Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IdpMetadataParser should always set idp_cert_multi, even when there is only one cert #611

Merged
merged 1 commit into from
Aug 16, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions lib/onelogin/ruby-saml/idp_metadata_parser.rb
Original file line number Diff line number Diff line change
Expand Up @@ -421,10 +421,10 @@ def merge_certificates_into(parsed_metadata)
parsed_metadata[:idp_cert_fingerprint_algorithm]
)
end
else
# symbolize keys of certificates and pass it on
parsed_metadata[:idp_cert_multi] = Hash[certificates.map { |k, v| [k.to_sym, v] }]
end

# symbolize keys of certificates and pass it on
parsed_metadata[:idp_cert_multi] = Hash[certificates.map { |k, v| [k.to_sym, v] }]
end

def certificates_has_one(key)
Expand Down
24 changes: 13 additions & 11 deletions test/idp_metadata_parser_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -532,8 +532,8 @@ def initialize; end
@settings = @idp_metadata_parser.parse(@idp_metadata)
end

it "should return idp_cert and idp_cert_fingerprint and no idp_cert_multi" do
assert_equal "MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzET
let(:expected_cert) do
"MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzET
MBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYD
VQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2
MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
Expand All @@ -555,13 +555,17 @@ def initialize; end
sTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClP
TbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWu
QOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh78
1sE=", @settings.idp_cert
assert_equal "2D:A9:40:88:28:EE:67:BB:4A:5B:E0:58:A7:CC:71:95:2D:1B:C9:D3", @settings.idp_cert_fingerprint
assert_nil @settings.idp_cert_multi
assert_equal "https://app.onelogin.com/saml/metadata/383123", @settings.idp_entity_id
assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", @settings.name_identifier_format
assert_equal "https://app.onelogin.com/trust/saml2/http-post/sso/383123", @settings.idp_sso_service_url
assert_nil @settings.idp_slo_service_url
1sE="
end

it "should return idp_cert and idp_cert_fingerprint and no idp_cert_multi" do
assert_equal(expected_cert, @settings.idp_cert)
assert_equal("2D:A9:40:88:28:EE:67:BB:4A:5B:E0:58:A7:CC:71:95:2D:1B:C9:D3", @settings.idp_cert_fingerprint)
assert_equal({ signing: [expected_cert], encryption: [expected_cert] }, @settings.idp_cert_multi)
assert_equal("https://app.onelogin.com/saml/metadata/383123", @settings.idp_entity_id)
assert_equal("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", @settings.name_identifier_format)
assert_equal("https://app.onelogin.com/trust/saml2/http-post/sso/383123", @settings.idp_sso_service_url)
assert_nil(@settings.idp_slo_service_url)
end
end

Expand Down Expand Up @@ -638,7 +642,6 @@ def initialize; end

settings = idp_metadata_parser.parse(idp_different_slo_response_location)


assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_service_url
assert_equal "https://hello.example.com/access/saml/logout/return", settings.idp_slo_response_service_url
end
Expand All @@ -648,7 +651,6 @@ def initialize; end

settings = idp_metadata_parser.parse(idp_without_slo_response_location)


assert_equal "https://hello.example.com/access/saml/logout", settings.idp_slo_service_url
assert_nil settings.idp_slo_response_service_url
end
Expand Down