SimpleSAML_Metadata_Signer::findKeyCert PHP Méthode

SimpleSAML_Metadata_Signer Class Documentation Afficher le fichier Open project: simplesamlphp/simplesamlphp

findKeyCert() private static méthode

This functions finds what key & certificate files should be used to sign the metadata for the given entity.
private static findKeyCert ( SimpleSAML_Configuration $config, array $entityMetadata, string $type ) : array
$config SimpleSAML_Configuration Our SimpleSAML_Configuration instance.
$entityMetadata array The metadata of the entity.
$type string A string which describes the type entity this is, e.g. 'SAML 2 IdP' or 'Shib 1.3 SP'.
Résultat array An associative array with the keys 'privatekey', 'certificate', and optionally 'privatekey_pass'. 
    private static function findKeyCert($config, $entityMetadata, $type)
    {
        // first we look for metadata.privatekey and metadata.certificate in the metadata
        if (array_key_exists('metadata.sign.privatekey', $entityMetadata) || array_key_exists('metadata.sign.certificate', $entityMetadata)) {
            if (!array_key_exists('metadata.sign.privatekey', $entityMetadata) || !array_key_exists('metadata.sign.certificate', $entityMetadata)) {
                throw new Exception('Missing either the "metadata.sign.privatekey" or the' . ' "metadata.sign.certificate" configuration option in the metadata for' . ' the ' . $type . ' "' . $entityMetadata['entityid'] . '". If one of' . ' these options is specified, then the other must also be specified.');
            }
            $ret = array('privatekey' => $entityMetadata['metadata.sign.privatekey'], 'certificate' => $entityMetadata['metadata.sign.certificate']);
            if (array_key_exists('metadata.sign.privatekey_pass', $entityMetadata)) {
                $ret['privatekey_pass'] = $entityMetadata['metadata.sign.privatekey_pass'];
            }
            return $ret;
        }
        // then we look for default values in the global configuration
        $privatekey = $config->getString('metadata.sign.privatekey', null);
        $certificate = $config->getString('metadata.sign.certificate', null);
        if ($privatekey !== null || $certificate !== null) {
            if ($privatekey === null || $certificate === null) {
                throw new Exception('Missing either the "metadata.sign.privatekey" or the' . ' "metadata.sign.certificate" configuration option in the global' . ' configuration. If one of these options is specified, then the other' . ' must also be specified.');
            }
            $ret = array('privatekey' => $privatekey, 'certificate' => $certificate);
            $privatekey_pass = $config->getString('metadata.sign.privatekey_pass', null);
            if ($privatekey_pass !== null) {
                $ret['privatekey_pass'] = $privatekey_pass;
            }
            return $ret;
        }
        // as a last resort we attempt to use the privatekey and certificate option from the metadata
        if (array_key_exists('privatekey', $entityMetadata) || array_key_exists('certificate', $entityMetadata)) {
            if (!array_key_exists('privatekey', $entityMetadata) || !array_key_exists('certificate', $entityMetadata)) {
                throw new Exception('Both the "privatekey" and the "certificate" option must' . ' be set in the metadata for the ' . $type . ' "' . $entityMetadata['entityid'] . '" before it is possible to sign metadata' . ' from this entity.');
            }
            $ret = array('privatekey' => $entityMetadata['privatekey'], 'certificate' => $entityMetadata['certificate']);
            if (array_key_exists('privatekey_pass', $entityMetadata)) {
                $ret['privatekey_pass'] = $entityMetadata['privatekey_pass'];
            }
            return $ret;
        }
        throw new Exception('Could not find what key & certificate should be used to sign the metadata' . ' for the ' . $type . ' "' . $entityMetadata['entityid'] . '".');
    }
SimpleSAML_Metadata_Signer
findKeyCert
getMetadataSigningAlgorithm
isMetadataSigningEnabled
sign