diff --git a/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php b/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php index a4f9fe4d3..b0aa14a03 100644 --- a/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php +++ b/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php @@ -30,9 +30,10 @@ class EngineBlockIdentityProvider extends AbstractIdentityProvider { /** - * @var X509KeyPair + * @var array */ - private $keyPair; + private array $keyPairs; + /** * @var UrlProvider */ @@ -46,20 +47,23 @@ class EngineBlockIdentityProvider extends AbstractIdentityProvider public function __construct( IdentityProviderEntityInterface $entity, ?string $keyId, - X509KeyPair $keyPair, + array $keyPairs, UrlProvider $urlProvider ) { parent::__construct($entity); $this->keyId = $keyId; - $this->keyPair = $keyPair; + $this->keyPairs = $keyPairs; $this->urlProvider = $urlProvider; } public function getCertificates(): array { - return [ - $this->keyPair->getCertificate(), - ]; + $certificates = []; + foreach ($this->keyPairs as $keyPair) { + $certificates[] = $keyPair->getCertificate(); + } + + return $certificates; } public function getSupportedNameIdFormats(): array diff --git a/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php b/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php index 565972682..33651db6e 100644 --- a/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php +++ b/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php @@ -21,6 +21,7 @@ use OpenConext\EngineBlock\Metadata\Factory\ServiceProviderEntityInterface; use OpenConext\EngineBlock\Metadata\IndexedService; use OpenConext\EngineBlock\Metadata\RequestedAttribute; +use OpenConext\EngineBlock\Metadata\X509\X509Certificate; use OpenConext\EngineBlock\Metadata\X509\X509KeyPair; use OpenConext\EngineBlockBundle\Url\UrlProvider; use SAML2\Constants; @@ -32,13 +33,15 @@ class EngineBlockServiceProvider extends AbstractServiceProvider { /** - * @var X509KeyPair + * @var array */ - private $keyPair; + private array $keyPairs; + /** * @var AttributesMetadata */ private $attributes; + /** * @var UrlProvider */ @@ -46,13 +49,13 @@ class EngineBlockServiceProvider extends AbstractServiceProvider public function __construct( ServiceProviderEntityInterface $entity, - X509KeyPair $keyPair, + array $keyPairs, AttributesMetadata $attributes, UrlProvider $urlProvider ) { parent::__construct($entity); - $this->keyPair = $keyPair; + $this->keyPairs = $keyPairs; $this->attributes = $attributes; $this->urlProvider = $urlProvider; } @@ -60,7 +63,12 @@ public function __construct( public function getCertificates(): array { - return [$this->keyPair->getCertificate()]; + $certificates = []; + foreach ($this->keyPairs as $keyPair) { + $certificates[] = $keyPair->getCertificate(); + } + + return $certificates; } /** diff --git a/src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php b/src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php index 324f3fc7e..1c7c352ac 100644 --- a/src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php +++ b/src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php @@ -100,7 +100,9 @@ private function buildEngineBlockEntityFromEntity(IdentityProvider $entity, ?str $this->engineBlockConfiguration ), $keyId, - $this->keyPairFactory->buildFromIdentifier($keyId), + ($keyId === KeyPairFactory::DEFAULT_KEY_PAIR_IDENTIFIER || $keyId === null) + ? $this->keyPairFactory->buildAll() + : [$this->keyPairFactory->buildFromIdentifier($keyId)], $this->urlProvider ); } diff --git a/src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php b/src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php index d49b21759..216a7aa65 100644 --- a/src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php +++ b/src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php @@ -53,6 +53,7 @@ class ServiceProviderFactory * @var EngineBlockConfiguration */ private $engineBlockConfiguration; + /** * @var UrlProvider */ @@ -95,7 +96,9 @@ public function createEngineBlockEntityFrom(string $keyId): ServiceProviderEntit new ServiceProviderEntity($entity), $this->engineBlockConfiguration ), - $this->keyPairFactory->buildFromIdentifier($keyId), + ($keyId === KeyPairFactory::DEFAULT_KEY_PAIR_IDENTIFIER || $keyId === null) + ? $this->keyPairFactory->buildAll() + : [$this->keyPairFactory->buildFromIdentifier($keyId)], $this->attributes, $this->urlProvider ); diff --git a/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php b/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php index 2fe1be4bf..bfe84272c 100644 --- a/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php +++ b/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php @@ -26,7 +26,7 @@ class KeyPairFactory { const DEFAULT_KEY_PAIR_IDENTIFIER = 'default'; - private $keyPairConfiguration = []; + private array $keyPairConfiguration = []; /** * @param array $keyPairConfiguration @@ -42,7 +42,7 @@ public function __construct(array $keyPairConfiguration) * * @throws RuntimeException */ - public function buildFromIdentifier(?string $identifier) : X509KeyPair + public function buildFromIdentifier(?string $identifier): X509KeyPair { if ($identifier === null) { $identifier = self::DEFAULT_KEY_PAIR_IDENTIFIER; @@ -57,4 +57,20 @@ public function buildFromIdentifier(?string $identifier) : X509KeyPair } throw new UnknownKeyIdException($identifier); } + + /** + * @return array + * + * @throws RuntimeException + */ + public function buildAll(): array + { + $pairs = []; + + foreach (array_keys($this->keyPairConfiguration) as $keyId) { + $pairs[] = $this->buildFromIdentifier((string)$keyId); + } + + return $pairs; + } }