From 78b6dcdd8b0946da921e60c864336df2da24860e Mon Sep 17 00:00:00 2001
From: Florent <florent.pigout@novapost.fr>
Date: Tue, 25 Feb 2014 17:25:34 +0100
Subject: [PATCH] Enables the encryption_type selection using the configuration
 + Fixes the missing return.

---
 src/saml2/config.py   | 3 ++-
 src/saml2/metadata.py | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/saml2/config.py b/src/saml2/config.py
index 22ec13c..03bddb9 100644
--- a/src/saml2/config.py
+++ b/src/saml2/config.py
@@ -48,7 +48,7 @@ ONTS = {
 
 COMMON_ARGS = [
     "entityid", "xmlsec_binary", "debug", "key_file", "cert_file",
-    "secret", "accepted_time_diff", "name", "ca_certs",
+    "encryption_type", "secret", "accepted_time_diff", "name", "ca_certs",
     "description", "valid_for", "verify_ssl_cert",
     "organization",
     "contact_person",
@@ -169,6 +169,7 @@ class Config(object):
         self.debug = False
         self.key_file = None
         self.cert_file = None
+        self.encryption_type = 'both'
         self.secret = None
         self.accepted_time_diff = None
         self.name = None
diff --git a/src/saml2/metadata.py b/src/saml2/metadata.py
index a1c2a10..1e3b6db 100644
--- a/src/saml2/metadata.py
+++ b/src/saml2/metadata.py
@@ -197,7 +197,7 @@ def do_key_descriptor(cert, use="both"):
             )
         ]
     elif use in ["signing", "encryption"]:
-        md.KeyDescriptor(
+        return md.KeyDescriptor(
             key_info=ds.KeyInfo(
                 x509_data=ds.X509Data(
                     x509_certificate=ds.X509Certificate(text=cert)
@@ -429,7 +429,8 @@ def do_spsso_descriptor(conf, cert=None):
                 spsso.extensions.add_extension_element(val)
 
     if cert:
-        spsso.key_descriptor = do_key_descriptor(cert, "both")
+        encryption_type = conf.encryption_type
+        spsso.key_descriptor = do_key_descriptor(cert, encryption_type)
 
     for key in ["want_assertions_signed", "authn_requests_signed"]:
         try: