diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index d1693373d2656826a7d021d78cc26df88082c1f4..851bdd194f45648cbe4f11903188d0d33445c7ae 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -125,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
$url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding'));
$url = $url['Location'];
- $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata->toArray(), TRUE);
+ $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata, TRUE);
if (!array_key_exists('PEM', $certData)) {
throw new SimpleSAML_Error_Exception('Missing one of certData or certificate in metadata for '
. var_export($idpMetadata->getString('entityid'), TRUE));
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index 3d752b744378456d2d4f63276d899fe3b4fffa73..7d9329be1f05078356130bc02223b1ea56258406 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -31,7 +31,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
$privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd->toArray(), TRUE);
- $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd->toArray(), TRUE);
+ $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE);
$responsedom = new DOMDocument();
$responsedom->loadXML(str_replace ("\r", "", $response));
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index cafffba6e5def9bc637811ac676fd85c8a0c8ff0..052f55502f92ad788c2c584e181276abd7c34dd2 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -596,7 +596,7 @@ class SimpleSAML_Metadata_SAMLBuilder {
*/
private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata) {
- $certInfo = SimpleSAML_Utilities::loadPublicKey($metadata->toArray());
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($metadata);
if ($certInfo === NULL || !array_key_exists('certData', $certInfo)) {
/* No certificate to add. */
return;
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index c21b76a4ade45c27a5df9155ed57f9a6d1c3e1eb..cf907119026fbf447902865e3a7b16fe407be63a 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1507,7 +1507,7 @@ class SimpleSAML_Utilities {
* 'certFingerprint' Array of valid certificate fingerprints. (Only present
* if this is a certificate.)
*
- * @param array $metadata The metadata array.
+ * @param SimpleSAML_Configuration $metadata The metadata.
* @param bool $required Whether the private key is required. If this is TRUE, a
* missing key will cause an exception. Default is FALSE.
* @param string $prefix The prefix which should be used when reading from the metadata
@@ -1515,16 +1515,15 @@ class SimpleSAML_Utilities {
* @return array|NULL Public key or certificate data, or NULL if no public key or
* certificate was found.
*/
- public static function loadPublicKey($metadata, $required = FALSE, $prefix = '') {
- assert('is_array($metadata)');
+ public static function loadPublicKey(SimpleSAML_Configuration $metadata, $required = FALSE, $prefix = '') {
assert('is_bool($required)');
assert('is_string($prefix)');
$ret = array();
- if (array_key_exists($prefix . 'certData', $metadata)) {
+ if ($metadata->hasValue($prefix . 'certData')) {
/* Full certificate data available from metadata. */
- $certData = $metadata[$prefix . 'certData'];
+ $certData = $metadata->getString($prefix . 'certData');
$certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData);
$ret['certData'] = $certData;
@@ -1533,9 +1532,9 @@ class SimpleSAML_Utilities {
chunk_split($ret['certData'], 64) .
"-----END CERTIFICATE-----\n";
- } elseif (array_key_exists($prefix . 'certificate', $metadata)) {
+ } elseif ($metadata->hasValue($prefix . 'certificate')) {
/* Reference to certificate file. */
- $file = SimpleSAML_Utilities::resolveCert($metadata[$prefix . 'certificate']);
+ $file = SimpleSAML_Utilities::resolveCert($metadata->getString($prefix . 'certificate'));
$data = @file_get_contents($file);
if ($data === FALSE) {
throw new Exception('Unable to load certificate/public key from file "' . $file . '"');
@@ -1549,13 +1548,9 @@ class SimpleSAML_Utilities {
$ret['certData'] = str_replace(array("\r", "\n"), '', $matches[1]);
}
- } elseif (array_key_exists($prefix . 'certFingerprint', $metadata)) {
+ } elseif ($metadata->hasValue($prefix . 'certFingerprint')) {
/* We only have a fingerprint available. */
- $fps = $metadata[$prefix . 'certFingerprint'];
-
- if (!is_array($fps)) {
- $fps = array($fps);
- }
+ $fps = $metadata->getArrayizeString($prefix . 'certFingerprint');
/* Normalize fingerprint(s) - lowercase and no colons. */
foreach($fps as &$fp) {
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 8e0761598002d180fa86976923f898dc2d7976c0..6b3aa05e4ba7e851be30f2f62f6976d13054e505 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -64,7 +64,7 @@ if ($spconfig->getBoolean('saml20.binding.artifact.enable', FALSE)) {
);
}
-$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig->toArray());
+$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
$certData = $certInfo['certData'];
$metaArray11['certData'] = $certData;
diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php
index 2f5884273ca972666d6953feefbb72168bc5e487..f82c43e68ddb524bfb6adb40fd3de2f73d264095 100644
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -39,9 +39,7 @@ class sspmod_saml2_Message {
*/
public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element) {
- $srcMetadata = $srcMetadata->toArray();
-
- $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata, TRUE);
+ $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata->toArray(), TRUE);
$certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
$privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
@@ -133,7 +131,7 @@ class sspmod_saml2_Message {
SimpleSAML_Logger::debug('Found ' . count($certificates) . ' certificates in ' . get_class($element));
/* Find the certificate that should verify signatures by this entity. */
- $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata->toArray(), FALSE);
+ $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
if ($certArray !== NULL) {
if (array_key_exists('PEM', $certArray)) {
$pemCert = $certArray['PEM'];
@@ -284,7 +282,7 @@ class sspmod_saml2_Message {
$key->loadKey($sharedKey);
} else {
/* Find the certificate that we should use to encrypt messages to this SP. */
- $certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata->toArray(), TRUE);
+ $certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata, TRUE);
if (!array_key_exists('PEM', $certArray)) {
throw new Exception('Unable to locate key we should use to encrypt the assertionst ' .
'to the SP: ' . var_export($dstMetadata->getString('entityid'), TRUE) . '.');
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 29e8fe493f7771166ac23ab9c85c3f7ac6dd0228..75ad959c3fedbddca3ac060c55aaa15dfaf65995 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -20,7 +20,7 @@ try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
- $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta->toArray(), TRUE);
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
$certFingerprint = $certInfo['certFingerprint'];
if (count($certFingerprint) === 1) {
/* Only one valid certificate. */
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index be9d039ea8dde5f52579ae29bc615e054436bea7..b005273539298ba2e4e8b748dd5fb01c5171d949 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -55,7 +55,7 @@ try {
$metaArray['description'] = $spmeta->getLocalizedString('description');
}
- $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta->toArray());
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
$metaArray['certData'] = $certInfo['certData'];
}
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index f795306b43f18b655a50f3ac5e3c1d581456097c..c386966a06a1c0881dd9476e796e53cc234e90bf 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -21,7 +21,7 @@ try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'shib13-idp-hosted');
- $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta->toArray(), TRUE);
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
$certFingerprint = $certInfo['certFingerprint'];
if (count($certFingerprint) === 1) {
/* Only one valid certificate. */
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index a3145920314bb6caf56c2ec92dba764c7f00133c..18fec83a9013a573b2e2b6fc0469440573b1d3d4 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -28,7 +28,7 @@ try {
'AssertionConsumerService' => $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted'),
);
- $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta->toArray());
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
$metaArray['certData'] = $certInfo['certData'];
}