@@ -615,9 +615,11 @@ sub generate_metadata {
615615 protocolSupportEnumeration => URN_PROTOCOL,
616616 },
617617
618- $self -> _generate_key_descriptors($x , ' signing'
618+ $self -> has_encryption_key
619+ ? ($self -> _generate_key_descriptors($x , ' encryption'
620+ $self -> _generate_key_descriptors($x , ' signing'
621+ : $self -> _generate_key_descriptors($x , ' both'
619622
620- $self -> has_encryption_key ? $self -> _generate_key_descriptors($x , ' encryption'
621623
622624 $self -> _generate_single_logout_service($x ),
623625
@@ -659,11 +661,11 @@ sub _generate_key_descriptors {
659661 && !$self -> want_assertions_signed
660662 && !$self -> sign_metadata;
661663
662- my $key = $use eq ' signing ' $self -> _cert_text : $self -> _encryption_key_text ;
664+ my $key = $use eq ' encryption ' $self -> _encryption_key_text : $self -> _cert_text ;
663665
664666 return $x -> KeyDescriptor(
665667 $md ,
666- { use => $use },
668+ $use ne ' both ' ? { use => $use } : { },
667669 $x -> KeyInfo(
668670 $ds ,
669671 $x -> X509Data($ds , $x -> X509Certificate($ds , $key )),
@@ -681,7 +683,7 @@ Get the key name for either the C<signing> or C<encryption> key
681683sub key_name {
682684 my $self = shift ;
683685 my $use = shift ;
684- my $key = $use eq ' signing ' $self -> _cert_text : $self -> _encryption_key_text ;
686+ my $key = $use eq ' encryption ' $self -> _encryption_key_text : $self -> _cert_text ;
685687 return unless $key ;
686688 return Digest::MD5::md5_hex($key );
687689}
0 commit comments