/**
* @return SimpleSAML_Configuration
*/
protected function getSspOwnMetadata()
{
$keyPair = $this->_server->getSigningCertificates();
$spMetadata = SimpleSAML_Configuration::loadFromArray(array('entityid' => $this->_server->getUrl('spMetadataService'), 'SingleSignOnService' => array(array('Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => $this->_server->getUrl('spMetadataService'))), 'keys' => array(array('signing' => true, 'type' => 'X509Certificate', 'X509Certificate' => $keyPair->getCertificate()->toCertData()), array('signing' => true, 'type' => 'X509Certificate', 'X509Certificate' => $keyPair->getCertificate()->toCertData())), 'privatekey' => $keyPair->getPrivateKey() ? $keyPair->getPrivateKey()->filePath() : ''));
return $spMetadata;
}
/**
* Get all certificates from the configuration, the certificate key we were configured with and tell them to
* the proxy server. Let the proxy server then decide which signing certificates to use.
*
* @param EngineBlock_Corto_ProxyServer $proxyServer
* @param Zend_Config $applicationConfiguration
* @return EngineBlock_X509_KeyPair
* @throws EngineBlock_Corto_ProxyServer_Exception
* @throws EngineBlock_Exception
*/
protected function configureProxyCertificates(EngineBlock_Corto_ProxyServer $proxyServer, Zend_Config $applicationConfiguration)
{
if (!isset($applicationConfiguration->encryption) || !isset($applicationConfiguration->encryption->keys)) {
throw new EngineBlock_Corto_ProxyServer_Exception("No encryption/signing keys defined!");
}
$keysConfig = $applicationConfiguration->encryption->keys->toArray();
if (empty($keysConfig)) {
throw new EngineBlock_Corto_ProxyServer_Exception("No encryption/signing keys defined!");
}
$publicKeyFactory = new EngineBlock_X509_CertificateFactory();
$keyPairs = array();
foreach ($keysConfig as $keyId => $keyConfig) {
if (!isset($keyConfig['privateFile'])) {
$this->_getSessionLog()->warning('Reference to private key file not found for key: ' . $keyId . ' skipping keypair.');
continue;
}
if (!isset($keyConfig['publicFile'])) {
$this->_getSessionLog()->warning('Reference to public key file not found for key: ' . $keyId);
continue;
}
$keyPairs[$keyId] = new EngineBlock_X509_KeyPair($publicKeyFactory->fromFile($keyConfig['publicFile']), new EngineBlock_X509_PrivateKey($keyConfig['privateFile']));
}
if (empty($keyPairs)) {
throw new EngineBlock_Exception('No (valid) keypairs found in configuration! Please configure at least 1 keypair under encryption.keys');
}
$proxyServer->setKeyPairs($keyPairs);
if ($this->_keyId !== null) {
$proxyServer->setKeyId($this->_keyId);
}
return $proxyServer->getSigningCertificates();
}
