From 38adefff8c3b25eff053c52fefeea0eb14d06659 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Mon, 11 Oct 2010 01:15:56 +0000 Subject: [PATCH] Omit use attribute on multi-purpose keys. --- shibsp/handler/impl/MetadataGenerator.cpp | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/shibsp/handler/impl/MetadataGenerator.cpp b/shibsp/handler/impl/MetadataGenerator.cpp index feafda6..b3f9720 100644 --- a/shibsp/handler/impl/MetadataGenerator.cpp +++ b/shibsp/handler/impl/MetadataGenerator.cpp @@ -338,23 +338,31 @@ pair MetadataGenerator::processMessage( prop = relyingParty->getString("keyName"); if (prop.first) cc.getKeyNames().insert(prop.second); + vector signingcreds,enccreds; cc.setUsage(Credential::SIGNING_CREDENTIAL); - vector creds; - credResolver->resolve(creds,&cc); - for (vector::const_iterator c = creds.begin(); c != creds.end(); ++c) { + credResolver->resolve(signingcreds, &cc); + cc.setUsage(Credential::ENCRYPTION_CREDENTIAL); + credResolver->resolve(enccreds, &cc); + + for (vector::const_iterator c = signingcreds.begin(); c != signingcreds.end(); ++c) { KeyInfo* kinfo = (*c)->getKeyInfo(); if (kinfo) { KeyDescriptor* kd = KeyDescriptorBuilder::buildKeyDescriptor(); - kd->setUse(KeyDescriptor::KEYTYPE_SIGNING); kd->setKeyInfo(kinfo); + const XMLCh* use = KeyDescriptor::KEYTYPE_SIGNING; + for (vector::iterator match = enccreds.begin(); match != enccreds.end(); ++match) { + if (*match == *c) { + use = nullptr; + enccreds.erase(match); + break; + } + } + kd->setUse(use); role->getKeyDescriptors().push_back(kd); } } - cc.setUsage(Credential::ENCRYPTION_CREDENTIAL); - creds.clear(); - credResolver->resolve(creds,&cc); - for (vector::const_iterator c = creds.begin(); c != creds.end(); ++c) { + for (vector::const_iterator c = enccreds.begin(); c != enccreds.end(); ++c) { KeyInfo* kinfo = (*c)->getKeyInfo(); if (kinfo) { KeyDescriptor* kd = KeyDescriptorBuilder::buildKeyDescriptor(); -- 2.1.4