From 535acbafaa709363bf5847d0b08cb8b7142ce6eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hans=20Ho=CC=88rberg?= <hans.horberg@umu.se>
Date: Fri, 28 Feb 2014 08:30:18 +0100
Subject: [PATCH] Added code to retrieve certificate.

---
 .gitignore                          | 2 ++
 src/saml2/authn_context/__init__.py | 2 +-
 src/saml2/server.py                 | 5 +++++
 src/saml2/sigver.py                 | 2 ++
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 9bfed08..5c137b1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -147,3 +147,5 @@ example/sp/sp_nocert.xml
 example/sp/sp_nocert2.xml
 
 example/sp/test.py
+
+example/sp/sp_conf.py
diff --git a/src/saml2/authn_context/__init__.py b/src/saml2/authn_context/__init__.py
index b75a857..d1cc420 100644
--- a/src/saml2/authn_context/__init__.py
+++ b/src/saml2/authn_context/__init__.py
@@ -136,7 +136,7 @@ class AuthnBroker(object):
                 res = []
 
             for ref in _refs[1:]:
-                item = self.db[ref]
+                item = self.db["info"][ref]
                 res.append((item["method"], ref))
                 if func(_level, item["level"]):
                     _level = item["level"]
diff --git a/src/saml2/server.py b/src/saml2/server.py
index 73622e8..de9695f 100644
--- a/src/saml2/server.py
+++ b/src/saml2/server.py
@@ -83,6 +83,11 @@ class Server(Entity):
         self.iv = os.urandom(16)
         self.lock = threading.Lock()
 
+    def getvalid_certificate_str(self):
+        if self.sec.cert_handler is not None:
+            return self.sec.cert_handler._last_validated_cert
+        return None
+
     def support_AssertionIDRequest(self):
         return True
 
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
index 36ba542..11ea524 100644
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -964,6 +964,7 @@ class CertHandler(object):
         """
         self._verify_cert = False
         self._generate_cert = False
+        self._last_cert_verified = None #This cert do not have to be valid, it is just the last cert to be validated.
         if cert_type == "pem" and key_type == "pem":
             self._verify_cert = verify_cert is True
             self._security_context = security_context
@@ -993,6 +994,7 @@ class CertHandler(object):
     def verify_cert(self, cert_file):
         if self._verify_cert:
             cert_str = self._osw.read_str_from_file(cert_file, "pem")
+            self._last_validated_cert = cert_str
             if self._cert_handler_extra_class is not None and self._cert_handler_extra_class.use_validate_cert_func():
                 self._cert_handler_extra_class.validate_cert(cert_str, self._cert_str, self._key_str)
             else: