Commit 1381fb6

mo <mo.khan@gmail.com>
2017-11-26 20:55:50
add encryption certificate to idp metadata if set.
main
1 parent 38f0c66
Changed files (2)
lib
saml
kit
identity_provider_metadata.rb
spec
saml
identity_provider_metadata_spec.rb
lib/saml/kit/identity_provider_metadata.rb
@@ -62,10 +62,21 @@ module Saml
             xml.EntityDescriptor entity_descriptor_options do
               signature.template(id)
               xml.IDPSSODescriptor idp_sso_descriptor_options do
-                xml.KeyDescriptor use: "signing" do
-                  xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
-                    xml.X509Data do
-                      xml.X509Certificate @configuration.stripped_signing_certificate
+                if @configuration.signing_certificate_pem.present?
+                  xml.KeyDescriptor use: "signing" do
+                    xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
+                      xml.X509Data do
+                        xml.X509Certificate @configuration.stripped_signing_certificate
+                      end
+                    end
+                  end
+                end
+                if @configuration.encryption_certificate_pem.present?
+                  xml.KeyDescriptor use: "encryption" do
+                    xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
+                      xml.X509Data do
+                        xml.X509Certificate @configuration.stripped_encryption_certificate
+                      end
                     end
                   end
                 end
spec/saml/identity_provider_metadata_spec.rb
@@ -224,8 +224,11 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
       expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleLogoutService']['Binding']).to eql(Saml::Kit::Bindings::HTTP_POST)
       expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleLogoutService']['Location']).to eql("https://www.example.com/logout")
       expect(result['EntityDescriptor']['IDPSSODescriptor']['Attribute']['Name']).to eql("id")
-      expect(result['EntityDescriptor']['IDPSSODescriptor']['KeyDescriptor']['KeyInfo']['X509Data']['X509Certificate']).to eql(Saml::Kit.configuration.stripped_signing_certificate)
-
+      certificates = result['EntityDescriptor']['IDPSSODescriptor']['KeyDescriptor'].map { |x| x['KeyInfo']['X509Data']['X509Certificate'] }
+      expect(certificates).to match_array([
+        Saml::Kit.configuration.stripped_signing_certificate,
+        Saml::Kit.configuration.stripped_encryption_certificate,
+      ])
       expect(result['EntityDescriptor']['Organization']['OrganizationName']).to eql(org_name)
       expect(result['EntityDescriptor']['Organization']['OrganizationDisplayName']).to eql(org_name)
       expect(result['EntityDescriptor']['Organization']['OrganizationURL']).to eql(url)