Skip to content

Commit bc16ada

Browse files
olavmo-siktolavmo-sikt
committed
Allow absolute paths to certificates.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2237 44740490-163a-0410-bde0-09ae8108e29a
1 parent 76bdd7b commit bc16ada

8 files changed

Lines changed: 29 additions & 29 deletions

File tree

lib/SimpleSAML/Bindings/Shib13/Artifact.php

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -137,8 +137,7 @@ public static function receive(SimpleSAML_Configuration $spMetadata, SimpleSAML_
137137
SimpleSAML_Utilities::writeFile($file, $certData);
138138
}
139139

140-
$globalConfig = SimpleSAML_Configuration::getInstance();
141-
$spKeyCertFile = $globalConfig->getPathValue('certdir', 'cert/') . $spMetadata->getString('privatekey');
140+
$spKeyCertFile = SimpleSAML_Utilities::resolveCert($spMetadata->getString('privatekey'));
142141

143142
$opts = array(
144143
'ssl' => array(

lib/SimpleSAML/Metadata/Signer.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -143,13 +143,13 @@ public static function sign($metadataString, $entityMetadata, $type) {
143143

144144
$keyCertFiles = self::findKeyCert($config, $entityMetadata, $type);
145145

146-
$keyFile = $config->getPathValue('certdir', 'cert/') . $keyCertFiles['privatekey'];
146+
$keyFile = SimpleSAML_Utilities::resolveCert($keyCertFiles['privatekey']);
147147
if (!file_exists($keyFile)) {
148148
throw new Exception('Could not find private key file [' . $keyFile . '], which is needed to sign the metadata');
149149
}
150150
$keyData = file_get_contents($keyFile);
151151

152-
$certFile = $config->getPathValue('certdir', 'cert/') . $keyCertFiles['certificate'];
152+
$certFile = SimpleSAML_Utilities::resolveCert($keyCertFiles['certificate']);
153153
if (!file_exists($certFile)) {
154154
throw new Exception('Could not find certificate file [' . $certFile . '], which is needed to sign the metadata');
155155
}

lib/SimpleSAML/Utilities.php

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1478,6 +1478,21 @@ public static function getLastError() {
14781478
}
14791479

14801480

1481+
/**
1482+
* Resolves a path that may be relative to the cert-directory.
1483+
*
1484+
* @param string $path The (possibly relative) path to the file.
1485+
* @return string The file path.
1486+
*/
1487+
public static function resolveCert($path) {
1488+
assert('is_string($path)');
1489+
1490+
$globalConfig = SimpleSAML_Configuration::getInstance();
1491+
$base = $globalConfig->getPathValue('certdir', 'cert/');
1492+
return SimpleSAML_Utilities::resolvePath($path, $base);
1493+
}
1494+
1495+
14811496
/**
14821497
* Get public key or certificate from metadata.
14831498
*
@@ -1525,8 +1540,7 @@ public static function loadPublicKey($metadata, $required = FALSE, $prefix = '')
15251540

15261541
} elseif (array_key_exists($prefix . 'certificate', $metadata)) {
15271542
/* Reference to certificate file. */
1528-
$config = SimpleSAML_Configuration::getInstance();
1529-
$file = $config->getPathValue('certdir', 'cert/') . $metadata[$prefix . 'certificate'];
1543+
$file = SimpleSAML_Utilities::resolveCert($metadata[$prefix . 'certificate']);
15301544
$data = @file_get_contents($file);
15311545
if ($data === FALSE) {
15321546
throw new Exception('Unable to load certificate/public key from file "' . $file . '"');
@@ -1612,8 +1626,7 @@ public static function loadPrivateKey($metadata, $required = FALSE, $prefix = ''
16121626
}
16131627
}
16141628

1615-
$config = SimpleSAML_Configuration::getInstance();
1616-
$file = $config->getPathValue('certdir', 'cert/') . $metadata[$prefix . 'privatekey'];
1629+
$file = SimpleSAML_Utilities::resolveCert($metadata[$prefix . 'privatekey']);
16171630
$data = @file_get_contents($file);
16181631
if ($data === FALSE) {
16191632
throw new Exception('Unable to load private key from file "' . $file . '"');

lib/SimpleSAML/XML/Shib13/AuthnResponse.php

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -98,8 +98,7 @@ public function validate() {
9898
$this->validator->validateFingerprint($issuerFingerprint);
9999
} elseif(array_key_exists('caFile', $md)) {
100100
/* Validate against CA. */
101-
$globalConfig = SimpleSAML_Configuration::getInstance();
102-
$this->validator->validateCA($globalConfig->getPathValue('certdir', 'cert/') . $md['caFile']);
101+
$this->validator->validateCA(SimpleSAML_Utilities::resolveCert($md['caFile']));
103102
} else {
104103
throw new Exception('Required field [certFingerprint] or [caFile] in Shibboleth 1.3 IdP Remote metadata was not found for identity provider [' . $issuer . ']. Please add a fingerprint and try again. You can add a dummy fingerprint first, and then an error message will be printed with the real fingerprint.');
105104
}

lib/SimpleSAML/XML/Signer.php

Lines changed: 3 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,6 @@
1212
class SimpleSAML_XML_Signer {
1313

1414

15-
/**
16-
* The path to the simpleSAMLphp cert dir.
17-
*/
18-
private static $certDir = FALSE;
19-
2015
/**
2116
* The name of the ID attribute.
2217
*/
@@ -58,11 +53,6 @@ class SimpleSAML_XML_Signer {
5853
public function __construct($options = array()) {
5954
assert('is_array($options)');
6055

61-
if(self::$certDir === FALSE) {
62-
$config = SimpleSAML_Configuration::getInstance();
63-
self::$certDir = $config->getPathValue('certdir', 'cert/');
64-
}
65-
6656
$this->idAttrName = FALSE;
6757
$this->privateKey = FALSE;
6858
$this->certificate = FALSE;
@@ -128,7 +118,7 @@ public function loadPrivateKey($file, $pass = NULL) {
128118
assert('is_string($file)');
129119
assert('is_string($pass) || is_null($pass)');
130120

131-
$keyFile = self::$certDir . $file;
121+
$keyFile = SimpleSAML_Utilities::resolveCert($file);
132122
if (!file_exists($keyFile)) {
133123
throw new Exception('Could not find private key file "' . $keyFile . '".');
134124
}
@@ -178,7 +168,7 @@ public function loadPublicKeyArray($publickey) {
178168
public function loadCertificate($file) {
179169
assert('is_string($file)');
180170

181-
$certFile = self::$certDir . $file;
171+
$certFile = SimpleSAML_Utilities::resolveCert($file);
182172
if (!file_exists($certFile)) {
183173
throw new Exception('Could not find certificate file "' . $certFile . '".');
184174
}
@@ -213,7 +203,7 @@ public function setIDAttribute($idAttrName) {
213203
public function addCertificate($file) {
214204
assert('is_string($file)');
215205

216-
$certFile = self::$certDir . $file;
206+
$certFile = SimpleSAML_Utilities::resolveCert($file);
217207
if (!file_exists($certFile)) {
218208
throw new Exception('Could not find extra certificate file "' . $certFile . '".');
219209
}

modules/adfs/lib/IdP/ADFS.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -156,9 +156,9 @@ public static function sendResponse(array $state) {
156156

157157
$response = sspmod_adfs_IdP_ADFS::ADFS_GenerateResponse($idpEntityId, $spEntityId, $nameid, $attributes);
158158

159-
$config = SimpleSAML_Configuration::getInstance();
160-
$certdir = $config->getPathValue('certdir', 'cert/');
161-
$wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $certdir . $idpMetadata->getString('privatekey'), $certdir . $idpMetadata->getString('certificate'));
159+
$privateKeyFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('privatekey'));
160+
$certificateFile = SimpleSAML_Utilities::resolveCert($idpMetadata->getString('certificate'));
161+
$wresult = sspmod_adfs_IdP_ADFS::ADFS_SignResponse($response, $privateKeyFile, $certificateFile);
162162

163163
$wctx = $state['adfs:wctx'];
164164
sspmod_adfs_IdP_ADFS::ADFS_PostResponse($spMetadata->getValue('prp'), $wresult, $wctx);

modules/saml2/lib/Message.php

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -164,8 +164,7 @@ public static function checkSign(SimpleSAML_Configuration $srcMetadata, SAML2_Si
164164
'Missing certificate in metadata for ' .
165165
var_export($srcMetadata->getString('entityid'), TRUE));
166166
}
167-
$globalConfig = SimpleSAML_Configuration::getInstance();
168-
$caFile = $globalConfig->getPathValue('certdir', 'cert/') . $caFile;
167+
$caFile = SimpleSAML_Utilities::resolveCert($caFile);
169168

170169
if (count($certificates) === 0) {
171170
/* We need the full certificate in order to check it against the CA file. */

www/wsfed/sp/prp.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@
7878

7979
/* Find the certificate used by the IdP. */
8080
if(array_key_exists('certificate', $idpMetadata)) {
81-
$certFile = $config->getPathvalue('certdir', 'cert/') . $idpMetadata['certificate'];
81+
SimpleSAML_Utilities::resolveCert($idpMetadata['certificate']);
8282
} else {
8383
throw new Exception('Missing \'certificate\' metadata option in the \'wsfed-idp-remote\' metadata' .
8484
' for the IdP \'' . $idpEntityId . '\'.');

0 commit comments

Comments
 (0)