当前位置: 首页>>代码示例>>PHP>>正文


PHP SimpleSAML_Utilities::loadPublicKey方法代码示例

本文整理汇总了PHP中SimpleSAML_Utilities::loadPublicKey方法的典型用法代码示例。如果您正苦于以下问题:PHP SimpleSAML_Utilities::loadPublicKey方法的具体用法?PHP SimpleSAML_Utilities::loadPublicKey怎么用?PHP SimpleSAML_Utilities::loadPublicKey使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在SimpleSAML_Utilities的用法示例。


在下文中一共展示了SimpleSAML_Utilities::loadPublicKey方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: createLogoutResponse

 protected function createLogoutResponse($testrun, $logoutRequest, $logoutRelayState)
 {
     $this->log($testrun, 'Creating response with relaystate [' . $logoutRelayState . ']');
     $idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata);
     $spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata);
     // Get SingleLogoutService URL
     $consumerURLf = $spMetadata->getDefaultEndpoint('SingleLogoutService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'));
     $consumerURL = $consumerURLf['Location'];
     /* Create an send response. */
     $response = sspmod_saml2_Message::buildLogoutResponse($idpMetadata, $spMetadata);
     $response->setRelayState($logoutRequest->getRelayState());
     $response->setInResponseTo($logoutRequest->getId());
     $keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE);
     $certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE);
     $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     $privateKey->loadKey($keyArray['PEM'], FALSE);
     $response->setSignatureKey($privateKey);
     if ($certArray === NULL) {
         throw new Exception('No certificates found. [1]');
     }
     if (!array_key_exists('PEM', $certArray)) {
         throw new Exception('No certificates found. [2]');
     }
     $response->setCertificates(array($certArray['PEM']));
     #$this->tweakResponse($testrun, $response);
     $msgStr = $response->toUnsignedXML();
     #$this->tweakResponseDOM($testrun, $msgStr);
     $msgStr = $msgStr->ownerDocument->saveXML($msgStr);
     #	echo '<pre>'; echo(htmlspecialchars($msgStr)); exit;
     #		$msgStr = base64_encode($msgStr);
     #		$msgStr = htmlspecialchars($msgStr);
     return array('url' => $consumerURL, 'Response' => $msgStr, 'ResponseObj' => $response, 'RelayState' => $logoutRelayState);
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:33,代码来源:SLOTest.php

示例2: addSign

 /**
  * Add signature key and sender certificate to an element (Message or Assertion).
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender.
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient.
  * @param SAML2_Message $element  The element we should add the data to.
  */
 public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element)
 {
     $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata, TRUE);
     $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
     $algo = $dstMetadata->getString('signature.algorithm', NULL);
     if ($algo === NULL) {
         /*
          * In the NIST Special Publication 800-131A, SHA-1 became deprecated for generating
          * new digital signatures in 2011, and will be explicitly disallowed starting the 1st
          * of January, 2014. We'll keep this as a default for the next release and mark it
          * as deprecated, as part of the transition to SHA-256.
          *
          * See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf for more info.
          *
          * TODO: change default to XMLSecurityKey::RSA_SHA256.
          */
         $algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA1);
     }
     $privateKey = new XMLSecurityKey($algo, array('type' => 'private'));
     if (array_key_exists('password', $keyArray)) {
         $privateKey->passphrase = $keyArray['password'];
     }
     $privateKey->loadKey($keyArray['PEM'], FALSE);
     $element->setSignatureKey($privateKey);
     if ($certArray === NULL) {
         /* We don't have a certificate to add. */
         return;
     }
     if (!array_key_exists('PEM', $certArray)) {
         /* We have a public key with only a fingerprint. */
         return;
     }
     $element->setCertificates(array($certArray['PEM']));
 }
开发者ID:jiangjunt,项目名称:efront_open_source,代码行数:41,代码来源:Message.php

