From 715bd251883a1b360cd3d4df9e78e663a892a2b2 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 7 May 2010 09:13:56 +0000
Subject: [PATCH] Utilities::loadPublicKey: Use configuration class for
 metadata.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2285 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Bindings/Shib13/Artifact.php |  2 +-
 lib/SimpleSAML/Bindings/Shib13/HTTPPost.php |  2 +-
 lib/SimpleSAML/Metadata/SAMLBuilder.php     |  2 +-
 lib/SimpleSAML/Utilities.php                | 21 ++++++++-------------
 modules/saml/www/sp/metadata.php            |  2 +-
 modules/saml2/lib/Message.php               |  8 +++-----
 www/saml2/idp/metadata.php                  |  2 +-
 www/saml2/sp/metadata.php                   |  2 +-
 www/shib13/idp/metadata.php                 |  2 +-
 www/shib13/sp/metadata.php                  |  2 +-
 10 files changed, 19 insertions(+), 26 deletions(-)

diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index d1693373d..851bdd194 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -125,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
 		$url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding'));
 		$url = $url['Location'];
 
-		$certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata->toArray(), TRUE);
+		$certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata, TRUE);
 		if (!array_key_exists('PEM', $certData)) {
 			throw new SimpleSAML_Error_Exception('Missing one of certData or certificate in metadata for '
 				. var_export($idpMetadata->getString('entityid'), TRUE));
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index 3d752b744..7d9329be1 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -31,7 +31,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
 
 		$privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd->toArray(), TRUE);
-		$publickey = SimpleSAML_Utilities::loadPublicKey($idpmd->toArray(), TRUE);
+		$publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE);
 
 		$responsedom = new DOMDocument();
 		$responsedom->loadXML(str_replace ("\r", "", $response));
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index cafffba6e..052f55502 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -596,7 +596,7 @@ class SimpleSAML_Metadata_SAMLBuilder {
 	 */
 	private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata) {
 
-		$certInfo = SimpleSAML_Utilities::loadPublicKey($metadata->toArray());
+		$certInfo = SimpleSAML_Utilities::loadPublicKey($metadata);
 		if ($certInfo === NULL || !array_key_exists('certData', $certInfo)) {
 			/* No certificate to add. */
 			return;
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index c21b76a4a..cf9071190 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1507,7 +1507,7 @@ class SimpleSAML_Utilities {
 	 * 'certFingerprint'  Array of valid certificate fingerprints. (Only present
 	 *                    if this is a certificate.)
 	 *
-	 * @param array $metadata  The metadata array.
+	 * @param SimpleSAML_Configuration $metadata  The metadata.
 	 * @param bool $required  Whether the private key is required. If this is TRUE, a
 	 *                        missing key will cause an exception. Default is FALSE.
 	 * @param string $prefix  The prefix which should be used when reading from the metadata
@@ -1515,16 +1515,15 @@ class SimpleSAML_Utilities {
 	 * @return array|NULL  Public key or certificate data, or NULL if no public key or
 	 *                     certificate was found.
 	 */
-	public static function loadPublicKey($metadata, $required = FALSE, $prefix = '') {
-		assert('is_array($metadata)');
+	public static function loadPublicKey(SimpleSAML_Configuration $metadata, $required = FALSE, $prefix = '') {
 		assert('is_bool($required)');
 		assert('is_string($prefix)');
 
 		$ret = array();
 
-		if (array_key_exists($prefix . 'certData', $metadata)) {
+		if ($metadata->hasValue($prefix . 'certData')) {
 			/* Full certificate data available from metadata. */
-			$certData = $metadata[$prefix . 'certData'];
+			$certData = $metadata->getString($prefix . 'certData');
 			$certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData);
 			$ret['certData'] = $certData;
 
@@ -1533,9 +1532,9 @@ class SimpleSAML_Utilities {
 				chunk_split($ret['certData'], 64) .
 				"-----END CERTIFICATE-----\n";
 
-		} elseif (array_key_exists($prefix . 'certificate', $metadata)) {
+		} elseif ($metadata->hasValue($prefix . 'certificate')) {
 			/* Reference to certificate file. */
-			$file = SimpleSAML_Utilities::resolveCert($metadata[$prefix . 'certificate']);
+			$file = SimpleSAML_Utilities::resolveCert($metadata->getString($prefix . 'certificate'));
 			$data = @file_get_contents($file);
 			if ($data === FALSE) {
 				throw new Exception('Unable to load certificate/public key from file "' . $file . '"');
@@ -1549,13 +1548,9 @@ class SimpleSAML_Utilities {
 				$ret['certData'] = str_replace(array("\r", "\n"), '', $matches[1]);
 			}
 
-		} elseif (array_key_exists($prefix . 'certFingerprint', $metadata)) {
+		} elseif ($metadata->hasValue($prefix . 'certFingerprint')) {
 			/* We only have a fingerprint available. */
-			$fps = $metadata[$prefix . 'certFingerprint'];
-
-			if (!is_array($fps)) {
-				$fps = array($fps);
-			}
+			$fps = $metadata->getArrayizeString($prefix . 'certFingerprint');
 
 			/* Normalize fingerprint(s) - lowercase and no colons. */
 			foreach($fps as &$fp) {
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 8e0761598..6b3aa05e4 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -64,7 +64,7 @@ if ($spconfig->getBoolean('saml20.binding.artifact.enable', FALSE)) {
 	);
 }
 
-$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig->toArray());
+$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig);
 if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
 	$certData = $certInfo['certData'];
 	$metaArray11['certData'] = $certData;
diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php
index 2f5884273..f82c43e68 100644
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -39,9 +39,7 @@ class sspmod_saml2_Message {
 	 */
 	public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element) {
 
-		$srcMetadata = $srcMetadata->toArray();
-
-		$keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata, TRUE);
+		$keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata->toArray(), TRUE);
 		$certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
 
 		$privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
@@ -133,7 +131,7 @@ class sspmod_saml2_Message {
 		SimpleSAML_Logger::debug('Found ' . count($certificates) . ' certificates in ' . get_class($element));
 
 		/* Find the certificate that should verify signatures by this entity. */
-		$certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata->toArray(), FALSE);
+		$certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
 		if ($certArray !== NULL) {
 			if (array_key_exists('PEM', $certArray)) {
 				$pemCert = $certArray['PEM'];
@@ -284,7 +282,7 @@ class sspmod_saml2_Message {
 			$key->loadKey($sharedKey);
 		} else {
 			/* Find the certificate that we should use to encrypt messages to this SP. */
-			$certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata->toArray(), TRUE);
+			$certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata, TRUE);
 			if (!array_key_exists('PEM', $certArray)) {
 				throw new Exception('Unable to locate key we should use to encrypt the assertionst ' .
 					'to the SP: ' . var_export($dstMetadata->getString('entityid'), TRUE) . '.');
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 29e8fe493..75ad959c3 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -20,7 +20,7 @@ try {
 	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
 	$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
 
-	$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta->toArray(), TRUE);
+	$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
 	$certFingerprint = $certInfo['certFingerprint'];
 	if (count($certFingerprint) === 1) {
 		/* Only one valid certificate. */
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index be9d039ea..b00527353 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -55,7 +55,7 @@ try {
 		$metaArray['description'] = $spmeta->getLocalizedString('description');
 	}
 
-	$certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta->toArray());
+	$certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta);
 	if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
 		$metaArray['certData'] = $certInfo['certData'];
 	}
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index f795306b4..c386966a0 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -21,7 +21,7 @@ try {
 	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
 	$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'shib13-idp-hosted');
 
-	$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta->toArray(), TRUE);
+	$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
 	$certFingerprint = $certInfo['certFingerprint'];
 	if (count($certFingerprint) === 1) {
 		/* Only one valid certificate. */
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index a31459203..18fec83a9 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -28,7 +28,7 @@ try {
 		'AssertionConsumerService' => $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted'),
 	);
 
-	$certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta->toArray());
+	$certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta);
 	if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
 		$metaArray['certData'] = $certInfo['certData'];
 	}
-- 
GitLab