From ae155bcd5cd6a418bc8918dff89a54e7387e4878 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@surfnet.nl>
Date: Mon, 4 Feb 2008 18:17:13 +0000
Subject: [PATCH] don't calculate the fingerprint for anything that is not an
x509 certificate; this fixes an issue where a key value is included -after-
the certificate value in the authnresponse and the fingerprint would be
overridden (and set to a null value)
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@251 44740490-163a-0410-bde0-09ae8108e29a
---
lib/xmlseclibs.php | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/xmlseclibs.php b/lib/xmlseclibs.php
index 46e6f60c3..e9e727d8c 100644
--- a/lib/xmlseclibs.php
+++ b/lib/xmlseclibs.php
@@ -337,9 +337,10 @@ class XMLSecurityKey {
}
if ($this->cryptParams['library'] == 'openssl') {
if ($this->cryptParams['type'] == 'public') {
- /* Load the fingerprint if this is an X509 certificate. */
- $this->X509Fingerprint = self::calculateX509Fingerprint($this->key);
-
+ if ($isCert) {
+ /* Load the fingerprint if this is an X509 certificate. */
+ $this->X509Fingerprint = self::calculateX509Fingerprint($this->key);
+ }
$this->key = openssl_get_publickey($this->key);
} else {
$this->key = openssl_get_privatekey($this->key, $this->passphrase);
@@ -1540,7 +1541,7 @@ class XMLSecEnc {
$x509cert = $x509certNodes->item(0)->textContent;
$x509cert = str_replace(array("\r", "\n"), "", $x509cert);
$x509cert = "-----BEGIN CERTIFICATE-----\n".chunk_split($x509cert, 64, "\n")."-----END CERTIFICATE-----\n";
- $objBaseKey->loadKey($x509cert);
+ $objBaseKey->loadKey($x509cert, FALSE, TRUE);
}
}
break;
--
GitLab