ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Private Attributes
SimpleSAML\XML\Signer Class Reference
+ Collaboration diagram for SimpleSAML\XML\Signer:

Public Member Functions

 __construct ($options=array())
 Constructor for the metadata signer. More...
 
 loadPrivateKeyArray ($privatekey)
 Set the private key from an array. More...
 
 loadPrivateKey ($file, $pass=null, $full_path=false)
 Set the private key. More...
 
 loadPublicKeyArray ($publickey)
 Set the public key / certificate we should include in the signature. More...
 
 loadCertificate ($file, $full_path=false)
 Set the certificate we should include in the signature. More...
 
 setIDAttribute ($idAttrName)
 Set the attribute name for the ID value. More...
 
 addCertificate ($file, $full_path=false)
 Add an extra certificate to the certificate chain in the signature. More...
 
 sign ($node, $insertInto, $insertBefore=null)
 Signs the given DOMElement and inserts the signature at the given position. More...
 

Private Attributes

 $idAttrName
 
 $privateKey
 
 $certificate
 
 $extraCertificates
 

Detailed Description

Definition at line 18 of file Signer.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML\XML\Signer::__construct (   $options = array())

Constructor for the metadata signer.

You can pass an list of options as key-value pairs in the array. This allows you to initialize a metadata signer in one call.

The following keys are recognized:

  • privatekey The file with the private key, relative to the cert-directory.
  • privatekey_pass The passphrase for the private key.
  • certificate The file with the certificate, relative to the cert-directory.
  • privatekey_array The private key, as an array returned from SimpleSAML_Utilities::loadPrivateKey.
  • publickey_array The public key, as an array returned from SimpleSAML_Utilities::loadPublicKey.
  • id The name of the ID attribute.
Parameters
array$optionsAssociative array with options for the constructor. Defaults to an empty array.

Definition at line 60 of file Signer.php.

References $options, $pass, array, SimpleSAML\XML\Signer\loadCertificate(), SimpleSAML\XML\Signer\loadPrivateKey(), SimpleSAML\XML\Signer\loadPrivateKeyArray(), and SimpleSAML\XML\Signer\loadPublicKeyArray().

61  {
62  assert('is_array($options)');
63 
64  $this->idAttrName = false;
65  $this->privateKey = false;
66  $this->certificate = false;
67  $this->extraCertificates = array();
68 
69  if (array_key_exists('privatekey', $options)) {
70  $pass = null;
71  if (array_key_exists('privatekey_pass', $options)) {
72  $pass = $options['privatekey_pass'];
73  }
74 
75  $this->loadPrivateKey($options['privatekey'], $pass);
76  }
77 
78  if (array_key_exists('certificate', $options)) {
79  $this->loadCertificate($options['certificate']);
80  }
81 
82  if (array_key_exists('privatekey_array', $options)) {
83  $this->loadPrivateKeyArray($options['privatekey_array']);
84  }
85 
86  if (array_key_exists('publickey_array', $options)) {
87  $this->loadPublicKeyArray($options['publickey_array']);
88  }
89 
90  if (array_key_exists('id', $options)) {
91  $this->setIdAttribute($options['id']);
92  }
93  }
SimpleSAML\XML\Signer\loadPublicKeyArray
loadPublicKeyArray($publickey)
Set the public key / certificate we should include in the signature.
Definition: Signer.php:167
SimpleSAML\XML\Signer\loadPrivateKey
loadPrivateKey($file, $pass=null, $full_path=false)
Set the private key.
Definition: Signer.php:130
SimpleSAML\XML\Signer\loadCertificate
loadCertificate($file, $full_path=false)
Set the certificate we should include in the signature.
Definition: Signer.php:193
SimpleSAML\XML\Signer\loadPrivateKeyArray
loadPrivateKeyArray($privatekey)
Set the private key from an array.
Definition: Signer.php:104
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$options
if(!isset($_REQUEST['ReturnTo'])) if(!isset($_REQUEST['AuthId'])) $options
Definition: as_login.php:20
+ Here is the call graph for this function:

Member Function Documentation

◆ addCertificate()

SimpleSAML\XML\Signer::addCertificate (   $file,
  $full_path = false 
)

Add an extra certificate to the certificate chain in the signature.

Extra certificates will be added to the certificate chain in the order they are added.

Parameters
string$fileThe file which contains the certificate, relative to the cert-directory.
bool$full_pathWhether the filename found in the configuration contains the full path to the private key or not. Default to false.
Exceptions

Definition at line 239 of file Signer.php.

References SimpleSAML\XML\Signer\$certificate, $file, and SimpleSAML\Utils\Config\getCertPath().

