Skip to content
Snippets Groups Projects
Commit e5ca519d authored by Olav Morken's avatar Olav Morken
Browse files

SAMLParser: Only extract signing certificate. 

When faced with two certificates, one marked as use="signing", while
the other was use="encryption", we chose the first one (even though
it may not have supported signature verification.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2474 44740490-163a-0410-bde0-09ae8108e29a
parent d3a687c4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/Metadata/SAMLParser.php
+ 16
0
View file @ e5ca519d
......@@ -472,6 +472,10 @@ class SimpleSAML_Metadata_SAMLParser {
continue;
}
if ($key['signing'] !== TRUE) {
continue;
}
$certData = base64_decode($key['X509Certificate']);
if($certData === FALSE) {
/* Empty/invalid certificate. */
......@@ -535,6 +539,10 @@ class SimpleSAML_Metadata_SAMLParser {
continue;
}
if ($key['signing'] !== TRUE) {
continue;
}
$certData = base64_decode($key['X509Certificate']);
if($certData === FALSE) {
/* Empty/invalid certificate. */
......@@ -624,6 +632,10 @@ class SimpleSAML_Metadata_SAMLParser {
continue;
}
if ($key['signing'] !== TRUE) {
continue;
}
$certData = base64_decode($key['X509Certificate']);
if($certData === FALSE) {
/* Empty/invalid certificate. */
......@@ -701,6 +713,10 @@ class SimpleSAML_Metadata_SAMLParser {
continue;
}
if ($key['signing'] !== TRUE) {
continue;
}
$certData = base64_decode($key['X509Certificate']);
if($certData === FALSE) {
/* Empty/invalid certificate. */
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment