diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php index d1693373d2656826a7d021d78cc26df88082c1f4..851bdd194f45648cbe4f11903188d0d33445c7ae 100644 --- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php +++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php @@ -125,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_Artifact { $url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding')); $url = $url['Location']; - $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata->toArray(), TRUE); + $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata, TRUE); if (!array_key_exists('PEM', $certData)) { throw new SimpleSAML_Error_Exception('Missing one of certData or certificate in metadata for ' . var_export($idpMetadata->getString('entityid'), TRUE)); diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php index 3d752b744378456d2d4f63276d899fe3b4fffa73..7d9329be1f05078356130bc02223b1ea56258406 100644 --- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php @@ -31,7 +31,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { SimpleSAML_Utilities::validateXMLDocument($response, 'saml11'); $privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd->toArray(), TRUE); - $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd->toArray(), TRUE); + $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE); $responsedom = new DOMDocument(); $responsedom->loadXML(str_replace ("\r", "", $response)); diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index cafffba6e5def9bc637811ac676fd85c8a0c8ff0..052f55502f92ad788c2c584e181276abd7c34dd2 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -596,7 +596,7 @@ class SimpleSAML_Metadata_SAMLBuilder { */ private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata) { - $certInfo = SimpleSAML_Utilities::loadPublicKey($metadata->toArray()); + $certInfo = SimpleSAML_Utilities::loadPublicKey($metadata); if ($certInfo === NULL || !array_key_exists('certData', $certInfo)) { /* No certificate to add. */ return; diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php index c21b76a4ade45c27a5df9155ed57f9a6d1c3e1eb..cf907119026fbf447902865e3a7b16fe407be63a 100644 --- a/lib/SimpleSAML/Utilities.php +++ b/lib/SimpleSAML/Utilities.php @@ -1507,7 +1507,7 @@ class SimpleSAML_Utilities { * 'certFingerprint' Array of valid certificate fingerprints. (Only present * if this is a certificate.) * - * @param array $metadata The metadata array. + * @param SimpleSAML_Configuration $metadata The metadata. * @param bool $required Whether the private key is required. If this is TRUE, a * missing key will cause an exception. Default is FALSE. * @param string $prefix The prefix which should be used when reading from the metadata @@ -1515,16 +1515,15 @@ class SimpleSAML_Utilities { * @return array|NULL Public key or certificate data, or NULL if no public key or * certificate was found. */ - public static function loadPublicKey($metadata, $required = FALSE, $prefix = '') { - assert('is_array($metadata)'); + public static function loadPublicKey(SimpleSAML_Configuration $metadata, $required = FALSE, $prefix = '') { assert('is_bool($required)'); assert('is_string($prefix)'); $ret = array(); - if (array_key_exists($prefix . 'certData', $metadata)) { + if ($metadata->hasValue($prefix . 'certData')) { /* Full certificate data available from metadata. */ - $certData = $metadata[$prefix . 'certData']; + $certData = $metadata->getString($prefix . 'certData'); $certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData); $ret['certData'] = $certData; @@ -1533,9 +1532,9 @@ class SimpleSAML_Utilities { chunk_split($ret['certData'], 64) . "-----END CERTIFICATE-----\n"; - } elseif (array_key_exists($prefix . 'certificate', $metadata)) { + } elseif ($metadata->hasValue($prefix . 'certificate')) { /* Reference to certificate file. */ - $file = SimpleSAML_Utilities::resolveCert($metadata[$prefix . 'certificate']); + $file = SimpleSAML_Utilities::resolveCert($metadata->getString($prefix . 'certificate')); $data = @file_get_contents($file); if ($data === FALSE) { throw new Exception('Unable to load certificate/public key from file "' . $file . '"'); @@ -1549,13 +1548,9 @@ class SimpleSAML_Utilities { $ret['certData'] = str_replace(array("\r", "\n"), '', $matches[1]); } - } elseif (array_key_exists($prefix . 'certFingerprint', $metadata)) { + } elseif ($metadata->hasValue($prefix . 'certFingerprint')) { /* We only have a fingerprint available. */ - $fps = $metadata[$prefix . 'certFingerprint']; - - if (!is_array($fps)) { - $fps = array($fps); - } + $fps = $metadata->getArrayizeString($prefix . 