SimpleSAML\Utils\Crypto::loadPublicKey PHP Method

Crypto Class Documentation Usage Examples Of SimpleSAML\Utils\Crypto::loadPublicKey Show file Open project: simplesamlphp/simplesamlphp

loadPublicKey() public static method

This function implements a function to retrieve the public key or certificate from a metadata array. It will search for the following elements in the metadata: - 'certData': The certificate as a base64-encoded string. - 'certificate': A file with a certificate or public key in PEM-format. - 'certFingerprint': The fingerprint of the certificate. Can be a single fingerprint, or an array of multiple valid fingerprints. (deprecated) This function will return an array with these elements: - 'PEM': The public key/certificate in PEM-encoding. - 'certData': The certificate data, base64 encoded, on a single line. (Only present if this is a certificate.) - 'certFingerprint': Array of valid certificate fingerprints. (Deprecated. Only present if this is a certificate.)

Author: Andreas Solberg, UNINETT AS ([email protected])

Author: Olav Morken, UNINETT AS ([email protected])

Author: Lasse Birnbaum Jensen

public static loadPublicKey ( SimpleSAML_Configuration $metadata, boolean $required = false, string $prefix = '' ) : array \| null
$metadata	SimpleSAML_Configuration	The metadata.
$required	boolean	Whether the private key is required. If this is TRUE, a missing key will cause an exception. Default is FALSE.
$prefix	string	The prefix which should be used when reading from the metadata array. Defaults to ''.
return	array \| null	Public key or certificate data, or NULL if no public key or certificate was found.

    public static function loadPublicKey(\SimpleSAML_Configuration $metadata, $required = false, $prefix = '')
    {
        if (!is_bool($required) || !is_string($prefix)) {
            throw new \InvalidArgumentException('Invalid input parameters.');
        }
        $keys = $metadata->getPublicKeys(null, false, $prefix);
        if ($keys !== null) {
            foreach ($keys as $key) {
                if ($key['type'] !== 'X509Certificate') {
                    continue;
                }
                if ($key['signing'] !== true) {
                    continue;
                }
                $certData = $key['X509Certificate'];
                $pem = "-----BEGIN CERTIFICATE-----\n" . chunk_split($certData, 64) . "-----END CERTIFICATE-----\n";
                $certFingerprint = strtolower(sha1(base64_decode($certData)));
                return array('certData' => $certData, 'PEM' => $pem, 'certFingerprint' => array($certFingerprint));
            }
            // no valid key found
        } elseif ($metadata->hasValue($prefix . 'certFingerprint')) {
            // we only have a fingerprint available
            $fps = $metadata->getArrayizeString($prefix . 'certFingerprint');
            // normalize fingerprint(s) - lowercase and no colons
            foreach ($fps as &$fp) {
                assert('is_string($fp)');
                $fp = strtolower(str_replace(':', '', $fp));
            }
            // We can't build a full certificate from a fingerprint, and may as well return an array with only the
            //fingerprint(s) immediately.
            return array('certFingerprint' => $fps);
        }
        // no public key/certificate available
        if ($required) {
            throw new \SimpleSAML_Error_Exception('No public key / certificate found in metadata.');
        } else {
            return null;
        }
    }

Usage Example

Example #1

Show file

File: metadata.php Project: simplesamlphp/simplesamlphp

 $idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
 $availableCerts = array();
 $keys = array();
 $certInfo = Crypto::loadPublicKey($idpmeta, false, 'new_');
 if ($certInfo !== null) {
     $availableCerts['new_idp.crt'] = $certInfo;
     $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => true, 'X509Certificate' => $certInfo['certData']);
     $hasNewCert = true;
 } else {
     $hasNewCert = false;
 }
 $certInfo = Crypto::loadPublicKey($idpmeta, true);
 $availableCerts['idp.crt'] = $certInfo;
 $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => $hasNewCert ? false : true, 'X509Certificate' => $certInfo['certData']);
 if ($idpmeta->hasValue('https.certificate')) {
     $httpsCert = Crypto::loadPublicKey($idpmeta, true, 'https.');
     assert('isset($httpsCert["certData"])');
     $availableCerts['https.crt'] = $httpsCert;
     $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => false, 'X509Certificate' => $httpsCert['certData']);
 }
 $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid);
 $ssob = $metadata->getGenerated('SingleSignOnServiceBinding', 'saml20-idp-hosted');
 $slob = $metadata->getGenerated('SingleLogoutServiceBinding', 'saml20-idp-hosted');
 $ssol = $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted');
 $slol = $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted');
 if (is_array($ssob)) {
     foreach ($ssob as $binding) {
         $metaArray['SingleSignOnService'][] = array('Binding' => $binding, 'Location' => $ssol);
     }
 } else {
     $metaArray['SingleSignOnService'][] = array('Binding' => $ssob, 'Location' => $ssol);

Crypto

_aesDecrypt

_aesEncrypt

aesDecrypt

aesEncrypt

loadPrivateKey

loadPublicKey

pwHash

pwValid