Skip to content
Snippets Groups Projects
Commit 2a90b1fd authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Updating xmlseclibs to 1.2.0 and adding support for including certificate...

Updating xmlseclibs to 1.2.0 and adding support for including certificate chains in shibboleth idp response

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@175 44740490-163a-0410-bde0-09ae8108e29a
parent e6167ff2
Branches
Tags
No related merge requests found
...@@ -80,7 +80,9 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -80,7 +80,9 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
$privatekey = $this->configuration->getBaseDir() . '/cert/' . $idpmd['privatekey']; $privatekey = $this->configuration->getBaseDir() . '/cert/' . $idpmd['privatekey'];
$publiccert = $this->configuration->getBaseDir() . '/cert/' . $idpmd['certificate']; $publiccert = $this->configuration->getBaseDir() . '/cert/' . $idpmd['certificate'];
$certchain_pem_file = $this->configuration->getBaseDir() . '/cert/' . $idpmd['certificatechain'];
$privatek = file_get_contents($privatekey);
if (strstr($claimedacs, $destination) == 0) { if (strstr($claimedacs, $destination) == 0) {
$destination = $claimedacs; $destination = $claimedacs;
...@@ -89,6 +91,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -89,6 +91,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
} }
/* /*
* XMLDSig. Sign the complete request with the key stored in cert/server.pem * XMLDSig. Sign the complete request with the key stored in cert/server.pem
*/ */
...@@ -107,7 +111,14 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -107,7 +111,14 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
//$assertionroot = $responsedom->getElementsByTagName('Assertion')->item(1); //$assertionroot = $responsedom->getElementsByTagName('Assertion')->item(1);
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0); $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID'); #$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, #array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID');
$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'),
array('id_name' => 'ResponseID'));
// TODO: Add option to sign assertion versus response
#$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', #$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',
# 'http://www.w3.org/2001/10/xml-exc-c14n#')); # 'http://www.w3.org/2001/10/xml-exc-c14n#'));
...@@ -116,17 +127,33 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -116,17 +127,33 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
/* create new XMLSecKey using RSA-SHA-1 and type is private key */ /* create new XMLSecKey using RSA-SHA-1 and type is private key */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private')); $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
//$objKey->passphrase = '1234';
/* load the private key from file - last arg is bool if key in file (TRUE) or is string (FALSE) */ /* load the private key from file - last arg is bool if key in file (TRUE) or is string (FALSE) */
$objKey->loadKey($privatekey,TRUE); #$objKey->loadKey($privatekey_pem,false);
$objKey->loadKey($privatek,false);
// TODO: Check for whether cert files exists or not.
$objXMLSecDSig->sign($objKey);
$public_cert = file_get_contents($publiccert);
//echo '<pre>publiccert:' . $public_cert . '</pre>';
$objXMLSecDSig->sign($objKey);
$public_cert = file_get_contents($publiccert);
$objXMLSecDSig->add509Cert($public_cert, true); $objXMLSecDSig->add509Cert($public_cert, true);
if (isset($certchain_pem_file)) {
$certchain_pem = file_get_contents($certchain_pem_file);
//echo '<pre>chain:' . $certchain_pem . '</pre>';
$certchain = XMLSecurityDSig::staticGet509XCerts($certchain_pem);
# foreach ($certchain AS $scert) {
$objXMLSecDSig->add509Cert($certchain_pem, true);
# }
}
/* /*
$public_cert = file_get_contents("cert/edugain/public2.pem"); $public_cert = file_get_contents("cert/edugain/public2.pem");
$objXMLSecDSig->add509Cert($public_cert, true); $objXMLSecDSig->add509Cert($public_cert, true);
......
This diff is collapsed.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment