/** * @return SimpleSAML_Configuration */ protected function getSspOwnMetadata() { $keyPair = $this->_server->getSigningCertificates(); $spMetadata = SimpleSAML_Configuration::loadFromArray(array('entityid' => $this->_server->getUrl('spMetadataService'), 'SingleSignOnService' => array(array('Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => $this->_server->getUrl('spMetadataService'))), 'keys' => array(array('signing' => true, 'type' => 'X509Certificate', 'X509Certificate' => $keyPair->getCertificate()->toCertData()), array('signing' => true, 'type' => 'X509Certificate', 'X509Certificate' => $keyPair->getCertificate()->toCertData())), 'privatekey' => $keyPair->getPrivateKey() ? $keyPair->getPrivateKey()->filePath() : '')); return $spMetadata; }
/** * Get all certificates from the configuration, the certificate key we were configured with and tell them to * the proxy server. Let the proxy server then decide which signing certificates to use. * * @param EngineBlock_Corto_ProxyServer $proxyServer * @param Zend_Config $applicationConfiguration * @return EngineBlock_X509_KeyPair * @throws EngineBlock_Corto_ProxyServer_Exception * @throws EngineBlock_Exception */ protected function configureProxyCertificates(EngineBlock_Corto_ProxyServer $proxyServer, Zend_Config $applicationConfiguration) { if (!isset($applicationConfiguration->encryption) || !isset($applicationConfiguration->encryption->keys)) { throw new EngineBlock_Corto_ProxyServer_Exception("No encryption/signing keys defined!"); } $keysConfig = $applicationConfiguration->encryption->keys->toArray(); if (empty($keysConfig)) { throw new EngineBlock_Corto_ProxyServer_Exception("No encryption/signing keys defined!"); } $publicKeyFactory = new EngineBlock_X509_CertificateFactory(); $keyPairs = array(); foreach ($keysConfig as $keyId => $keyConfig) { if (!isset($keyConfig['privateFile'])) { $this->_getSessionLog()->warning('Reference to private key file not found for key: ' . $keyId . ' skipping keypair.'); continue; } if (!isset($keyConfig['publicFile'])) { $this->_getSessionLog()->warning('Reference to public key file not found for key: ' . $keyId); continue; } $keyPairs[$keyId] = new EngineBlock_X509_KeyPair($publicKeyFactory->fromFile($keyConfig['publicFile']), new EngineBlock_X509_PrivateKey($keyConfig['privateFile'])); } if (empty($keyPairs)) { throw new EngineBlock_Exception('No (valid) keypairs found in configuration! Please configure at least 1 keypair under encryption.keys'); } $proxyServer->setKeyPairs($keyPairs); if ($this->_keyId !== null) { $proxyServer->setKeyId($this->_keyId); } return $proxyServer->getSigningCertificates(); }