Skip to content

Commit fe4d3ec

Browse files
BenJuan26crewjam
BenJuan26
authored and
crewjam
committed
SP: Add capability to provide intermediate certs (crewjam#178)
1 parent 00e0c65 commit fe4d3ec

File tree

2 files changed

+9
-2
lines changed

2 files changed

+9
-2
lines changed

samlsp/samlsp.go

+2
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ type Options struct {
2525
Key *rsa.PrivateKey
2626
Logger logger.Interface
2727
Certificate *x509.Certificate
28+
Intermediates []*x509.Certificate
2829
AllowIDPInitiated bool
2930
IDPMetadata *saml.EntityDescriptor
3031
IDPMetadataURL *url.URL
@@ -57,6 +58,7 @@ func New(opts Options) (*Middleware, error) {
5758
Key: opts.Key,
5859
Logger: logr,
5960
Certificate: opts.Certificate,
61+
Intermediates: opts.Intermediates,
6062
MetadataURL: *metadataURL,
6163
AcsURL: *acsURL,
6264
IDPMetadata: opts.IDPMetadata,

service_provider.go

+7-2
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ type ServiceProvider struct {
5555

5656
// Certificate is the RSA public part of Key.
5757
Certificate *x509.Certificate
58+
Intermediates []*x509.Certificate
5859

5960
// MetadataURL is the full URL to the metadata endpoint on this host,
6061
// i.e. https://example.com/saml/metadata
@@ -112,6 +113,10 @@ func (sp *ServiceProvider) Metadata() *EntityDescriptor {
112113
authnRequestsSigned := false
113114
wantAssertionsSigned := true
114115
validUntil := TimeNow().Add(validDuration)
116+
certBytes := sp.Certificate.Raw
117+
for _, intermediate := range sp.Intermediates {
118+
certBytes = append(certBytes, intermediate.Raw...)
119+
}
115120
return &EntityDescriptor{
116121
EntityID: sp.MetadataURL.String(),
117122
ValidUntil: validUntil,
@@ -125,13 +130,13 @@ func (sp *ServiceProvider) Metadata() *EntityDescriptor {
125130
{
126131
Use: "signing",
127132
KeyInfo: KeyInfo{
128-
Certificate: base64.StdEncoding.EncodeToString(sp.Certificate.Raw),
133+
Certificate: base64.StdEncoding.EncodeToString(certBytes),
129134
},
130135
},
131136
{
132137
Use: "encryption",
133138
KeyInfo: KeyInfo{
134-
Certificate: base64.StdEncoding.EncodeToString(sp.Certificate.Raw),
139+
Certificate: base64.StdEncoding.EncodeToString(certBytes),
135140
},
136141
EncryptionMethods: []EncryptionMethod{
137142
{Algorithm: "http://www.w3.org/2001/04/xmlenc#aes128-cbc"},

0 commit comments

Comments
 (0)