/** * Create identity certificate * * Create an identity certificate that is signed by this identity providers key * * @access public * @static * @param string $principal The mail address of the person to identify * @param AbstractPublicKey $publicKeyIdentity The public key of the person * @param int $now Unix Timestamp in milliseconds or null for now * @param string $issuer Issuer domain of the identity provider or null for the configured hostname * @return string The serialized signed identity certificate */ public static function createIdentityCert($principal, $publicKeyIdentity, $now = null, $issuer = null) { if ($now == null) { $now = time() * 1000; } if ($issuer == null) { $issuer = Configuration::getInstance()->get('hostname'); } $expires = $now + Configuration::getInstance()->get('identity_validity') * 1000; $certAssertion = new Assertion($now, $expires, $issuer, null); $certParams = new CertParams($publicKeyIdentity, array("email" => $principal)); $cert = new Cert($certAssertion, $certParams, null); return $cert->sign(Secrets::loadSecretKey()); }