From 845c4408e3efa1064480e09e5b76aa13c0b99ca2 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 20 Jun 2008 13:36:35 +0000
Subject: [PATCH] SimpleSAML_XML_Validator: Add support for retrieving the the
 certificate which was used to validate the XML.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@685 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/XML/Validator.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/lib/SimpleSAML/XML/Validator.php b/lib/SimpleSAML/XML/Validator.php
index 48d8e92e0..9cc839c4d 100644
--- a/lib/SimpleSAML/XML/Validator.php
+++ b/lib/SimpleSAML/XML/Validator.php
@@ -15,6 +15,12 @@ class SimpleSAML_XML_Validator {
 	 */
 	private $x509Fingerprint;
 
+	/**
+	 * This variable contains the X509 certificate the XML document
+	 * was signed with, or NULL if it wasn't signed with an X509 certificate.
+	 */
+	private $x509Certificate;
+
 	/**
 	 * This variable contains the nodes which are signed.
 	 */
@@ -77,11 +83,27 @@ class SimpleSAML_XML_Validator {
 		/* Extract the certificate fingerprint. */
 		$this->x509Fingerprint = $objKey->getX509Fingerprint();
 
+		/* Extract the certificate. */
+		$this->x509Certificate = $objKey->getX509Certificate();
+
 		/* Find the list of validated nodes. */
 		$this->validNodes = $objXMLSecDSig->getValidatedNodes();
 	}
 
 
+	/**
+	 * Retrieve the X509 certificate which was used to sign the XML.
+	 *
+	 * This function will return the certificate as a PEM-encoded string. If the XML
+	 * wasn't signed by an X509 certificate, NULL will be returned.
+	 *
+	 * @return The certificate as a PEM-encoded string, or NULL if not signed with an X509 certificate.
+	 */
+	public function getX509Certificate() {
+		return $this->x509Certificate;
+	}
+
+
 	/**
 	 * This function validates that the fingerprint of the certificate which was used to
 	 * sign this document matches the given fingerprint. An exception will be thrown if
-- 
GitLab