From 87027476e7df46fd040d4e205803bc0acaa49075 Mon Sep 17 00:00:00 2001
From: Johan Wassberg <jocar@sunet.se>
Date: Tue, 19 Dec 2023 16:11:47 +0100
Subject: [PATCH] Handle multiple back/front-ends

Without this fix only the last back/front-end will be written to
file if split is not involved.

Add new method create_entities_descriptor as a counterpart to
create_signed_entity_descriptor to also apply `valid` option to
EntititesDescriptor but avoiding signing.
---
 src/satosa/metadata_creation/saml_metadata.py | 16 ++++++++++++++++
 src/satosa/scripts/satosa_saml_metadata.py    | 18 ++++++++++--------
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/src/satosa/metadata_creation/saml_metadata.py b/src/satosa/metadata_creation/saml_metadata.py
index f88bbaaec..1e4fe2f3c 100644
--- a/src/satosa/metadata_creation/saml_metadata.py
+++ b/src/satosa/metadata_creation/saml_metadata.py
@@ -169,3 +169,19 @@ def create_entity_descriptor_metadata(entity_descriptor, valid_for=None):
         entity_descriptor.valid_until = in_a_while(hours=valid_for)
 
     return str(entity_descriptor)
+
+def create_entities_descriptor(entity_descriptors, valid_for=None):
+    """
+    :param entity_descriptors: the entity descriptors to put in in an EntitiesDescriptor
+    :param valid_for: number of hours the metadata should be valid
+    :return: the EntitiesDescriptor metadata
+
+    :type entity_descriptors: Sequence[saml2.md.EntityDescriptor]]
+    :type valid_for: Optional[int]
+    """
+    entities_desc, xmldoc = entities_descriptor(entity_descriptors, valid_for=valid_for, name=None, ident=None,
+                                                sign=False, secc=None)
+    if not valid_instance(entities_desc):
+        raise ValueError("Could not construct valid EntitiesDescriptor tag")
+
+    return str(entities_desc)
diff --git a/src/satosa/scripts/satosa_saml_metadata.py b/src/satosa/scripts/satosa_saml_metadata.py
index c0638d8b7..d763ffadb 100644
--- a/src/satosa/scripts/satosa_saml_metadata.py
+++ b/src/satosa/scripts/satosa_saml_metadata.py
@@ -5,7 +5,9 @@
 from saml2.sigver import security_context
 
 from ..metadata_creation.saml_metadata import create_entity_descriptors
+from ..metadata_creation.saml_metadata import create_entities_descriptor
 from ..metadata_creation.saml_metadata import create_entity_descriptor_metadata
+from ..metadata_creation.saml_metadata import create_signed_entities_descriptor
 from ..metadata_creation.saml_metadata import create_signed_entity_descriptor
 from ..satosa_config import SATOSAConfig
 
@@ -33,14 +35,14 @@ def _create_split_entity_descriptors(entities, secc, valid, sign=True):
 
 def _create_merged_entities_descriptors(entities, secc, valid, name, sign=True):
     output = []
-    frontend_entity_descriptors = [e for sublist in entities.values() for e in sublist]
-    for frontend in frontend_entity_descriptors:
-        ed_str = (
-            create_signed_entity_descriptor(frontend, secc, valid)
-            if sign
-            else create_entity_descriptor_metadata(frontend, valid)
-        )
-        output.append((ed_str, name))
+    entity_descriptors = [e for sublist in entities.values() for e in sublist]
+
+    ed_str = (
+        create_signed_entities_descriptor(entity_descriptors, secc, valid)
+        if sign
+        else create_entities_descriptor(entity_descriptors, valid)
+    )
+    output.append((ed_str, name))
 
     return output