Merge pull request #576 from alxckn/support_idp_cert_multi_with_strin…

…g_keys Support idp cert multi with string keys
SAML-Toolkits · Jan 2, 2023 · 9da1ad4 · 9da1ad4
2 parents ca2acbf + 01c95db
commit 9da1ad4
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 9 deletions.
diff --git a/lib/onelogin/ruby-saml/settings.rb b/lib/onelogin/ruby-saml/settings.rb
@@ -195,17 +195,13 @@ def get_idp_cert_multi
 
         certs = {:signing => [], :encryption => [] }
 
-        if idp_cert_multi.key?(:signing) and not idp_cert_multi[:signing].empty?
-          idp_cert_multi[:signing].each do |idp_cert|
-            formatted_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
-            certs[:signing].push(OpenSSL::X509::Certificate.new(formatted_cert))
-          end
-        end
+        [:signing, :encryption].each do |type|
+          certs_for_type = idp_cert_multi[type] || idp_cert_multi[type.to_s]
+          next if !certs_for_type || certs_for_type.empty?
 
-        if idp_cert_multi.key?(:encryption) and not idp_cert_multi[:encryption].empty?
-          idp_cert_multi[:encryption].each do |idp_cert|
+          certs_for_type.each do |idp_cert|
             formatted_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
-            certs[:encryption].push(OpenSSL::X509::Certificate.new(formatted_cert))
+            certs[type].push(OpenSSL::X509::Certificate.new(formatted_cert))
           end
         end
 

diff --git a/test/response_test.rb b/test/response_test.rb
@@ -980,6 +980,16 @@ def generate_audience_error(expected, actual)
         assert_empty response_valid_signed.errors
       end
 
+      it "return true when at least a cert on idp_cert_multi is valid and keys are strings" do
+        settings.idp_cert_multi = {
+          "signing" => [ruby_saml_cert_text2, ruby_saml_cert_text],
+          "encryption" => []
+        }
+        response_valid_signed.settings = settings
+        res = response_valid_signed.send(:validate_signature)
+        assert_empty response_valid_signed.errors
+      end
+
       it "return false when none cert on idp_cert_multi is valid" do
         settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
         settings.idp_cert_multi = {

diff --git a/test/settings_test.rb b/test/settings_test.rb
@@ -257,6 +257,35 @@ class SettingsTest < Minitest::Test
         assert_equal empty_multi, @settings.get_idp_cert_multi
       end
 
+      it "returns partial hash when contains some values with string keys" do
+        empty_multi = {
+          :signing => [],
+          :encryption => []
+        }
+
+        @settings.idp_cert_multi = {
+          "signing" => []
+        }
+        assert_equal empty_multi, @settings.get_idp_cert_multi
+
+        @settings.idp_cert_multi = {
+          "encryption" => []
+        }
+        assert_equal empty_multi, @settings.get_idp_cert_multi
+
+        @settings.idp_cert_multi = {
+          "signing" => [],
+          "encryption" => []
+        }
+        assert_equal empty_multi, @settings.get_idp_cert_multi
+
+        @settings.idp_cert_multi = {
+          "yyy" => [],
+          "zzz" => []
+        }
+        assert_equal empty_multi, @settings.get_idp_cert_multi
+      end
+
       it "returns the hash with certificates when values were valid" do
         certificates = [ruby_saml_cert_text]
         @settings.idp_cert_multi = {
@@ -271,6 +300,20 @@ class SettingsTest < Minitest::Test
         assert @settings.get_idp_cert_multi[:encryption][0].kind_of? OpenSSL::X509::Certificate
       end
 
+      it "returns the hash with certificates when values were valid and with string keys" do
+        certificates = ruby_saml_cert_text
+        @settings.idp_cert_multi = {
+          "signing" => [ruby_saml_cert_text],
+          "encryption" => [ruby_saml_cert_text],
+        }
+
+        assert @settings.get_idp_cert_multi.kind_of? Hash
+        assert @settings.get_idp_cert_multi[:signing].kind_of? Array
+        assert @settings.get_idp_cert_multi[:encryption].kind_of? Array
+        assert @settings.get_idp_cert_multi[:signing][0].kind_of? OpenSSL::X509::Certificate
+        assert @settings.get_idp_cert_multi[:encryption][0].kind_of? OpenSSL::X509::Certificate
+      end
+
       it "raises when there is a cert in idp_cert_multi not valid" do
         certificate = read_certificate("formatted_certificate")