示例3: sendResponse

 /**
  * Send an authenticationResponse using HTTP-POST.
  *
  * @param string $response  The response which should be sent.
  * @param array $idpmd  The metadata of the IdP which is sending the response.
  * @param array $spmd  The metadata of the SP which is receiving the response.
  * @param string|NULL $relayState  The relaystate for the SP.
  * @param string $shire  The shire which should receive the response.
  */
 public function sendResponse($response, $idpmd, $spmd, $relayState, $shire)
 {
     SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
     $privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd, TRUE);
     $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE);
     $responsedom = new DOMDocument();
     $responsedom->loadXML(str_replace("\r", "", $response));
     $responseroot = $responsedom->getElementsByTagName('Response')->item(0);
     $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
     /* Determine what we should sign - either the Response element or the Assertion. The default
      * is to sign the Assertion, but that can be overridden by the 'signresponse' option in the
      * SP metadata or 'saml20.signresponse' in the global configuration.
      */
     $signResponse = FALSE;
     if (array_key_exists('signresponse', $spmd) && $spmd['signresponse'] !== NULL) {
         $signResponse = $spmd['signresponse'];
         if (!is_bool($signResponse)) {
             throw new Exception('Expected the \'signresponse\' option in the metadata of the' . ' SP \'' . $spmd['entityid'] . '\' to be a boolean value.');
         }
     } else {
         $signResponse = $this->configuration->getBoolean('shib13.signresponse', TRUE);
     }
     /* Check if we have an assertion to sign. Force to sign the response if not. */
     if ($firstassertionroot === NULL) {
         $signResponse = TRUE;
     }
     $signer = new SimpleSAML_XML_Signer(array('privatekey_array' => $privatekey, 'publickey_array' => $publickey, 'id' => $signResponse ? 'ResponseID' : 'AssertionID'));
     if (array_key_exists('certificatechain', $idpmd)) {
         $signer->addCertificate($idpmd['certificatechain']);
     }
     if ($signResponse) {
         /* Sign the response - this must be done after encrypting the assertion. */
         /* We insert the signature before the saml2p:Status element. */
         $statusElements = SimpleSAML_Utilities::getDOMChildren($responseroot, 'Status', '@saml1p');
         assert('count($statusElements) === 1');
         $signer->sign($responseroot, $responseroot, $statusElements[0]);
     } else {
         /* Sign the assertion */
         $signer->sign($firstassertionroot, $firstassertionroot);
     }
     $response = $responsedom->saveXML();
     if ($this->configuration->getBoolean('debug', FALSE)) {
         $p = new SimpleSAML_XHTML_Template($this->configuration, 'post-debug.php');
         $p->data['header'] = 'SAML (Shibboleth 1.3) Response Debug-mode';
         $p->data['RelayStateName'] = 'TARGET';
         $p->data['RelayState'] = $relayState;
         $p->data['destination'] = $shire;
         $p->data['response'] = str_replace("\n", "", base64_encode($response));
         $p->data['responseHTML'] = htmlspecialchars(SimpleSAML_Utilities::formatXMLString($response));
         $p->show();
     } else {
         SimpleSAML_Utilities::postRedirect($shire, array('TARGET' => $relayState, 'SAMLResponse' => base64_encode($response)));
     }
 }
开发者ID:hukumonline,项目名称:yii,代码行数:63,代码来源:HTTPPost.php

示例4: getMetadata

 public function getMetadata()
 {
     $idpentityid = SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/metadata.php';
     $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleSignOnService.php', 'SingleLogoutService' => SimpleSAML_Utilities::getBaseURL() . 'module.php/fedlab/SingleLogoutService.php', 'certificate' => 'server.crt');
     $metaArrayConfig = SimpleSAML_Configuration::loadFromArray($metaArray);
     $certInfo = SimpleSAML_Utilities::loadPublicKey($metaArrayConfig, TRUE);
     $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
     $metaBuilder->addMetadataIdP20($metaArray);
     $metaBuilder->addOrganizationInfo($metaArray);
     $metaBuilder->addContact('technical', array('emailAddress' => $this->config->getString('technicalcontact_email', NULL), 'name' => $this->config->getString('technicalcontact_name', NULL)));
     $metaxml = $metaBuilder->getEntityDescriptorText();
     return $metaxml;
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:13,代码来源:IdPMetadata.php

示例5: addSign

 /**
  * Add signature key and and senders certificate to an element (Message or Assertion).
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender.
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient.
  * @param SAML2_Message $element  The element we should add the data to.
  */
 public static function addSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_SignedElement $element)
 {
     $keyArray = SimpleSAML_Utilities::loadPrivateKey($srcMetadata, TRUE);
     $certArray = SimpleSAML_Utilities::loadPublicKey($srcMetadata, FALSE);
     $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
     if (array_key_exists('password', $keyArray)) {
         $privateKey->passphrase = $keyArray['password'];
     }
     $privateKey->loadKey($keyArray['PEM'], FALSE);
     $element->setSignatureKey($privateKey);
     if ($certArray === NULL) {
         /* We don't have a certificate to add. */
         return;
     }
     if (!array_key_exists('PEM', $certArray)) {
         /* We have a public key with only a fingerprint. */
         return;
     }
     $element->setCertificates(array($certArray['PEM']));
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:27,代码来源:Message.php

示例6: sendResponse

 /**
  * Send an authenticationResponse using HTTP-POST.
  *
  * @param string $response  The response which should be sent.
  * @param SimpleSAML_Configuration $idpmd  The metadata of the IdP which is sending the response.
  * @param SimpleSAML_Configuration $spmd  The metadata of the SP which is receiving the response.
  * @param string|NULL $relayState  The relaystate for the SP.
  * @param string $shire  The shire which should receive the response.
  */
 public function sendResponse($response, SimpleSAML_Configuration $idpmd, SimpleSAML_Configuration $spmd, $relayState, $shire)
 {
     SimpleSAML_Utilities::validateXMLDocument($response, 'saml11');
     $privatekey = SimpleSAML_Utilities::loadPrivateKey($idpmd, TRUE);
     $publickey = SimpleSAML_Utilities::loadPublicKey($idpmd, TRUE);
     $responsedom = new DOMDocument();
     $responsedom->loadXML(str_replace("\r", "", $response));
     $responseroot = $responsedom->getElementsByTagName('Response')->item(0);
     $firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
     /* Determine what we should sign - either the Response element or the Assertion. The default
      * is to sign the Assertion, but that can be overridden by the 'signresponse' option in the
      * SP metadata or 'saml20.signresponse' in the global configuration.
      */
     $signResponse = FALSE;
     if ($spmd->hasValue('signresponse')) {
         $signResponse = $spmd->getBoolean['signresponse'];
     } else {
         $signResponse = $this->configuration->getBoolean('shib13.signresponse', TRUE);
     }
     /* Check if we have an assertion to sign. Force to sign the response if not. */
     if ($firstassertionroot === NULL) {
         $signResponse = TRUE;
     }
     $signer = new SimpleSAML_XML_Signer(array('privatekey_array' => $privatekey, 'publickey_array' => $publickey, 'id' => $signResponse ? 'ResponseID' : 'AssertionID'));
     if ($idpmd->hasValue('certificatechain')) {
         $signer->addCertificate($idpmd->getString('certificatechain'));
     }
     if ($signResponse) {
         /* Sign the response - this must be done after encrypting the assertion. */
         /* We insert the signature before the saml2p:Status element. */
         $statusElements = SimpleSAML_Utilities::getDOMChildren($responseroot, 'Status', '@saml1p');
         assert('count($statusElements) === 1');
         $signer->sign($responseroot, $responseroot, $statusElements[0]);
     } else {
         /* Sign the assertion */
         $signer->sign($firstassertionroot, $firstassertionroot);
     }
     $response = $responsedom->saveXML();
     SimpleSAML_Utilities::debugMessage($response, 'out');
     SimpleSAML_Utilities::postRedirect($shire, array('TARGET' => $relayState, 'SAMLResponse' => base64_encode($response)));
 }
开发者ID:shirlei,项目名称:simplesaml,代码行数:50,代码来源:HTTPPost.php

示例7: createResponse

 protected function createResponse($testrun, $request, $relayState = NULL)
 {
     $this->log($testrun, 'Creating response with relaystate [' . $relayState . ']');
     $idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata);
     $spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata);
     $requestId = $request->getId();
     $consumerURL = $request->getAssertionConsumerServiceURL();
     $spentityid = $spMetadata->getString('entityid');
     $idpentityid = $idpMetadata->getString('entityid');
     $consumerURLf = $spMetadata->getDefaultEndpoint('AssertionConsumerService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'), $consumerURL);
     $consumerURL = $consumerURLf['Location'];
     $protocolBinding = SAML2_Const::BINDING_HTTP_POST;
     $config = $this->getConfig($testrun);
     #		print_r($requestId);
     // Build the response
     $signResponse = $config['signResponse'];
     $response = new sspmod_fedlab_xml_Response();
     $response->setIssuer($this->getIssuerResponse($testrun, $idpentityid));
     $response->setDestination($this->getDestinationResponse($testrun, $consumerURL));
     if ($signResponse) {
         // self::addSign($srcMetadata, $dstMetadata, $r);
         $keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE);
         $certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE);
         $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
         $privateKey->loadKey($keyArray['PEM'], FALSE);
         $response->setSignatureKey($privateKey);
         if ($certArray === NULL) {
             throw new Exception('No certificates found. [1]');
         }
         if (!array_key_exists('PEM', $certArray)) {
             throw new Exception('No certificates found. [2]');
         }
         $response->setCertificates(array($certArray['PEM']));
     }
     $inresponseto = $this->getInResponseToResponse($testrun, $requestId);
     if (!empty($inresponseto)) {
         $response->setInResponseTo($inresponseto);
     }
     $response->setRelayState($this->getRelayState($testrun, $relayState));
     $realAttr = array('urn:oid:1.3.6.1.4.1.5923.1.1.1.6' => array('andreas@uninett.no'), 'urn:mace:dir:attribute-def:eduPersonPrincipalName' => array('andreas@uninett.no'));
     $fakeAttr = array('urn:foo' => array('bar'));
     switch ($testrun) {
         /* getAssertion($testrun, $request, $attributes = NULL, $sign = FALSE, $includeAuthn = TRUE) { */
         case 'multipleassertion1':
             $response->setAssertions(array($this->getAssertion($testrun, $request, $realAttr, $config['signAssertion'], TRUE), $this->getAssertion($testrun, $request, $fakeAttr, $config['signAssertion'], TRUE)));
             break;
         case 'multipleassertion2':
             $response->setAssertions(array($this->getAssertion($testrun, $request, $fakeAttr, $config['signAssertion'], TRUE), $this->getAssertion($testrun, $request, $realAttr, $config['signAssertion'], TRUE)));
             break;
         case 'multipleassertion3':
             $response->setAssertions(array($this->getAssertion($testrun, $request, $fakeAttr, TRUE, TRUE), $this->getAssertion($testrun, $request, $realAttr, FALSE, TRUE)));
             break;
         case 'multipleassertion3b':
             $response->setAssertions(array($this->getAssertion($testrun, $request, $realAttr, FALSE, TRUE), $this->getAssertion($testrun, $request, $fakeAttr, TRUE, TRUE)));
             break;
         case 'multipleassertion4':
             $response->setAssertions(array($this->getAssertion($testrun, $request, $realAttr, TRUE, FALSE), $this->getAssertion($testrun, $request, $fakeAttr, FALSE, TRUE)));
             break;
         case 'multipleassertion4b':
             $response->setAssertions(array($this->getAssertion($testrun, $request, $fakeAttr, FALSE, TRUE), $this->getAssertion($testrun, $request, $realAttr, TRUE, FALSE)));
             break;
     }
     $this->tweakResponse($testrun, $response);
     $msgStr = $response->toSignedXML();
     $msgStr = $msgStr->ownerDocument->saveXML($msgStr);
     return array('url' => $consumerURL, 'Response' => $msgStr, 'RelayState' => $relayState);
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:67,代码来源:MultipleAssertions.php

示例8: encryptAssertion

 /**
  * Encrypt an assertion.
  *
  * This function takes in a SAML2_Assertion and encrypts it if encryption of
  * assertions are enabled in the metadata.
  *
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender (IdP).
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the recipient (SP).
  * @param SAML2_Assertion $assertion  The assertion we are encrypting.
  * @return SAML2_Assertion|SAML2_EncryptedAssertion  The assertion.
  */
 public static function encryptAssertion(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_Assertion $assertion)
 {
     $encryptAssertion = $dstMetadata->getBoolean('assertion.encryption', NULL);
     if ($encryptAssertion === NULL) {
         $encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', FALSE);
     }
     if (!$encryptAssertion) {
         /* We are _not_ encrypting this assertion, and are therefore done. */
         return $assertion;
     }
     $sharedKey = $dstMetadata->getString('sharedkey', NULL);
     if ($sharedKey !== NULL) {
         $key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
         $key->loadKey($sharedKey);
     } else {
         /* Find the certificate that we should use to encrypt messages to this SP. */
         $certArray = SimpleSAML_Utilities::loadPublicKey($dstMetadata, TRUE);
         if (!array_key_exists('PEM', $certArray)) {
             throw new Exception('Unable to locate key we should use to encrypt the assertionst ' . 'to the SP: ' . var_export($dstMetadata->getString('entityid'), TRUE) . '.');
         }
         $pemCert = $certArray['PEM'];
         /* Extract the public key from the certificate for encryption. */
         $key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type' => 'public'));
         $key->loadKey($pemCert);
     }
     $ea = new SAML2_EncryptedAssertion();
     $ea->setAssertion($assertion, $key);
     return $ea;
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:40,代码来源:Message.php

