/**
* Create identity certificate
*
* Create an identity certificate that is signed by this identity providers key
*
* @access public
* @static
* @param string $principal The mail address of the person to identify
* @param AbstractPublicKey $publicKeyIdentity The public key of the person
* @param int $now Unix Timestamp in milliseconds or null for now
* @param string $issuer Issuer domain of the identity provider or null for the configured hostname
* @return string The serialized signed identity certificate
*/
public static function createIdentityCert($principal, $publicKeyIdentity, $now = null, $issuer = null)
{
if ($now == null) {
$now = time() * 1000;
}
if ($issuer == null) {
$issuer = Configuration::getInstance()->get('hostname');
}
$expires = $now + Configuration::getInstance()->get('identity_validity') * 1000;
$certAssertion = new Assertion($now, $expires, $issuer, null);
$certParams = new CertParams($publicKeyIdentity, array("email" => $principal));
$cert = new Cert($certAssertion, $certParams, null);
return $cert->sign(Secrets::loadSecretKey());
}
