Metadata_SAMLParser: Add support for multiple certificates.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@689 44740490-163a-0410-bde0-09ae8108e29a

Metadata_SAMLParser: Add support for multiple certificates.
70f19a3b · Olav Morken · 4c5bf567 · 70f19a3b
Commit 70f19a3b authored 16 years ago by Olav Morken
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -415,7 +415,8 @@ class SimpleSAML_Metadata_SAMLParser {
 		}
 		$ret['SingleSignOnService'] = $sso['location'];

-		/* Find the certificate fingerprint. */
+		/* Find the certificate fingerprints. */
+		$ret['certFingerprint'] = array();
 		foreach($idp['keys'] as $key) {
 			if($key['type'] !== 'X509Certificate') {
 				continue;
@@ -423,7 +424,7 @@ class SimpleSAML_Metadata_SAMLParser {

 			$certData = base64_decode($key['X509Certificate']);
 			if($certData === FALSE) {
-				break;
+				continue;
 				/*
 				 * At 2008-06-18 we removed the requirement for certificate to be emedded in metadata. Instead
 				 * of throwing an exception which caused the whole parsing to crash, we just skip adding the
@@ -433,7 +434,7 @@ class SimpleSAML_Metadata_SAMLParser {
 				 */
 			}

-			$ret['certFingerprint'] = sha1($certData);
+			$ret['certFingerprint'][] = sha1($certData);
 			break;
 		}

@@ -558,6 +559,7 @@ class SimpleSAML_Metadata_SAMLParser {


 		/* Find the certificate fingerprint. */
+		$ret['certFingerprint'] = array();
 		foreach($idp['keys'] as $key) {
 			if($key['type'] !== 'X509Certificate') {
 				continue;
@@ -568,7 +570,7 @@ class SimpleSAML_Metadata_SAMLParser {
 				throw new Exception('Unable to parse base64 encoded certificate data.');
 			}

-			$ret['certFingerprint'] = sha1($certData);
+			$ret['certFingerprint'][] = sha1($certData);
 			break;
 		}