Skip to content

Commit a251f01

Browse files
authored
Merge pull request #240 from ProcrastinatorCp/ticket-spKeyRollOver
Support SP Key Rollover - Publish future SP x509 Certificate in Metadata
2 parents 42700cc + f404fb0 commit a251f01

8 files changed

Lines changed: 88 additions & 35 deletions

File tree

README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -233,6 +233,9 @@ onelogin.saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspe
233233

234234
onelogin.saml2.sp.x509cert =
235235

236+
# Future SP certificate, to be used during SP Key roll over
237+
onelogin.saml2.sp.x509certNew =
238+
236239
# Requires Format PKCS#8 BEGIN PRIVATE KEY
237240
# If you have PKCS#1 BEGIN RSA PRIVATE KEY convert it by openssl pkcs8 -topk8 -inform pem -nocrypt -in sp.rsa_key -outform pem -out sp.pem
238241
onelogin.saml2.sp.privatekey =

core/src/main/java/com/onelogin/saml2/settings/Metadata.java

Lines changed: 41 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package com.onelogin.saml2.settings;
22

33
import java.net.URL;
4+
import java.util.Arrays;
45
import java.util.Calendar;
56
import java.util.HashMap;
67
import java.util.List;
@@ -152,7 +153,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) throws Certif
152153

153154
valueMap.put("strAttributeConsumingService", getAttributeConsumingServiceXml());
154155

155-
valueMap.put("strKeyDescriptor", toX509KeyDescriptorsXML(settings.getSPcert(), wantsEncrypted));
156+
valueMap.put("strKeyDescriptor", toX509KeyDescriptorsXML(settings.getSPcert(), settings.getSPcertNew(), wantsEncrypted));
156157
valueMap.put("strContacts", toContactsXml(settings.getContacts()));
157158
valueMap.put("strOrganization", toOrganizationXml(settings.getOrganization()));
158159

@@ -292,52 +293,59 @@ private String toOrganizationXml(Organization organization) {
292293
* Generates the KeyDescriptor section of the metadata's template
293294
*
294295
* @param cert
295-
* the public cert that will be used by the SP to sign and encrypt
296+
* the public cert that will be used by the SP to sign and encrypt
296297
* @param wantsEncrypted
297-
* Whether to include the KeyDescriptor for encryption
298+
* Whether to include the KeyDescriptor for encryption
298299
*
299300
* @return the KeyDescriptor section of the metadata's template
300301
*/
301302
private String toX509KeyDescriptorsXML(X509Certificate cert, Boolean wantsEncrypted) throws CertificateEncodingException {
302-
StringBuilder keyDescriptorXml = new StringBuilder();
303-
304-
if (cert != null) {
305-
Base64 encoder = new Base64(64);
306-
byte[] encodedCert = cert.getEncoded();
307-
String certString = new String(encoder.encode(encodedCert));
308-
309-
keyDescriptorXml.append("<md:KeyDescriptor use=\"signing\">");
310-
keyDescriptorXml.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
311-
keyDescriptorXml.append("<ds:X509Data>");
312-
keyDescriptorXml.append("<ds:X509Certificate>"+certString+"</ds:X509Certificate>");
313-
keyDescriptorXml.append("</ds:X509Data>");
314-
keyDescriptorXml.append("</ds:KeyInfo>");
315-
keyDescriptorXml.append("</md:KeyDescriptor>");
316-
317-
if (wantsEncrypted) {
318-
keyDescriptorXml.append("<md:KeyDescriptor use=\"encryption\">");
319-
keyDescriptorXml.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
320-
keyDescriptorXml.append("<ds:X509Data>");
321-
keyDescriptorXml.append("<ds:X509Certificate>"+certString+"</ds:X509Certificate>");
322-
keyDescriptorXml.append("</ds:X509Data>");
323-
keyDescriptorXml.append("</ds:KeyInfo>");
324-
keyDescriptorXml.append("</md:KeyDescriptor>");
325-
}
326-
}
327-
328-
return keyDescriptorXml.toString();
303+
return this.toX509KeyDescriptorsXML(cert, null, wantsEncrypted);
329304
}
330305

