Skip to content

Commit 8a6b1dd

Browse files
author
Tobias Amft
committed
Return original certificate and key from Utils build functions
Return the original certificate from Utils.build_cert_object when an instance of OpenSSL::X509::Certificate is given. And return the original key from Utils.build_private_key_object when an instance of OpenSSL::PKey::PKey is given.
1 parent e58c126 commit 8a6b1dd

3 files changed

Lines changed: 23 additions & 11 deletions

File tree

lib/ruby_saml/settings.rb

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -374,12 +374,16 @@ def get_all_sp_certs
374374
# Validate certificate, certificate_new, private_key, and sp_cert_multi params.
375375
def validate_sp_certs_params!
376376
has_multi = sp_cert_multi && !sp_cert_multi.empty?
377-
has_pk = private_key && !private_key.empty?
378-
if has_multi && (cert?(certificate) || cert?(certificate_new) || has_pk)
377+
if has_multi && (cert?(certificate) || cert?(certificate_new) || pk?)
379378
raise ArgumentError.new("Cannot specify both sp_cert_multi and certificate, certificate_new, private_key parameters")
380379
end
381380
end
382381

382+
# Check if private key exists and is not empty
383+
def pk?
384+
private_key && !private_key.empty?
385+
end
386+
383387
# Check if a certificate is present.
384388
def cert?(cert)
385389
return true if cert.is_a?(OpenSSL::X509::Certificate)
@@ -392,14 +396,14 @@ def get_sp_certs_single
392396
certs = { :signing => [], :encryption => [] }
393397

394398
sp_key = RubySaml::Utils.build_private_key_object(private_key)
395-
cert = build_cert_object(certificate)
399+
cert = RubySaml::Utils.build_cert_object(certificate)
396400
if cert || sp_key
397401
ary = [cert, sp_key].freeze
398402
certs[:signing] << ary
399403
certs[:encryption] << ary
400404
end
401405

402-
cert_new = build_cert_object(certificate_new)
406+
cert_new = RubySaml::Utils.build_cert_object(certificate_new)
403407
if cert_new
404408
ary = [cert_new, sp_key].freeze
405409
certs[:signing] << ary
@@ -434,7 +438,7 @@ def get_sp_certs_multi
434438
end
435439

436440
certs[type] << [
437-
build_cert_object(cert),
441+
RubySaml::Utils.build_cert_object(cert),
438442
RubySaml::Utils.build_private_key_object(key)
439443
].freeze
440444
end
@@ -443,11 +447,5 @@ def get_sp_certs_multi
443447
certs.each { |_, ary| ary.freeze }
444448
certs
445449
end
446-
447-
def build_cert_object(cert)
448-
return cert if cert.is_a?(OpenSSL::X509::Certificate)
449-
450-
OneLogin::RubySaml::Utils.build_cert_object(cert)
451-
end
452450
end
453451
end

lib/ruby_saml/utils.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,7 @@ def format_private_key(key, multi: false)
119119
# @param pem [String] The original certificate
120120
# @return [OpenSSL::X509::Certificate] The certificate object
121121
def build_cert_object(pem)
122+
return pem if pem.is_a?(OpenSSL::X509::Certificate)
122123
return unless (pem = PemFormatter.format_cert(pem, multi: false))
123124

124125
OpenSSL::X509::Certificate.new(pem)
@@ -129,6 +130,7 @@ def build_cert_object(pem)
129130
# @param pem [String] The original private key.
130131
# @return [OpenSSL::PKey::PKey] The private key object.
131132
def build_private_key_object(pem)
133+
return pem if pem.is_a?(OpenSSL::PKey::PKey)
132134
return unless (pem = PemFormatter.format_private_key(pem, multi: false))
133135

134136
error = nil

test/utils_test.rb

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,11 @@ def result(duration, reference = 0)
156156
end
157157
end
158158

159+
it 'returns the original certificate when an OpenSSL::X509::Certificate is given' do
160+
certificate = OpenSSL::X509::Certificate.new
161+
assert_same certificate, RubySaml::Utils.build_cert_object(certificate)
162+
end
163+
159164
it 'returns nil for nil certificate string' do
160165
assert_nil RubySaml::Utils.build_cert_object(nil)
161166
end
@@ -180,6 +185,13 @@ def result(duration, reference = 0)
180185
end
181186
end
182187

188+
[OpenSSL::PKey::RSA, OpenSSL::PKey::DSA, OpenSSL::PKey::EC].each do |key_class|
189+
it 'returns the original private key when an instance of OpenSSL::PKey::PKey is given' do
190+
private_key = key_class.new
191+
assert_same private_key, RubySaml::Utils.build_private_key_object(private_key)
192+
end
193+
end
194+
183195
it 'returns nil for nil private key string' do
184196
assert_nil RubySaml::Utils.build_private_key_object(nil)
185197
end

0 commit comments

Comments
 (0)