Adds the x509 descriptors (sign/encriptation) to the metadata
The same cert will be used for sign/encrypt
/**
* Gets the SP metadata. The XML representation.
*
* @return string SP metadata (xml)
*/
public function getSPMetadata()
{
$metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], null, null, $this->getContacts(), $this->getOrganization());
$cert = $this->getSPcert();
if (!empty($cert)) {
$metadata = OneLogin_Saml2_Metadata::addX509KeyDescriptors($metadata, $cert);
}
//Sign Metadata
if (isset($this->_security['signMetadata']) && $this->_security['signMetadata'] !== false) {
if ($this->_security['signMetadata'] === true) {
$keyMetadata = $this->getSPkey();
$certMetadata = $cert;
if (!$keyMetadata) {
throw new OneLogin_Saml2_Error('Private key not found.', OneLogin_Saml2_Error::PRIVATE_KEY_FILE_NOT_FOUND);
}
if (!$certMetadata) {
throw new OneLogin_Saml2_Error('Public cert file not found.', OneLogin_Saml2_Error::PUBLIC_CERT_FILE_NOT_FOUND);
}
} else {
if (!isset($this->_security['signMetadata']['keyFileName']) || !isset($this->_security['signMetadata']['certFileName'])) {
throw new OneLogin_Saml2_Error('Invalid Setting: signMetadata value of the sp is not valid', OneLogin_Saml2_Error::SETTINGS_INVALID_SYNTAX);
}
$keyFileName = $this->_security['signMetadata']['keyFileName'];
$certFileName = $this->_security['signMetadata']['certFileName'];
$keyMetadataFile = $this->_paths['cert'] . $keyFileName;
$certMetadataFile = $this->_paths['cert'] . $certFileName;
if (!file_exists($keyMetadataFile)) {
throw new OneLogin_Saml2_Error('Private key file not found: %s', OneLogin_Saml2_Error::PRIVATE_KEY_FILE_NOT_FOUND, array($keyMetadataFile));
}
if (!file_exists($certMetadataFile)) {
throw new OneLogin_Saml2_Error('Public cert file not found: %s', OneLogin_Saml2_Error::PUBLIC_CERT_FILE_NOT_FOUND, array($certMetadataFile));
}
$keyMetadata = file_get_contents($keyMetadataFile);
$certMetadata = file_get_contents($certMetadataFile);
}
$metadata = OneLogin_Saml2_Metadata::signMetadata($metadata, $keyMetadata, $certMetadata);
}
return $metadata;
}
/**
* Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata
*
* @covers OneLogin_Saml2_Metadata::addX509KeyDescriptors
*/
public function testAddX509KeyDescriptors()
{
$settingsDir = TEST_ROOT . '/settings/';
include $settingsDir . 'settings1.php';
$settings = new OneLogin_Saml2_Settings($settingsInfo);
$spData = $settings->getSPData();
$metadata = OneLogin_Saml2_Metadata::builder($spData);
$this->assertNotContains('<md:KeyDescriptor use="signing"', $metadata);
$this->assertNotContains('<md:KeyDescriptor use="encryption"', $metadata);
$certPath = $settings->getCertPath();
$cert = file_get_contents($certPath . 'sp.crt');
$metadataWithDescriptors = OneLogin_Saml2_Metadata::addX509KeyDescriptors($metadata, $cert);
$this->assertContains('<md:KeyDescriptor use="signing"', $metadataWithDescriptors);
$this->assertContains('<md:KeyDescriptor use="encryption"', $metadataWithDescriptors);
try {
$signedMetadata2 = OneLogin_Saml2_Metadata::addX509KeyDescriptors('', $cert);
$this->assertFalse(true);
} catch (Exception $e) {
$this->assertContains('Error parsing metadata', $e->getMessage());
}
libxml_use_internal_errors(true);
$unparsedMetadata = file_get_contents(TEST_ROOT . '/data/metadata/unparsed_metadata.xml');
try {
$metadataWithDescriptors = OneLogin_Saml2_Metadata::addX509KeyDescriptors($unparsedMetadata, $cert);
$this->assertFalse(true);
} catch (Exception $e) {
$this->assertContains('Error parsing metadata', $e->getMessage());
}
}