331306
/**
332307
* Generates the KeyDescriptor section of the metadata's template
333308
*
334-
* @param cert
309+
* @param certCurrent
335310
* the public cert that will be used by the SP to sign and encrypt
311+
* @param certNew
312+
* the public cert that will be used by the SP to sign and encrypt in future
313+
* @param wantsEncrypted
314+
* Whether to include the KeyDescriptor for encryption
336315
*
337316
* @return the KeyDescriptor section of the metadata's template
338317
*/
339-
private String toX509KeyDescriptorsXML(X509Certificate cert) throws CertificateEncodingException {
340-
return toX509KeyDescriptorsXML(cert, true);
318+
private String toX509KeyDescriptorsXML(X509Certificate certCurrent, X509Certificate certNew, Boolean wantsEncrypted) throws CertificateEncodingException {
319+
StringBuilder keyDescriptorXml = new StringBuilder();
320+
321+
List<X509Certificate> certs = Arrays.asList(certCurrent, certNew);
322+
for(X509Certificate cert : certs) {
323+
if (cert != null) {
324+
Base64 encoder = new Base64(64);
325+
byte[] encodedCert = cert.getEncoded();
326+
String certString = new String(encoder.encode(encodedCert));
327+
328+
keyDescriptorXml.append("<md:KeyDescriptor use=\"signing\">");
329+
keyDescriptorXml.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
330+
keyDescriptorXml.append("<ds:X509Data>");
331+
keyDescriptorXml.append("<ds:X509Certificate>"+certString+"</ds:X509Certificate>");
332+
keyDescriptorXml.append("</ds:X509Data>");
333+
keyDescriptorXml.append("</ds:KeyInfo>");
334+
keyDescriptorXml.append("</md:KeyDescriptor>");
335+
336+
if (wantsEncrypted) {
337+
keyDescriptorXml.append("<md:KeyDescriptor use=\"encryption\">");
338+
keyDescriptorXml.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
339+
keyDescriptorXml.append("<ds:X509Data>");
340+
keyDescriptorXml.append("<ds:X509Certificate>"+certString+"</ds:X509Certificate>");
341+
keyDescriptorXml.append("</ds:X509Data>");
342+
keyDescriptorXml.append("</ds:KeyInfo>");
343+
keyDescriptorXml.append("</md:KeyDescriptor>");
344+
}
345+
}
346+
}
347+
348+
return keyDescriptorXml.toString();
341349
}
342350

343351
/**

core/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ public class Saml2Settings {
4242
private String spSingleLogoutServiceBinding = Constants.BINDING_HTTP_REDIRECT;
4343
private String spNameIDFormat = Constants.NAMEID_UNSPECIFIED;
4444
private X509Certificate spX509cert = null;
45+
private X509Certificate spX509certNew = null;
4546
private PrivateKey spPrivateKey = null;
4647

4748
// IdP
@@ -141,6 +142,13 @@ public final X509Certificate getSPcert() {
141142
return spX509cert;
142143
}
143144

145+
/**
146+
* @return the spX509certNew setting value
147+
*/
148+
public final X509Certificate getSPcertNew() {
149+
return spX509certNew;
150+
}
151+
144152
/**
145153
* @return the spPrivateKey setting value
146154
*/
@@ -445,6 +453,16 @@ protected final void setSpX509cert(X509Certificate spX509cert) {
445453
this.spX509cert = spX509cert;
446454
}
447455

456+
/**
457+
* Set the spX509certNew setting value provided as X509Certificate object
458+
*
459+
* @param spX509certNew
460+
* the spX509certNew value to be set in X509Certificate format
461+
*/
462+
protected final void setSpX509certNew(X509Certificate spX509certNew) {
463+
this.spX509certNew = spX509certNew;
464+
}
465+
448466
/**
449467
* Set the spPrivateKey setting value provided as a PrivateKey object
450468
*

core/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ public class SettingsBuilder {
5858

5959
public final static String SP_X509CERT_PROPERTY_KEY = "onelogin.saml2.sp.x509cert";
6060
public final static String SP_PRIVATEKEY_PROPERTY_KEY = "onelogin.saml2.sp.privatekey";
61-
61+
public final static String SP_X509CERTNEW_PROPERTY_KEY = "onelogin.saml2.sp.x509certNew";
6262
// IDP
6363
public final static String IDP_ENTITYID_PROPERTY_KEY = "onelogin.saml2.idp.entityid";
6464
public final static String IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.url";
@@ -426,6 +426,10 @@ private void loadSpSetting() {
426426
if (spX509cert != null)
427427
saml2Setting.setSpX509cert(spX509cert);
428428

429+
X509Certificate spX509certNew = loadCertificateFromProp(SP_X509CERTNEW_PROPERTY_KEY);
430+
if (spX509certNew != null)
431+
saml2Setting.setSpX509certNew(spX509certNew);
432+
429433
PrivateKey spPrivateKey = loadPrivateKeyFromProp(SP_PRIVATEKEY_PROPERTY_KEY);
430434
if (spPrivateKey != null)
431435
saml2Setting.setSpPrivateKey(spPrivateKey);

core/src/test/java/com/onelogin/saml2/test/settings/MetadataTest.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -248,9 +248,15 @@ public void testToX509KeyDescriptorsXML() throws IOException, CertificateEncodin
248248
String keyDescriptorSignStr = "<md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czET";
249249
String keyDescriptorEncStr = "<md:KeyDescriptor use=\"encryption\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czET";
250250

