From 27d889e9049bb47eb0771331671551e057e77452 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Thu, 23 Apr 2015 15:57:12 +0200
Subject: [PATCH] Move SimpleSAML_Utilities::resolveCert() to
SimpleSAML\Utils\Config::getCertPath() and deprecate the former.
---
lib/SimpleSAML/Bindings/Shib13/Artifact.php | 2 +-
lib/SimpleSAML/Configuration.php | 2 +-
lib/SimpleSAML/Metadata/SAMLParser.php | 2 +-
lib/SimpleSAML/Metadata/Signer.php | 4 ++--
lib/SimpleSAML/Utilities.php | 11 ++-------
lib/SimpleSAML/Utils/Config.php | 26 +++++++++++++++++++--
lib/SimpleSAML/Utils/Crypto.php | 2 +-
lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 4 ++--
lib/SimpleSAML/XML/Signer.php | 6 ++---
modules/adfs/lib/IdP/ADFS.php | 4 ++--
10 files changed, 39 insertions(+), 24 deletions(-)
diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index f804e4393..0b27c03c4 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -142,7 +142,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
SimpleSAML\Utils\System::writeFile($file, $certData);
}
- $spKeyCertFile = SimpleSAML_Utilities::resolveCert($spMetadata->getString('privatekey'));
+ $spKeyCertFile = \SimpleSAML\Utils\Config::getCertPath($spMetadata->getString('privatekey'));
$opts = array(
'ssl' => array(
diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php
index 529c9f7a9..deff4a67a 100644
--- a/lib/SimpleSAML/Configuration.php
+++ b/lib/SimpleSAML/Configuration.php
@@ -1118,7 +1118,7 @@ class SimpleSAML_Configuration {
);
} elseif ($this->hasValue($prefix . 'certificate')) {
$file = $this->getString($prefix . 'certificate');
- $file = SimpleSAML_Utilities::resolveCert($file);
+ $file = \SimpleSAML\Utils\Config::getCertPath($file);
$data = @file_get_contents($file);
if ($data === FALSE) {
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 7c36dfddd..c141a5c92 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -1311,7 +1311,7 @@ class SimpleSAML_Metadata_SAMLParser {
public function validateSignature($certificates) {
foreach ($certificates as $cert) {
assert('is_string($cert)');
- $certFile = SimpleSAML_Utilities::resolveCert($cert);
+ $certFile = \SimpleSAML\Utils\Config::getCertPath($cert);
if (!file_exists($certFile)) {
throw new Exception('Could not find certificate file [' . $certFile . '], which is needed to validate signature');
}
diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index 51c29d315..a53201b25 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -142,13 +142,13 @@ class SimpleSAML_Metadata_Signer {
$keyCertFiles = self::findKeyCert($config, $entityMetadata, $type);
- $keyFile = SimpleSAML_Utilities::resolveCert($keyCertFiles['privatekey']);
+ $keyFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['privatekey']);
if (!file_exists($keyFile)) {
throw new Exception('Could not find private key file [' . $keyFile . '], which is needed to sign the metadata');
}
$keyData = file_get_contents($keyFile);
- $certFile = SimpleSAML_Utilities::resolveCert($keyCertFiles['certificate']);
+ $certFile = \SimpleSAML\Utils\Config::getCertPath($keyCertFiles['certificate']);
if (!file_exists($certFile)) {
throw new Exception('Could not find certificate file [' . $certFile . '], which is needed to sign the metadata');
}
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 3f7448631..5762603c7 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -417,17 +417,10 @@ class SimpleSAML_Utilities {
/**
- * Resolves a path that may be relative to the cert-directory.
- *
- * @param string $path The (possibly relative) path to the file.
- * @return string The file path.
+ * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\Config::getCertPath() instead.
*/
public static function resolveCert($path) {
- assert('is_string($path)');
-
- $globalConfig = SimpleSAML_Configuration::getInstance();
- $base = $globalConfig->getPathValue('certdir', 'cert/');
- return \SimpleSAML\Utils\System::resolvePath($path, $base);
+ return \SimpleSAML\Utils\Config::getCertPath($path);
}
diff --git a/lib/SimpleSAML/Utils/Config.php b/lib/SimpleSAML/Utils/Config.php
index 0330c92cd..e0c3f57fd 100644
--- a/lib/SimpleSAML/Utils/Config.php
+++ b/lib/SimpleSAML/Utils/Config.php
@@ -9,6 +9,28 @@ namespace SimpleSAML\Utils;
class Config
{
+ /**
+ * Resolves a path that may be relative to the cert-directory.
+ *
+ * @param string $path The (possibly relative) path to the file.
+ *
+ * @return string The file path.
+ * @throws \InvalidArgumentException If $path is not a string.
+ *
+ * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+ */
+ public static function getCertPath($path)
+ {
+ if (!is_string($path)) {
+ throw new \InvalidArgumentException('Invalid input parameters.');
+ }
+
+ $globalConfig = \SimpleSAML_Configuration::getInstance();
+ $base = $globalConfig->getPathValue('certdir', 'cert/');
+ return System::resolvePath($path, $base);
+ }
+
+
/**
* Retrieve the secret salt.
*
@@ -20,15 +42,15 @@ class Config
* data together with the salt.
*
* @return string The secret salt.
+ * @throws \InvalidArgumentException If the secret salt hasn't been configured.
*
- * @throws \SimpleSAML_Error_Exception If the secret salt hasn't been configured.
* @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
*/
public static function getSecretSalt()
{
$secretSalt = \SimpleSAML_Configuration::getInstance()->getString('secretsalt');
if ($secretSalt === 'defaultsecretsalt') {
- throw new \SimpleSAML_Error_Exception('The "secretsalt" configuration option must be set to a secret value.');
+ throw new \InvalidArgumentException('The "secretsalt" configuration option must be set to a secret value.');
}
return $secretSalt;
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index 8eab717e9..06c30aa07 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -130,7 +130,7 @@ class Crypto
}
}
- $file = \SimpleSAML_Utilities::resolveCert($file);
+ $file = Config::getCertPath($file);
$data = @file_get_contents($file);
if ($data === false) {
throw new \SimpleSAML_Error_Exception('Unable to load private key from file "'.$file.'"');
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 6ac610a12..d228d811a 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -106,7 +106,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
$this->validator->validateFingerprint($certFingerprints);
} elseif ($md->hasValue('caFile')) {
/* Validate against CA. */
- $this->validator->validateCA(SimpleSAML_Utilities::resolveCert($md->getString('caFile')));
+ $this->validator->validateCA(\SimpleSAML\Utils\Config::getCertPath($md->getString('caFile')));
} else {
throw new SimpleSAML_Error_Exception('Missing certificate in Shibboleth 1.3 IdP Remote metadata for identity provider [' . $issuer . '].');
}
@@ -115,7 +115,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
}
- /* Checks if the given node is validated by the signatore on this response.
+ /* Checks if the given node is validated by the signature on this response.
*
* Returns:
* TRUE if the node is validated or FALSE if not.
diff --git a/lib/SimpleSAML/XML/Signer.php b/lib/SimpleSAML/XML/Signer.php
index 15bf719e4..d85535880 100644
--- a/lib/SimpleSAML/XML/Signer.php
+++ b/lib/SimpleSAML/XML/Signer.php
@@ -117,7 +117,7 @@ class SimpleSAML_XML_Signer {
assert('is_string($file)');
assert('is_string($pass) || is_null($pass)');
- $keyFile = SimpleSAML_Utilities::resolveCert($file);
+ $keyFile = \SimpleSAML\Utils\Config::getCertPath($file);
if (!file_exists($keyFile)) {
throw new Exception('Could not find private key file "' . $keyFile . '".');
}
@@ -167,7 +167,7 @@ class SimpleSAML_XML_Signer {
public function loadCertificate($file) {
assert('is_string($file)');
- $certFile = SimpleSAML_Utilities::resolveCert($file);
+ $certFile = \SimpleSAML\Utils\Config::getCertPath($file);
if (!file_exists($certFile)) {
throw new Exception('Could not find certificate file "' . $certFile . '".');
}
@@ -202,7 +202,7 @@ class SimpleSAML_XML_Signer {
public function addCertificate($file) {
assert('is_string($file)');
- $certFile = SimpleSAML_Utilities::resolveCert($file);
+ $certFile = \SimpleSAML\Utils\Config::getCertPath($file);
if (!file_exists($certFile)) {
throw new Exception('Could not find extra certificate file "' . $certFile . '".');
}
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 6e8fd9e7b..edb15c4bf 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -153,8 +153,8 @@ class sspmod_adfs_IdP_ADFS {
$response = sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse($idpEntityId, $spEntityId, $nameid, $attributes);
- $privateKeyFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('privatekey'));
- $certificateFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('certificate'));
+ $privateKeyFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('privatekey'));
+ $certificateFile = \SimpleSAML\Utils\Config::getCertPath($idpMetadata->getString('certificate'));
$wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $privateKeyFile, $certificateFile);
$wctx = $state['adfs:wctx'];
--
GitLab