public static function getDOMText($element)
{
return SimpleSAML\Utils\XML::getDOMText($element);
} /**
* This function parses a KeyDescriptor element. It currently only supports keys with a single
* X509 certificate.
*
* The associative array for a key can contain:
* - 'encryption': Indicates wheter this key can be used for encryption.
* - 'signing': Indicates wheter this key can be used for signing.
* - 'type: The type of the key. 'X509Certificate' is the only key type we support.
* - 'X509Certificate': The contents of the first X509Certificate element (if the type is 'X509Certificate ').
*
* @param $kd The KeyDescriptor element.
* @return Associative array describing the key, or NULL if this is an unsupported key.
*/
private static function parseKeyDescriptor($kd)
{
assert('$kd instanceof DOMElement');
$r = array();
if ($kd->hasAttribute('use')) {
$use = $kd->getAttribute('use');
if ($use === 'encryption') {
$r['encryption'] = TRUE;
$r['signing'] = FALSE;
} elseif ($use === 'signing') {
$r['encryption'] = FALSE;
$r['signing'] = TRUE;
} else {
throw new Exception('Invalid use-value for KeyDescriptor: ' . $use);
}
} else {
$r['encryption'] = TRUE;
$r['signing'] = TRUE;
}
$keyInfo = SimpleSAML_Utilities::getDOMChildren($kd, 'KeyInfo', '@ds');
if (count($keyInfo) === 0) {
throw new Exception('Missing required KeyInfo field for KeyDescriptor.');
}
$keyInfo = $keyInfo[0];
$X509Data = SimpleSAML_Utilities::getDOMChildren($keyInfo, 'X509Data', '@ds');
if (count($X509Data) === 0) {
return NULL;
}
$X509Data = $X509Data[0];
$X509Certificate = SimpleSAML_Utilities::getDOMChildren($X509Data, 'X509Certificate', '@ds');
if (count($X509Certificate) === 0) {
return NULL;
}
$X509Certificate = $X509Certificate[0];
$r['type'] = 'X509Certificate';
$r['X509Certificate'] = SimpleSAML_Utilities::getDOMText($X509Certificate);
return $r;
}
