saml2/idp: Allow downloading of certificate files.
Thanks to Dyonisius Visser for implementing this! git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@2858 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
olavmrk
parent
7bc081bcf2
commit
a77fb9df74
|
|
@ -104,6 +104,12 @@
|
|||
"metadata_metadata": {
|
||||
"en": "Metadata"
|
||||
},
|
||||
"metadata_cert": {
|
||||
"en": "Certificates"
|
||||
},
|
||||
"metadata_cert_intro": {
|
||||
"en": "Download the X509 certificates as PEM-encoded files."
|
||||
},
|
||||
"metadata_xmlformat": {
|
||||
"en": "In SAML 2.0 Metadata XML format:"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -984,5 +984,11 @@
|
|||
"ja": "\u304a\u77e5\u3089\u305b",
|
||||
"lt": "Prane\u0161imai",
|
||||
"zh-tw": "\u5099\u8a3b"
|
||||
},
|
||||
"metadata_cert": {
|
||||
"nl": "Certificaten"
|
||||
},
|
||||
"metadata_cert_intro": {
|
||||
"nl": "Download de X509-certificaten in PEM-formaat."
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
<?php
|
||||
|
||||
/* Load simpleSAMLphp, configuration and metadata */
|
||||
$config = SimpleSAML_Configuration::getInstance();
|
||||
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
|
||||
|
||||
if (!$config->getBoolean('enable.saml20-idp', false))
|
||||
throw new SimpleSAML_Error_Error('NOACCESS');
|
||||
|
||||
/* Check if valid local session exists.. */
|
||||
if ($config->getBoolean('admin.protectmetadata', false)) {
|
||||
SimpleSAML_Utilities::requireAdmin();
|
||||
}
|
||||
|
||||
$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
|
||||
$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
|
||||
|
||||
switch($_SERVER['PATH_INFO']) {
|
||||
case '/new_idp.crt':
|
||||
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, FALSE, 'new_');
|
||||
break;
|
||||
case '/idp.crt':
|
||||
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
|
||||
break;
|
||||
case '/https.crt':
|
||||
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE, 'https.');
|
||||
break;
|
||||
default:
|
||||
throw new SimpleSAML_Error_NotFound('Unknown certificate.');
|
||||
}
|
||||
|
||||
header('Content-Disposition: attachment; filename='.substr($_SERVER['PATH_INFO'], 1));
|
||||
header('Content-Type: application/x-x509-ca-cert');
|
||||
echo $certInfo['PEM'];
|
||||
exit(0);
|
||||
|
||||
?>
|
||||
|
|
@ -26,7 +26,25 @@ $this->includeAtTemplateBase('includes/header.php');
|
|||
</pre>
|
||||
|
||||
|
||||
|
||||
<?php
|
||||
if(array_key_exists('available_certs', $this->data)) { ?>
|
||||
<h2><?php echo($this->t('metadata_cert')); ?></h2>
|
||||
<p><?php echo($this->t('metadata_cert_intro')); ?></p>
|
||||
<ul>
|
||||
<?php
|
||||
foreach(array_keys($this->data['available_certs']) as $certName) {
|
||||
echo ('<li><a href="'.
|
||||
htmlspecialchars(SimpleSAML_Module::getModuleURL('saml/idp/certs.php').'/'.$certName).'">'.$certName.'</a>');
|
||||
if($this->data['available_certs'][$certName]['certFingerprint'][0] == 'afe71c28ef740bc87425be13a2263d37971da1f9') {
|
||||
echo (' <img style="display: inline;" src="/' . $this->data['baseurlpath'] .
|
||||
'resources/icons/silk/exclamation.png" alt="default certificate" />
|
||||
This is the default certificate. Generate a new certificate if this is a production system.');
|
||||
}
|
||||
echo '</li>';
|
||||
}
|
||||
echo '</ul>';
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -19,9 +19,12 @@ try {
|
|||
$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
|
||||
$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
|
||||
|
||||
$availableCerts = array();
|
||||
|
||||
$keys = array();
|
||||
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, FALSE, 'new_');
|
||||
if ($certInfo !== NULL) {
|
||||
$availableCerts['new_idp.crt'] = $certInfo;
|
||||
$keys[] = array(
|
||||
'type' => 'X509Certificate',
|
||||
'signing' => TRUE,
|
||||
|
|
@ -34,6 +37,7 @@ try {
|
|||
}
|
||||
|
||||
$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
|
||||
$availableCerts['idp.crt'] = $certInfo;
|
||||
$keys[] = array(
|
||||
'type' => 'X509Certificate',
|
||||
'signing' => TRUE,
|
||||
|
|
@ -44,6 +48,7 @@ try {
|
|||
if ($idpmeta->hasValue('https.certificate')) {
|
||||
$httpsCert = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE, 'https.');
|
||||
assert('isset($httpsCert["certData"])');
|
||||
$availableCerts['https.crt'] = $httpsCert;
|
||||
$keys[] = array(
|
||||
'type' => 'X509Certificate',
|
||||
'signing' => TRUE,
|
||||
|
|
@ -112,7 +117,7 @@ try {
|
|||
|
||||
$t = new SimpleSAML_XHTML_Template($config, 'metadata.php', 'admin');
|
||||
|
||||
|
||||
$t->data['available_certs'] = $availableCerts;
|
||||
$t->data['header'] = 'saml20-idp';
|
||||
$t->data['metaurl'] = SimpleSAML_Utilities::selfURLNoQuery();
|
||||
$t->data['metadata'] = htmlspecialchars($metaxml);
|
||||
|
|
|
|||
Reference in New Issue