示例9: array

 $idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
 $availableCerts = array();
 $keys = array();
 $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, FALSE, 'new_');
 if ($certInfo !== NULL) {
     $availableCerts['new_idp.crt'] = $certInfo;
     $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => TRUE, 'X509Certificate' => $certInfo['certData']);
     $hasNewCert = TRUE;
 } else {
     $hasNewCert = FALSE;
 }
 $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
 $availableCerts['idp.crt'] = $certInfo;
 $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => $hasNewCert ? FALSE : TRUE, 'X509Certificate' => $certInfo['certData']);
 if ($idpmeta->hasValue('https.certificate')) {
     $httpsCert = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE, 'https.');
     assert('isset($httpsCert["certData"])');
     $availableCerts['https.crt'] = $httpsCert;
     $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => FALSE, 'X509Certificate' => $httpsCert['certData']);
 }
 $metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => array(0 => array('Binding' => SAML2_Const::BINDING_HTTP_REDIRECT, 'Location' => $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'))), 'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted'));
 if (count($keys) === 1) {
     $metaArray['certData'] = $keys[0]['X509Certificate'];
 } else {
     $metaArray['keys'] = $keys;
 }
 if ($idpmeta->getBoolean('saml20.sendartifact', FALSE)) {
     /* Artifact sending enabled. */
     $metaArray['ArtifactResolutionService'][] = array('index' => 0, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'saml2/idp/ArtifactResolutionService.php', 'Binding' => SAML2_Const::BINDING_SOAP);
 }
 if ($idpmeta->getBoolean('saml20.hok.assertion', FALSE)) {
开发者ID:emma5021,项目名称:toba,代码行数:31,代码来源:metadata.php

示例10: authenticate

 private function authenticate()
 {
     $client_is_authenticated = false;
     /* Authenticate the requestor by verifying the TLS certificate used for the HTTP query */
     if (array_key_exists('SSL_CLIENT_VERIFY', $_SERVER)) {
         SimpleSAML_Logger::debug('[aa] Request was made using the following certificate: ' . var_export($_SERVER['SSL_CLIENT_VERIFY'], 1));
     }
     if (array_key_exists('SSL_CLIENT_VERIFY', $_SERVER) && $_SERVER['SSL_CLIENT_VERIFY'] && $_SERVER['SSL_CLIENT_VERIFY'] != 'NONE') {
         /* compare certificate fingerprints */
         $clientCertData = trim(preg_replace('/--.* CERTIFICATE-+-/', '', $_SERVER['SSL_CLIENT_CERT']));
         $clientCertFingerprint = strtolower(sha1(base64_decode($clientCertData)));
         if (!$clientCertFingerprint) {
             throw new SimpleSAML_Error_Exception('[aa] Can not calculate certificate fingerprint from the request.');
         }
         $spCertArray = SimpleSAML_Utilities::loadPublicKey($this->spMetadata);
         if (!$spCertArray) {
             throw new SimpleSAML_Error_Exception('[aa] Can not find the public key of the requestor in the metadata!');
         }
         foreach ($spCertArray['certFingerprint'] as $fingerprint) {
             if ($fingerprint && $clientCertFingerprint == $fingerprint) {
                 $client_is_authenticated = true;
                 SimpleSAML_Logger::debug('[aa] SSL certificate is checked and valid.');
                 break;
             }
         }
         /* Reject the request if the TLS certificate used for the request does not match metadata */
         if (!$client_is_authenticated) {
             throw new SimpleSAML_Error_Exception('[aa] SSL certificate check failed.');
         }
     } else {
         /* The request may be signed, so this is not fatal */
         SimpleSAML_Logger::debug('[aa] SSL client certificate does not exist.');
     }
     /* Authenticate the requestor by verifying the XML signature on the query */
     $certs_of_query = $this->query->getCertificates();
     if (count($certs_of_query) > 0) {
         if (sspmod_saml_Message::checkSign($this->spMetadata, $this->query)) {
             $client_is_authenticated = true;
             SimpleSAML_Logger::debug('[aa] AttributeQuery signature is checked and valid.');
         } else {
             /* An invalid or unverifiable signature is fatal */
             throw new SimpleSAML_Error_Exception('[aa] The signature of the AttributeQuery is wrong!');
         }
     } else {
         /* The request may be protected by HTTP TLS (X.509) authentication, so this is not fatal */
         SimpleSAML_Logger::debug('[aa] AttributeQuery has no signature.');
     }
     if (!$client_is_authenticated) {
         SimpleSAML_Logger::info('[aa] Attribute query was not authenticated. Drop.');
         header('HTTP/1.1 401 Unauthorized');
         header('WWW-Authenticate: None', false);
         echo 'Not authenticated. Neither query signature nor SSL client certificate was available.';
         exit;
     } else {
         SimpleSAML_Logger::debug('[aa] Attribute query was authenticated.');
     }
 }
开发者ID:niif,项目名称:simplesamlphp-module-aa,代码行数:57,代码来源:SAML2.php