251+
int keyDescriptorSignStrCount = metadataStr.split(keyDescriptorSignStr).length - 1;
252+
int keyDescriptorEncStrCount = metadataStr.split(keyDescriptorEncStr).length - 1;
253+
251254
assertThat(metadataStr, containsString(keyDescriptorSignStr));
252255
assertThat(metadataStr, containsString(keyDescriptorEncStr));
253256

257+
assertEquals(2, keyDescriptorEncStrCount);
258+
assertEquals(2, keyDescriptorSignStrCount);
259+
254260
Saml2Settings settings2 = new SettingsBuilder().fromFile("config/config.minnosls.properties").build();
255261
Metadata metadataObj2 = new Metadata(settings2);
256262
String metadataStr2 = metadataObj2.getMetadataString();

core/src/test/java/com/onelogin/saml2/test/settings/Saml2SettingsTest.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -297,7 +297,12 @@ public void testGetSPMetadataSigned() throws Exception {
297297
assertThat(metadataStr, containsString("entityID=\"http://localhost:8080/java-saml-jspsample/metadata.jsp\""));
298298
assertThat(metadataStr, containsString("AuthnRequestsSigned=\"true\""));
299299
assertThat(metadataStr, containsString("WantAssertionsSigned=\"true\""));
300-
assertThat(metadataStr, containsString("<md:KeyDescriptor use=\"signing\">"));
300+
301+
String keyDescriptorSigningText = "<md:KeyDescriptor use=\"signing\">";
302+
int keyDescriptorSignStrCount = metadataStr.split(keyDescriptorSigningText).length - 1;
303+
assertThat(metadataStr, containsString(keyDescriptorSigningText));
304+
assertEquals(2, keyDescriptorSignStrCount);
305+
301306
assertThat(metadataStr, containsString("<md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8080/java-saml-jspsample/acs.jsp\" index=\"1\">"));
302307
assertThat(metadataStr, containsString("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://localhost:8080/java-saml-jspsample/sls.jsp\">"));
303308
assertThat(metadataStr, containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>"));

core/src/test/java/com/onelogin/saml2/test/settings/SettingBuilderTest.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -629,6 +629,7 @@ public void testLoadFromValues() throws Exception {
629629
samlData.put(SP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
630630
samlData.put(SP_NAMEIDFORMAT_PROPERTY_KEY, "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
631631
samlData.put(SP_X509CERT_PROPERTY_KEY, "-----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE-----");
632+
samlData.put(SP_X509CERTNEW_PROPERTY_KEY, "-----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE-----");
632633
samlData.put(SP_PRIVATEKEY_PROPERTY_KEY, "-----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAECgYA7VPVRl+/xoVeWdKdWY1F17HerSa23ynI2vQ8TkUY6kR3ucz6ElRxHJesY8fNCPoX+XuMfUly7IKyPZMkWyvEgDPo7J5mYqP5VsTK0Li4AwR/BA93Aw6gaX7/EYi3HjBh8QdNSt4fi9yOea/hv04yfR9Lx/a5fvQIyhqaDtT2QeQJBAOnCgnxnj70/sv9UsFPa8t1OGdAfXtOgEoklh1F2NR9jid6FPw5E98eCpdZ00MfRrmUavgqg6Y4swZISyzJIjGMCQQDN0YNsC4S+eJJM6aOCpupKluWE/cCWB01UQYekyXH7OdUtl49NlKEUPBSAvtaLMuMKlTNOjlPrx4Q+/c5i0vTPAkEA5H7CR9J/OZETaewhc8ZYkaRvLPYNHjWhCLhLXoB6itUkhgOfUFZwEXAOpOOI1VmL675JN2B1DAmJqTx/rQYnWwJBAMx3ztsAmnBq8dTM6y65ydouDHhRawjg2jbRHwNbSQvuyVSQ08Gb3WZvxWKdtB/3fsydqqnpBYAf5sZ5eJZ+wssCQAOiIKnhdYe+RBbBwykzjUqtzEmt4fwCFE8tD4feEx77D05j5f7u7KYh1mL0G2zIbnUryi7jwc4ye98VirRpZ1w=-----END PRIVATE KEY-----");
633634

634635
// Build IdP
@@ -688,6 +689,8 @@ public void testLoadFromValues() throws Exception {
688689
assertEquals("http://localhost:8080/java-saml-jspsample/sls.jsp", setting.getSpSingleLogoutServiceUrl().toString());
689690
assertEquals(setting.getSpSingleLogoutServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
690691
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
692+
assertNotNull(setting.getSPcert());
693+
assertNotNull(setting.getSPcertNew());
691694

