Shib13/Artifact: Support multiple public keys for IdP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2513 44740490-163a-0410-bde0-09ae8108e29a

Shib13/Artifact: Support multiple public keys for IdP.
7231f2e5 · Olav Morken · 1130073f · 7231f2e5
Commit 7231f2e5 authored 14 years ago by Olav Morken
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -125,12 +125,16 @@ class SimpleSAML_Bindings_Shib13_Artifact {
 		$url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding'));
 		$url = $url['Location'];

-		$certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata, TRUE);
-		if (!array_key_exists('PEM', $certData)) {
-			throw new SimpleSAML_Error_Exception('Missing one of certData or certificate in metadata for '
-				. var_export($idpMetadata->getString('entityid'), TRUE));
+		$peerPublicKeys = $idpMetadata->getPublicKeys('signing', TRUE);
+		$certData = '';
+		foreach ($peerPublicKeys as $key) {
+			if ($key['type'] !== 'X509Certificate') {
+				continue;
+			}
+			$certData .= "-----BEGIN CERTIFICATE-----\n" .
+				chunk_split($key['X509Certificate'], 64) .
+				"-----END CERTIFICATE-----\n";
 		}
-		$certData = $certData['PEM'];

 		$file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.crt';
 		if (!file_exists($file)) {