ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Private Attributes
SimpleSAML\XML\Signer Class Reference
+ Collaboration diagram for SimpleSAML\XML\Signer:

Public Member Functions

 __construct ($options=array())
 Constructor for the metadata signer. More...
 
 loadPrivateKeyArray ($privatekey)
 Set the private key from an array. More...
 
 loadPrivateKey ($file, $pass=null, $full_path=false)
 Set the private key. More...
 
 loadPublicKeyArray ($publickey)
 Set the public key / certificate we should include in the signature. More...
 
 loadCertificate ($file, $full_path=false)
 Set the certificate we should include in the signature. More...
 
 setIDAttribute ($idAttrName)
 Set the attribute name for the ID value. More...
 
 addCertificate ($file, $full_path=false)
 Add an extra certificate to the certificate chain in the signature. More...
 
 sign ($node, $insertInto, $insertBefore=null)
 Signs the given DOMElement and inserts the signature at the given position. More...
 

Private Attributes

 $idAttrName
 
 $privateKey
 
 $certificate
 
 $extraCertificates
 

Detailed Description

Definition at line 18 of file Signer.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML\XML\Signer::__construct (   $options = array())

Constructor for the metadata signer.

You can pass an list of options as key-value pairs in the array. This allows you to initialize a metadata signer in one call.

The following keys are recognized:

  • privatekey The file with the private key, relative to the cert-directory.
  • privatekey_pass The passphrase for the private key.
  • certificate The file with the certificate, relative to the cert-directory.
  • privatekey_array The private key, as an array returned from SimpleSAML_Utilities::loadPrivateKey.
  • publickey_array The public key, as an array returned from SimpleSAML_Utilities::loadPublicKey.
  • id The name of the ID attribute.
Parameters
array$optionsAssociative array with options for the constructor. Defaults to an empty array.

Definition at line 60 of file Signer.php.

61 {
62 assert('is_array($options)');
63
64 $this->idAttrName = false;
65 $this->privateKey = false;
66 $this->certificate = false;
67 $this->extraCertificates = array();
68
69 if (array_key_exists('privatekey', $options)) {
70 $pass = null;
71 if (array_key_exists('privatekey_pass', $options)) {
72 $pass = $options['privatekey_pass'];
73 }
74
75 $this->loadPrivateKey($options['privatekey'], $pass);
76 }
77
78 if (array_key_exists('certificate', $options)) {
79 $this->loadCertificate($options['certificate']);
80 }
81
82 if (array_key_exists('privatekey_array', $options)) {
83 $this->loadPrivateKeyArray($options['privatekey_array']);
84 }
85
86 if (array_key_exists('publickey_array', $options)) {
87 $this->loadPublicKeyArray($options['publickey_array']);
88 }
89
90 if (array_key_exists('id', $options)) {
91 $this->setIdAttribute($options['id']);
92 }
93 }
$options
if(!isset( $_REQUEST[ 'ReturnTo'])) if(!isset($_REQUEST['AuthId'])) $options
Definition: as_login.php:20
SimpleSAML\XML\Signer\loadPrivateKey
loadPrivateKey($file, $pass=null, $full_path=false)
Set the private key.
Definition: Signer.php:130
SimpleSAML\XML\Signer\loadCertificate
loadCertificate($file, $full_path=false)
Set the certificate we should include in the signature.
Definition: Signer.php:193
SimpleSAML\XML\Signer\loadPublicKeyArray
loadPublicKeyArray($publickey)
Set the public key / certificate we should include in the signature.
Definition: Signer.php:167
SimpleSAML\XML\Signer\loadPrivateKeyArray
loadPrivateKeyArray($privatekey)
Set the private key from an array.
Definition: Signer.php:104

References $options, $pass, SimpleSAML\XML\Signer\loadCertificate(), SimpleSAML\XML\Signer\loadPrivateKey(), SimpleSAML\XML\Signer\loadPrivateKeyArray(), and SimpleSAML\XML\Signer\loadPublicKeyArray().

+ Here is the call graph for this function:

Member Function Documentation

◆ addCertificate()

SimpleSAML\XML\Signer::addCertificate (   $file,
  $full_path = false 
)

Add an extra certificate to the certificate chain in the signature.

Extra certificates will be added to the certificate chain in the order they are added.

Parameters
string$fileThe file which contains the certificate, relative to the cert-directory.
bool$full_pathWhether the filename found in the configuration contains the full path to the private key or not. Default to false.
Exceptions

Exception

Definition at line 239 of file Signer.php.

