From a688801a03b3dab7ef9c97b4a18888ddf1d9ca90 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 10 Aug 2010 11:26:20 +0000
Subject: [PATCH] Utilities::loadPublicKeys: Move to use
 Configuration::getPublicKeys.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2507 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Utilities.php | 69 ++++++++++++++----------------------
 1 file changed, 26 insertions(+), 43 deletions(-)

diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index c834ef0d0..5b78098e6 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1239,35 +1239,28 @@ class SimpleSAML_Utilities {
 		assert('is_bool($required)');
 		assert('is_string($prefix)');
 
-		$ret = array();
-
-		if ($metadata->hasValue($prefix . 'certData')) {
-			/* Full certificate data available from metadata. */
-			$certData = $metadata->getString($prefix . 'certData');
-			$certData = str_replace(array("\r", "\n", "\t", ' '), '', $certData);
-			$ret['certData'] = $certData;
-
-			/* Recreate PEM-encoded certificate. */
-			$ret['PEM'] = "-----BEGIN CERTIFICATE-----\n" .
-				chunk_split($ret['certData'], 64) .
-				"-----END CERTIFICATE-----\n";
-
-		} elseif ($metadata->hasValue($prefix . 'certificate')) {
-			/* Reference to certificate file. */
-			$file = SimpleSAML_Utilities::resolveCert($metadata->getString($prefix . 'certificate'));
-			$data = @file_get_contents($file);
-			if ($data === FALSE) {
-				throw new Exception('Unable to load certificate/public key from file "' . $file . '"');
-			}
-			$ret['PEM'] = $data;
-
-			/* Extract certificate data (if this is a certificate). */
-			$pattern = '/^-----BEGIN CERTIFICATE-----([^-]*)^-----END CERTIFICATE-----/m';
-			if (preg_match($pattern, $data, $matches)) {
-				/* We have a certificate. */
-				$ret['certData'] = str_replace(array("\r", "\n"), '', $matches[1]);
+		$keys = $metadata->getPublicKeys(NULL, FALSE, $prefix);
+		if ($keys !== NULL) {
+			foreach ($keys as $key) {
+				if ($key['type'] !== 'X509Certificate') {
+					continue;
+				}
+				if ($key['signing'] !== TRUE) {
+					continue;
+				}
+				$certData = $key['X509Certificate'];
+				$pem = "-----BEGIN CERTIFICATE-----\n" .
+					chunk_split($certData, 64) .
+					"-----END CERTIFICATE-----\n";
+				$certFingerprint = strtolower(sha1(base64_decode($certData)));
+
+				return array(
+					'certData' => $certData,
+					'PEM' => $pem,
+					'certFingerprint' => array($certFingerprint),
+				);
 			}
-
+			/* No valid key found. */
 		} elseif ($metadata->hasValue($prefix . 'certFingerprint')) {
 			/* We only have a fingerprint available. */
 			$fps = $metadata->getArrayizeString($prefix . 'certFingerprint');
@@ -1282,24 +1275,14 @@ class SimpleSAML_Utilities {
 			 * return an array with only the fingerprint(s) immediately.
 			 */
 			return array('certFingerprint' => $fps);
-
-		} else {
-			/* No public key/certificate available. */
-			if ($required) {
-				throw new Exception('No public key / certificate found in metadata.');
-			} else {
-				return NULL;
-			}
 		}
 
-		if (array_key_exists('certData', $ret)) {
-			/* This is a certificate - calculate the fingerprint. */
-			$ret['certFingerprint'] = array(
-				strtolower(sha1(base64_decode($ret['certData'])))
-			);
+		/* No public key/certificate available. */
+		if ($required) {
+			throw new Exception('No public key / certificate found in metadata.');
+		} else {
+			return NULL;
 		}
-
-		return $ret;
 	}
 
 
-- 
GitLab