Aggregator: Add support for signing metadata.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@885 44740490-163a-0410-bde0-09ae8108e29a

modules/aggregator/config-template/aggregator.php

@@ -12,6 +12,19 @@ $config = array(
 		),
 	),
 
+
+	/* Whether metadata should be signed. */
+	'sign.enable' => FALSE,
+
+	/* Private key which should be used when signing the metadata. */
+	'sign.privatekey' => 'server.key',
+
+	/* Password to decrypt private key, or NULL if the private key is unencrypted. */
+	'sign.privatekey_pass' => NULL,
+
+	/* Certificate which should be included in the signature. Should correspond to the private key. */
+	'sign.certificate' => 'server.crt',
+
 );
 
 ?>
\ No newline at end of file

modules/aggregator/www/index.php

@@ -103,6 +103,21 @@ foreach ($entities as $entity => $sets) {
 	$entitiesDescriptor->appendChild($xml->importNode($entityDescriptor, TRUE));
 }
 
+/* Sign the metadata if enabled. */
+if ($aggregatorConfig->getBoolean('sign.enable', FALSE)) {
+	$privateKey = $aggregatorConfig->getString('sign.privatekey');
+	$privateKeyPass = $aggregatorConfig->getString('sign.privatekey_pass', NULL);
+	$certificate = $aggregatorConfig->getString('sign.certificate');
+
+	$signer = new SimpleSAML_XML_Signer(array(
+		'privatekey' => $privateKey,
+		'privatekey_pass' => $privateKeyPass,
+		'certificate' => $certificate,
+		'id' => 'ID',
+		));
+	$signer->sign($entitiesDescriptor, $entitiesDescriptor, $entitiesDescriptor->firstChild);
+}
+
 /* Show the metadata. */
 if(array_key_exists('mimetype', $_GET)) {
 	$mimeType = $_GET['mimetype'];