From 7231f2e5d108d4f27839295a7b905421af3548bf Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 10 Aug 2010 11:27:07 +0000
Subject: [PATCH] Shib13/Artifact: Support multiple public keys for IdP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2513 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Bindings/Shib13/Artifact.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 851bdd194..63241b16d 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -125,12 +125,16 @@ class SimpleSAML_Bindings_Shib13_Artifact {
 		$url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding'));
 		$url = $url['Location'];
 
-		$certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata, TRUE);
-		if (!array_key_exists('PEM', $certData)) {
-			throw new SimpleSAML_Error_Exception('Missing one of certData or certificate in metadata for '
-				. var_export($idpMetadata->getString('entityid'), TRUE));
+		$peerPublicKeys = $idpMetadata->getPublicKeys('signing', TRUE);
+		$certData = '';
+		foreach ($peerPublicKeys as $key) {
+			if ($key['type'] !== 'X509Certificate') {
+				continue;
+			}
+			$certData .= "-----BEGIN CERTIFICATE-----\n" .
+				chunk_split($key['X509Certificate'], 64) .
+				"-----END CERTIFICATE-----\n";
 		}
-		$certData = $certData['PEM'];
 
 		$file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.crt';
 		if (!file_exists($file)) {
-- 
GitLab