From 3b176f02bd32c55b1444e0705dc04cfdac591c84 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 16 Apr 2009 06:42:04 +0000
Subject: [PATCH] Metadata/SAMLBuilder: Add two KeyDescriptor-elements - for
 signing and encryption.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1462 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Metadata/SAMLBuilder.php | 47 +++++++++++++++++--------
 1 file changed, 33 insertions(+), 14 deletions(-)

diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index ffcd18ef5..05d9d7a93 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -583,6 +583,37 @@ class SimpleSAML_Metadata_SAMLBuilder {
 	}
 
 
+	/**
+	 * Add a KeyDescriptor with an X509 certificate.
+	 *
+	 * @param DOMElement $ssoDesc  The IDPSSODescroptor or SPSSODecriptor the certificate
+	 *                             should be added to.
+	 * @param string|NULL $use  The value of the use-attribute.
+	 * @param string $x509data  The certificate data.
+	 */
+	private function addX509KeyDescriptor(DOMElement $ssoDesc, $use, $x509data) {
+		assert('in_array($use, array(NULL, "encryption", "signing"), TRUE)');
+		assert('is_string($x509data)');
+
+		$keyDescriptor = $this->createElement('KeyDescriptor');
+		if ($use !== NULL) {
+			$keyDescriptor->setAttribute('use', $use);
+		}
+		$ssoDesc->appendChild($keyDescriptor);
+
+		$keyInfo = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:KeyInfo');
+		$keyDescriptor->appendChild($keyInfo);
+
+		$x509Data = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:X509Data');
+		$keyInfo->appendChild($x509Data);
+
+		$x509Certificate = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:X509Certificate');
+		$x509Data->appendChild($x509Certificate);
+
+		$x509Certificate->appendChild($this->document->createTextNode($x509data));
+	}
+
+
 	/**
 	 * Add certificate.
 	 *
@@ -603,20 +634,8 @@ class SimpleSAML_Metadata_SAMLBuilder {
 
 		$certData = $certInfo['certData'];
 
-		$keyDescriptor = $this->createElement('KeyDescriptor');
-		$keyDescriptor->setAttribute('use', 'signing');
-		$ssoDesc->appendChild($keyDescriptor);
-
-		$keyInfo = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:KeyInfo');
-		$keyDescriptor->appendChild($keyInfo);
-
-		$x509Data = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:X509Data');
-		$keyInfo->appendChild($x509Data);
-
-		$x509Certificate = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:X509Certificate');
-		$x509Data->appendChild($x509Certificate);
-
-		$x509Certificate->appendChild($this->document->createTextNode($certData));
+		$this->addX509KeyDescriptor($ssoDesc, 'signing', $certData);
+		$this->addX509KeyDescriptor($ssoDesc, 'encryption', $certData);
 	}
 
 }
-- 
GitLab