/** * Add a KeyDescriptor with an X509 certificate. * * @param SAML2_XML_md_RoleDescriptor $rd The RoleDescriptor the certificate should be added to. * @param string $use The value of the use-attribute. * @param string $x509data The certificate data. */ private function addX509KeyDescriptor(SAML2_XML_md_RoleDescriptor $rd, $use, $x509data) { assert('in_array($use, array("encryption", "signing"), TRUE)'); assert('is_string($x509data)'); $keyDescriptor = SAML2_Utils::createKeyDescriptor($x509data); $keyDescriptor->use = $use; $rd->KeyDescriptor[] = $keyDescriptor; }
$kd = SAML2_Utils::createKeyDescriptor($certData); $kd->use = 'encryption'; $sp->KeyDescriptor[] = $kd; $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => TRUE, 'X509Certificate' => $certInfo['certData']); } else { $hasNewCert = FALSE; } $certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig); if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) { $certData = $certInfo['certData']; $kd = SAML2_Utils::createKeyDescriptor($certData); $kd->use = 'signing'; $sp->KeyDescriptor[] = $kd; if (!$hasNewCert) { /* Don't include the old certificate for encryption when we have a newer certificate. */ $kd = SAML2_Utils::createKeyDescriptor($certData); $kd->use = 'encryption'; $sp->KeyDescriptor[] = $kd; } $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => $hasNewCert ? FALSE : TRUE, 'X509Certificate' => $certInfo['certData']); } else { $certData = NULL; } $name = $spconfig->getLocalizedString('name', NULL); $attributes = $spconfig->getArray('attributes', array()); if ($name !== NULL && !empty($attributes)) { /* We have everything necessary to add an AttributeConsumingService. */ $acs = new SAML2_XML_md_AttributeConsumingService(); $sp->AttributeConsumingService[] = $acs; $acs->index = 0; $acs->ServiceName = $name;