240 {
241 assert('is_string($file)');
242 assert('is_bool($full_path)');
243
244 if (!$full_path) {
245 $certFile = Config::getCertPath($file);
246 } else {
247 $certFile = $file;
248 }
249
250 if (!file_exists($certFile)) {
251 throw new \Exception('Could not find extra certificate file "' . $certFile . '".');
252 }
253
254 $certificate = file_get_contents($certFile);
255 if ($certificate === false) {
256 throw new \Exception('Unable to read extra certificate file "' . $certFile . '".');
257 }
258
259 $this->extraCertificates[] = $certificate;
260 }
SimpleSAML\Utils\Config\getCertPath
static getCertPath($path)
Resolves a path that may be relative to the cert-directory.
Definition: Config.php:22
$file
if(!file_exists("$old.txt")) if( $old===$new) if(file_exists("$new.txt")) $file
Definition: rename-config.php:43

References SimpleSAML\XML\Signer\$certificate, $file, and SimpleSAML\Utils\Config\getCertPath().

+ Here is the call graph for this function:

◆ loadCertificate()

SimpleSAML\XML\Signer::loadCertificate (   $file,
  $full_path = false 
)

Set the certificate we should include in the signature.

If this function isn't called, no certificate will be included. Will throw an exception if unable to load the certificate.

Parameters
string$fileThe file which contains the certificate. The path is assumed to be relative to the cert-directory.
bool$full_pathWhether the filename found in the configuration contains the full path to the private key or not. Default to false.
Exceptions

Exception

Definition at line 193 of file Signer.php.

194 {
195 assert('is_string($file)');
196 assert('is_bool($full_path)');
197
198 if (!$full_path) {
199 $certFile = Config::getCertPath($file);
200 } else {
201 $certFile = $file;
202 }
203
204 if (!file_exists($certFile)) {
205 throw new \Exception('Could not find certificate file "' . $certFile . '".');
206 }
207
208 $this->certificate = file_get_contents($certFile);
209 if ($this->certificate === false) {
210 throw new \Exception('Unable to read certificate file "' . $certFile . '".');
211 }
212 }

References $file, and SimpleSAML\Utils\Config\getCertPath().

Referenced by SimpleSAML\XML\Signer\__construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loadPrivateKey()

SimpleSAML\XML\Signer::loadPrivateKey (   $file,
  $pass = null,
  $full_path = false 
)

Set the private key.

Will throw an exception if unable to load the private key.

Parameters
string$fileThe file which contains the private key. The path is assumed to be relative to the cert-directory.
string | null$passThe passphrase on the private key. Pass no value or NULL if the private key is unencrypted.
bool$full_pathWhether the filename found in the configuration contains the full path to the private key or not. Default to false.
Exceptions

Exception

Definition at line 130 of file Signer.php.

131 {
132 assert('is_string($file)');
133 assert('is_string($pass) || is_null($pass)');
134 assert('is_bool($full_path)');
135
136 if (!$full_path) {
137 $keyFile = Config::getCertPath($file);
138 } else {
139 $keyFile = $file;
140 }
141
142 if (!file_exists($keyFile)) {
143 throw new \Exception('Could not find private key file "' . $keyFile . '".');
144 }
145 $keyData = file_get_contents($keyFile);
146 if ($keyData === false) {
147 throw new \Exception('Unable to read private key file "' . $keyFile . '".');
148 }
149
150 $privatekey = array('PEM' => $keyData);
151 if ($pass !== null) {
152 $privatekey['password'] = $pass;
153 }
154 $this->loadPrivateKeyArray($privatekey);
155 }

References $file, $pass, SimpleSAML\Utils\Config\getCertPath(), and SimpleSAML\XML\Signer\loadPrivateKeyArray().

Referenced by SimpleSAML\XML\Signer\__construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loadPrivateKeyArray()

SimpleSAML\XML\Signer::loadPrivateKeyArray (   $privatekey)

Set the private key from an array.

This function loads the private key from an array matching what is returned by SimpleSAML_Utilities::loadPrivateKey(...).

Parameters
array$privatekeyThe private key.

Definition at line 104 of file Signer.php.

105 {
106 assert('is_array($privatekey)');
107 assert('array_key_exists("PEM", $privatekey)');
108
109 $this->privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
110 if (array_key_exists('password', $privatekey)) {
111 $this->privateKey->passphrase = $privatekey['password'];
112 }
113 $this->privateKey->loadKey($privatekey['PEM'], false);
114 }

References RobRichards\XMLSecLibs\XMLSecurityKey\RSA_SHA1.

