Return original certificate and key from Utils build functions

Return the original certificate from Utils.build_cert_object when an
instance of OpenSSL::X509::Certificate is given. And return the original
key from Utils.build_private_key_object when an instance of
OpenSSL::PKey::PKey is given.

Author: Tobias Amft

lib/ruby_saml/settings.rb

@@ -374,12 +374,16 @@ def get_all_sp_certs
     # Validate certificate, certificate_new, private_key, and sp_cert_multi params.
     def validate_sp_certs_params!
       has_multi = sp_cert_multi && !sp_cert_multi.empty?
-      has_pk = private_key && !private_key.empty?
-      if has_multi && (cert?(certificate) || cert?(certificate_new) || has_pk)
+      if has_multi && (cert?(certificate) || cert?(certificate_new) || pk?)
         raise ArgumentError.new("Cannot specify both sp_cert_multi and certificate, certificate_new, private_key parameters")
       end
     end
 
+    # Check if private key exists and is not empty
+    def pk?
+      private_key && !private_key.empty?
+    end
+
     # Check if a certificate is present.
     def cert?(cert)
       return true if cert.is_a?(OpenSSL::X509::Certificate)
@@ -392,14 +396,14 @@ def get_sp_certs_single
       certs = { :signing => [], :encryption => [] }
 
       sp_key = RubySaml::Utils.build_private_key_object(private_key)
-      cert = build_cert_object(certificate)
+      cert = RubySaml::Utils.build_cert_object(certificate)
       if cert || sp_key
         ary = [cert, sp_key].freeze
         certs[:signing] << ary
         certs[:encryption] << ary
       end
 
-      cert_new = build_cert_object(certificate_new)
+      cert_new = RubySaml::Utils.build_cert_object(certificate_new)
       if cert_new
         ary = [cert_new, sp_key].freeze
         certs[:signing] << ary
@@ -434,7 +438,7 @@ def get_sp_certs_multi
           end
 
           certs[type] << [
-            build_cert_object(cert),
+            RubySaml::Utils.build_cert_object(cert),
             RubySaml::Utils.build_private_key_object(key)
           ].freeze
         end
@@ -443,11 +447,5 @@ def get_sp_certs_multi
       certs.each { |_, ary| ary.freeze }
       certs
     end
-
-    def build_cert_object(cert)
-      return cert if cert.is_a?(OpenSSL::X509::Certificate)
-
-      OneLogin::RubySaml::Utils.build_cert_object(cert)
-    end
   end
 end

lib/ruby_saml/utils.rb

@@ -119,6 +119,7 @@ def format_private_key(key, multi: false)
     # @param pem [String] The original certificate
     # @return [OpenSSL::X509::Certificate] The certificate object
     def build_cert_object(pem)
+      return pem if pem.is_a?(OpenSSL::X509::Certificate)
       return unless (pem = PemFormatter.format_cert(pem, multi: false))
 
       OpenSSL::X509::Certificate.new(pem)
@@ -129,6 +130,7 @@ def build_cert_object(pem)
     # @param pem [String] The original private key.
     # @return [OpenSSL::PKey::PKey] The private key object.
     def build_private_key_object(pem)
+      return pem if pem.is_a?(OpenSSL::PKey::PKey)
       return unless (pem = PemFormatter.format_private_key(pem, multi: false))
 
       error = nil

test/utils_test.rb

@@ -156,6 +156,11 @@ def result(duration, reference = 0)
       end
     end
 
+    it 'returns the original certificate when an OpenSSL::X509::Certificate is given' do
+      certificate = OpenSSL::X509::Certificate.new
+      assert_same certificate, RubySaml::Utils.build_cert_object(certificate)
+    end
+
     it 'returns nil for nil certificate string' do
       assert_nil RubySaml::Utils.build_cert_object(nil)
     end
@@ -180,6 +185,13 @@ def result(duration, reference = 0)
       end
     end
 
+    [OpenSSL::PKey::RSA, OpenSSL::PKey::DSA, OpenSSL::PKey::EC].each do |key_class|
+      it 'returns the original private key when an instance of OpenSSL::PKey::PKey is given' do
+        private_key = key_class.new
+        assert_same private_key, RubySaml::Utils.build_private_key_object(private_key)
+      end
+    end
+
     it 'returns nil for nil private key string' do
       assert_nil RubySaml::Utils.build_private_key_object(nil)
     end