Skip to content
Snippets Groups Projects
Commit a3a1587e authored by Olav Morken's avatar Olav Morken
Browse files

XMLSecurityKey: added getX509Fingerprint()-function to get the fingerprint of... 

XMLSecurityKey: added getX509Fingerprint()-function to get the fingerprint of the X509-certificate (if the key is loaded from an X509-certificate).


git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@183 44740490-163a-0410-bde0-09ae8108e29a
parent 98e5b7ec
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 58 additions and 0 deletions
lib/xmlseclibs.php
+ 58
0
View file @ a3a1587e
...@@ -185,6 +185,9 @@ class XMLSecurityKey { ...@@ -185,6 +185,9 @@ class XMLSecurityKey {
public $encryptedCtx = NULL; public $encryptedCtx = NULL;
public $guid = NULL; public $guid = NULL;
/* This variable contains the certificate fingerprint if we have loaded an X509-certificate. */
private $X509Fingerprint = NULL;
public function __construct($type, $params=NULL) { public function __construct($type, $params=NULL) {
srand(); srand();
switch ($type) { switch ($type) {
...@@ -280,6 +283,47 @@ class XMLSecurityKey { ...@@ -280,6 +283,47 @@ class XMLSecurityKey {
return $key; return $key;
} }
/* This function calculates the fingerprint of an X509 certificate.
*
* Parameters:
* $x509cert The certificate as a base64-encoded string. The string may optionally
* be framed with '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----'.
*
* Returns:
* The fingerprint as a 40-character lowercase hexadecimal number.
* NULL is returned if the argument isn't an X509 certificate.
*/
private static function calculateX509Fingerprint($x509cert) {
assert('is_string($x509cert)');
$lines = explode("\n", $x509cert);
$data = '';
foreach($lines as $line) {
/* Remove '\r' from end of line if present. */
$line = rtrim($line);
if($line === '-----BEGIN CERTIFICATE-----') {
/* Delete junk from before the certificate. */
$data = '';
} elseif($line === '-----END CERTIFICATE-----') {
/* Ignore data after the certificate. */
break;
} elseif($line === '-----BEGIN PUBLIC KEY-----') {
/* This isn't an X509 certificate. */
return NULL;
} else {
/* Append the current line to the certificate data. */
$data .= $line;
}
}
/* $data now contains the certificate as a base64-encoded string. The fingerprint
* of the certificate is the sha1-hash of the certificate.
*/
return strtolower(sha1(base64_decode($data)));
}
public function loadKey($key, $isFile=FALSE, $isCert = FALSE) { public function loadKey($key, $isFile=FALSE, $isCert = FALSE) {
if ($isFile) { if ($isFile) {
$this->key = file_get_contents($key); $this->key = file_get_contents($key);
...@@ -293,6 +337,9 @@ class XMLSecurityKey { ...@@ -293,6 +337,9 @@ class XMLSecurityKey {
} }
if ($this->cryptParams['library'] == 'openssl') { if ($this->cryptParams['library'] == 'openssl') {
if ($this->cryptParams['type'] == 'public') { if ($this->cryptParams['type'] == 'public') {
/* Load the fingerprint if this is an X509 certificate. */
$this->X509Fingerprint = self::calculateX509Fingerprint($this->key);
$this->key = openssl_get_publickey($this->key); $this->key = openssl_get_publickey($this->key);
} else { } else {
$this->key = openssl_get_privatekey($this->key, $this->passphrase); $this->key = openssl_get_privatekey($this->key, $this->passphrase);
...@@ -482,6 +529,17 @@ class XMLSecurityKey { ...@@ -482,6 +529,17 @@ class XMLSecurityKey {
public function serializeKey($parent) { public function serializeKey($parent) {
} }
/* Get the fingerprint of this X509 certificate.
*
* Returns:
* The fingerprint as a lowercase 40-character hexadecimal number, or NULL
* if this isn't a X509 certificate.
*/
public function getX509Fingerprint() {
return $this->X509Fingerprint;
}
} }
class XMLSecurityDSig { class XMLSecurityDSig {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment