Exemplo n.º 1
0
 /**
  * Add signature key and sender certificate to an element (Message or Assertion).
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender.
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient.
  * @param SAML2_Message $element  The element we should add the data to.
  */
 public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element)
 {
     $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata, TRUE);
     $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
     $algo = $dstMetadata->getString('signature.algorithm', NULL);
     if ($algo === NULL) {
         /*
          * In the NIST Special Publication 800-131A, SHA-1 became deprecated for generating
          * new digital signatures in 2011, and will be explicitly disallowed starting the 1st
          * of January, 2014. We'll keep this as a default for the next release and mark it
          * as deprecated, as part of the transition to SHA-256.
          *
          * See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf for more info.
          *
          * TODO: change default to XMLSecurityKey::RSA_SHA256.
          */
         $algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA1);
     }
     $privateKey = new XMLSecurityKey($algo, array('type' => 'private'));
     if (array_key_exists('password', $keyArray)) {
         $privateKey->passphrase = $keyArray['password'];
     }
     $privateKey->loadKey($keyArray['PEM'], FALSE);
     $element->setSignatureKey($privateKey);
     if ($certArray === NULL) {
         /* We don't have a certificate to add. */
         return;
     }
     if (!array_key_exists('PEM', $certArray)) {
         /* We have a public key with only a fingerprint. */
         return;
     }
     $element->setCertificates(array($certArray['PEM']));
 }
Exemplo n.º 2
0
 /**
  * Add signature key and and senders certificate to an element (Message or Assertion).
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender.
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient.
  * @param SAML2_Message $element  The element we should add the data to.
  */
 public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element)
 {
     $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata, TRUE);
     $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
     $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     if (array_key_exists('password', $keyArray)) {
         $privateKey->passphrase = $keyArray['password'];
     }
     $privateKey->loadKey($keyArray['PEM'], FALSE);
     $element->setSignatureKey($privateKey);
     if ($certArray === NULL) {
         /* We don't have a certificate to add. */
         return;
     }
     if (!array_key_exists('PEM', $certArray)) {
         /* We have a public key with only a fingerprint. */
         return;
     }
     $element->setCertificates(array($certArray['PEM']));
 }
Exemplo n.º 3
0
 /**
  * Sign the generated EntitiesDescriptor.
  */
 protected function addSignature(SAML2_SignedElement $element)
 {
     if ($this->signKey === NULL) {
         return;
     }
     $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     if ($this->signKeyPass !== NULL) {
         $privateKey->passphrase = $this->signKeyPass;
     }
     $privateKey->loadKey($this->signKey, FALSE);
     $element->setSignatureKey($privateKey);
     if ($this->signCert !== NULL) {
         $element->setCertificates(array($this->signCert));
     }
 }