Skip to content

Commit

Permalink
Alternative to support multiple x509 Certificates via procs (#211)
Browse files Browse the repository at this point in the history 
* Adds support for multiple multiple x509 certificates, secret keys, and passwords by providing procs in the idp configuration.

* Call the proc in the tests

* Add documentation in the form of a comment in the README.md

* fix extra space

* remove additional change

* Fix metadata x509 certificate
  • Loading branch information
@pelted
pelted authored Nov 1, 2024
1 parent 4b7e4c8 commit 6f832af
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 8 deletions.
5 changes: 5 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,11 @@ KEY DATA
-----END RSA PRIVATE KEY-----
CERT

# x509_certificate, secret_key, and password may also be set from within a proc, for example:
# config.x509_certificate = -> { File.read("cert.pem") }
# config.secret_key = -> { SecretKeyFinder.key_for(id: 1) }
# config.password = -> { "password" }

# config.password = "secret_key_password"
# config.algorithm = :sha256 # Default: sha1 only for development.
# config.organization_name = "Your Organization"
Expand Down
4 changes: 2 additions & 2 deletions lib/saml_idp/configurator.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ class Configurator
attr_accessor :logger

def initialize
self.x509_certificate = Default::X509_CERTIFICATE
self.secret_key = Default::SECRET_KEY
self.x509_certificate = -> { Default::X509_CERTIFICATE }
self.secret_key = -> { Default::SECRET_KEY }
self.algorithm = :sha1
self.reference_id_generator = ->() { SecureRandom.uuid }
self.service_provider = OpenStruct.new
Expand Down
3 changes: 2 additions & 1 deletion lib/saml_idp/metadata_builder.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,8 @@ def raw_algorithm
private :raw_algorithm

def x509_certificate
SamlIdp.config.x509_certificate
certificate = SamlIdp.config.x509_certificate.is_a?(Proc) ? SamlIdp.config.x509_certificate.call : SamlIdp.config.x509_certificate
certificate
.to_s
.gsub(/-----BEGIN CERTIFICATE-----/,"")
.gsub(/-----END CERTIFICATE-----/,"")
Expand Down
3 changes: 2 additions & 1 deletion lib/saml_idp/signature_builder.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ def raw
end

def x509_certificate
SamlIdp.config.x509_certificate
certificate = SamlIdp.config.x509_certificate.is_a?(Proc) ? SamlIdp.config.x509_certificate.call : SamlIdp.config.x509_certificate
certificate
.to_s
.gsub(/-----BEGIN CERTIFICATE-----/,"")
.gsub(/-----END CERTIFICATE-----/,"")
Expand Down
4 changes: 2 additions & 2 deletions lib/saml_idp/signed_info_builder.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,12 @@ def clean_algorithm_name
private :clean_algorithm_name

def secret_key
SamlIdp.config.secret_key
SamlIdp.config.secret_key.is_a?(Proc) ? SamlIdp.config.secret_key.call : SamlIdp.config.secret_key
end
private :secret_key

def password
SamlIdp.config.password
SamlIdp.config.password.is_a?(Proc) ? SamlIdp.config.password.call : SamlIdp.config.password
end
private :password

Expand Down
4 changes: 2 additions & 2 deletions spec/lib/saml_idp/configurator_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ module SamlIdp
it { should respond_to :logger }

it "has a valid x509_certificate" do
expect(subject.x509_certificate).to eq(Default::X509_CERTIFICATE)
expect(subject.x509_certificate.call).to eq(Default::X509_CERTIFICATE)
end

it "has a valid secret_key" do
expect(subject.secret_key).to eq(Default::SECRET_KEY)
expect(subject.secret_key.call).to eq(Default::SECRET_KEY)
end

it "has a valid algorithm" do
Expand Down

0 comments on commit 6f832af

Please sign in to comment.