private void writeSAMLMetadata()

in services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java [150:201]

• 42 lines of code
• 3 McCabe index (conditional complexity)

    private void writeSAMLMetadata(
        XMLStreamWriter writer,
        TrustedIdp config,
        String serviceURL,
        Crypto crypto
    ) throws Exception {

        writer.writeStartElement("md", "SPSSODescriptor", SAML2_METADATA_NS);
        boolean signRequest =
            isPropertyConfigured(config, TrustedIdpSAMLProtocolHandler.SIGN_REQUEST, true);
        writer.writeAttribute("AuthnRequestsSigned", Boolean.toString(signRequest));
        writer.writeAttribute("WantAssertionsSigned", "true");
        writer.writeAttribute("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol");

        writer.writeStartElement("md", "AssertionConsumerService", SAML2_METADATA_NS);
        writer.writeAttribute("Location", serviceURL);
        writer.writeAttribute("index", "0");
        writer.writeAttribute("isDefault", "true");
        writer.writeAttribute("Binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        writer.writeEndElement(); // AssertionConsumerService

        if (signRequest) {
            writer.writeStartElement("md", "KeyDescriptor", SAML2_METADATA_NS);
            writer.writeAttribute("use", "signing");

            writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
            writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
            writer.writeStartElement("ds", "X509Data", "http://www.w3.org/2000/09/xmldsig#");
            writer.writeStartElement("ds", "X509Certificate", "http://www.w3.org/2000/09/xmldsig#");

            // Write the Base-64 encoded certificate

            String keyAlias = crypto.getDefaultX509Identifier();
            X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, keyAlias);

            if (cert == null) {
                throw new ProcessingException(
                    "No signing certs were found to insert into the metadata using name: "
                        + keyAlias);
            }
            byte[] data = cert.getEncoded();
            String encodedCertificate = Base64.getEncoder().encodeToString(data);
            writer.writeCharacters(encodedCertificate);

            writer.writeEndElement(); // X509Certificate
            writer.writeEndElement(); // X509Data
            writer.writeEndElement(); // KeyInfo
            writer.writeEndElement(); // KeyDescriptor
        }

        writer.writeEndElement(); // SPSSODescriptor
    }