Metadata/SAMLBuilder: Add two KeyDescriptor-elements - for signing and encryption.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1462 44740490-163a-0410-bde0-09ae8108e29a

Metadata/SAMLBuilder: Add two KeyDescriptor-elements - for signing and encryption.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1462 44740490-163a-0410-bde0-09ae8108e29a
3b176f02 · Olav Morken · cdef0874 · 3b176f02
Commit 3b176f02 authored 15 years ago by Olav Morken
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -583,6 +583,37 @@ class SimpleSAML_Metadata_SAMLBuilder {
 	}


+	/**
+	 * Add a KeyDescriptor with an X509 certificate.
+	 *
+	 * @param DOMElement $ssoDesc  The IDPSSODescroptor or SPSSODecriptor the certificate
+	 *                             should be added to.
+	 * @param string|NULL $use  The value of the use-attribute.
+	 * @param string $x509data  The certificate data.
+	 */
+	private function addX509KeyDescriptor(DOMElement $ssoDesc, $use, $x509data) {
+		assert('in_array($use, array(NULL, "encryption", "signing"), TRUE)');
+		assert('is_string($x509data)');
+
+		$keyDescriptor = $this->createElement('KeyDescriptor');
+		if ($use !== NULL) {
+			$keyDescriptor->setAttribute('use', $use);
+		}
+		$ssoDesc->appendChild($keyDescriptor);
+
+		$keyInfo = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:KeyInfo');
+		$keyDescriptor->appendChild($keyInfo);
+
+		$x509Data = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:X509Data');
+		$keyInfo->appendChild($x509Data);
+
+		$x509Certificate = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:X509Certificate');
+		$x509Data->appendChild($x509Certificate);
+
+		$x509Certificate->appendChild($this->document->createTextNode($x509data));
+	}
+
+
 	/**
 	 * Add certificate.
 	 *
@@ -603,20 +634,8 @@ class SimpleSAML_Metadata_SAMLBuilder {

 		$certData = $certInfo['certData'];

-		$keyDescriptor = $this->createElement('KeyDescriptor');
-		$keyDescriptor->setAttribute('use', 'signing');
-		$ssoDesc->appendChild($keyDescriptor);
-
-		$keyInfo = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:KeyInfo');
-		$keyDescriptor->appendChild($keyInfo);
-
-		$x509Data = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:X509Data');
-		$keyInfo->appendChild($x509Data);
-
-		$x509Certificate = $this->document->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'ds:X509Certificate');
-		$x509Data->appendChild($x509Certificate);
-
-		$x509Certificate->appendChild($this->document->createTextNode($certData));
+		$this->addX509KeyDescriptor($ssoDesc, 'signing', $certData);
+		$this->addX509KeyDescriptor($ssoDesc, 'encryption', $certData);
 	}

 }