Skip to content

Instantly share code, notes, and snippets.

@BobVul BobVul/multi-cert.patch Secret
Created Apr 20, 2018

Embed
What would you like to do?
Patch for OIOSAML.java 21204 to support multiple certificates in the IdP metadata
diff --git src/dk/itst/oiosaml/sp/metadata/IdpMetadata.java src/dk/itst/oiosaml/sp/metadata/IdpMetadata.java
index 7b6b6c1..ca51000 100644
--- src/dk/itst/oiosaml/sp/metadata/IdpMetadata.java
+++ src/dk/itst/oiosaml/sp/metadata/IdpMetadata.java
@@ -154,12 +154,14 @@ public class IdpMetadata {
private Metadata(EntityDescriptor entityDescriptor, String protocol) {
this.entityDescriptor = entityDescriptor;
idpSSODescriptor = entityDescriptor.getIDPSSODescriptor(protocol);
- try {
- X509Certificate cert = SecurityHelper.buildJavaX509Cert(getCertificateNode().getValue());
- certificates.add(cert);
- } catch (CertificateException e) {
- throw new WrappedException(Layer.BUSINESS, e);
- }
+ for (org.opensaml.xml.signature.X509Certificate certNode : getAllCertificateNodes()) {
+ try {
+ X509Certificate cert = SecurityHelper.buildJavaX509Cert(certNode.getValue());
+ certificates.add(cert);
+ } catch (CertificateException e) {
+ throw new WrappedException(Layer.BUSINESS, e);
+ }
+ }
}
public void addCertificates(Collection<X509Certificate> certificates) {
@@ -273,6 +275,24 @@ public class IdpMetadata {
}
throw new IllegalStateException("IdP Metadata does not contain a certificate: " + getEntityID());
}
+
+ private Collection<org.opensaml.xml.signature.X509Certificate> getAllCertificateNodes() {
+ Collection<org.opensaml.xml.signature.X509Certificate> certs = new ArrayList<org.opensaml.xml.signature.X509Certificate>();
+ if (idpSSODescriptor != null) {
+ for (KeyDescriptor keyDescriptor : idpSSODescriptor.getKeyDescriptors()) {
+ for (X509Data x509Data : keyDescriptor.getKeyInfo().getX509Datas()) {
+ for (org.opensaml.xml.signature.X509Certificate x509Certificate : x509Data.getX509Certificates()) {
+ certs.add(x509Certificate);
+ }
+ }
+ }
+ }
+ if (certs.isEmpty()) {
+ throw new IllegalStateException("IdP Metadata does not contain a certificate: " + getEntityID());
+ }
+
+ return certs;
+ }
Collection<X509Certificate> getAllCertificates() {
return certificates;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.