From 70f19a3b719b16feae87a6ea27de4563229978c3 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 23 Jun 2008 08:22:50 +0000
Subject: [PATCH] Metadata_SAMLParser: Add support for multiple certificates.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@689 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Metadata/SAMLParser.php | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 951e6a934..e002e5dfa 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -415,7 +415,8 @@ class SimpleSAML_Metadata_SAMLParser {
}
$ret['SingleSignOnService'] = $sso['location'];
- /* Find the certificate fingerprint. */
+ /* Find the certificate fingerprints. */
+ $ret['certFingerprint'] = array();
foreach($idp['keys'] as $key) {
if($key['type'] !== 'X509Certificate') {
continue;
@@ -423,7 +424,7 @@ class SimpleSAML_Metadata_SAMLParser {
$certData = base64_decode($key['X509Certificate']);
if($certData === FALSE) {
- break;
+ continue;
/*
* At 2008-06-18 we removed the requirement for certificate to be emedded in metadata. Instead
* of throwing an exception which caused the whole parsing to crash, we just skip adding the
@@ -433,7 +434,7 @@ class SimpleSAML_Metadata_SAMLParser {
*/
}
- $ret['certFingerprint'] = sha1($certData);
+ $ret['certFingerprint'][] = sha1($certData);
break;
}
@@ -558,6 +559,7 @@ class SimpleSAML_Metadata_SAMLParser {
/* Find the certificate fingerprint. */
+ $ret['certFingerprint'] = array();
foreach($idp['keys'] as $key) {
if($key['type'] !== 'X509Certificate') {
continue;
@@ -568,7 +570,7 @@ class SimpleSAML_Metadata_SAMLParser {
throw new Exception('Unable to parse base64 encoded certificate data.');
}
- $ret['certFingerprint'] = sha1($certData);
+ $ret['certFingerprint'][] = sha1($certData);
break;
}
--
GitLab