'certFingerprint'); /* Normalize fingerprint(s) - lowercase and no colons. */ foreach($fps as &$fp) { diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php index 8e0761598002d180fa86976923f898dc2d7976c0..6b3aa05e4ba7e851be30f2f62f6976d13054e505 100644 --- a/modules/saml/www/sp/metadata.php +++ b/modules/saml/www/sp/metadata.php @@ -64,7 +64,7 @@ if ($spconfig->getBoolean('saml20.binding.artifact.enable', FALSE)) { ); } -$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig->toArray()); +$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig); if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) { $certData = $certInfo['certData']; $metaArray11['certData'] = $certData; diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php index 2f5884273ca972666d6953feefbb72168bc5e487..f82c43e68ddb524bfb6adb40fd3de2f73d264095 100644 --- a/modules/saml2/lib/Message.php +++ b/modules/saml2/lib/Message.php @@ -39,9 +39,7 @@ class sspmod_saml2_Message { */ public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element) { - $srcMetadata = $srcMetadata->toArray(); - - $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata, TRUE); + $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata->toArray(), TRUE); $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE); $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); @@ -133,7 +131,7 @@ class sspmod_saml2_Message { SimpleSAML_Logger::debug('Found ' . count($certificates) . ' certificates in ' . get_class($element)); /* Find the certificate that should verify signatures by this entity. */ - $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata->toArray(), FALSE); + $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE); if ($certArray !== NULL) { if (array_key_exists('PEM', $certArray)) { $pemCert = $certArray['PEM']; @@ -284,7 +282,7 @@ class sspmod_saml2_Message { $key->loadKey($sharedKey); } else { /* Find the certificate that we should use to encrypt messages to this SP. */ - $certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata->toArray(), TRUE); + $certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata, TRUE); if (!array_key_exists('PEM', $certArray)) { throw new Exception('Unable to locate key we should use to encrypt the assertionst ' . 'to the SP: ' . var_export($dstMetadata->getString('entityid'), TRUE) . '.'); diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php index 29e8fe493f7771166ac23ab9c85c3f7ac6dd0228..75ad959c3fedbddca3ac060c55aaa15dfaf65995 100644 --- a/www/saml2/idp/metadata.php +++ b/www/saml2/idp/metadata.php @@ -20,7 +20,7 @@ try { $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted'); - $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta->toArray(), TRUE); + $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE); $certFingerprint = $certInfo['certFingerprint']; if (count($certFingerprint) === 1) { /* Only one valid certificate. */ diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php index be9d039ea8dde5f52579ae29bc615e054436bea7..b005273539298ba2e4e8b748dd5fb01c5171d949 100644 --- a/www/saml2/sp/metadata.php +++ b/www/saml2/sp/metadata.php @@ -55,7 +55,7 @@ try { $metaArray['description'] = $spmeta->getLocalizedString('description'); } - $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta->toArray()); + $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta); if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) { $metaArray['certData'] = $certInfo['certData']; } diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php index f795306b43f18b655a50f3ac5e3c1d581456097c..c386966a06a1c0881dd9476e796e53cc234e90bf 100644 --- a/www/shib13/idp/metadata.php +++ b/www/shib13/idp/metadata.php @@ -21,7 +21,7 @@ try { $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted'); $idpmeta = $metadata->getMetaDataConfig($idpentityid, 'shib13-idp-hosted'); - $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta->toArray(), TRUE); + $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE); $certFingerprint = $certInfo['certFingerprint']; if (count($certFingerprint) === 1) { /* Only one valid certificate. */ diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php index a3145920314bb6caf56c2ec92dba764c7f00133c..18fec83a9013a573b2e2b6fc0469440573b1d3d4 100644 --- a/www/shib13/sp/metadata.php +++ b/www/shib13/sp/metadata.php @@ -28,7 +28,7 @@ try { 'AssertionConsumerService' => $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted'), ); - $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta->toArray()); + $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta); if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) { $metaArray['certData'] = $certInfo['certData']; }