From c1740438d07afb3ffa3ae9441f80bf07e4f422bf Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst <thijs@kinkhorst.com> Date: Mon, 29 Jul 2019 13:04:46 +0000 Subject: [PATCH] Make certificate download work in admin module. --- modules/admin/lib/FederationController.php | 41 +++++++++++++++++++++- modules/admin/routes.yaml | 3 ++ modules/admin/templates/federation.twig | 2 +- modules/saml/lib/Auth/Source/SP.php | 10 +++--- 4 files changed, 50 insertions(+), 6 deletions(-) diff --git a/modules/admin/lib/FederationController.php b/modules/admin/lib/FederationController.php index 8803ab6c9..26586b850 100644 --- a/modules/admin/lib/FederationController.php +++ b/modules/admin/lib/FederationController.php @@ -18,6 +18,8 @@ use SimpleSAML\Module\saml\IdP\SAML2 as SAML2_IdP; use SimpleSAML\Utils; use SimpleSAML\XHTML\Template; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpFoundation\ResponseHeaderBag; /** * Controller class for the admin module. @@ -295,7 +297,7 @@ class FederationController $entities[$index]['type'] = $entity['metadata-set']; foreach ($entity['metadata_array']['keys'] as $kidx => $key) { $key['url'] = Module::getModuleURL( - 'admin/cert', + 'admin/federation/cert', [ 'set' => $entity['metadata-set'], 'idp' => $entity['metadata-index'], @@ -449,4 +451,41 @@ class FederationController $this->menu->addOption('logout', $t->data['logouturl'], Translate::noop('Log out')); return $this->menu->insert($t); } + + /** + * Download a certificate for a given entity. + * + * @param Request $request The current request. + * + * @return Response PEM-encoded certificate. + */ + public function downloadCert(Request $request) + { + Utils\Auth::requireAdmin(); + + $set = $request->get('set'); + $prefix = $request->get('prefix'); + + if ($set === 'saml20-sp-hosted') { + $sourceID = $request->get('source'); + $source = \SimpleSAML\Auth\Source::getById($sourceID); + $mdconfig = $source->getMetadata(); + } else { + $entityID = $request->get('entity'); + $mdconfig = $this->mdHandler->getMetaDataConfig($entityID, $set); + } + + $certInfo = Utils\Crypto::loadPublicKey($mdconfig, true, $prefix); + + $response = new Response($certInfo['PEM']); + $disposition = $response->headers->makeDisposition( + ResponseHeaderBag::DISPOSITION_ATTACHMENT, + 'cert.pem' + ); + + $response->headers->set('Content-Disposition', $disposition); + $response->headers->set('Content-Type', 'application/x-pem-file'); + + return $response; + } } diff --git a/modules/admin/routes.yaml b/modules/admin/routes.yaml index 672ca0f2b..ac07bacb1 100644 --- a/modules/admin/routes.yaml +++ b/modules/admin/routes.yaml @@ -13,6 +13,9 @@ admin-test: admin-fed: path: /federation defaults: { _controller: 'SimpleSAML\Module\admin\FederationController::main' } +admin-fed-cert: + path: /federation/cert + defaults: { _controller: 'SimpleSAML\Module\admin\FederationController::downloadCert' } admin-fed-converter: path: /federation/metadata-converter defaults: { _controller: 'SimpleSAML\Module\admin\FederationController::metadataConverter' } diff --git a/modules/admin/templates/federation.twig b/modules/admin/templates/federation.twig index ab2921b53..44f698991 100644 --- a/modules/admin/templates/federation.twig +++ b/modules/admin/templates/federation.twig @@ -71,9 +71,9 @@ {#- #}$metadata['{{ set.entityid }}'] = {{ set.metadata_array }};{# -#} </div> </dd> - <dt>{% trans %}Certificates{% endtrans %}</dt> {%- for cert in set.certificates %} {%- if loop.first %} + <dt>{% trans %}Certificates{% endtrans %}</dt> <ul> {%- endif %} diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index c4b124a84..2ef32cc90 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -219,9 +219,10 @@ class SP extends \SimpleSAML\Auth\Source 'X509Certificate' => $certInfo['certData'], 'prefix' => 'new_', 'url' => Module::getModuleURL( - 'admin/cert', + 'admin/federation/cert', [ - 'sp' => $this->getAuthId(), + 'set' => 'saml20-sp-hosted', + 'source' => $this->getAuthId(), 'prefix' => 'new_' ] ), @@ -238,9 +239,10 @@ class SP extends \SimpleSAML\Auth\Source 'X509Certificate' => $certInfo['certData'], 'prefix' => '', 'url' => Module::getModuleURL( - 'admin/cert', + 'admin/federation/cert', [ - 'sp' => $this->getAuthId(), + 'set' => 'saml20-sp-hosted', + 'source' => $this->getAuthId(), 'prefix' => '' ] ), -- GitLab