Skip to content
Snippets Groups Projects
Commit d85f62b6 authored by Olav Morken's avatar Olav Morken
Browse files

SAML2 SP: Add support for CA path validation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@771 44740490-163a-0410-bde0-09ae8108e29a
parent 8ebe7ebc
No related branches found
No related tags found
No related merge requests found
...@@ -260,11 +260,24 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { ...@@ -260,11 +260,24 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
$this->validator = new SimpleSAML_XML_Validator($node, 'ID', $publickey); $this->validator = new SimpleSAML_XML_Validator($node, 'ID', $publickey);
if (!$publickey) { if (!$publickey) {
/* Get fingerprint for the certificate of the issuer. */ if(array_key_exists('certFingerprint', $md)) {
$issuerFingerprint = $md['certFingerprint'];
/* Get fingerprint for the certificate of the issuer. */
$issuerFingerprint = $md['certFingerprint'];
/* Validate the fingerprint. */ /* Validate the fingerprint. */
$this->validator->validateFingerprint($issuerFingerprint); $this->validator->validateFingerprint($issuerFingerprint);
} elseif(array_key_exists('caFile', $md)) {
/* Validation against a CA file. */
$this->validator->validateCA($this->configuration->getPathValue('certdir') . $md['caFile']);
} else {
/* Misconfigured - neither publickey, certFingerprint or caFile given. */
throw new Exception('Misconfigured saml20-idp-remote ' . $this->issuer . ':' .
' Neither publickey, certFingerprint or caFile given.');
}
} }
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment