public function getSPMetadata()
{
$metadata = OneLogin_Saml2_Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], null, null, $this->getContacts(), $this->getOrganization());
$cert = $this->getSPcert();
if (!empty($cert)) {
$metadata = OneLogin_Saml2_Metadata::addX509KeyDescriptors($metadata, $cert, $this->_security['wantNameIdEncrypted'] || $this->_security['wantAssertionsEncrypted']);
}
//Sign Metadata
if (isset($this->_security['signMetadata']) && $this->_security['signMetadata'] !== false) {
if ($this->_security['signMetadata'] === true) {
$keyMetadata = $this->getSPkey();
$certMetadata = $cert;
if (!$keyMetadata) {
throw new OneLogin_Saml2_Error('SP Private key not found.', OneLogin_Saml2_Error::PRIVATE_KEY_FILE_NOT_FOUND);
}
if (!$certMetadata) {
throw new OneLogin_Saml2_Error('SP Public cert not found.', OneLogin_Saml2_Error::PUBLIC_CERT_FILE_NOT_FOUND);
}
} else {
if (!isset($this->_security['signMetadata']['keyFileName']) || !isset($this->_security['signMetadata']['certFileName'])) {
throw new OneLogin_Saml2_Error('Invalid Setting: signMetadata value of the sp is not valid', OneLogin_Saml2_Error::SETTINGS_INVALID_SYNTAX);
}
$keyFileName = $this->_security['signMetadata']['keyFileName'];
$certFileName = $this->_security['signMetadata']['certFileName'];
$keyMetadataFile = $this->_paths['cert'] . $keyFileName;
$certMetadataFile = $this->_paths['cert'] . $certFileName;
if (!file_exists($keyMetadataFile)) {
throw new OneLogin_Saml2_Error('SP Private key file not found: %s', OneLogin_Saml2_Error::PRIVATE_KEY_FILE_NOT_FOUND, array($keyMetadataFile));
}
if (!file_exists($certMetadataFile)) {
throw new OneLogin_Saml2_Error('SP Public cert file not found: %s', OneLogin_Saml2_Error::PUBLIC_CERT_FILE_NOT_FOUND, array($certMetadataFile));
}
$keyMetadata = file_get_contents($keyMetadataFile);
$certMetadata = file_get_contents($certMetadataFile);
}
$signatureAlgorithm = $this->_security['signatureAlgorithm'];
$metadata = OneLogin_Saml2_Metadata::signMetadata($metadata, $keyMetadata, $certMetadata, $signatureAlgorithm);
}
return $metadata;
}