Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow SP certificates to be OpenSSL::X509::Certificate #726

Open
wants to merge 3 commits into
base: v2.x
Choose a base branch
from
Open

Allow SP certificates to be OpenSSL::X509::Certificate #726

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
603f97e
Allow SP certificates to be OpenSSL::X509::Certificate
tobiasamft Oct 4, 2024
e58c126
Fix rubocop issue
tobiasamft Oct 7, 2024
2b2c9cf
Return original certificate and key from Utils build functions
tobiasamft Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions lib/ruby_saml/settings.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -373,15 +373,20 @@ def get_all_sp_certs

# Validate certificate, certificate_new, private_key, and sp_cert_multi params.
def validate_sp_certs_params!
multi = sp_cert_multi && !sp_cert_multi.empty?
cert = certificate && !certificate.empty?
cert_new = certificate_new && !certificate_new.empty?
pk = private_key && !private_key.empty?
if multi && (cert || cert_new || pk)
has_multi = sp_cert_multi && !sp_cert_multi.empty?
has_pk = private_key && !private_key.empty?
if has_multi && (cert?(certificate) || cert?(certificate_new) || has_pk)
raise ArgumentError.new("Cannot specify both sp_cert_multi and certificate, certificate_new, private_key parameters")
end
end

# Check if a certificate is present.
def cert?(cert)
return true if cert.is_a?(OpenSSL::X509::Certificate)

cert && !cert.empty?
end
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all changes in this file can be rolled back

Copy link
Author

@tobiasamft tobiasamft Oct 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without it we get the initial NoMethodError again (because validate_sp_certs_params is called before Utils.build_cert_object):

NoMethodError: undefined method `empty?' for an instance of OpenSSL::X509::Certificate
    lib/ruby_saml/settings.rb:377:in `validate_sp_certs_params!'

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK I will check this later, thanks!


# Get certs from certificate, certificate_new, and private_key parameters.
def get_sp_certs_single
certs = { :signing => [], :encryption => [] }
Expand Down
2 changes: 2 additions & 0 deletions lib/ruby_saml/utils.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ def format_private_key(key, multi: false)
# @param pem [String] The original certificate
# @return [OpenSSL::X509::Certificate] The certificate object
def build_cert_object(pem)
return pem if pem.is_a?(OpenSSL::X509::Certificate)
return unless (pem = PemFormatter.format_cert(pem, multi: false))

OpenSSL::X509::Certificate.new(pem)
Expand All @@ -129,6 +130,7 @@ def build_cert_object(pem)
# @param pem [String] The original private key.
# @return [OpenSSL::PKey::PKey] The private key object.
def build_private_key_object(pem)
return pem if pem.is_a?(OpenSSL::PKey::PKey)
return unless (pem = PemFormatter.format_private_key(pem, multi: false))

error = nil
Expand Down
41 changes: 41 additions & 0 deletions test/settings_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -515,6 +515,47 @@ class SettingsTest < Minitest::Test
end
end

it "handles OpenSSL::X509::Certificate objects for single case" do
@settings.certificate = OpenSSL::X509::Certificate.new(cert_text1)
@settings.private_key = key_text1

actual = @settings.get_sp_certs
expected = [[cert_text1, key_text1]]
assert_equal [:signing, :encryption], actual.keys
assert_equal expected, actual[:signing].map {|ary| ary.map(&:to_pem) }
assert_equal expected, actual[:encryption].map {|ary| ary.map(&:to_pem) }
end

it "handles OpenSSL::X509::Certificate objects for single case with new cert" do
@settings.certificate = cert_text1
@settings.certificate_new = OpenSSL::X509::Certificate.new(cert_text2)
@settings.private_key = key_text1

actual = @settings.get_sp_certs
expected = [[cert_text1, key_text1], [cert_text2, key_text1]]
assert_equal [:signing, :encryption], actual.keys
assert_equal expected, actual[:signing].map {|ary| ary.map(&:to_pem) }
assert_equal expected, actual[:encryption].map {|ary| ary.map(&:to_pem) }
end

it "handles OpenSSL::X509::Certificate objects for multi case" do
x509_certificate1 = OpenSSL::X509::Certificate.new(cert_text1)
x509_certificate2 = OpenSSL::X509::Certificate.new(cert_text2)
@settings.sp_cert_multi = {
signing: [{ certificate: x509_certificate1, private_key: key_text1 },
{ certificate: cert_text2, private_key: key_text1 }],
encryption: [{ certificate: x509_certificate2, private_key: key_text1 },
{ certificate: cert_text3, private_key: key_text2 }]
}

actual = @settings.get_sp_certs
expected_signing = [[cert_text1, key_text1], [cert_text2, key_text1]]
expected_encryption = [[cert_text2, key_text1], [cert_text3, key_text2]]
assert_equal [:signing, :encryption], actual.keys
assert_equal expected_signing, actual[:signing].map {|ary| ary.map(&:to_pem) }
assert_equal expected_encryption, actual[:encryption].map {|ary| ary.map(&:to_pem) }
end

it "sp_cert_multi allows sending only signing" do
@settings.sp_cert_multi = {
signing: [{ certificate: cert_text1, private_key: key_text1 },
Expand Down
12 changes: 12 additions & 0 deletions test/utils_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,11 @@ def result(duration, reference = 0)
end
end

it 'returns the original certificate when an OpenSSL::X509::Certificate is given' do
certificate = OpenSSL::X509::Certificate.new
assert_same certificate, RubySaml::Utils.build_cert_object(certificate)
end

it 'returns nil for nil certificate string' do
assert_nil RubySaml::Utils.build_cert_object(nil)
end
Expand All @@ -180,6 +185,13 @@ def result(duration, reference = 0)
end
end

[OpenSSL::PKey::RSA, OpenSSL::PKey::DSA, OpenSSL::PKey::EC].each do |key_class|
it 'returns the original private key when an instance of OpenSSL::PKey::PKey is given' do
private_key = key_class.new
assert_same private_key, RubySaml::Utils.build_private_key_object(private_key)
end
end

it 'returns nil for nil private key string' do
assert_nil RubySaml::Utils.build_private_key_object(nil)
end
Expand Down
Loading