240  {
241  assert('is_string($file)');
242  assert('is_bool($full_path)');
243 
244  if (!$full_path) {
245  $certFile = Config::getCertPath($file);
246  } else {
247  $certFile = $file;
248  }
249 
250  if (!file_exists($certFile)) {
251  throw new \Exception('Could not find extra certificate file "' . $certFile . '".');
252  }
253 
254  $certificate = file_get_contents($certFile);
255  if ($certificate === false) {
256  throw new \Exception('Unable to read extra certificate file "' . $certFile . '".');
257  }
258 
259  $this->extraCertificates[] = $certificate;
260  }
SimpleSAML\Utils\Config\getCertPath
static getCertPath($path)
Resolves a path that may be relative to the cert-directory.
Definition: Config.php:22
$file
if(!file_exists("$old.txt")) if($old===$new) if(file_exists("$new.txt")) $file
Definition: rename-config.php:43
+ Here is the call graph for this function:

◆ loadCertificate()

SimpleSAML\XML\Signer::loadCertificate (   $file,
  $full_path = false 
)

Set the certificate we should include in the signature.

If this function isn't called, no certificate will be included. Will throw an exception if unable to load the certificate.

Parameters
string$fileThe file which contains the certificate. The path is assumed to be relative to the cert-directory.
bool$full_pathWhether the filename found in the configuration contains the full path to the private key or not. Default to false.
Exceptions

Definition at line 193 of file Signer.php.

References $file, and SimpleSAML\Utils\Config\getCertPath().

Referenced by SimpleSAML\XML\Signer\__construct().

194  {
195  assert('is_string($file)');
196  assert('is_bool($full_path)');
197 
198  if (!$full_path) {
199  $certFile = Config::getCertPath($file);
200  } else {
201  $certFile = $file;
202  }
203 
204  if (!file_exists($certFile)) {
205  throw new \Exception('Could not find certificate file "' . $certFile . '".');
206  }
207 
208  $this->certificate = file_get_contents($certFile);
209  if ($this->certificate === false) {
210  throw new \Exception('Unable to read certificate file "' . $certFile . '".');
211  }
212  }
SimpleSAML\Utils\Config\getCertPath
static getCertPath($path)
Resolves a path that may be relative to the cert-directory.
Definition: Config.php:22
$file
if(!file_exists("$old.txt")) if($old===$new) if(file_exists("$new.txt")) $file
Definition: rename-config.php:43
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loadPrivateKey()

SimpleSAML\XML\Signer::loadPrivateKey (   $file,
  $pass = null,
  $full_path = false 
)

Set the private key.

Will throw an exception if unable to load the private key.

Parameters
string$fileThe file which contains the private key. The path is assumed to be relative to the cert-directory.
string | null$passThe passphrase on the private key. Pass no value or NULL if the private key is unencrypted.
bool$full_pathWhether the filename found in the configuration contains the full path to the private key or not. Default to false.
Exceptions

Definition at line 130 of file Signer.php.

References $file, $pass, array, SimpleSAML\Utils\Config\getCertPath(), and SimpleSAML\XML\Signer\loadPrivateKeyArray().

Referenced by SimpleSAML\XML\Signer\__construct().

131  {
132  assert('is_string($file)');
133  assert('is_string($pass) || is_null($pass)');
134  assert('is_bool($full_path)');
135 
136  if (!$full_path) {
137  $keyFile = Config::getCertPath($file);
138  } else {
139  $keyFile = $file;
140  }
141 
142  if (!file_exists($keyFile)) {
143  throw new \Exception('Could not find private key file "' . $keyFile . '".');
144  }
145  $keyData = file_get_contents($keyFile);
146  if ($keyData === false) {
147  throw new \Exception('Unable to read private key file "' . $keyFile . '".');
148  }
149 
150  $privatekey = array('PEM' => $keyData);
151  if ($pass !== null) {
152  $privatekey['password'] = $pass;
153  }
154  $this->loadPrivateKeyArray($privatekey);
155  }
SimpleSAML\XML\Signer\loadPrivateKeyArray
loadPrivateKeyArray($privatekey)
Set the private key from an array.
Definition: Signer.php:104
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SimpleSAML\Utils\Config\getCertPath
static getCertPath($path)
Resolves a path that may be relative to the cert-directory.
Definition: Config.php:22
$file
if(!file_exists("$old.txt")) if($old===$new) if(file_exists("$new.txt")) $file
Definition: rename-config.php:43
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loadPrivateKeyArray()

SimpleSAML\XML\Signer::loadPrivateKeyArray (   $privatekey)

Set the private key from an array.

This function loads the private key from an array matching what is returned by SimpleSAML_Utilities::loadPrivateKey(...).

Parameters
array$privatekeyThe private key.

Definition at line 104 of file Signer.php.

References array, and RobRichards\XMLSecLibs\XMLSecurityKey\RSA_SHA1.

Referenced by SimpleSAML\XML\Signer\__construct(), and SimpleSAML\XML\Signer\loadPrivateKey().