Referenced by SimpleSAML\XML\Signer\__construct(), and SimpleSAML\XML\Signer\loadPrivateKey().

+ Here is the caller graph for this function:

◆ loadPublicKeyArray()

SimpleSAML\XML\Signer::loadPublicKeyArray (   $publickey)

Set the public key / certificate we should include in the signature.

This function loads the public key from an array matching what is returned by SimpleSAML_Utilities::loadPublicKey(...).

Parameters
array$publickeyThe public key.
Exceptions

Exception

Definition at line 167 of file Signer.php.

168 {
169 assert('is_array($publickey)');
170
171 if (!array_key_exists('PEM', $publickey)) {
172 // We have a public key with only a fingerprint
173 throw new \Exception('Tried to add a certificate fingerprint in a signature.');
174 }
175
176 // For now, we only assume that the public key is an X509 certificate
177 $this->certificate = $publickey['PEM'];
178 }

Referenced by SimpleSAML\XML\Signer\__construct().

+ Here is the caller graph for this function:

◆ setIDAttribute()

SimpleSAML\XML\Signer::setIDAttribute (   $idAttrName)

Set the attribute name for the ID value.

Parameters
string$idAttrNameThe name of the attribute which contains the id.

Definition at line 220 of file Signer.php.

221 {
222 assert('is_string($idAttrName)');
223
224 $this->idAttrName = $idAttrName;
225 }

References SimpleSAML\XML\Signer\$idAttrName.

◆ sign()

SimpleSAML\XML\Signer::sign (   $node,
  $insertInto,
  $insertBefore = null 
)

Signs the given DOMElement and inserts the signature at the given position.

The private key must be set before calling this function.

Parameters
\DOMElement$nodeThe DOMElement we should generate a signature for.
\DOMElement$insertIntoThe DOMElement we should insert the signature element into.
\DOMElement$insertBeforeThe element we should insert the signature element before. Defaults to NULL, in which case the signature will be appended to the element spesified in $insertInto.
Exceptions

Exception

Definition at line 275 of file Signer.php.

276 {
277 assert('$node instanceof DOMElement');
278 assert('$insertInto instanceof DOMElement');
279 assert('is_null($insertBefore) || $insertBefore instanceof DOMElement ' .
280 '|| $insertBefore instanceof DOMComment || $insertBefore instanceof DOMText');
281
282 if ($this->privateKey === false) {
283 throw new \Exception('Private key not set.');
284 }
285
286
287 $objXMLSecDSig = new XMLSecurityDSig();
288 $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
289
290 $options = array();
291 if ($this->idAttrName !== false) {
292 $options['id_name'] = $this->idAttrName;
293 }
294
295 $objXMLSecDSig->addReferenceList(
296 array($node),
297 XMLSecurityDSig::SHA1,
298 array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
299 $options
300 );
301
302 $objXMLSecDSig->sign($this->privateKey);
303
304
305 if ($this->certificate !== false) {
306 // Add the certificate to the signature
307 $objXMLSecDSig->add509Cert($this->certificate, true);
308 }
309
310 // Add extra certificates
311 foreach ($this->extraCertificates as $certificate) {
312 $objXMLSecDSig->add509Cert($certificate, true);
313 }
314
315 $objXMLSecDSig->insertSignature($insertInto, $insertBefore);
316 }

References SimpleSAML\XML\Signer\$certificate, SimpleSAML\XML\Signer\$idAttrName, $options, RobRichards\XMLSecLibs\XMLSecurityDSig\EXC_C14N, and RobRichards\XMLSecLibs\XMLSecurityDSig\SHA1.

Field Documentation

◆ $certificate

SimpleSAML\XML\Signer::$certificate
private

Definition at line 35 of file Signer.php.

Referenced by SimpleSAML\XML\Signer\addCertificate(), and SimpleSAML\XML\Signer\sign().

◆ $extraCertificates

SimpleSAML\XML\Signer::$extraCertificates
private

Definition at line 41 of file Signer.php.

◆ $idAttrName

SimpleSAML\XML\Signer::$idAttrName
private

Definition at line 25 of file Signer.php.

Referenced by SimpleSAML\XML\Signer\setIDAttribute(), and SimpleSAML\XML\Signer\sign().

◆ $privateKey

SimpleSAML\XML\Signer::$privateKey
private

Definition at line 30 of file Signer.php.

The documentation for this class was generated from the following file: