| public getPublicKeys ( string | null $use = null, boolean $required = false, string $prefix = '' ) : array | null | ||
| $use | string | null | The purpose this key can be used for. (encryption or signing). |
| $required | boolean | Whether the public key is required. If this is true, a missing key will cause an exception. Default is false. |
| $prefix | string | The prefix which should be used when reading from the metadata array. Defaults to ''. |
| return | array | null | Public key data, or null if no public key or was found. |
public function getPublicKeys($use = null, $required = false, $prefix = '')
{
assert('is_bool($required)');
assert('is_string($prefix)');
if ($this->hasValue($prefix . 'keys')) {
$ret = array();
foreach ($this->getArray($prefix . 'keys') as $key) {
if ($use !== null && isset($key[$use]) && !$key[$use]) {
continue;
}
if (isset($key['X509Certificate'])) {
// Strip whitespace from key
$key['X509Certificate'] = preg_replace('/\\s+/', '', $key['X509Certificate']);
}
$ret[] = $key;
}
if (!empty($ret)) {
return $ret;
}
} elseif ($this->hasValue($prefix . 'certData')) {
$certData = $this->getString($prefix . 'certData');
$certData = preg_replace('/\\s+/', '', $certData);
return array(array('encryption' => true, 'signing' => true, 'type' => 'X509Certificate', 'X509Certificate' => $certData));
} elseif ($this->hasValue($prefix . 'certificate')) {
$file = $this->getString($prefix . 'certificate');
$file = \SimpleSAML\Utils\Config::getCertPath($file);
$data = @file_get_contents($file);
if ($data === false) {
throw new Exception($this->location . ': Unable to load certificate/public key from file "' . $file . '".');
}
// extract certificate data (if this is a certificate)
$pattern = '/^-----BEGIN CERTIFICATE-----([^-]*)^-----END CERTIFICATE-----/m';
if (!preg_match($pattern, $data, $matches)) {
throw new SimpleSAML_Error_Exception($this->location . ': Could not find PEM encoded certificate in "' . $file . '".');
}
$certData = preg_replace('/\\s+/', '', $matches[1]);
return array(array('encryption' => true, 'signing' => true, 'type' => 'X509Certificate', 'X509Certificate' => $certData));
}
if ($required) {
throw new SimpleSAML_Error_Exception($this->location . ': Missing certificate in metadata.');
} else {
return null;
}
} /**
* Add a certificate.
*
* Helper function for adding a certificate to the metadata.
*
* @param \SAML2\XML\md\RoleDescriptor $rd The RoleDescriptor the certificate should be added to.
* @param SimpleSAML_Configuration $metadata The metadata of the entity.
*/
private function addCertificate(\SAML2\XML\md\RoleDescriptor $rd, SimpleSAML_Configuration $metadata)
{
$keys = $metadata->getPublicKeys();
if ($keys !== null) {
foreach ($keys as $key) {
if ($key['type'] !== 'X509Certificate') {
continue;
}
if (!isset($key['signing']) || $key['signing'] === true) {
$this->addX509KeyDescriptor($rd, 'signing', $key['X509Certificate']);
}
if (!isset($key['encryption']) || $key['encryption'] === true) {
$this->addX509KeyDescriptor($rd, 'encryption', $key['X509Certificate']);
}
}
}
if ($metadata->hasValue('https.certData')) {
$this->addX509KeyDescriptor($rd, 'signing', $metadata->getString('https.certData'));
}
}
