Skip to content
Snippets Groups Projects
Commit f1157683 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

cleaning shib 1.3 signature code, and add some error checks for whether the... 

cleaning shib 1.3 signature code, and add some error checks for whether the cert and private key files exists

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@238 44740490-163a-0410-bde0-09ae8108e29a
parent acb1ef25
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+ 12
38
View file @ f1157683
...@@ -75,6 +75,10 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -75,6 +75,10 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
$certchain_pem_file = isset($idpmd['certificatechain']) ? $certchain_pem_file = isset($idpmd['certificatechain']) ?
$this->configuration->getBaseDir() . '/cert/' . $idpmd['certificatechain'] : null; $this->configuration->getBaseDir() . '/cert/' . $idpmd['certificatechain'] : null;
if (!file_exists($privatekey)) throw new Exception('Could not find private key file [' . $privatekey . ']');
if (!file_exists($publiccert)) throw new Exception('Could not find public cert file [' . $publiccert . ']');
$privatek = file_get_contents($privatekey); $privatek = file_get_contents($privatekey);
if (strstr($claimedacs, $destination) == 0) { if (strstr($claimedacs, $destination) == 0) {
...@@ -84,13 +88,10 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -84,13 +88,10 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
} }
/* /*
* XMLDSig. Sign the complete request with the key stored in cert/server.pem * XMLDSig. Sign the complete request with the key stored in cert/server.pem
*/ */
$objXMLSecDSig = new XMLSecurityDSig(); $objXMLSecDSig = new XMLSecurityDSig();
//$objXMLSecDSig->idKeys[] = 'ResponseID';
$objXMLSecDSig->idKeys = array('ResponseID'); $objXMLSecDSig->idKeys = array('ResponseID');
...@@ -100,34 +101,18 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -100,34 +101,18 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
$responsedom->loadXML(str_replace ("\r", "", $response)); $responsedom->loadXML(str_replace ("\r", "", $response));
$responseroot = $responsedom->getElementsByTagName('Response')->item(0); $responseroot = $responsedom->getElementsByTagName('Response')->item(0);
//$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
//$assertionroot = $responsedom->getElementsByTagName('Assertion')->item(1);
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
#$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, #array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID');
/*
Removed 2008-01-10 after a tips from Rob Richards.. /**
* Add a reference to what element we want to sign.
*
$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, * TODO: Add option to sign assertion versus response
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), */
array('id_name' => 'ResponseID'));
*/
$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, $objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N), array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
array('id_name' => 'ResponseID')); array('id_name' => 'ResponseID'));
// TODO: Add option to sign assertion versus response
#$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',
# 'http://www.w3.org/2001/10/xml-exc-c14n#'));
#$objXMLSecDSig->addRefInternal($responseroot, $responseroot, XMLSecurityDSig::SHA1);
/* create new XMLSecKey using RSA-SHA-1 and type is private key */ /* create new XMLSecKey using RSA-SHA-1 and type is private key */
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private')); $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type'=>'private'));
...@@ -137,15 +122,10 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -137,15 +122,10 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
#$objKey->loadKey($privatekey_pem,false); #$objKey->loadKey($privatekey_pem,false);
$objKey->loadKey($privatek,false); $objKey->loadKey($privatek,false);
// TODO: Check for whether cert files exists or not.
$objXMLSecDSig->sign($objKey); $objXMLSecDSig->sign($objKey);
$public_cert = file_get_contents($publiccert); $public_cert = file_get_contents($publiccert);
//echo '<pre>publiccert:' . $public_cert . '</pre>';
$objXMLSecDSig->add509Cert($public_cert, true); $objXMLSecDSig->add509Cert($public_cert, true);
if (isset($certchain_pem_file)) { if (isset($certchain_pem_file)) {
...@@ -177,10 +157,6 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -177,10 +157,6 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
# openssl req -new -key server.key -out server.csr # openssl req -new -key server.key -out server.csr
# openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt # openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt
if ($this->configuration->getValue('debug')) { if ($this->configuration->getValue('debug')) {
$p = new SimpleSAML_XHTML_Template($this->configuration, 'post-debug.php'); $p = new SimpleSAML_XHTML_Template($this->configuration, 'post-debug.php');
...@@ -225,9 +201,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost { ...@@ -225,9 +201,7 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
if (isset($relaystate)) { if (isset($relaystate)) {
$samlResponse->setRelayState($relaystate); $samlResponse->setRelayState($relaystate);
} }
#echo("Authn response = " . $samlResponse );
return $samlResponse; return $samlResponse;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment