johnnyshields
commented
1 month ago @tobiasamft can you check if this is solved on the v2.x branch? I think it might be already. If it is, we can close this PR b/c we are releasing v2.x soon.
Open tobiasamft opened 1 month ago
johnnyshields
commented
1 month ago @tobiasamft can you check if this is solved on the v2.x branch? I think it might be already. If it is, we can close this PR b/c we are releasing v2.x soon.
tobiasamft
commented
1 month ago @johnnyshields unfortunately v2.x does not solve this. Using OpenSSL::X509::Certificate as SP certificate still crashes with the following:
git/ruby-saml/lib/ruby_saml/settings.rb:377:in 'validate_sp_certs_params!': undefined method 'empty?' for an instance of OpenSSL::X509::Certificate (NoMethodError)
johnnyshields
commented
1 month ago ok. Can you raise the PR to the v2.x branch then please? I will review it.
tobiasamft
commented
1 month ago @johnnyshields I've rebased the branch onto v2.x
johnnyshields
commented
1 month ago @tobiasamft see comment
This allows settings to accept instances of OpenSSL::X509::Certificate as service provider (SP) certificates.
Solves #723
Version 1.16.0 was, at least partially, able to handle
OpenSSL::X509::Certificateas input for settings.certificate (e.g. when usingOneLogin::RubySaml::Response).Since
settings.get_sp_certsis the only interface that is used to access certificates, it should be enough to test that interface with instances ofOpenSSL::X509::Certificate. There are 3 ways to insert certs, all of them have been tested:Note that both deprecated interfaces
settings.get_sp_certandsettings.get_sp_cert_newusesettings.get_sp_certsinternally. Thus, they are covered as well.Same approach could be used for SP private key to accept
OpenSSL::PKey. Maybe it's a good idea to make all certificates from settingsattr_writerfor public andattr_accessorfor private access to ensure that certs are accessed viasettings.get_sp_certsonly (but that would break current interface).