/**
  * Add a KeyDescriptor with an X509 certificate.
  *
  * @param SAML2_XML_md_RoleDescriptor $rd  The RoleDescriptor the certificate should be added to.
  * @param string $use  The value of the use-attribute.
  * @param string $x509data  The certificate data.
  */
 private function addX509KeyDescriptor(SAML2_XML_md_RoleDescriptor $rd, $use, $x509data)
 {
     assert('in_array($use, array("encryption", "signing"), TRUE)');
     assert('is_string($x509data)');
     $keyDescriptor = SAML2_Utils::createKeyDescriptor($x509data);
     $keyDescriptor->use = $use;
     $rd->KeyDescriptor[] = $keyDescriptor;
 }
Exemplo n.º 2
0
    $kd = SAML2_Utils::createKeyDescriptor($certData);
    $kd->use = 'encryption';
    $sp->KeyDescriptor[] = $kd;
    $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => TRUE, 'X509Certificate' => $certInfo['certData']);
} else {
    $hasNewCert = FALSE;
}
$certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig);
if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
    $certData = $certInfo['certData'];
    $kd = SAML2_Utils::createKeyDescriptor($certData);
    $kd->use = 'signing';
    $sp->KeyDescriptor[] = $kd;
    if (!$hasNewCert) {
        /* Don't include the old certificate for encryption when we have a newer certificate. */
        $kd = SAML2_Utils::createKeyDescriptor($certData);
        $kd->use = 'encryption';
        $sp->KeyDescriptor[] = $kd;
    }
    $keys[] = array('type' => 'X509Certificate', 'signing' => TRUE, 'encryption' => $hasNewCert ? FALSE : TRUE, 'X509Certificate' => $certInfo['certData']);
} else {
    $certData = NULL;
}
$name = $spconfig->getLocalizedString('name', NULL);
$attributes = $spconfig->getArray('attributes', array());
if ($name !== NULL && !empty($attributes)) {
    /* We have everything necessary to add an AttributeConsumingService. */
    $acs = new SAML2_XML_md_AttributeConsumingService();
    $sp->AttributeConsumingService[] = $acs;
    $acs->index = 0;
    $acs->ServiceName = $name;