Пример #1
0
 /**
  * Get all certificates from the configuration, the certificate key we were configured with and tell them to
  * the proxy server. Let the proxy server then decide which signing certificates to use.
  *
  * @param EngineBlock_Corto_ProxyServer $proxyServer
  * @param Zend_Config $applicationConfiguration
  * @return EngineBlock_X509_KeyPair
  * @throws EngineBlock_Corto_ProxyServer_Exception
  * @throws EngineBlock_Exception
  */
 protected function configureProxyCertificates(EngineBlock_Corto_ProxyServer $proxyServer, Zend_Config $applicationConfiguration)
 {
     if (!isset($applicationConfiguration->encryption) || !isset($applicationConfiguration->encryption->keys)) {
         throw new EngineBlock_Corto_ProxyServer_Exception("No encryption/signing keys defined!");
     }
     $keysConfig = $applicationConfiguration->encryption->keys->toArray();
     if (empty($keysConfig)) {
         throw new EngineBlock_Corto_ProxyServer_Exception("No encryption/signing keys defined!");
     }
     $publicKeyFactory = new EngineBlock_X509_CertificateFactory();
     $keyPairs = array();
     foreach ($keysConfig as $keyId => $keyConfig) {
         if (!isset($keyConfig['privateFile'])) {
             $this->_getSessionLog()->warning('Reference to private key file not found for key: ' . $keyId . ' skipping keypair.');
             continue;
         }
         if (!isset($keyConfig['publicFile'])) {
             $this->_getSessionLog()->warning('Reference to public key file not found for key: ' . $keyId);
             continue;
         }
         $keyPairs[$keyId] = new EngineBlock_X509_KeyPair($publicKeyFactory->fromFile($keyConfig['publicFile']), new EngineBlock_X509_PrivateKey($keyConfig['privateFile']));
     }
     if (empty($keyPairs)) {
         throw new EngineBlock_Exception('No (valid) keypairs found in configuration! Please configure at least 1 keypair under encryption.keys');
     }
     $proxyServer->setKeyPairs($keyPairs);
     if ($this->_keyId !== null) {
         $proxyServer->setKeyId($this->_keyId);
     }
     return $proxyServer->getSigningCertificates();
 }