692695
assertEquals("http://idp.example.com/", setting.getIdpEntityId());
693696
assertEquals("http://idp.example.com/simplesaml/saml2/idp/SSOService.php", setting.getIdpSingleSignOnServiceUrl().toString());
@@ -764,6 +767,7 @@ public void testLoadFromValuesWithObjects() throws Exception {
764767
samlData.put(SP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
765768
samlData.put(SP_NAMEIDFORMAT_PROPERTY_KEY, "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
766769
samlData.put(SP_X509CERT_PROPERTY_KEY, "-----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE-----");
770+
samlData.put(SP_X509CERTNEW_PROPERTY_KEY, "-----BEGIN CERTIFICATE-----MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wHhcNMTUxMDE4MjAxMjM1WhcNMTgwNzE0MjAxMjM1WjBZMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lTG9naW4gSW5jMR4wHAYDVQQDDBVqYXZhLXNhbWwuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAGjUDBOMB0GA1UdDgQWBBTifMwN3CQ5ZOPkV5tDJsutU8teFDAfBgNVHSMEGDAWgBTifMwN3CQ5ZOPkV5tDJsutU8teFDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG3nAEUjJaA75SkzID5FKLolsxG5TE/0HU0+yEUAVkXiqvqN4mPWq/JjoK5+uP4LEZIb4pRrCqI3iHp+vazLLYSeyV3kaGN7q35Afw8nk8WM0f7vImbQ69j1S8GQ+6E0PEI26qBLykGkMn3GUVtBBWSdpP093NuNLJiOomnHqhqj-----END CERTIFICATE-----");
767771
samlData.put(SP_PRIVATEKEY_PROPERTY_KEY, "-----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALvwEktX1+4y2AhEqxVwOO6HO7Wtzi3hr5becRkfLYGjNSyhzZCjI1DsNL61JSWDO3nviZd9fSkFnRC4akFUm0CS6GJ7TZe4T5o+9aowQ6N8e8cts9XPXyP6Inz7q4sD8pO2EInlfwHYPQCqFmz/SDW7cDgIC8vb0ygOsiXdreANAgMBAAECgYA7VPVRl+/xoVeWdKdWY1F17HerSa23ynI2vQ8TkUY6kR3ucz6ElRxHJesY8fNCPoX+XuMfUly7IKyPZMkWyvEgDPo7J5mYqP5VsTK0Li4AwR/BA93Aw6gaX7/EYi3HjBh8QdNSt4fi9yOea/hv04yfR9Lx/a5fvQIyhqaDtT2QeQJBAOnCgnxnj70/sv9UsFPa8t1OGdAfXtOgEoklh1F2NR9jid6FPw5E98eCpdZ00MfRrmUavgqg6Y4swZISyzJIjGMCQQDN0YNsC4S+eJJM6aOCpupKluWE/cCWB01UQYekyXH7OdUtl49NlKEUPBSAvtaLMuMKlTNOjlPrx4Q+/c5i0vTPAkEA5H7CR9J/OZETaewhc8ZYkaRvLPYNHjWhCLhLXoB6itUkhgOfUFZwEXAOpOOI1VmL675JN2B1DAmJqTx/rQYnWwJBAMx3ztsAmnBq8dTM6y65ydouDHhRawjg2jbRHwNbSQvuyVSQ08Gb3WZvxWKdtB/3fsydqqnpBYAf5sZ5eJZ+wssCQAOiIKnhdYe+RBbBwykzjUqtzEmt4fwCFE8tD4feEx77D05j5f7u7KYh1mL0G2zIbnUryi7jwc4ye98VirRpZ1w=-----END PRIVATE KEY-----");
768772

769773
// Build IdP
@@ -819,6 +823,8 @@ public void testLoadFromValuesWithObjects() throws Exception {
819823
assertEquals("http://localhost:8080/java-saml-jspsample/sls.jsp", setting.getSpSingleLogoutServiceUrl().toString());
820824
assertEquals(setting.getSpSingleLogoutServiceBinding(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
821825
assertEquals(setting.getSpNameIDFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
826+
assertNotNull(setting.getSPcert());
827+
assertNotNull(setting.getSPcertNew());
822828

823829
assertEquals("http://idp.example.com/", setting.getIdpEntityId());
824830
assertEquals("http://idp.example.com/simplesaml/saml2/idp/SSOService.php", setting.getIdpSingleSignOnServiceUrl().toString());

0 commit comments

Comments
 (0)