/**
* Get all certificates from the configuration, the certificate key we were configured with and tell them to
* the proxy server. Let the proxy server then decide which signing certificates to use.
*
* @param EngineBlock_Corto_ProxyServer $proxyServer
* @param Zend_Config $applicationConfiguration
* @return EngineBlock_X509_KeyPair
* @throws EngineBlock_Corto_ProxyServer_Exception
* @throws EngineBlock_Exception
*/
protected function configureProxyCertificates(EngineBlock_Corto_ProxyServer $proxyServer, Zend_Config $applicationConfiguration)
{
if (!isset($applicationConfiguration->encryption) || !isset($applicationConfiguration->encryption->keys)) {
throw new EngineBlock_Corto_ProxyServer_Exception("No encryption/signing keys defined!");
}
$keysConfig = $applicationConfiguration->encryption->keys->toArray();
if (empty($keysConfig)) {
throw new EngineBlock_Corto_ProxyServer_Exception("No encryption/signing keys defined!");
}
$publicKeyFactory = new EngineBlock_X509_CertificateFactory();
$keyPairs = array();
foreach ($keysConfig as $keyId => $keyConfig) {
if (!isset($keyConfig['privateFile'])) {
$this->_getSessionLog()->warning('Reference to private key file not found for key: ' . $keyId . ' skipping keypair.');
continue;
}
if (!isset($keyConfig['publicFile'])) {
$this->_getSessionLog()->warning('Reference to public key file not found for key: ' . $keyId);
continue;
}
$keyPairs[$keyId] = new EngineBlock_X509_KeyPair($publicKeyFactory->fromFile($keyConfig['publicFile']), new EngineBlock_X509_PrivateKey($keyConfig['privateFile']));
}
if (empty($keyPairs)) {
throw new EngineBlock_Exception('No (valid) keypairs found in configuration! Please configure at least 1 keypair under encryption.keys');
}
$proxyServer->setKeyPairs($keyPairs);
if ($this->_keyId !== null) {
$proxyServer->setKeyId($this->_keyId);
}
return $proxyServer->getSigningCertificates();
}