From: Scott Cantor Date: Mon, 11 Oct 2010 01:15:56 +0000 (+0000) Subject: Omit use attribute on multi-purpose keys. X-Git-Tag: 2.4RC1~29 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=38adefff8c3b25eff053c52fefeea0eb14d06659 Omit use attribute on multi-purpose keys. --- diff --git a/shibsp/handler/impl/MetadataGenerator.cpp b/shibsp/handler/impl/MetadataGenerator.cpp index feafda6..b3f9720 100644 --- a/shibsp/handler/impl/MetadataGenerator.cpp +++ b/shibsp/handler/impl/MetadataGenerator.cpp @@ -338,23 +338,31 @@ pair MetadataGenerator::processMessage( prop = relyingParty->getString("keyName"); if (prop.first) cc.getKeyNames().insert(prop.second); + vector signingcreds,enccreds; cc.setUsage(Credential::SIGNING_CREDENTIAL); - vector creds; - credResolver->resolve(creds,&cc); - for (vector::const_iterator c = creds.begin(); c != creds.end(); ++c) { + credResolver->resolve(signingcreds, &cc); + cc.setUsage(Credential::ENCRYPTION_CREDENTIAL); + credResolver->resolve(enccreds, &cc); + + for (vector::const_iterator c = signingcreds.begin(); c != signingcreds.end(); ++c) { KeyInfo* kinfo = (*c)->getKeyInfo(); if (kinfo) { KeyDescriptor* kd = KeyDescriptorBuilder::buildKeyDescriptor(); - kd->setUse(KeyDescriptor::KEYTYPE_SIGNING); kd->setKeyInfo(kinfo); + const XMLCh* use = KeyDescriptor::KEYTYPE_SIGNING; + for (vector::iterator match = enccreds.begin(); match != enccreds.end(); ++match) { + if (*match == *c) { + use = nullptr; + enccreds.erase(match); + break; + } + } + kd->setUse(use); role->getKeyDescriptors().push_back(kd); } } - cc.setUsage(Credential::ENCRYPTION_CREDENTIAL); - creds.clear(); - credResolver->resolve(creds,&cc); - for (vector::const_iterator c = creds.begin(); c != creds.end(); ++c) { + for (vector::const_iterator c = enccreds.begin(); c != enccreds.end(); ++c) { KeyInfo* kinfo = (*c)->getKeyInfo(); if (kinfo) { KeyDescriptor* kd = KeyDescriptorBuilder::buildKeyDescriptor();