Add rollover metadata containing all available keys

src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockIdentityProvider.php

@@ -30,9 +30,10 @@
 class EngineBlockIdentityProvider extends AbstractIdentityProvider
 {
     /**
-     * @var X509KeyPair
+     * @var array<X509KeyPair>
      */
-    private $keyPair;
+    private array $keyPairs;
+
     /**
      * @var UrlProvider
      */
@@ -46,20 +47,23 @@ class EngineBlockIdentityProvider extends AbstractIdentityProvider
     public function __construct(
         IdentityProviderEntityInterface $entity,
         ?string $keyId,
-        X509KeyPair $keyPair,
+        array $keyPairs,
         UrlProvider $urlProvider
     ) {
         parent::__construct($entity);
         $this->keyId = $keyId;
-        $this->keyPair = $keyPair;
+        $this->keyPairs = $keyPairs;
         $this->urlProvider = $urlProvider;
     }
 
     public function getCertificates(): array
     {
-        return [
-            $this->keyPair->getCertificate(),
-        ];
+        $certificates = [];
+        foreach ($this->keyPairs as $keyPair) {
+            $certificates[] = $keyPair->getCertificate();
+        }
+
+        return $certificates;
     }
 
     public function getSupportedNameIdFormats(): array

src/OpenConext/EngineBlock/Metadata/Factory/Decorator/EngineBlockServiceProvider.php

@@ -21,6 +21,7 @@
 use OpenConext\EngineBlock\Metadata\Factory\ServiceProviderEntityInterface;
 use OpenConext\EngineBlock\Metadata\IndexedService;
 use OpenConext\EngineBlock\Metadata\RequestedAttribute;
+use OpenConext\EngineBlock\Metadata\X509\X509Certificate;
 use OpenConext\EngineBlock\Metadata\X509\X509KeyPair;
 use OpenConext\EngineBlockBundle\Url\UrlProvider;
 use SAML2\Constants;
@@ -32,35 +33,42 @@
 class EngineBlockServiceProvider extends AbstractServiceProvider
 {
     /**
-     * @var X509KeyPair
+     * @var array<X509KeyPair>
      */
-    private $keyPair;
+    private array $keyPairs;
+
     /**
      * @var AttributesMetadata
      */
     private $attributes;
+
     /**
      * @var UrlProvider
      */
     private $urlProvider;
 
     public function __construct(
         ServiceProviderEntityInterface $entity,
-        X509KeyPair $keyPair,
+        array $keyPairs,
         AttributesMetadata $attributes,
         UrlProvider $urlProvider
     ) {
         parent::__construct($entity);
 
-        $this->keyPair = $keyPair;
+        $this->keyPairs = $keyPairs;
         $this->attributes = $attributes;
         $this->urlProvider = $urlProvider;
     }
 
 
     public function getCertificates(): array
     {
-        return [$this->keyPair->getCertificate()];
+        $certificates = [];
+        foreach ($this->keyPairs as $keyPair) {
+            $certificates[] = $keyPair->getCertificate();
+        }
+
+        return $certificates;
     }
 
     /**

src/OpenConext/EngineBlock/Metadata/Factory/Factory/IdentityProviderFactory.php

@@ -100,7 +100,9 @@ private function buildEngineBlockEntityFromEntity(IdentityProvider $entity, ?str
                 $this->engineBlockConfiguration
             ),
             $keyId,
-            $this->keyPairFactory->buildFromIdentifier($keyId),
+            ($keyId === KeyPairFactory::DEFAULT_KEY_PAIR_IDENTIFIER || $keyId === null)
+                ? $this->keyPairFactory->buildAll()
+                : [$this->keyPairFactory->buildFromIdentifier($keyId)],
             $this->urlProvider
         );
     }

src/OpenConext/EngineBlock/Metadata/Factory/Factory/ServiceProviderFactory.php

@@ -53,6 +53,7 @@ class ServiceProviderFactory
      * @var EngineBlockConfiguration
      */
     private $engineBlockConfiguration;
+
     /**
      * @var UrlProvider
      */
@@ -95,7 +96,9 @@ public function createEngineBlockEntityFrom(string $keyId): ServiceProviderEntit
                 new ServiceProviderEntity($entity),
                 $this->engineBlockConfiguration
             ),
-            $this->keyPairFactory->buildFromIdentifier($keyId),
+            ($keyId === KeyPairFactory::DEFAULT_KEY_PAIR_IDENTIFIER || $keyId === null)
+                ? $this->keyPairFactory->buildAll()
+                : [$this->keyPairFactory->buildFromIdentifier($keyId)],
             $this->attributes,
             $this->urlProvider
         );

src/OpenConext/EngineBlock/Metadata/X509/KeyPairFactory.php

@@ -26,7 +26,7 @@ class KeyPairFactory
 {
     const DEFAULT_KEY_PAIR_IDENTIFIER = 'default';
 
-    private $keyPairConfiguration = [];
+    private array $keyPairConfiguration = [];
 
     /**
      * @param array $keyPairConfiguration
@@ -42,7 +42,7 @@ public function __construct(array $keyPairConfiguration)
      *
      * @throws RuntimeException
      */
-    public function buildFromIdentifier(?string $identifier) : X509KeyPair
+    public function buildFromIdentifier(?string $identifier): X509KeyPair
     {
         if ($identifier === null) {
             $identifier = self::DEFAULT_KEY_PAIR_IDENTIFIER;
@@ -57,4 +57,20 @@ public function buildFromIdentifier(?string $identifier) : X509KeyPair
         }
         throw new UnknownKeyIdException($identifier);
     }
+
+    /**
+     * @return array<X509KeyPair>
+     *
+     * @throws RuntimeException
+     */
+    public function buildAll(): array
+    {
+        $pairs = [];
+
+        foreach (array_keys($this->keyPairConfiguration) as $keyId) {
+            $pairs[] = $this->buildFromIdentifier((string)$keyId);
+        }
+
+        return $pairs;
+    }
 }