28        if (array_key_exists(
'metadata.sign.privatekey', $entityMetadata)
 
   29            || array_key_exists(
'metadata.sign.certificate', $entityMetadata)
 
   31            if (!array_key_exists(
'metadata.sign.privatekey', $entityMetadata)
 
   32                || !array_key_exists(
'metadata.sign.certificate', $entityMetadata)
 
   35                    'Missing either the "metadata.sign.privatekey" or the'.
 
   36                    ' "metadata.sign.certificate" configuration option in the metadata for'.
 
   37                    ' the '.
$type.
' "'.$entityMetadata[
'entityid'].
'". If one of'.
 
   38                    ' these options is specified, then the other must also be specified.' 
   43                'privatekey'  => $entityMetadata[
'metadata.sign.privatekey'],
 
   44                'certificate' => $entityMetadata[
'metadata.sign.certificate']
 
   47            if (array_key_exists(
'metadata.sign.privatekey_pass', $entityMetadata)) {
 
   48                $ret[
'privatekey_pass'] = $entityMetadata[
'metadata.sign.privatekey_pass'];
 
   55        $privatekey = 
$config->getString(
'metadata.sign.privatekey', 
null);
 
   60                    'Missing either the "metadata.sign.privatekey" or the'.
 
   61                    ' "metadata.sign.certificate" configuration option in the global'.
 
   62                    ' configuration. If one of these options is specified, then the other'.
 
   63                    ' must also be specified.' 
   68            $privatekey_pass = 
$config->getString(
'metadata.sign.privatekey_pass', 
null);
 
   69            if ($privatekey_pass !== 
null) {
 
   70                $ret[
'privatekey_pass'] = $privatekey_pass;
 
   77        if (array_key_exists(
'privatekey', $entityMetadata)
 
   78            || array_key_exists(
'certificate', $entityMetadata)
 
   80            if (!array_key_exists(
'privatekey', $entityMetadata)
 
   81                || !array_key_exists(
'certificate', $entityMetadata)
 
   84                    'Both the "privatekey" and the "certificate" option must'.
 
   85                    ' be set in the metadata for the '.
$type.
' "'.
 
   86                    $entityMetadata[
'entityid'].
'" before it is possible to sign metadata'.
 
   92                'privatekey'  => $entityMetadata[
'privatekey'],
 
   93                'certificate' => $entityMetadata[
'certificate']
 
   96            if (array_key_exists(
'privatekey_pass', $entityMetadata)) {
 
   97                $ret[
'privatekey_pass'] = $entityMetadata[
'privatekey_pass'];
 
  104            'Could not find what key & certificate should be used to sign the metadata'.
 
  105            ' for the '.
$type.
' "'.$entityMetadata[
'entityid'].
'".' 
  124        if (array_key_exists(
'metadata.sign.enable', $entityMetadata)) {
 
  125            if (!is_bool($entityMetadata[
'metadata.sign.enable'])) {
 
  127                    'Invalid value for the "metadata.sign.enable" configuration option for'.
 
  128                    ' the '.
$type.
' "'.$entityMetadata[
'entityid'].
'". This option'.
 
  129                    ' should be a boolean.' 
  133            return $entityMetadata[
'metadata.sign.enable'];
 
  136        $enabled = 
$config->getBoolean(
'metadata.sign.enable', 
false);
 
  160        if (array_key_exists(
'metadata.sign.algorithm', $entityMetadata)) {
 
  161            if (!is_string($entityMetadata[
'metadata.sign.algorithm'])) {
 
  162                throw new \SimpleSAML\Error\CriticalConfigurationError(
 
  163                    "Invalid value for the 'metadata.sign.algorithm' configuration option for the ".
$type.
 
  164                    "'".$entityMetadata[
'entityid'].
"'. This option has restricted values" 
  167            $alg = $entityMetadata[
'metadata.sign.algorithm'];
 
  169            $alg = 
$config->getString(
'metadata.sign.algorithm', XMLSecurityKey::RSA_SHA256);
 
  172        $supported_algs = array(
 
  173            XMLSecurityKey::RSA_SHA1,
 
  174            XMLSecurityKey::RSA_SHA256,
 
  175            XMLSecurityKey::RSA_SHA384,
 
  176            XMLSecurityKey::RSA_SHA512,
 
  179        if (!in_array($alg, $supported_algs, 
true)) {
 
  180            throw new \SimpleSAML\Error\CriticalConfigurationError(
"Unknown signature algorithm '$alg'");
 
  184            case XMLSecurityKey::RSA_SHA256:
 
  185                $digest = XMLSecurityDSig::SHA256;
 
  187            case XMLSecurityKey::RSA_SHA384:
 
  188                $digest = XMLSecurityDSig::SHA384;
 
  190            case XMLSecurityKey::RSA_SHA512:
 
  191                $digest = XMLSecurityDSig::SHA512;
 
  194                $digest = XMLSecurityDSig::SHA1;
 
  214    public static function sign($metadataString, $entityMetadata, 
$type)
 
  219        if (!self::isMetadataSigningEnabled(
$config, $entityMetadata, 
$type)) {
 
  220            return $metadataString;
 
  227        if (!file_exists($keyFile)) {
 
  228            throw new Exception(
'Could not find private key file ['.$keyFile.
'], which is needed to sign the metadata');
 
  230        $keyData = file_get_contents($keyFile);
 
  233        if (!file_exists($certFile)) {
 
  235                'Could not find certificate file ['.$certFile.
'], which is needed to sign the metadata' 
  238        $certData = file_get_contents($certFile);
 
  244        } 
catch (Exception $e) {
 
  245            throw new Exception(
'Error parsing self-generated metadata.');
 
  251        $objKey = 
new XMLSecurityKey($signature_cf[
'algorithm'], array(
'type' => 
'private'));
 
  252        if (array_key_exists(
'privatekey_pass', $keyCertFiles)) {
 
  253            $objKey->passphrase = $keyCertFiles[
'privatekey_pass'];
 
  255        $objKey->loadKey($keyData, 
false);
 
  258        $rootNode = 
$xml->firstChild;
 
  261        $objXMLSecDSig = 
new XMLSecurityDSig();
 
  263        $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
 
  265        $objXMLSecDSig->addReferenceList(
 
  267            $signature_cf[
'digest'],
 
  268            array(
'http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
 
  269            array(
'id_name' => 
'ID')
 
  272        $objXMLSecDSig->sign($objKey);
 
  275        $objXMLSecDSig->add509Cert($certData, 
true);
 
  278        $objXMLSecDSig->insertSignature($rootNode, $rootNode->firstChild);
 
  281        return $xml->saveXML();
 
An exception for terminatinating execution or to throw for unit testing.
static getCertPath($path)
Resolves a path that may be relative to the cert-directory.
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
if(@file_exists(dirname(__FILE__).'/lang/eng.php')) $certificate