-
-
Save BobVul/ebbcde029841f7c4144ca96c7cd507ce to your computer and use it in GitHub Desktop.
Patch for OIOSAML.java 21204 to support multiple certificates in the IdP metadata
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git src/dk/itst/oiosaml/sp/metadata/IdpMetadata.java src/dk/itst/oiosaml/sp/metadata/IdpMetadata.java | |
| index 7b6b6c1..ca51000 100644 | |
| --- src/dk/itst/oiosaml/sp/metadata/IdpMetadata.java | |
| +++ src/dk/itst/oiosaml/sp/metadata/IdpMetadata.java | |
| @@ -154,12 +154,14 @@ public class IdpMetadata { | |
| private Metadata(EntityDescriptor entityDescriptor, String protocol) { | |
| this.entityDescriptor = entityDescriptor; | |
| idpSSODescriptor = entityDescriptor.getIDPSSODescriptor(protocol); | |
| - try { | |
| - X509Certificate cert = SecurityHelper.buildJavaX509Cert(getCertificateNode().getValue()); | |
| - certificates.add(cert); | |
| - } catch (CertificateException e) { | |
| - throw new WrappedException(Layer.BUSINESS, e); | |
| - } | |
| + for (org.opensaml.xml.signature.X509Certificate certNode : getAllCertificateNodes()) { | |
| + try { | |
| + X509Certificate cert = SecurityHelper.buildJavaX509Cert(certNode.getValue()); | |
| + certificates.add(cert); | |
| + } catch (CertificateException e) { | |
| + throw new WrappedException(Layer.BUSINESS, e); | |
| + } | |
| + } | |
| } | |
| public void addCertificates(Collection<X509Certificate> certificates) { | |
| @@ -273,6 +275,24 @@ public class IdpMetadata { | |
| } | |
| throw new IllegalStateException("IdP Metadata does not contain a certificate: " + getEntityID()); | |
| } | |
| + | |
| + private Collection<org.opensaml.xml.signature.X509Certificate> getAllCertificateNodes() { | |
| + Collection<org.opensaml.xml.signature.X509Certificate> certs = new ArrayList<org.opensaml.xml.signature.X509Certificate>(); | |
| + if (idpSSODescriptor != null) { | |
| + for (KeyDescriptor keyDescriptor : idpSSODescriptor.getKeyDescriptors()) { | |
| + for (X509Data x509Data : keyDescriptor.getKeyInfo().getX509Datas()) { | |
| + for (org.opensaml.xml.signature.X509Certificate x509Certificate : x509Data.getX509Certificates()) { | |
| + certs.add(x509Certificate); | |
| + } | |
| + } | |
| + } | |
| + } | |
| + if (certs.isEmpty()) { | |
| + throw new IllegalStateException("IdP Metadata does not contain a certificate: " + getEntityID()); | |
| + } | |
| + | |
| + return certs; | |
| + } | |
| Collection<X509Certificate> getAllCertificates() { | |
| return certificates; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment