From 715bd251883a1b360cd3d4df9e78e663a892a2b2 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 7 May 2010 09:13:56 +0000
Subject: [PATCH] Utilities::loadPublicKey: Use configuration class for
metadata.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2285 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Bindings/Shib13/Artifact.php | 2 +-
lib/SimpleSAML/Bindings/Shib13/HTTPPost.php | 2 +-
lib/SimpleSAML/Metadata/SAMLBuilder.php | 2 +-
lib/SimpleSAML/Utilities.php | 21 ++++++++-------------
modules/saml/www/sp/metadata.php | 2 +-
modules/saml2/lib/Message.php | 8 +++-----
www/saml2/idp/metadata.php | 2 +-
www/saml2/sp/metadata.php | 2 +-
www/shib13/idp/metadata.php | 2 +-
www/shib13/sp/metadata.php | 2 +-
10 files changed, 19 insertions(+), 26 deletions(-)
diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index d1693373d..851bdd194 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -125,7 +125,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
$url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding'));
$url = $url['Location'];
- $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata->toArray(), TRUE);
+ $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata, TRUE);
if (!array_key_exists('PEM', $certData)) {
throw new SimpleSAML_Error_Exception('Missing one of certData or certificate in metadata for '
. var_export($idpMetadata->getString('entityid'), TRUE));
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index 3d752b744..7d9329be1 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -31,7 +31,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
$privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd->toArray(), TRUE);
- $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd->toArray(), TRUE);
+ $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE);
$responsedom = new DOMDocument();
$responsedom->loadXML(str_replace ("\r", "", $response));
diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index cafffba6e..052f55502 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -596,7 +596,7 @@ class SimpleSAML_Metadata_SAMLBuilder {
*/
private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata) {
- $certInfo = SimpleSAML_Utilities::loadPublicKey($metadata->toArray());
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($metadata);
if ($certInfo === NULL || !array_key_exists('certData', $certInfo)) {
/* No certificate to add. */
return;
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index c21b76a4a..cf9071190 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1507,7 +1507,7 @@ class SimpleSAML_Utilities {
* 'certFingerprint' Array of valid certificate fingerprints. (Only present
* if this is a certificate.)
*
- * @param array $metadata The metadata array.
+ * @param SimpleSAML_Configuration $metadata The metadata.
* @param bool $required Whether the private key is required. If this is TRUE, a
* missing key will cause an exception. Default is FALSE.
* @param string $prefix The prefix which should be used when reading from the metadata
@@ -1515,16 +1515,15 @@ class SimpleSAML_Utilities {
* @return array|NULL Public key or certificate data, or NULL if no public key or
* certificate was found.
*/
- public static function loadPublicKey($metadata, $required = FALSE, $prefix = '') {
- assert('is_array($metadata)');
+ public static function loadPublicKey(SimpleSAML_Configuration $metadata, $required = FALSE, $prefix = '') {
assert('is_bool($required)');
assert('is_string($prefix)');
$ret = array();
- if (array_key_exists($prefix . 'certData', $metadata)) {
+ if ($metadata->hasValue($prefix . 'certData')) {
/* Full certificate data available from metadata. */
- $certData = $metadata[$prefix . 'certData'];
+ $certData = $metadata->getString($prefix . 'certData');
$certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData);
$ret['certData'] = $certData;
@@ -1533,9 +1532,9 @@ class SimpleSAML_Utilities {
chunk_split($ret['certData'], 64) .
"-----END CERTIFICATE-----\n";
- } elseif (array_key_exists($prefix . 'certificate', $metadata)) {
+ } elseif ($metadata->hasValue($prefix . 'certificate')) {
/* Reference to certificate file. */
- $file = SimpleSAML_Utilities::resolveCert($metadata[$prefix . 'certificate']);
+ $file = SimpleSAML_Utilities::resolveCert($metadata->getString($prefix . 'certificate'));
$data = @file_get_contents($file);
if ($data === FALSE) {
throw new Exception('Unable to load certificate/public key from file "' . $file . '"');
@@ -1549,13 +1548,9 @@ class SimpleSAML_Utilities {
$ret['certData'] = str_replace(array("\r", "\n"), '', $matches[1]);
}
- } elseif (array_key_exists($prefix . 'certFingerprint', $metadata)) {
+ } elseif ($metadata->hasValue($prefix . 'certFingerprint')) {
/* We only have a fingerprint available. */
- $fps = $metadata[$prefix . 'certFingerprint'];
-
- if (!is_array($fps)) {
- $fps = array($fps);
- }
+ $fps = $metadata->getArrayizeString($prefix . 'certFingerprint');
/* Normalize fingerprint(s) - lowercase and no colons. */
foreach($fps as &$fp) {
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 8e0761598..6b3aa05e4 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -64,7 +64,7 @@ if ($spconfig->getBoolean('saml20.binding.artifact.enable', FALSE)) {
);
}
-$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig->toArray());
+$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
$certData = $certInfo['certData'];
$metaArray11['certData'] = $certData;
diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php
index 2f5884273..f82c43e68 100644
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -39,9 +39,7 @@ class sspmod_saml2_Message {
*/
public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element) {
- $srcMetadata = $srcMetadata->toArray();
-
- $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata, TRUE);
+ $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata->toArray(), TRUE);
$certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
$privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
@@ -133,7 +131,7 @@ class sspmod_saml2_Message {
SimpleSAML_Logger::debug('Found ' . count($certificates) . ' certificates in ' . get_class($element));
/* Find the certificate that should verify signatures by this entity. */
- $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata->toArray(), FALSE);
+ $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
if ($certArray !== NULL) {
if (array_key_exists('PEM', $certArray)) {
$pemCert = $certArray['PEM'];
@@ -284,7 +282,7 @@ class sspmod_saml2_Message {
$key->loadKey($sharedKey);
} else {
/* Find the certificate that we should use to encrypt messages to this SP. */
- $certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata->toArray(), TRUE);
+ $certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata, TRUE);
if (!array_key_exists('PEM', $certArray)) {
throw new Exception('Unable to locate key we should use to encrypt the assertionst ' .
'to the SP: ' . var_export($dstMetadata->getString('entityid'), TRUE) . '.');
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 29e8fe493..75ad959c3 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -20,7 +20,7 @@ try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
- $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta->toArray(), TRUE);
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
$certFingerprint = $certInfo['certFingerprint'];
if (count($certFingerprint) === 1) {
/* Only one valid certificate. */
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index be9d039ea..b00527353 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -55,7 +55,7 @@ try {
$metaArray['description'] = $spmeta->getLocalizedString('description');
}
- $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta->toArray());
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
$metaArray['certData'] = $certInfo['certData'];
}
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index f795306b4..c386966a0 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -21,7 +21,7 @@ try {
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'shib13-idp-hosted');
- $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta->toArray(), TRUE);
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
$certFingerprint = $certInfo['certFingerprint'];
if (count($certFingerprint) === 1) {
/* Only one valid certificate. */
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index a31459203..18fec83a9 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -28,7 +28,7 @@ try {
'AssertionConsumerService' => $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted'),
);
- $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta->toArray());
+ $certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
$metaArray['certData'] = $certInfo['certData'];
}
--
GitLab