From d5caf22e619fe09af6948b99dc2c3240db155fe1 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 7 Mar 2011 13:24:01 +0000
Subject: [PATCH] saml_Message: Add getEncryptionKey function.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2744 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/Message.php | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index eb286dac0..1a0574fd7 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -655,4 +655,36 @@ class sspmod_saml_Message {
 		return $assertion;
 	}
 
+
+	/**
+	 * Retrieve the encryption key for the given entity.
+	 *
+	 * @param SimpleSAML_Configuration $metadata  The metadata of the entity.
+	 * @return XMLSecurityKey  The encryption key.
+	 */
+	public static function getEncryptionKey(SimpleSAML_Configuration $metadata) {
+
+		$sharedKey = $metadata->getString('sharedkey', NULL);
+		if ($sharedKey !== NULL) {
+			$key = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
+			$key->loadKey($sharedKey);
+			return $key;
+		}
+
+		$keys = $metadata->getPublicKeys('encryption', TRUE);
+		foreach ($keys as $key) {
+			switch ($key['type']) {
+			case 'X509Certificate':
+				$pemKey = "-----BEGIN CERTIFICATE-----\n" .
+					chunk_split($key['X509Certificate'], 64) .
+					"-----END CERTIFICATE-----\n";
+				$key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'public'));
+				$key->loadKey($pemKey);
+				return $key;
+			}
+		}
+
+		throw new SimpleSAML_Error_Exception('No supported encryption key in ' . var_export($metadata->getString('entityid'), TRUE));
+	}
+
 }
-- 
GitLab