util.rb in libsaml-3.6.0

- old
+ new

@@ -58,11 +58,11 @@
             message.provider.sign(signature_algorithm, data)
           end
         end
       end
 
-      def encrypt_assertion(assertion, key_descriptor_or_certificate)
+      def encrypt_assertion(assertion, key_descriptor_or_certificate, include_certificate: false)
         case key_descriptor_or_certificate
         when OpenSSL::X509::Certificate
           certificate = key_descriptor_or_certificate
           key_name    = nil
         when Saml::Elements::KeyDescriptor
@@ -78,10 +78,14 @@
         encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc')
 
         encrypted_key = encrypted_data.encrypt(assertion.to_s)
         encrypted_key.set_encryption_method(algorithm:               'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
                                             digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
-        encrypted_key.set_key_name(key_name)
+        encrypted_key.key_info = if include_certificate || key_name
+          key_info = Saml::Elements::KeyInfo.new(include_certificate ? certificate.to_pem : nil)
+          key_info.key_name = key_name
+          key_info
+        end
         encrypted_key.encrypt(certificate.public_key)
 
         Saml::Elements::EncryptedAssertion.new(encrypted_data: encrypted_data, encrypted_keys: encrypted_key)
       end
 