You are here

Home » API reference » SAML Service Provider 3.x » SamlSPSettings.php » SamlSPSettings

public function SamlSPSettings::getSPMetadata in SAML Service Provider 3.x

Same name and namespace in other branches
  1. 8.3 src/SAML/SamlSPSettings.php \Drupal\saml_sp\SAML\SamlSPSettings::getSPMetadata()
  2. 4.x src/SAML/SamlSPSettings.php \Drupal\saml_sp\SAML\SamlSPSettings::getSPMetadata()

File

src/SAML/SamlSPSettings.php, line 20

Class

SamlSPSettings

Namespace

Drupal\saml_sp\SAML

Code

public function getSPMetadata($alwaysPublishEncryptionCert = FALSE, $validUntil = NULL, $cacheDuration = NULL) {
  $metadata = SamlSPMetadata::builder($this
    ->getSPData(), $this
    ->getSecurityData()['authnRequestsSigned'], $this
    ->getSecurityData()['wantAssertionsSigned'], $validUntil, $cacheDuration, $this
    ->getContacts(), $this
    ->getOrganization());
  $certNew = $this
    ->getSPcertNew();
  if (!empty($certNew)) {
    $metadata = Metadata::addX509KeyDescriptors($metadata, $certNew, $alwaysPublishEncryptionCert || $this
      ->getSecurityData()['wantNameIdEncrypted'] || $this
      ->getSecurityData()['wantAssertionsEncrypted']);
  }
  $cert = $this
    ->getSPcert();
  if (!empty($cert)) {
    $metadata = Metadata::addX509KeyDescriptors($metadata, $cert, $alwaysPublishEncryptionCert || $this
      ->getSecurityData()['wantNameIdEncrypted'] || $this
      ->getSecurityData()['wantAssertionsEncrypted']);
  }

  // Sign Metadata.
  if (isset($this
    ->getSecurityData()['signMetadata']) && $this
    ->getSecurityData()['signMetadata'] != FALSE) {
    if ($this
      ->getSecurityData()['signMetadata'] === TRUE) {
      $keyMetadata = $this
        ->getSPkey();
      $certMetadata = $cert;
      if (!$keyMetadata) {
        throw new Error('SP Private key not found.', Error::PRIVATE_KEY_FILE_NOT_FOUND);
      }
      if (!$certMetadata) {
        throw new Error('SP Public cert not found.', Error::PUBLIC_CERT_FILE_NOT_FOUND);
      }
    }
    elseif (isset($this
      ->getSecurityData()['signMetadata']['keyFileName']) && isset($this
      ->getSecurityData()['signMetadata']['certFileName'])) {
      $keyFileName = $this
        ->getSecurityData()['signMetadata']['keyFileName'];
      $certFileName = $this
        ->getSecurityData()['signMetadata']['certFileName'];
      $keyMetadataFile = $this
        ->getCertPath() . $keyFileName;
      $certMetadataFile = $this
        ->getCertPath() . $certFileName;
      if (!file_exists($keyMetadataFile)) {
        throw new Error('SP Private key file not found: %s', Error::PRIVATE_KEY_FILE_NOT_FOUND, [
          $keyMetadataFile,
        ]);
      }
      if (!file_exists($certMetadataFile)) {
        throw new Error('SP Public cert file not found: %s', Error::PUBLIC_CERT_FILE_NOT_FOUND, [
          $certMetadataFile,
        ]);
      }
      $keyMetadata = file_get_contents($keyMetadataFile);
      $certMetadata = file_get_contents($certMetadataFile);
    }
    elseif (isset($this
      ->getSecurityData()['signMetadata']['privateKey']) && isset($this
      ->getSecurityData()['signMetadata']['x509cert'])) {
      $keyMetadata = Utils::formatPrivateKey($this
        ->getSecurityData()['signMetadata']['privateKey']);
      $certMetadata = Utils::formatCert($this
        ->getSecurityData()['signMetadata']['x509cert']);
      if (!$keyMetadata) {
        throw new Error('Private key not found.', Error::PRIVATE_KEY_FILE_NOT_FOUND);
      }
      if (!$certMetadata) {
        throw new Error('Public cert not found.', Error::PUBLIC_CERT_FILE_NOT_FOUND);
      }
    }
    else {
      throw new Error('Invalid Setting: signMetadata value of the sp is not valid', Error::SETTINGS_INVALID_SYNTAX);
    }
    $signatureAlgorithm = $this
      ->getSecurityData()['signatureAlgorithm'];
    $digestAlgorithm = $this
      ->getSecurityData()['digestAlgorithm'];
    $metadata = Metadata::signMetadata($metadata, $keyMetadata, $certMetadata, $signatureAlgorithm, $digestAlgorithm);
  }
  return $metadata;
}