/** * Load a private key from metadata. * * This function loads a private key from a metadata array. It looks for the following elements: * - 'privatekey': Name of a private key file in the cert-directory. * - 'privatekey_pass': Password for the private key. * * It returns and array with the following elements: * - 'PEM': Data for the private key, in PEM-format. * - 'password': Password for the private key. * * @param \SimpleSAML_Configuration $metadata The metadata array the private key should be loaded from. * @param bool $required Whether the private key is required. If this is true, a * missing key will cause an exception. Defaults to false. * @param string $prefix The prefix which should be used when reading from the metadata * array. Defaults to ''. * * @return array|NULL Extracted private key, or NULL if no private key is present. * @throws \InvalidArgumentException If $required is not boolean or $prefix is not a string. * @throws \SimpleSAML_Error_Exception If no private key is found in the metadata, or it was not possible to load * it. * * @author Andreas Solberg, UNINETT AS <*****@*****.**> * @author Olav Morken, UNINETT AS <*****@*****.**> */ public static function loadPrivateKey(\SimpleSAML_Configuration $metadata, $required = false, $prefix = '') { if (!is_bool($required) || !is_string($prefix)) { throw new \InvalidArgumentException('Invalid input parameters.'); } $file = $metadata->getString($prefix . 'privatekey', null); if ($file === null) { // no private key found if ($required) { throw new \SimpleSAML_Error_Exception('No private key found in metadata.'); } else { return null; } } $file = Config::getCertPath($file); $data = @file_get_contents($file); if ($data === false) { throw new \SimpleSAML_Error_Exception('Unable to load private key from file "' . $file . '"'); } $ret = array('PEM' => $data); if ($metadata->hasValue($prefix . 'privatekey_pass')) { $ret['password'] = $metadata->getString($prefix . 'privatekey_pass'); } return $ret; }