Updating xmlseclibs to 1.2.0 and adding support for including certificate...

Updating xmlseclibs to 1.2.0 and adding support for including certificate chains in shibboleth idp response

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@175 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/Bindings/Shib13/HTTPPost.php

@@ -80,7 +80,9 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 	
 		$privatekey = $this->configuration->getBaseDir() . '/cert/' . $idpmd['privatekey'];
 		$publiccert = $this->configuration->getBaseDir() . '/cert/' . $idpmd['certificate'];
+		$certchain_pem_file = $this->configuration->getBaseDir() . '/cert/' . $idpmd['certificatechain'];
 
+		$privatek = file_get_contents($privatekey);
 		
 		if (strstr($claimedacs, $destination) == 0) {
 			$destination = $claimedacs;
@@ -89,6 +91,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		}
 		
 		
+		
+		
 		/*
 		 * XMLDSig. Sign the complete request with the key stored in cert/server.pem
 		 */
@@ -107,7 +111,14 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		//$assertionroot = $responsedom->getElementsByTagName('Assertion')->item(1);
 		$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
 		
-		$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID');
+		#$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, #array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID');
+		
+		$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1,
+			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'),
+			array('id_name' => 'ResponseID'));
+			
+			// TODO: Add option to sign assertion versus response
+
 		#$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',
 		#	'http://www.w3.org/2001/10/xml-exc-c14n#'));
 		
@@ -116,17 +127,33 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		/* create new XMLSecKey using RSA-SHA-1 and type is private key */
 		$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
 		
+		//$objKey->passphrase = '1234';
+		
 		/* load the private key from file - last arg is bool if key in file (TRUE) or is string (FALSE) */
-		$objKey->loadKey($privatekey,TRUE);
+		#$objKey->loadKey($privatekey_pem,false);
+		$objKey->loadKey($privatek,false);
 		
+		// TODO: Check for whether cert files exists or not.
 		
+		$objXMLSecDSig->sign($objKey);
 		
+		$public_cert = file_get_contents($publiccert);
 		
+		//echo '<pre>publiccert:' . $public_cert . '</pre>';
 		
-		$objXMLSecDSig->sign($objKey);
 		
-		$public_cert = file_get_contents($publiccert);
 		$objXMLSecDSig->add509Cert($public_cert, true);
+		
+		if (isset($certchain_pem_file)) {
+			$certchain_pem = file_get_contents($certchain_pem_file);
+		
+			//echo '<pre>chain:' . $certchain_pem . '</pre>';
+			$certchain = XMLSecurityDSig::staticGet509XCerts($certchain_pem);
+#			foreach ($certchain AS $scert) {
+				$objXMLSecDSig->add509Cert($certchain_pem, true);
+#			}
+		}
+		
 		/*
 		$public_cert = file_get_contents("cert/edugain/public2.pem");
 		$objXMLSecDSig->add509Cert($public_cert, true);