示例11: send

 /**
  * This function sends the SOAP message to the service location and returns SOAP response
  *
  * @param SAML2_Message $m  The request that should be sent.
  * @param SimpleSAML_Configuration $srcMetadata  The metadata of the issuer of the message.
  * @param SimpleSAML_Configuration $dstMetadata  The metadata of the destination of the message.
  * @return SAML2_Message  The response we received.
  */
 public function send(SAML2_Message $msg, SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata = NULL)
 {
     $issuer = $msg->getIssuer();
     $ctxOpts = array('ssl' => array('capture_peer_cert' => TRUE));
     // Determine if we are going to do a MutualSSL connection between the IdP and SP  - Shoaib
     if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
         $ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
         if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
             $ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
         }
     } else {
         /* Use the SP certificate and privatekey if it is configured. */
         $privateKey = SimpleSAML_Utilities::loadPrivateKey($srcMetadata);
         $publicKey = SimpleSAML_Utilities::loadPublicKey($srcMetadata);
         if ($privateKey !== NULL && $publicKey !== NULL && isset($publicKey['PEM'])) {
             $keyCertData = $privateKey['PEM'] . $publicKey['PEM'];
             $file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($keyCertData) . '.pem';
             if (!file_exists($file)) {
                 SimpleSAML_Utilities::writeFile($file, $keyCertData);
             }
             $ctxOpts['ssl']['local_cert'] = $file;
             if (isset($privateKey['password'])) {
                 $ctxOpts['ssl']['passphrase'] = $privateKey['password'];
             }
         }
     }
     // do peer certificate verification
     if ($dstMetadata !== NULL) {
         $peerPublicKeys = $dstMetadata->getPublicKeys('signing', TRUE);
         $certData = '';
         foreach ($peerPublicKeys as $key) {
             if ($key['type'] !== 'X509Certificate') {
                 continue;
             }
             $certData .= "-----BEGIN CERTIFICATE-----\n" . chunk_split($key['X509Certificate'], 64) . "-----END CERTIFICATE-----\n";
         }
         $peerCertFile = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.pem';
         if (!file_exists($peerCertFile)) {
             SimpleSAML_Utilities::writeFile($peerCertFile, $certData);
         }
         // create ssl context
         $ctxOpts['ssl']['verify_peer'] = TRUE;
         $ctxOpts['ssl']['verify_depth'] = 1;
         $ctxOpts['ssl']['cafile'] = $peerCertFile;
     }
     $context = stream_context_create($ctxOpts);
     if ($context === NULL) {
         throw new Exception('Unable to create SSL stream context');
     }
     $options = array('uri' => $issuer, 'location' => $msg->getDestination(), 'stream_context' => $context);
     $x = new SoapClient(NULL, $options);
     // Add soap-envelopes
     $request = $msg->toSignedXML();
     $request = self::START_SOAP_ENVELOPE . $request->ownerDocument->saveXML($request) . self::END_SOAP_ENVELOPE;
     SimpleSAML_Utilities::debugMessage($request, 'out');
     $action = 'http://www.oasis-open.org/committees/security';
     $version = '1.1';
     $destination = $msg->getDestination();
     /* Perform SOAP Request over HTTP */
     $soapresponsexml = $x->__doRequest($request, $destination, $action, $version);
     if ($soapresponsexml === NULL || $soapresponsexml === "") {
         throw new Exception('Empty SOAP response, check peer certificate.');
     }
     SimpleSAML_Utilities::debugMessage($soapresponsexml, 'in');
     // Convert to SAML2_Message (DOMElement)
     $dom = new DOMDocument();
     if (!$dom->loadXML($soapresponsexml)) {
         throw new Exception('Not a SOAP response.');
     }
     $soapfault = $this->getSOAPFault($dom);
     if (isset($soapfault)) {
         throw new Exception($soapfault);
     }
     //Extract the message from the response
     $xml = $dom->firstChild;
     /* Soap Envelope */
     $samlresponse = SAML2_Utils::xpQuery($dom->firstChild, '/soap-env:Envelope/soap-env:Body/*[1]');
     $samlresponse = SAML2_Message::fromXML($samlresponse[0]);
     /* Add validator to message which uses the SSL context. */
     self::addSSLValidator($samlresponse, $context);
     SimpleSAML_Logger::debug("Valid ArtifactResponse received from IdP");
     return $samlresponse;
 }
开发者ID:filonuse,项目名称:fedlab,代码行数:91,代码来源:SOAPClient.php

