Skip to content
Snippets Groups Projects
Commit d0bdbaa7 authored by Tim van Dijen's avatar Tim van Dijen
Browse files

Rewrite XML Signer using symfony/filesystem

parent 313d4d33
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/XML/Signer.php
+ 31
16
View file @ d0bdbaa7
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* *
* This is a helper class for signing XML documents. * This is a helper class for signing XML documents.
* *
* @package SimpleSAMLphp * @package simplesamlphp/simplesamlphp
*/ */
declare(strict_types=1); declare(strict_types=1);
...@@ -15,10 +15,15 @@ namespace SimpleSAML\XML; ...@@ -15,10 +15,15 @@ namespace SimpleSAML\XML;
use DOMComment; use DOMComment;
use DOMElement; use DOMElement;
use DOMText; use DOMText;
use Exception;
use RobRichards\XMLSecLibs\XMLSecurityDSig; use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey; use RobRichards\XMLSecLibs\XMLSecurityKey;
use SimpleSAML\Assert\Assert; use SimpleSAML\Assert\Assert;
use SimpleSAML\Utils; use SimpleSAML\Utils;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\HttpFoundation\File\File;
use function array_key_exists;
class Signer class Signer
{ {
...@@ -37,12 +42,16 @@ class Signer ...@@ -37,12 +42,16 @@ class Signer
*/ */
private string $certificate = ''; private string $certificate = '';
/** /**
* @var array Extra certificates which should be included in the response. * @var array Extra certificates which should be included in the response.
*/ */
private array $extraCertificates = []; private array $extraCertificates = [];
/**
* @var \Symfony\Component\Filesystem\Filesystem;
*/
private Filesystem $fileSystem;
/** /**
* Constructor for the metadata signer. * Constructor for the metadata signer.
...@@ -62,6 +71,8 @@ class Signer ...@@ -62,6 +71,8 @@ class Signer
*/ */
public function __construct(array $options = []) public function __construct(array $options = [])
{ {
$this->fileSystem = new Filesystem();
if (array_key_exists('privatekey', $options)) { if (array_key_exists('privatekey', $options)) {
$pass = null; $pass = null;
if (array_key_exists('privatekey_pass', $options)) { if (array_key_exists('privatekey_pass', $options)) {
...@@ -131,12 +142,14 @@ class Signer ...@@ -131,12 +142,14 @@ class Signer
$keyFile = $file; $keyFile = $file;
} }
if (!file_exists($keyFile)) { if (!$this->fileSystem->exists($keyFile)) {
throw new \Exception('Could not find private key file "' . $keyFile . '".'); throw new Exception('Could not find private key file "' . $keyFile . '".');
} }
$keyData = file_get_contents($keyFile);
$file = new File($keyFile);
$keyData = $file->getContent();
if ($keyData === false) { if ($keyData === false) {
throw new \Exception('Unable to read private key file "' . $keyFile . '".'); throw new Exception('Unable to read private key file "' . $keyFile . '".');
} }
$privatekey = ['PEM' => $keyData]; $privatekey = ['PEM' => $keyData];
...@@ -160,7 +173,7 @@ class Signer ...@@ -160,7 +173,7 @@ class Signer
{ {
if (!array_key_exists('PEM', $publickey)) { if (!array_key_exists('PEM', $publickey)) {
// We have a public key with only a fingerprint // We have a public key with only a fingerprint
throw new \Exception('Tried to add a certificate fingerprint in a signature.'); throw new Exception('Tried to add a certificate fingerprint in a signature.');
} }
// For now, we only assume that the public key is an X509 certificate // For now, we only assume that the public key is an X509 certificate
...@@ -189,13 +202,14 @@ class Signer ...@@ -189,13 +202,14 @@ class Signer
$certFile = $file; $certFile = $file;
} }
if (!file_exists($certFile)) { if (!$this->fileSystem->exists($certFile)) {
throw new \Exception('Could not find certificate file "' . $certFile . '".'); throw new Exception('Could not find certificate file "' . $certFile . '".');
} }
$cert = file_get_contents($certFile); $file = new File($certFile);
$cert = $file->getContent();
if ($cert === false) { if ($cert === false) {
throw new \Exception('Unable to read certificate file "' . $certFile . '".'); throw new Exception('Unable to read certificate file "' . $certFile . '".');
} }
$this->certificate = $cert; $this->certificate = $cert;
} }
...@@ -232,13 +246,14 @@ class Signer ...@@ -232,13 +246,14 @@ class Signer
$certFile = $file; $certFile = $file;
} }
if (!file_exists($certFile)) { if (!$this->fileSystem->exists($certFile)) {
throw new \Exception('Could not find extra certificate file "' . $certFile . '".'); throw new Exception('Could not find extra certificate file "' . $certFile . '".');
} }
$certificate = file_get_contents($certFile); $file = new File($certFile);
$certificate = $file->getContent();
if ($certificate === false) { if ($certificate === false) {
throw new \Exception('Unable to read extra certificate file "' . $certFile . '".'); throw new Exception('Unable to read extra certificate file "' . $certFile . '".');
} }
$this->extraCertificates[] = $certificate; $this->extraCertificates[] = $certificate;
...@@ -263,7 +278,7 @@ class Signer ...@@ -263,7 +278,7 @@ class Signer
$privateKey = $this->privateKey; $privateKey = $this->privateKey;
if ($privateKey === false) { if ($privateKey === false) {
throw new \Exception('Private key not set.'); throw new Exception('Private key not set.');
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment