Skip to content
Snippets Groups Projects
Commit d526590c authored by Tim van Dijen's avatar Tim van Dijen
Browse files

Rewrite MD Signer using symfony/filesystem

parent 0c19bb3e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/Metadata/Signer.php
+ 27
15
View file @ d526590c
...@@ -4,17 +4,26 @@ declare(strict_types=1); ...@@ -4,17 +4,26 @@ declare(strict_types=1);
namespace SimpleSAML\Metadata; namespace SimpleSAML\Metadata;
use Exception;
use RobRichards\XMLSecLibs\XMLSecurityKey; use RobRichards\XMLSecLibs\XMLSecurityKey;
use RobRichards\XMLSecLibs\XMLSecurityDSig; use RobRichards\XMLSecLibs\XMLSecurityDSig;
use SAML2\DOMDocumentFactory; use SAML2\DOMDocumentFactory;
use SimpleSAML\Configuration; use SimpleSAML\Configuration;
use SimpleSAML\Error; use SimpleSAML\Error;
use SimpleSAML\Utils; use SimpleSAML\Utils;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\HttpFoundation\File\File;
use function array_key_exists;
use function hash;
use function in_array;
use function is_bool;
use function is_string;
/** /**
* This class implements a helper function for signing of metadata. * This class implements a helper function for signing of metadata.
* *
* @package SimpleSAMLphp * @package simplesamlphp/simplesamlphp
*/ */
class Signer class Signer
...@@ -41,7 +50,7 @@ class Signer ...@@ -41,7 +50,7 @@ class Signer
!array_key_exists('metadata.sign.privatekey', $entityMetadata) !array_key_exists('metadata.sign.privatekey', $entityMetadata)
|| !array_key_exists('metadata.sign.certificate', $entityMetadata) || !array_key_exists('metadata.sign.certificate', $entityMetadata)
) { ) {
throw new \Exception( throw new Exception(
'Missing either the "metadata.sign.privatekey" or the' . 'Missing either the "metadata.sign.privatekey" or the' .
' "metadata.sign.certificate" configuration option in the metadata for' . ' "metadata.sign.certificate" configuration option in the metadata for' .
' the ' . $type . ' "' . $entityMetadata['entityid'] . '". If one of' . ' the ' . $type . ' "' . $entityMetadata['entityid'] . '". If one of' .
...@@ -66,7 +75,7 @@ class Signer ...@@ -66,7 +75,7 @@ class Signer
$certificate = $config->getOptionalString('metadata.sign.certificate', null); $certificate = $config->getOptionalString('metadata.sign.certificate', null);
if ($privatekey !== null || $certificate !== null) { if ($privatekey !== null || $certificate !== null) {
if ($privatekey === null || $certificate === null) { if ($privatekey === null || $certificate === null) {
throw new \Exception( throw new Exception(
'Missing either the "metadata.sign.privatekey" or the' . 'Missing either the "metadata.sign.privatekey" or the' .
' "metadata.sign.certificate" configuration option in the global' . ' "metadata.sign.certificate" configuration option in the global' .
' configuration. If one of these options is specified, then the other' . ' configuration. If one of these options is specified, then the other' .
...@@ -92,7 +101,7 @@ class Signer ...@@ -92,7 +101,7 @@ class Signer
!array_key_exists('privatekey', $entityMetadata) !array_key_exists('privatekey', $entityMetadata)
|| !array_key_exists('certificate', $entityMetadata) || !array_key_exists('certificate', $entityMetadata)
) { ) {
throw new \Exception( throw new Exception(
'Both the "privatekey" and the "certificate" option must' . 'Both the "privatekey" and the "certificate" option must' .
' be set in the metadata for the ' . $type . ' "' . ' be set in the metadata for the ' . $type . ' "' .
$entityMetadata['entityid'] . '" before it is possible to sign metadata' . $entityMetadata['entityid'] . '" before it is possible to sign metadata' .
...@@ -112,7 +121,7 @@ class Signer ...@@ -112,7 +121,7 @@ class Signer
return $ret; return $ret;
} }
throw new \Exception( throw new Exception(
'Could not find what key & certificate should be used to sign the metadata' . 'Could not find what key & certificate should be used to sign the metadata' .
' for the ' . $type . ' "' . $entityMetadata['entityid'] . '".' ' for the ' . $type . ' "' . $entityMetadata['entityid'] . '".'
); );
...@@ -134,7 +143,7 @@ class Signer ...@@ -134,7 +143,7 @@ class Signer
// first check the metadata for the entity // first check the metadata for the entity
if (array_key_exists('metadata.sign.enable', $entityMetadata)) { if (array_key_exists('metadata.sign.enable', $entityMetadata)) {
if (!is_bool($entityMetadata['metadata.sign.enable'])) { if (!is_bool($entityMetadata['metadata.sign.enable'])) {
throw new \Exception( throw new Exception(
'Invalid value for the "metadata.sign.enable" configuration option for' . 'Invalid value for the "metadata.sign.enable" configuration option for' .
' the ' . $type . ' "' . $entityMetadata['entityid'] . '". This option' . ' the ' . $type . ' "' . $entityMetadata['entityid'] . '". This option' .
' should be a boolean.' ' should be a boolean.'
...@@ -237,27 +246,30 @@ class Signer ...@@ -237,27 +246,30 @@ class Signer
$keyCertFiles = self::findKeyCert($config, $entityMetadata, $type); $keyCertFiles = self::findKeyCert($config, $entityMetadata, $type);
$keyFile = $configUtils->getCertPath($keyCertFiles['privatekey']); $keyFile = $configUtils->getCertPath($keyCertFiles['privatekey']);
if (!file_exists($keyFile)) { $fileSystem = new Filesystem();
throw new \Exception( if (!$fileSystem->exists($keyFile)) {
throw new Exception(
'Could not find private key file [' . $keyFile . '], which is needed to sign the metadata' 'Could not find private key file [' . $keyFile . '], which is needed to sign the metadata'
); );
} }
$keyData = file_get_contents($keyFile);
$key = new File($keyFile);
$keyData = $key->getContent();
$certFile = $configUtils->getCertPath($keyCertFiles['certificate']); $certFile = $configUtils->getCertPath($keyCertFiles['certificate']);
if (!file_exists($certFile)) { $cert = new File($certFile);
throw new \Exception( if (!$fileSystem->exists($certFile)) {
throw new Exception(
'Could not find certificate file [' . $certFile . '], which is needed to sign the metadata' 'Could not find certificate file [' . $certFile . '], which is needed to sign the metadata'
); );
} }
$certData = file_get_contents($certFile); $certData = $cert->getContent();
// convert the metadata to a DOM tree // convert the metadata to a DOM tree
try { try {
$xml = DOMDocumentFactory::fromString($metadataString); $xml = DOMDocumentFactory::fromString($metadataString);
} catch (\Exception $e) { } catch (Exception $e) {
throw new \Exception('Error parsing self-generated metadata.'); throw new Exception('Error parsing self-generated metadata.');
} }
$signature_cf = self::getMetadataSigningAlgorithm($config, $entityMetadata, $type); $signature_cf = self::getMetadataSigningAlgorithm($config, $entityMetadata, $type);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment