From d4fe2dbf51ac8248b9055cb86c94154e2cd387e8 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 10 Aug 2010 11:27:23 +0000
Subject: [PATCH] SAMLParser: Add support for multiple certificates.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2515 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Metadata/SAMLBuilder.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php
index 9dcfcbfd2..a3d090e2c 100644
--- a/lib/SimpleSAML/Metadata/SAMLBuilder.php
+++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php
@@ -586,11 +586,19 @@ class SimpleSAML_Metadata_SAMLBuilder {
 	 */
 	private function addCertificate(SAML2_XML_md_RoleDescriptor $rd, SimpleSAML_Configuration $metadata) {
 
-		$certInfo = SimpleSAML_Utilities::loadPublicKey($metadata);
-		if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
-			$certData = $certInfo['certData'];
-			$this->addX509KeyDescriptor($rd, 'signing', $certData);
-			$this->addX509KeyDescriptor($rd, 'encryption', $certData);
+		$keys = $metadata->getPublicKeys();
+		if ($keys !== NULL) {
+			foreach ($keys as $key) {
+				if ($key['type'] !== 'X509Certificate') {
+					continue;
+				}
+				if (!isset($key['signing']) || $key['signing'] === TRUE) {
+					$this->addX509KeyDescriptor($rd, 'signing', $key['X509Certificate']);
+				}
+				if (!isset($key['encryption']) || $key['encryption'] === TRUE) {
+					$this->addX509KeyDescriptor($rd, 'encryption', $key['X509Certificate']);
+				}
+			}
 		}
 
 		if ($metadata->hasValue('https.certData')) {
-- 
GitLab