From 84db6ccce3d7ed2e022ae592fb37900888d0a76c Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst <thijs@kinkhorst.com> Date: Fri, 27 Aug 2021 16:02:53 +0000 Subject: [PATCH] admin: Do not fail with an Exception if user has enabled saml20.idp but no hosted md found --- modules/admin/lib/Controller/Config.php | 37 ++++++++++++++++--------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/modules/admin/lib/Controller/Config.php b/modules/admin/lib/Controller/Config.php index 99f49802e..b94d40f6d 100644 --- a/modules/admin/lib/Controller/Config.php +++ b/modules/admin/lib/Controller/Config.php @@ -346,25 +346,36 @@ class Config // perform some sanity checks on the configured certificates if ($this->config->getBoolean('enable.saml20-idp', false) !== false) { $handler = MetaDataStorageHandler::getMetadataHandler(); - $metadata = $handler->getMetaDataCurrent('saml20-idp-hosted'); - $metadata_config = Configuration::loadfromArray($metadata); - $private = $cryptoUtils->loadPrivateKey($metadata_config, false); - $public = $cryptoUtils->loadPublicKey($metadata_config, false); + try { + $metadata = $handler->getMetaDataCurrent('saml20-idp-hosted'); + } catch (\Exception $e) { + $matrix[] = [ + 'required' => 'required', + 'descr' => Translate::noop('Hosted IdP metadata present'), + 'enabled'=>false + ]; + } - $matrix[] = [ - 'required' => 'required', - 'descr' => Translate::noop('Matching key-pair for signing assertions'), - 'enabled' => $this->matchingKeyPair($public['PEM'], $private['PEM'], $private['password']), - ]; + if(isset($metadata)) { + $metadata_config = Configuration::loadfromArray($metadata); + $private = $cryptoUtils->loadPrivateKey($metadata_config, false); + $public = $cryptoUtils->loadPublicKey($metadata_config, false); - $private = $cryptoUtils->loadPrivateKey($metadata_config, false, 'new_'); - if ($private !== null) { - $public = $cryptoUtils->loadPublicKey($metadata_config, false, 'new_'); $matrix[] = [ 'required' => 'required', - 'descr' => Translate::noop('Matching key-pair for signing assertions (rollover key)'), + 'descr' => Translate::noop('Matching key-pair for signing assertions'), 'enabled' => $this->matchingKeyPair($public['PEM'], $private['PEM'], $private['password']), ]; + + $private = $cryptoUtils->loadPrivateKey($metadata_config, false, 'new_'); + if ($private !== null) { + $public = $cryptoUtils->loadPublicKey($metadata_config, false, 'new_'); + $matrix[] = [ + 'required' => 'required', + 'descr' => Translate::noop('Matching key-pair for signing assertions (rollover key)'), + 'enabled' => $this->matchingKeyPair($public['PEM'], $private['PEM'], $private['password']), + ]; + } } } -- GitLab