Skip to content

Commit b7061b7

Browse files
pitbulkpitbulk
committed
Fix #299 
1 parent 6c54131 commit b7061b7

2 files changed

Lines changed: 34 additions & 0 deletions

File tree

lib/onelogin/ruby-saml/idp_metadata_parser.rb

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -146,6 +146,14 @@ def certificate_base64
146146
"/md:EntityDescriptor/md:IDPSSODescriptor/md:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate",
147147
{ "md" => METADATA, "ds" => DSIG }
148148
)
149+
150+
unless node
151+
node = REXML::XPath.first(
152+
document,
153+
"/md:EntityDescriptor/md:IDPSSODescriptor/md:KeyDescriptor/ds:KeyInfo/ds:X509Data/ds:X509Certificate",
154+
{ "md" => METADATA, "ds" => DSIG }
155+
)
156+
end
149157
node.text if node
150158
end
151159
end

test/idp_metadata_parser_test.rb

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,33 @@ def initialize; end
2929
assert_equal "https://example.hello.com/access/saml/logout", settings.idp_slo_target_url
3030
assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", settings.name_identifier_format
3131
assert_equal ["AuthToken", "SSOStartPage"], settings.idp_attribute_names
32+
assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
3233
end
34+
35+
it "extract certificate from md:KeyDescriptor[@use='signing']" do
36+
idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
37+
idp_metadata = read_response("idp_descriptor.xml")
38+
settings = idp_metadata_parser.parse(idp_metadata)
39+
assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
40+
end
41+
42+
it "extract certificate from md:KeyDescriptor[@use='encryption']" do
43+
idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
44+
idp_metadata = read_response("idp_descriptor.xml")
45+
idp_metadata = idp_metadata.sub(/<md:KeyDescriptor use="signing">(.*?)<\/md:KeyDescriptor>/m, "")
46+
settings = idp_metadata_parser.parse(idp_metadata)
47+
assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
48+
end
49+
50+
it "extract certificate from md:KeyDescriptor" do
51+
idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
52+
idp_metadata = read_response("idp_descriptor.xml")
53+
idp_metadata = idp_metadata.sub(/<md:KeyDescriptor use="signing">(.*?)<\/md:KeyDescriptor>/m, "")
54+
idp_metadata = idp_metadata.sub('<md:KeyDescriptor use="encryption">', '<md:KeyDescriptor>')
55+
settings = idp_metadata_parser.parse(idp_metadata)
56+
assert_equal "F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72", settings.idp_cert_fingerprint
57+
end
58+
3359
end
3460

3561
describe "download and parse IdP descriptor file" do

0 commit comments

Comments
 (0)