public function SamlSPSettings::getSPMetadata in SAML Service Provider 8.3
Same name and namespace in other branches
- 4.x src/SAML/SamlSPSettings.php \Drupal\saml_sp\SAML\SamlSPSettings::getSPMetadata()
- 3.x src/SAML/SamlSPSettings.php \Drupal\saml_sp\SAML\SamlSPSettings::getSPMetadata()
File
- src/
SAML/ SamlSPSettings.php, line 20
Class
Namespace
Drupal\saml_sp\SAMLCode
public function getSPMetadata($alwaysPublishEncryptionCert = FALSE, $validUntil = NULL, $cacheDuration = NULL) {
$metadata = SamlSPMetadata::builder($this
->getSPData(), $this
->getSecurityData()['authnRequestsSigned'], $this
->getSecurityData()['wantAssertionsSigned'], $validUntil, $cacheDuration, $this
->getContacts(), $this
->getOrganization());
$certNew = $this
->getSPcertNew();
if (!empty($certNew)) {
$metadata = Metadata::addX509KeyDescriptors($metadata, $certNew, $alwaysPublishEncryptionCert || $this
->getSecurityData()['wantNameIdEncrypted'] || $this
->getSecurityData()['wantAssertionsEncrypted']);
}
$cert = $this
->getSPcert();
if (!empty($cert)) {
$metadata = Metadata::addX509KeyDescriptors($metadata, $cert, $alwaysPublishEncryptionCert || $this
->getSecurityData()['wantNameIdEncrypted'] || $this
->getSecurityData()['wantAssertionsEncrypted']);
}
// Sign Metadata.
if (isset($this
->getSecurityData()['signMetadata']) && $this
->getSecurityData()['signMetadata'] != FALSE) {
if ($this
->getSecurityData()['signMetadata'] === TRUE) {
$keyMetadata = $this
->getSPkey();
$certMetadata = $cert;
if (!$keyMetadata) {
throw new Error('SP Private key not found.', Error::PRIVATE_KEY_FILE_NOT_FOUND);
}
if (!$certMetadata) {
throw new Error('SP Public cert not found.', Error::PUBLIC_CERT_FILE_NOT_FOUND);
}
}
elseif (isset($this
->getSecurityData()['signMetadata']['keyFileName']) && isset($this
->getSecurityData()['signMetadata']['certFileName'])) {
$keyFileName = $this
->getSecurityData()['signMetadata']['keyFileName'];
$certFileName = $this
->getSecurityData()['signMetadata']['certFileName'];
$keyMetadataFile = $this
->getCertPath() . $keyFileName;
$certMetadataFile = $this
->getCertPath() . $certFileName;
if (!file_exists($keyMetadataFile)) {
throw new Error('SP Private key file not found: %s', Error::PRIVATE_KEY_FILE_NOT_FOUND, [
$keyMetadataFile,
]);
}
if (!file_exists($certMetadataFile)) {
throw new Error('SP Public cert file not found: %s', Error::PUBLIC_CERT_FILE_NOT_FOUND, [
$certMetadataFile,
]);
}
$keyMetadata = file_get_contents($keyMetadataFile);
$certMetadata = file_get_contents($certMetadataFile);
}
elseif (isset($this
->getSecurityData()['signMetadata']['privateKey']) && isset($this
->getSecurityData()['signMetadata']['x509cert'])) {
$keyMetadata = Utils::formatPrivateKey($this
->getSecurityData()['signMetadata']['privateKey']);
$certMetadata = Utils::formatCert($this
->getSecurityData()['signMetadata']['x509cert']);
if (!$keyMetadata) {
throw new Error('Private key not found.', Error::PRIVATE_KEY_FILE_NOT_FOUND);
}
if (!$certMetadata) {
throw new Error('Public cert not found.', Error::PUBLIC_CERT_FILE_NOT_FOUND);
}
}
else {
throw new Error('Invalid Setting: signMetadata value of the sp is not valid', Error::SETTINGS_INVALID_SYNTAX);
}
$signatureAlgorithm = $this
->getSecurityData()['signatureAlgorithm'];
$digestAlgorithm = $this
->getSecurityData()['digestAlgorithm'];
$metadata = Metadata::signMetadata($metadata, $keyMetadata, $certMetadata, $signatureAlgorithm, $digestAlgorithm);
}
return $metadata;
}