示例12: array

 $aameta = $metadata->getMetaDataConfig($aaentityid, 'attributeauthority-hosted');
 $availableCerts = array();
 $keys = array();
 $certInfo = SimpleSAML_Utilities::loadPublicKey($aameta, false, 'new_');
 if ($certInfo !== null) {
     $availableCerts['new_aa.crt'] = $certInfo;
     $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => true, 'X509Certificate' => $certInfo['certData']);
     $hasNewCert = true;
 } else {
     $hasNewCert = false;
 }
 $certInfo = SimpleSAML_Utilities::loadPublicKey($aameta, true);
 $availableCerts['aa.crt'] = $certInfo;
 $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => $hasNewCert ? false : true, 'X509Certificate' => $certInfo['certData']);
 if ($aameta->hasValue('https.certificate')) {
     $httpsCert = SimpleSAML_Utilities::loadPublicKey($aameta, true, 'https.');
     assert('isset($httpsCert["certData"])');
     $availableCerts['https.crt'] = $httpsCert;
     $keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => false, 'X509Certificate' => $httpsCert['certData']);
 }
 $metaArray = array('metadata-set' => 'attributeauthority-hosted', 'entityid' => $aaentityid, 'protocols' => array(SAML2_Const::NS_SAMLP), 'AttributeService' => array(0 => array('Binding' => SAML2_Const::BINDING_SOAP, 'Location' => SimpleSAML_Utilities::getBaseURL() . 'module.php/aa/attributeserver.php')));
 if (count($keys) === 1) {
     $metaArray['certData'] = $keys[0]['X509Certificate'];
 } else {
     $metaArray['keys'] = $keys;
 }
 $metaArray['NameIDFormat'] = array(SAML2_Const::NAMEID_PERSISTENT, SAML2_Const::NAMEID_TRANSIENT);
 if ($aameta->hasValue('OrganizationName')) {
     $metaArray['OrganizationName'] = $aameta->getLocalizedString('OrganizationName');
     $metaArray['OrganizationDisplayName'] = $aameta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']);
     if (!$aameta->hasValue('OrganizationURL')) {
开发者ID:niif,项目名称:simplesamlphp-module-aa,代码行数:31,代码来源:metadata.php

