Refactor multi cert support signature validation

pitbulk · pitbulk · commit 6bc0899b5e28 · 2018-01-23T10:58:48.000+01:00
diff --git a/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java b/core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java
@@ -298,7 +298,7 @@ public boolean isValid(String requestId) {
 				List<X509Certificate> multipleCertList = settings.getIdpx509certMulti();
 
 				if (multipleCertList != null && multipleCertList.size() != 0) {
-					certList = multipleCertList;
+					certList.addAll(multipleCertList);
 				}
 
 				if (cert != null && !certList.contains(cert)) {
diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java
@@ -363,14 +363,15 @@ public Boolean isValid() throws Exception {
 					throw new SettingsException("In order to validate the sign on the Logout Request, the x509cert of the IdP is required", SettingsException.CERT_NOT_FOUND);
 				}
 
-				List<X509Certificate> certList = settings.getIdpx509certMulti();
-				if (certList != null) {
-					if (!certList.contains(cert)) {
-						certList.add(0, cert);
-					}
-				} else {
-					certList = new ArrayList<X509Certificate>();
-					certList.add(cert);
+				List<X509Certificate> certList = new ArrayList<X509Certificate>();
+				List<X509Certificate> multipleCertList = settings.getIdpx509certMulti();
+
+				if (multipleCertList != null && multipleCertList.size() != 0) {
+					certList.addAll(multipleCertList);
+				}
+
+				if (certList.isEmpty() || !certList.contains(cert)) {
+					certList.add(0, cert);
 				}
 
 				String signAlg = request.getParameter("SigAlg");
diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
@@ -233,16 +233,16 @@ public Boolean isValid(String requestId) {
 					throw new SettingsException("In order to validate the sign on the Logout Response, the x509cert of the IdP is required", SettingsException.CERT_NOT_FOUND);
 				}
 
-				List<X509Certificate> certList = settings.getIdpx509certMulti();
-				if (certList != null) {
-					if (!certList.contains(cert)) {
-						certList.add(0, cert);
-					}
-				} else {
-					certList = new ArrayList<X509Certificate>();
-					certList.add(cert);
+				List<X509Certificate> certList = new ArrayList<X509Certificate>();
+				List<X509Certificate> multipleCertList = settings.getIdpx509certMulti();
+
+				if (multipleCertList != null && multipleCertList.size() != 0) {
+					certList.addAll(multipleCertList);
 				}
 
+				if (certList.isEmpty() || !certList.contains(cert)) {
+					certList.add(0, cert);
+				}
 
 				String signAlg = request.getParameter("SigAlg");
 				if (signAlg == null || signAlg.isEmpty()) {

Original file line number	Diff line number	Diff line change
`@@ -298,7 +298,7 @@ public boolean isValid(String requestId) {`
`298`	`298`	`List<X509Certificate> multipleCertList = settings.getIdpx509certMulti();`
`299`	`299`
`300`	`300`	`if (multipleCertList != null && multipleCertList.size() != 0) {`
`301`		`- certList = multipleCertList;`
	`301`	`+ certList.addAll(multipleCertList);`
`302`	`302`	`}`
`303`	`303`
`304`	`304`	`if (cert != null && !certList.contains(cert)) {`