Keep the extracted certificate when parsing IdP metadata

peterwake · peterwake · commit 885e59f7d0d8 · 2015-11-24T08:46:04.000Z
diff --git a/lib/onelogin/ruby-saml/idp_metadata_parser.rb b/lib/onelogin/ruby-saml/idp_metadata_parser.rb
@@ -44,6 +44,7 @@ def parse(idp_metadata)
           settings.name_identifier_format = idp_name_id_format
           settings.idp_sso_target_url = single_signon_service_url
           settings.idp_slo_target_url = single_logout_service_url
+          settings.idp_cert = certificate_base64
           settings.idp_cert_fingerprint = fingerprint
         end
       end
@@ -133,19 +134,28 @@ def single_logout_service_url
         node.value if node
       end
 
+      # @return [String|nil] Unformatted Certificate if exists
+      #
+      def certificate_base64
+        @certificate_base64 ||= begin
+          node = REXML::XPath.first(
+              document,
+              "/md:EntityDescriptor/md:IDPSSODescriptor/md:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate",
+              { "md" => METADATA, "ds" => DSIG }
+          )
+          node.text if node
+        end
+      end
+
       # @return [String|nil] X509Certificate if exists
       #
       def certificate
         @certificate ||= begin
-          node = REXML::XPath.first(
-            document,
-            "/md:EntityDescriptor/md:IDPSSODescriptor/md:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate",
-            { "md" => METADATA, "ds" => DSIG }
-          )
-          Base64.decode64(node.text) if node
+          Base64.decode64(certificate_base64) if certificate_base64
         end
       end
 
+
       # @return [String|nil] the SHA-1 fingerpint of the X509Certificate if it exists
       #
       def fingerprint
diff --git a/lib/onelogin/ruby-saml/settings.rb b/lib/onelogin/ruby-saml/settings.rb
@@ -118,17 +118,17 @@ def get_fingerprint
       def get_idp_cert
         return nil if idp_cert.nil? || idp_cert.empty?
 
-        formated_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
-        OpenSSL::X509::Certificate.new(formated_cert)
+        formatted_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
+        OpenSSL::X509::Certificate.new(formatted_cert)
       end
 
       # @return [OpenSSL::X509::Certificate|nil] Build the SP certificate from the settings (previously format it)
       #
       def get_sp_cert
         return nil if certificate.nil? || certificate.empty?
 
-        formated_cert = OneLogin::RubySaml::Utils.format_cert(certificate)
-        OpenSSL::X509::Certificate.new(formated_cert)
+        formatted_cert = OneLogin::RubySaml::Utils.format_cert(certificate)
+        OpenSSL::X509::Certificate.new(formatted_cert)
       end
 
       # @return [OpenSSL::PKey::RSA] Build the SP private from the settings (previously format it)