示例13: SimpleSAML_Error_Error

if (!$config->getBoolean('enable.shib13-idp', false)) {
    throw new SimpleSAML_Error_Error('NOACCESS');
}
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
    SimpleSAML_Utilities::requireAdmin();
}
try {
    $idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
    $idpmeta = $metadata->getMetaDataConfig($idpentityid, 'shib13-idp-hosted');
    $keys = array();
    $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, FALSE, 'new_');
    if ($certInfo !== NULL) {
        $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => FALSE, 'X509Certificate' => $certInfo['certData']);
    }
    $certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
    $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => FALSE, 'X509Certificate' => $certInfo['certData']);
    $metaArray = array('metadata-set' => 'shib13-idp-remote', 'entityid' => $idpentityid, 'SingleSignOnService' => $metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted'));
    if (count($keys) === 1) {
        $metaArray['certData'] = $keys[0]['X509Certificate'];
    } else {
        $metaArray['keys'] = $keys;
    }
    $metaArray['NameIDFormat'] = $idpmeta->getString('NameIDFormat', 'urn:mace:shibboleth:1.0:nameIdentifier');
    if ($idpmeta->hasValue('OrganizationName')) {
        $metaArray['OrganizationName'] = $idpmeta->getLocalizedString('OrganizationName');
        $metaArray['OrganizationDisplayName'] = $idpmeta->getLocalizedString('OrganizationDisplayName', $metaArray['OrganizationName']);
        if (!$idpmeta->hasValue('OrganizationURL')) {
            throw new SimpleSAML_Error_Exception('If OrganizationName is set, OrganizationURL must also be set.');
        }
        $metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL');
开发者ID:shirlei,项目名称:simplesaml,代码行数:31,代码来源:metadata.php

示例14: receive

 /**
  * This function receives a SAML 1.1 artifact.
  *
  * @param SimpleSAML_Configuration $spMetadata  The metadata of the SP.
  * @param SimpleSAML_Configuration $idpMetadata  The metadata of the IdP.
  * @return string  The <saml1p:Response> element, as an XML string.
  */
 public static function receive(SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata)
 {
     $artifacts = self::getArtifacts();
     $request = self::buildRequest($artifacts);
     $url = 'https://skjak.uninett.no:1245/test...';
     $url = $idpMetadata->getString('ArtifactResolutionService');
     $certData = SimpleSAML_Utilities::loadPublicKey($idpMetadata->toArray(), TRUE);
     if (!array_key_exists('PEM', $certData)) {
         throw new SimpleSAML_Error_Exception('Missing one of certData or certificate in metadata for ' . var_export($idpMetadata->getString('entityid'), TRUE));
     }
     $certData = $certData['PEM'];
     $file = SimpleSAML_Utilities::getTempDir() . '/' . sha1($certData) . '.crt';
     if (!file_exists($file)) {
         SimpleSAML_Utilities::writeFile($file, $certData);
     }
     $globalConfig = SimpleSAML_Configuration::getInstance();
     $spKeyCertFile = $globalConfig->getPathValue('certdir', 'cert/') . $spMetadata->getString('privatekey');
     $opts = array('ssl' => array('verify_peer' => TRUE, 'cafile' => $file, 'local_cert' => $spKeyCertFile, 'capture_peer_cert' => TRUE, 'capture_peer_chain' => TRUE), 'http' => array('method' => 'POST', 'content' => $request, 'header' => 'SOAPAction: http://www.oasis-open.org/committees/security' . "\r\n" . 'Content-Type: text/xml'));
     $context = stream_context_create($opts);
     /* Fetch the artifact. */
     $response = file_get_contents($url, FALSE, $context);
     if ($response === FALSE) {
         throw new SimpleSAML_Error_Exception('Failed to retrieve assertion from IdP.');
     }
     /* Find the response in the SOAP message. */
     $response = self::extractResponse($response);
     return $response;
 }
开发者ID:hukumonline,项目名称:yii,代码行数:35,代码来源:Artifact.php

示例15: array

            break;
    }
    $eps[] = $acsArray;
    $index++;
}
$metaArray20['AssertionConsumerService'] = $eps;
$keys = array();
$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig, FALSE, 'new_');
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
    $hasNewCert = TRUE;
    $certData = $certInfo['certData'];
    $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => TRUE, 'X509Certificate' => $certInfo['certData']);
} else {
    $hasNewCert = FALSE;
}
$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
    $certData = $certInfo['certData'];
    $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => $hasNewCert ? FALSE : TRUE, 'X509Certificate' => $certInfo['certData']);
} else {
    $certData = NULL;
}
$name = $spconfig->getLocalizedString('name', NULL);
$attributes = $spconfig->getArray('attributes', array());
if ($name !== NULL && !empty($attributes)) {
    $metaArray20['name'] = $name;
    $metaArray20['attributes'] = $attributes;
    $metaArray20['attributes.required'] = $spconfig->getArray('attributes.required', array());
    $description = $spconfig->getArray('description', NULL);
    if ($description !== NULL) {
        $metaArray20['description'] = $description;
开发者ID:emma5021,项目名称:toba,代码行数:31,代码来源:metadata.php


注:本文中的SimpleSAML_Utilities::loadPublicKey方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。