Skip to content
Snippets Groups Projects
Commit a6084304 authored by Olav Morken's avatar Olav Morken
Browse files

XML_Signer: Add support for including extra certificates in the signature.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@701 44740490-163a-0410-bde0-09ae8108e29a
parent 36e76509
No related branches found
No related tags found
No related merge requests found
...@@ -33,6 +33,11 @@ class SimpleSAML_XML_Signer { ...@@ -33,6 +33,11 @@ class SimpleSAML_XML_Signer {
private $certificate; private $certificate;
/**
* Extra certificates which should be included in the response.
*/
private $extraCertificates;
/** /**
* Constructor for the metadata signer. * Constructor for the metadata signer.
...@@ -59,6 +64,7 @@ class SimpleSAML_XML_Signer { ...@@ -59,6 +64,7 @@ class SimpleSAML_XML_Signer {
$this->idAttrName = FALSE; $this->idAttrName = FALSE;
$this->privateKey = FALSE; $this->privateKey = FALSE;
$this->certificate = FALSE; $this->certificate = FALSE;
$this->extraCertificates = array();
if(array_key_exists('privatekey', $options)) { if(array_key_exists('privatekey', $options)) {
$pass = NULL; $pass = NULL;
...@@ -144,6 +150,32 @@ class SimpleSAML_XML_Signer { ...@@ -144,6 +150,32 @@ class SimpleSAML_XML_Signer {
$this->idAttrName = $idAttrName; $this->idAttrName = $idAttrName;
} }
/**
* Add an extra certificate to the certificate chain in the signature.
*
* Extra certificates will be added to the certificate chain in the order they
* are added.
*
* @param $file The file which contains the certificate, relative to the cert-directory.
*/
public function addCertificate($file) {
assert('is_string($file)');
$certFile = self::$certDir . $file;
if (!file_exists($certFile)) {
throw new Exception('Could not find extra certificate file "' . $certFile . '".');
}
$certificate = file_get_contents($certFile);
if($certificate === FALSE) {
throw new Exception('Unable to read extra certificate file "' . $certFile . '".');
}
$this->extraCertificates[] = $certificate;
}
/** /**
* Signs the given DOMElement and inserts the signature at the given position. * Signs the given DOMElement and inserts the signature at the given position.
* *
...@@ -186,6 +218,10 @@ class SimpleSAML_XML_Signer { ...@@ -186,6 +218,10 @@ class SimpleSAML_XML_Signer {
$objXMLSecDSig->add509Cert($this->certificate, TRUE); $objXMLSecDSig->add509Cert($this->certificate, TRUE);
} }
/* Add extra certificates. */
foreach($this->extraCertificates as $certificate) {
$objXMLSecDSig->add509Cert($certificate, TRUE);
}
$objXMLSecDSig->insertSignature($insertInto, $insertBefore); $objXMLSecDSig->insertSignature($insertInto, $insertBefore);
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment