Also check if a key is explicitly marked for signing before rejecting it

janus-ssp / janus

Fully featured metadata registration administration module built on top of simpleSAMLphp.

Other

13 stars 8 forks source link

Also check if a key is explicitly marked for signing before rejecting it #571

Closed thijskh closed 9 years ago

thijskh commented 9 years ago

If a key is marked both encryption AND signing, the test would reject it because it considered it to be an encryption key.

Fixes #570

relaxnow commented 9 years ago

@thijskh do you agree with my conclusion that we could reduce it to:

if (!isset($parsedMetaData[$certKey . 'X509Certificate'])) {
  continue;
}
// Skip encryption keys if we don't support encryption usage.
if ($encryptionEnabled && !$parsedMetaData[$certKey . 'signing']) {
  continue;
}