105  {
106  assert('is_array($privatekey)');
107  assert('array_key_exists("PEM", $privatekey)');
108 
109  $this->privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
110  if (array_key_exists('password', $privatekey)) {
111  $this->privateKey->passphrase = $privatekey['password'];
112  }
113  $this->privateKey->loadKey($privatekey['PEM'], false);
114  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the caller graph for this function:

◆ loadPublicKeyArray()

SimpleSAML\XML\Signer::loadPublicKeyArray (   $publickey)

Set the public key / certificate we should include in the signature.

This function loads the public key from an array matching what is returned by SimpleSAML_Utilities::loadPublicKey(...).

Parameters
array$publickeyThe public key.
Exceptions

Definition at line 167 of file Signer.php.

Referenced by SimpleSAML\XML\Signer\__construct().

168  {
169  assert('is_array($publickey)');
170 
171  if (!array_key_exists('PEM', $publickey)) {
172  // We have a public key with only a fingerprint
173  throw new \Exception('Tried to add a certificate fingerprint in a signature.');
174  }
175 
176  // For now, we only assume that the public key is an X509 certificate
177  $this->certificate = $publickey['PEM'];
178  }
+ Here is the caller graph for this function:

◆ setIDAttribute()

SimpleSAML\XML\Signer::setIDAttribute (   $idAttrName)

Set the attribute name for the ID value.

Parameters
string$idAttrNameThe name of the attribute which contains the id.

Definition at line 220 of file Signer.php.

References SimpleSAML\XML\Signer\$idAttrName.

221  {
222  assert('is_string($idAttrName)');
223 
224  $this->idAttrName = $idAttrName;
225  }

◆ sign()

SimpleSAML\XML\Signer::sign (   $node,
  $insertInto,
  $insertBefore = null 
)

Signs the given DOMElement and inserts the signature at the given position.

The private key must be set before calling this function.

Parameters
\DOMElement$nodeThe DOMElement we should generate a signature for.
\DOMElement$insertIntoThe DOMElement we should insert the signature element into.
\DOMElement$insertBeforeThe element we should insert the signature element before. Defaults to NULL, in which case the signature will be appended to the element spesified in $insertInto.
Exceptions

Definition at line 275 of file Signer.php.

References SimpleSAML\XML\Signer\$certificate, SimpleSAML\XML\Signer\$idAttrName, $options, array, RobRichards\XMLSecLibs\XMLSecurityDSig\EXC_C14N, and RobRichards\XMLSecLibs\XMLSecurityDSig\SHA1.

276  {
277  assert('$node instanceof DOMElement');
278  assert('$insertInto instanceof DOMElement');
279  assert('is_null($insertBefore) || $insertBefore instanceof DOMElement ' .
280  '|| $insertBefore instanceof DOMComment || $insertBefore instanceof DOMText');
281 
282  if ($this->privateKey === false) {
283  throw new \Exception('Private key not set.');
284  }
285 
286 
287  $objXMLSecDSig = new XMLSecurityDSig();
288  $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
289 
290  $options = array();
291  if ($this->idAttrName !== false) {
292  $options['id_name'] = $this->idAttrName;
293  }
294 
295  $objXMLSecDSig->addReferenceList(
296  array($node),
297  XMLSecurityDSig::SHA1,
298  array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
299  $options
300  );
301 
302  $objXMLSecDSig->sign($this->privateKey);
303 
304 
305  if ($this->certificate !== false) {
306  // Add the certificate to the signature
307  $objXMLSecDSig->add509Cert($this->certificate, true);
308  }
309 
310  // Add extra certificates
311  foreach ($this->extraCertificates as $certificate) {
312  $objXMLSecDSig->add509Cert($certificate, true);
313  }
314 
315  $objXMLSecDSig->insertSignature($insertInto, $insertBefore);
316  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$options
if(!isset($_REQUEST['ReturnTo'])) if(!isset($_REQUEST['AuthId'])) $options
Definition: as_login.php:20

Field Documentation

◆ $certificate

SimpleSAML\XML\Signer::$certificate
private

Definition at line 35 of file Signer.php.

Referenced by SimpleSAML\XML\Signer\addCertificate(), and SimpleSAML\XML\Signer\sign().

◆ $extraCertificates

SimpleSAML\XML\Signer::$extraCertificates
private

Definition at line 41 of file Signer.php.

◆ $idAttrName

SimpleSAML\XML\Signer::$idAttrName
private

Definition at line 25 of file Signer.php.

Referenced by SimpleSAML\XML\Signer\setIDAttribute(), and SimpleSAML\XML\Signer\sign().

◆ $privateKey

SimpleSAML\XML\Signer::$privateKey
private

Definition at line 30 of file Signer.php.

The documentation for this class was generated from the following file: