From 68ec6719a2957638ce33f52825bef763b1fc2e15 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Mon, 10 Jun 2024 23:59:43 +0200 Subject: [PATCH 1/2] Add rollover metadata containing all available keys --- .../Decorator/EngineBlockIdentityProvider.php | 18 ++++++++++------- .../Decorator/EngineBlockServiceProvider.php | 18 ++++++++++++----- .../Factory/IdentityProviderFactory.php | 4 +++- .../Factory/ServiceProviderFactory.php | 5 ++++- .../Metadata/X509/KeyPairFactory.php | 20 +++++++++++++++++-- 5 files changed, 49 insertions(+), 16 deletions(-) diff --git a/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php b/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php index a4f9fe4d3f..b0aa14a032 100644 --- a/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php +++ b/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php @@ -30,9 +30,10 @@ class EngineBlockIdentityProvider extends AbstractIdentityProvider { /** - * @var X509KeyPair + * @var array */ - private $keyPair; + private array $keyPairs; + /** * @var UrlProvider */ @@ -46,20 +47,23 @@ class EngineBlockIdentityProvider extends AbstractIdentityProvider public function __construct( IdentityProviderEntityInterface $entity, ?string $keyId, - X509KeyPair $keyPair, + array $keyPairs, UrlProvider $urlProvider ) { parent::__construct($entity); $this->keyId = $keyId; - $this->keyPair = $keyPair; + $this->keyPairs = $keyPairs; $this->urlProvider = $urlProvider; } public function getCertificates(): array { - return [ - $this->keyPair->getCertificate(), - ]; + $certificates = []; + foreach ($this->keyPairs as $keyPair) { + $certificates[] = $keyPair->getCertificate(); + } + + return $certificates; } public function getSupportedNameIdFormats(): array diff --git a/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php b/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php index 5659726823..33651db6ee 100644 --- a/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php +++ b/src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php @@ -21,6 +21,7 @@ use OpenConext\EngineBlock\Metadata\Factory\ServiceProviderEntityInterface; use OpenConext\EngineBlock\Metadata\IndexedService; use OpenConext\EngineBlock\Metadata\RequestedAttribute; +use OpenConext\EngineBlock\Metadata\X509\X509Certificate; use OpenConext\EngineBlock\Metadata\X509\X509KeyPair; use OpenConext\EngineBlockBundle\Url\UrlProvider; use SAML2\Constants; @@ -32,13 +33,15 @@ class EngineBlockServiceProvider extends AbstractServiceProvider { /** - * @var X509KeyPair + * @var array */ - private $keyPair; + private array $keyPairs; + /** * @var AttributesMetadata */ private $attributes; + /** * @var UrlProvider */ @@ -46,13 +49,13 @@ class EngineBlockServiceProvider extends AbstractServiceProvider public function __construct( ServiceProviderEntityInterface $entity, - X509KeyPair $keyPair, + array $keyPairs, AttributesMetadata $attributes, UrlProvider $urlProvider ) { parent::__construct($entity); - $this->keyPair = $keyPair; + $this->keyPairs = $keyPairs; $this->attributes = $attributes; $this->urlProvider = $urlProvider; } @@ -60,7 +63,12 @@ public function __construct( public function getCertificates(): array { - return [$this->keyPair->getCertificate()]; + $certificates = []; + foreach ($this->keyPairs as $keyPair) { + $certificates[] = $keyPair->getCertificate(); + } + + return $certificates; } /** diff --git a/src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php b/src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php index 324f3fc7e4..1c7c352ac1 100644 --- a/src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php +++ b/src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php @@ -100,7 +100,9 @@ private function buildEngineBlockEntityFromEntity(IdentityProvider $entity, ?str $this->engineBlockConfiguration ), $keyId, - $this->keyPairFactory->buildFromIdentifier($keyId), + ($keyId === KeyPairFactory::DEFAULT_KEY_PAIR_IDENTIFIER || $keyId === null) + ? $this->keyPairFactory->buildAll() + : [$this->keyPairFactory->buildFromIdentifier($keyId)], $this->urlProvider ); } diff --git a/src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php b/src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php index d49b21759a..216a7aa656 100644 --- a/src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php +++ b/src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php @@ -53,6 +53,7 @@ class ServiceProviderFactory * @var EngineBlockConfiguration */ private $engineBlockConfiguration; + /** * @var UrlProvider */ @@ -95,7 +96,9 @@ public function createEngineBlockEntityFrom(string $keyId): ServiceProviderEntit new ServiceProviderEntity($entity), $this->engineBlockConfiguration ), - $this->keyPairFactory->buildFromIdentifier($keyId), + ($keyId === KeyPairFactory::DEFAULT_KEY_PAIR_IDENTIFIER || $keyId === null) + ? $this->keyPairFactory->buildAll() + : [$this->keyPairFactory->buildFromIdentifier($keyId)], $this->attributes, $this->urlProvider ); diff --git a/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php b/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php index 2fe1be4bf7..13915ac02d 100644 --- a/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php +++ b/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php @@ -26,7 +26,7 @@ class KeyPairFactory { const DEFAULT_KEY_PAIR_IDENTIFIER = 'default'; - private $keyPairConfiguration = []; + private array $keyPairConfiguration = []; /** * @param array $keyPairConfiguration @@ -42,7 +42,7 @@ public function __construct(array $keyPairConfiguration) * * @throws RuntimeException */ - public function buildFromIdentifier(?string $identifier) : X509KeyPair + public function buildFromIdentifier(?string $identifier): X509KeyPair { if ($identifier === null) { $identifier = self::DEFAULT_KEY_PAIR_IDENTIFIER; @@ -57,4 +57,20 @@ public function buildFromIdentifier(?string $identifier) : X509KeyPair } throw new UnknownKeyIdException($identifier); } + + /** + * @return array + * + * @throws RuntimeException + */ + public function buildAll(): array + { + $pairs = []; + + foreach ($this->keyPairConfiguration as $keyId => $x) { + $pairs[] = $this->buildFromIdentifier((string)$keyId); + } + + return $pairs; + } } From 38b72e82263ecdec52797d1e21ad90c984e0c407 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Tue, 16 Dec 2025 12:37:50 +0100 Subject: [PATCH 2/2] Fix CI --- src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php b/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php index 13915ac02d..bfe84272ca 100644 --- a/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php +++ b/src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php @@ -67,7 +67,7 @@ public function buildAll(): array { $pairs = []; - foreach ($this->keyPairConfiguration as $keyId => $x) { + foreach (array_keys($this->keyPairConfiguration) as $keyId) { $pairs[] = $this->buildFromIdentifier((string)$keyId); }