Skip to content
Snippets Groups Projects
Commit 51e0179b authored by Olav Morken's avatar Olav Morken
Browse files

SAML20/HTTPRedirect: Use SimpleSAML_Utilities::load{Private,Public}Key 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@935 44740490-163a-0410-bde0-09ae8108e29a
parent d5ccda83
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
+ 9
19
View file @ 51e0179b
...@@ -32,11 +32,7 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect { ...@@ -32,11 +32,7 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
/* Load the private key. */ /* Load the private key. */
$privatekey = SimpleSAML_Utilities::loadPrivateKey($md, TRUE);
$privatekey = $this->configuration->getPathValue('certdir') . $md['privatekey'];
if (!file_exists($privatekey)) {
throw new Exception('Could not find private key file [' . $privatekey . '] which is needed to sign the request.');
}
/* Sign the query string. According to the specification, the string which should be /* Sign the query string. According to the specification, the string which should be
* signed is the concatenation of the following query parameters (in order): * signed is the concatenation of the following query parameters (in order):
...@@ -56,12 +52,12 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect { ...@@ -56,12 +52,12 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
/* Set the passphrase which should be used to open the key, if this attribute is /* Set the passphrase which should be used to open the key, if this attribute is
* set in the metadata. * set in the metadata.
*/ */
if(array_key_exists('privatekey_pass', $md)) { if(array_key_exists('password', $privatekey)) {
$xmlseckey->passphrase = $md['privatekey_pass']; $xmlseckey->passphrase = $privatekey['password'];
} }
$xmlseckey->loadKey($privatekey,TRUE); $xmlseckey->loadKey($privatekey['PEM']);
$signature = $xmlseckey->signData($query); $signature = $xmlseckey->signData($query);
$query = $query . "&" . "Signature=" . urlencode(base64_encode($signature)); $query = $query . "&" . "Signature=" . urlencode(base64_encode($signature));
...@@ -108,15 +104,9 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect { ...@@ -108,15 +104,9 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
SimpleSAML_Logger::debug('Library - HTTPRedirect validateQuery(): Sig Alg: ' . $algURI); SimpleSAML_Logger::debug('Library - HTTPRedirect validateQuery(): Sig Alg: ' . $algURI);
$publickey = SimpleSAML_Utilities::loadPublicKey($md, TRUE);
if (!array_key_exists('certificate', $md)) { if (!array_key_exists('PEM', $publickey)) {
throw new Exception('If you set request.signing to be true in the metadata, you also have to add the certificate parameter.'); throw new Exception('We need a full public key to validate HTTP-Redirect signatures. A fingerprint is not enough.');
}
// check if public key of sp exists
$publickey = $this->configuration->getPathValue('certdir') . $md['certificate'];
if (!is_file($publickey)) {
throw new Exception('Could not find certificate file [' . $publickey . '] which is needed to verify the request.');
} }
// getting signature from get arguments // getting signature from get arguments
...@@ -127,7 +117,7 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect { ...@@ -127,7 +117,7 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
// verify signature using xmlseclibs // verify signature using xmlseclibs
$xmlseckey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public')); $xmlseckey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'public'));
$xmlseckey->loadKey($publickey,TRUE); $xmlseckey->loadKey($publickey['PEM']);
if (!$xmlseckey->verifySignature($query,$signature)) { if (!$xmlseckey->verifySignature($query,$signature)) {
throw new Exception("Unable to validate Signature"); throw new Exception("Unable to validate Signature");
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment