sspmod_saml_Message::addSign PHP Method

sspmod_saml_Message Class Documentation Usage Examples Of sspmod_saml_Message::addSign Mostrar archivo Open project: simplesamlphp/simplesamlphp

addSign() public static method

Add signature key and sender certificate to an element (Message or Assertion).
public static addSign ( SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2\SignedElement $element )
$srcMetadata SimpleSAML_Configuration The metadata of the sender.
$dstMetadata SimpleSAML_Configuration The metadata of the recipient.
$element SAML2\SignedElement The element we should add the data to. 
    public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, \SAML2\SignedElement $element)
    {
        $dstPrivateKey = $dstMetadata->getString('signature.privatekey', NULL);
        if ($dstPrivateKey !== NULL) {
            $keyArray = SimpleSAML\Utils\Crypto::loadPrivateKey($dstMetadata, TRUE, 'signature.');
            $certArray = SimpleSAML\Utils\Crypto::loadPublicKey($dstMetadata, FALSE, 'signature.');
        } else {
            $keyArray = SimpleSAML\Utils\Crypto::loadPrivateKey($srcMetadata, TRUE);
            $certArray = SimpleSAML\Utils\Crypto::loadPublicKey($srcMetadata, FALSE);
        }
        $algo = $dstMetadata->getString('signature.algorithm', NULL);
        if ($algo === NULL) {
            /*
             * In the NIST Special Publication 800-131A, SHA-1 became deprecated for generating
             * new digital signatures in 2011, and will be explicitly disallowed starting the 1st
             * of January, 2014. We'll keep this as a default for the next release and mark it
             * as deprecated, as part of the transition to SHA-256.
             *
             * See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf for more info.
             *
             * TODO: change default to XMLSecurityKey::RSA_SHA256.
             */
            $algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA1);
        }
        $privateKey = new XMLSecurityKey($algo, array('type' => 'private'));
        if (array_key_exists('password', $keyArray)) {
            $privateKey->passphrase = $keyArray['password'];
        }
        $privateKey->loadKey($keyArray['PEM'], FALSE);
        $element->setSignatureKey($privateKey);
        if ($certArray === NULL) {
            // We don't have a certificate to add
            return;
        }
        if (!array_key_exists('PEM', $certArray)) {
            // We have a public key with only a fingerprint.
            return;
        }
        $element->setCertificates(array($certArray['PEM']));
    }

Usage Example

Ejemplo n.º 1
0
 /**
  * @param SAML2_Response $response
  * @param SimpleSAML_Configuration $idpConfig
  */
 private function addSigns(SAML2_Response $response, SimpleSAML_Configuration $idpConfig)
 {
     $assertions = $response->getAssertions();
     $className = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getMessageUtilClassName();
     // Special case the 'normal' message verification class name so we have IDE support.
     if ($className === 'sspmod_saml_Message') {
         sspmod_saml_Message::addSign($idpConfig, SimpleSAML_Configuration::loadFromArray(array()), $assertions[0]);
         return;
     }
     $className::addSign($idpConfig, SimpleSAML_Configuration::loadFromArray(array()), $assertions[0]);
 }
All Usage Examples Of sspmod_saml_Message::addSign
sspmod_saml_Message
addRedirectSign
addSign
buildAuthnRequest
buildLogoutRequest
buildLogoutResponse
checkSign
decryptAssertion
findCertificate
getBlacklistedAlgorithms
getDecryptionKeys
getEncryptionKey
getResponseError
processAssertion
processResponse
validateMessage