleSAML/Utils/Config.php b/lib/SimpleSAML/Utils/Config.php index 0330c92cdcd4b58dc87f585ffda398bbaededb20..e0c3f57fd9ba018d33d448814fd6904f3a2364fe 100644 --- a/lib/SimpleSAML/Utils/Config.php +++ b/lib/SimpleSAML/Utils/Config.php @@ -9,6 +9,28 @@ namespace SimpleSAML\Utils; class Config { + /** + * Resolves a path that may be relative to the cert-directory. + * + * @param string $path The (possibly relative) path to the file. + * + * @return string The file path. + * @throws \InvalidArgumentException If $path is not a string. + * + * @author Olav Morken, UNINETT AS <olav.morken@uninett.no> + */ + public static function getCertPath($path) + { + if (!is_string($path)) { + throw new \InvalidArgumentException('Invalid input parameters.'); + } + + $globalConfig = \SimpleSAML_Configuration::getInstance(); + $base = $globalConfig->getPathValue('certdir', 'cert/'); + return System::resolvePath($path, $base); + } + + /** * Retrieve the secret salt. * @@ -20,15 +42,15 @@ class Config * data together with the salt. * * @return string The secret salt. + * @throws \InvalidArgumentException If the secret salt hasn't been configured. * - * @throws \SimpleSAML_Error_Exception If the secret salt hasn't been configured. * @author Olav Morken, UNINETT AS <olav.morken@uninett.no> */ public static function getSecretSalt() { $secretSalt = \SimpleSAML_Configuration::getInstance()->getString('secretsalt'); if ($secretSalt === 'defaultsecretsalt') { - throw new \SimpleSAML_Error_Exception('The "secretsalt" configuration option must be set to a secret value.'); + throw new \InvalidArgumentException('The "secretsalt" configuration option must be set to a secret value.'); } return $secretSalt; diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php index 8eab717e93b889a295b4260eeb4bd7a55b181f05..06c30aa074949352c082a3c0a22b9a22c954d1f1 100644 --- a/lib/SimpleSAML/Utils/Crypto.php +++ b/lib/SimpleSAML/Utils/Crypto.php @@ -130,7 +130,7 @@ class Crypto } } - $file = \SimpleSAML_Utilities::resolveCert($file); + $file = Config::getCertPath($file); $data = @file_get_contents($file); if ($data === false) { throw new \SimpleSAML_Error_Exception('Unable to load private key from file "'.$file.'"'); diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php index 6ac610a128ae7c07a67a55c3c330291b8582c990..d228d811a553c6e601b87706499e1d79e143cee4 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php @@ -106,7 +106,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse { $this->validator->validateFingerprint($certFingerprints); } elseif ($md->hasValue('caFile')) { /* Validate against CA. */ - $this->validator->validateCA(SimpleSAML_Utilities::resolveCert($md->getString('caFile'))); + $this->validator->validateCA(\SimpleSAML\Utils\Config::getCertPath($md->getString('caFile'))); } else { throw new SimpleSAML_Error_Exception('Missing certificate in Shibboleth 1.3 IdP Remote metadata for identity provider [' . $issuer . '].'); } @@ -115,7 +115,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse { } - /* Checks if the given node is validated by the signatore on this response. + /* Checks if the given node is validated by the signature on this response. * * Returns: * TRUE if the node is validated or FALSE if not. diff --git a/lib/SimpleSAML/XML/Signer.php b/lib/SimpleSAML/XML/Signer.php index 15bf719e4b9d11cd840a81276d32c468b2bb0a48..d85535880e9268d004c65d550d2ffa33d2370641 100644 --- a/lib/SimpleSAML/XML/Signer.php +++ b/lib/SimpleSAML/XML/Signer.php @@ -117,7 +117,7 @@ class SimpleSAML_XML_Signer { assert('is_string($file)'); assert('is_string($pass) || is_null($pass)'); - $keyFile = SimpleSAML_Utilities::resolveCert($file); + $keyFile = \SimpleSAML\Utils\Config::getCertPath($file); if (!file_exists($keyFile)) { throw new Exception('Could not find private key file "' . $keyFile . '".'); } @@ -167,7 +167,7 @@ class SimpleSAML_XML_Signer { public function loadCertificate($file) { assert('is_string($file)'); - $certFile = SimpleSAML_Utilities::resolveCert($file); + $certFile = \SimpleSAML\Utils\Config::getCertPath($file); if (!file_exists($certFile)) { throw new Exception('Could not find certificate file "' . $certFile . '".'); } @@ -202,7 +202,7 @@ class SimpleSAML_XML_Signer { public function addCertificate($file) { assert('is_string($file)'); - $certFile = SimpleSAML_Utilities::resolveCert($file); + $certFile = \SimpleSAML\Utils\Config::getCertPath($file); if (!file_exists($certFile)) { throw new Exception('Could not find extra certificate file "' . $certFile . '".'); } diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php index 6e8fd9e7b427392384943816612ec8b2429b0ada..edb15c4bf7b220c1b1fe1fb6173e6030fd557313 100644 --- a/modules/adfs/lib/IdP/ADFS.php +++ b/modules/adfs/lib/IdP/ADFS.php @@ -153,8 +153,8 @@ class sspmod_adfs_IdP_ADFS { $response = sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse($idpEntityId, $spEntityId, $nameid, $attributes); - $privateKeyFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('privatekey')); - $certificateFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('certificate')); + $privateKeyFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('privatekey')); + $certificateFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('certificate')); $wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $privateKeyFile, $certificateFile); $wctx = $state['adfs:wctx'];