Commit 991dcb4

mo <mo@mokhan.ca>
2017-11-29 00:14:43
decode x509 in one friendly method.
main
1 parent ba799de
Changed files (6)
lib
saml
kit
certificate.rb
configuration.rb
fingerprint.rb
response.rb
xml.rb
spec
saml
response_spec.rb
lib/saml/kit/certificate.rb
@@ -25,7 +25,7 @@ module Saml
       end
 
       def x509
-        OpenSSL::X509::Certificate.new(Base64.decode64(value))
+        self.class.to_x509(value)
       end
 
       def public_key
@@ -47,6 +47,13 @@ module Saml
       def to_s
         value
       end
+
+      def self.to_x509(value)
+        OpenSSL::X509::Certificate.new(Base64.decode64(value))
+      rescue OpenSSL::X509::CertificateError => error
+        Saml::Kit.logger.warn(error)
+        OpenSSL::X509::Certificate.new(value)
+      end
     end
   end
 end
lib/saml/kit/configuration.rb
@@ -32,11 +32,11 @@ module Saml
       end
 
       def signing_x509
-        OpenSSL::X509::Certificate.new(signing_certificate_pem)
+        Certificate.to_x509(signing_certificate_pem)
       end
 
       def encryption_x509
-        OpenSSL::X509::Certificate.new(encryption_certificate_pem)
+        Certificate.to_x509(encryption_certificate_pem)
       end
 
       def signing_private_key
lib/saml/kit/fingerprint.rb
@@ -4,10 +4,7 @@ module Saml
       attr_reader :x509
 
       def initialize(raw_certificate)
-        @x509 = OpenSSL::X509::Certificate.new(raw_certificate)
-      rescue OpenSSL::X509::CertificateError => error
-        Saml::Kit.logger.warn(error)
-        @x509 = OpenSSL::X509::Certificate.new(Base64.decode64(raw_certificate))
+        @x509 = Certificate.to_x509(raw_certificate)
       end
 
       def algorithm(algorithm)
lib/saml/kit/response.rb
@@ -186,7 +186,7 @@ module Saml
             yield temp
             raw_xml_to_encrypt = temp.target!
 
-            encryption_certificate = OpenSSL::X509::Certificate.new(Base64.decode64(request.provider.encryption_certificates.first[:text]))
+            encryption_certificate = request.provider.encryption_certificates.first.x509
             public_key = encryption_certificate.public_key
 
             cipher = OpenSSL::Cipher.new('AES-256-CBC')
lib/saml/kit/xml.rb
@@ -22,7 +22,7 @@ module Saml
       def x509_certificates
         xpath = "//ds:KeyInfo/ds:X509Data/ds:X509Certificate"
         document.search(xpath, Xmldsig::NAMESPACES).map do |item|
-          OpenSSL::X509::Certificate.new(Base64.decode64(item.text))
+          Certificate.to_x509(item.text)
         end
       end
spec/saml/response_spec.rb
@@ -407,7 +407,7 @@ RSpec.describe Saml::Kit::Response do
     subject { described_class.new(user, request) }
     let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: []) }
     let(:request) { double(:request, id: "_#{SecureRandom.uuid}", acs_url: FFaker::Internet.http_url, provider: provider, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: issuer, signed?: true, trusted?: true) }
-    let(:provider) { double(want_assertions_signed: false, encryption_certificates: [{ text: encryption_pem }]) }
+    let(:provider) { double(want_assertions_signed: false, encryption_certificates: [Saml::Kit::Certificate.new(encryption_pem, use: :encryption)]) }
     let(:encryption_pem) do
       Saml::Kit.configuration.stripped_encryption_certificate
     end