/**
* Add a KeyDescriptor with an X509 certificate.
*
* @param SAML2_XML_md_RoleDescriptor $rd The RoleDescriptor the certificate should be added to.
* @param string $use The value of the use-attribute.
* @param string $x509data The certificate data.
*/
private function addX509KeyDescriptor(SAML2_XML_md_RoleDescriptor $rd, $use, $x509data)
{
assert('in_array($use, array("encryption", "signing"), TRUE)');
assert('is_string($x509data)');
$keyDescriptor = SAML2_Utils::createKeyDescriptor($x509data);
$keyDescriptor->use = $use;
$rd->KeyDescriptor[] = $keyDescriptor;
}
$kd = SAML2_Utils::createKeyDescriptor($certData);
$kd->use = 'encryption';
$sp->KeyDescriptor[] = $kd;
$keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => TRUE, 'X509Certificate' => $certInfo['certData']);
} else {
$hasNewCert = FALSE;
}
$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
$certData = $certInfo['certData'];
$kd = SAML2_Utils::createKeyDescriptor($certData);
$kd->use = 'signing';
$sp->KeyDescriptor[] = $kd;
if (!$hasNewCert) {
/* Don't include the old certificate for encryption when we have a newer certificate. */
$kd = SAML2_Utils::createKeyDescriptor($certData);
$kd->use = 'encryption';
$sp->KeyDescriptor[] = $kd;
}
$keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => $hasNewCert ? FALSE : TRUE, 'X509Certificate' => $certInfo['certData']);
} else {
$certData = NULL;
}
$name = $spconfig->getLocalizedString('name', NULL);
$attributes = $spconfig->getArray('attributes', array());
if ($name !== NULL && !empty($attributes)) {
/* We have everything necessary to add an AttributeConsumingService. */
$acs = new SAML2_XML_md_AttributeConsumingService();
$sp->AttributeConsumingService[] = $acs;
$acs->index = 0;
$acs->ServiceName = $name;
