KeyLoader.php

Go to the documentation of this file.

<?php
 
namespace SAML2\Certificate;
 
use SAML2\Certificate\Exception\InvalidCertificateStructureException;
use SAML2\Certificate\Exception\NoKeysFoundException;
use SAML2\Configuration\CertificateProvider;
use SAML2\Exception\InvalidArgumentException;
use SAML2\Utilities\Certificate;
use SAML2\Utilities\File;
 
class KeyLoader
{
    private $loadedKeys;
 
    public function __construct()
    {
        $this->loadedKeys = new KeyCollection();
    }
 
    public static function extractPublicKeys(
        CertificateProvider $config,
        $usage = null,
        $required = false
    ) {
        $keyLoader = new self();
 
        return $keyLoader->loadKeysFromConfiguration($config, $usage, $required);
    }
 
    public function loadKeysFromConfiguration(
        CertificateProvider $config,
        $usage = null,
        $required = false
    ) {
        $keys = $config->getKeys();
        $certificateData = $config->getCertificateData();
        $certificateFile = $config->getCertificateFile();
 
        if ($keys !== null) {
            $this->loadKeys($keys, $usage);
        } elseif ($certificateData !== null) {
            $this->loadCertificateData($certificateData);
        } elseif ($certificateFile !== null) {
            $this->loadCertificateFile($certificateFile);
        }
 
        if ($required && !$this->hasKeys()) {
            throw new NoKeysFoundException(
                'No keys found in configured metadata, please ensure that either the "keys", "certData" or '
                . '"certificate" entries is available.'
            );
        }
 
        return $this->getKeys();
    }
 
    public function loadKeys(array $configuredKeys, $usage)
    {
        foreach ($configuredKeys as $keyData) {
            if (isset($keyData['X509Certificate'])) {
                $key = new X509($keyData);
            } else {
                $key = new Key($keyData);
            }
 
            if ($usage && !$key->canBeUsedFor($usage)) {
                continue;
            }
 
            $this->loadedKeys->add($key);
        }
    }
 
    public function loadCertificateData($certificateData)
    {
        if (!is_string($certificateData)) {
            throw InvalidArgumentException::invalidType('string', $certificateData);
        }
 
        $this->loadedKeys->add(X509::createFromCertificateData($certificateData));
    }
 
    public function loadCertificateFile($certificateFile)
    {
        $certificate = File::getFileContents($certificateFile);
 
        if (!Certificate::hasValidStructure($certificate)) {
            throw new InvalidCertificateStructureException(sprintf(
                'Could not find PEM encoded certificate in "%s"',
                $certificateFile
            ));
        }
 
        // capture the certificate contents without the delimiters
        preg_match(Certificate::CERTIFICATE_PATTERN, $certificate, $matches);
        $this->loadedKeys->add(X509::createFromCertificateData($matches[1]));
    }
 
    public function getKeys()
    {
        return $this->loadedKeys;
    }
 
    public function hasKeys()
    {
        return !!count($this->loadedKeys);
    }
}