fix(saml): changed for review

zitadel · Aug 11, 2022 · cc1a2bd · cc1a2bd
1 parent 9f2929e
commit cc1a2bd
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 7 deletions.
diff --git a/pkg/provider/identityprovider.go b/pkg/provider/identityprovider.go
@@ -102,10 +102,6 @@ func NewIdentityProvider(ctx context.Context, metadata Endpoint, conf *IdentityP
 	if conf.MetadataIDPConfig == nil {
 		conf.MetadataIDPConfig = &MetadataIDPConfig{}
 	}
-	/*
-		if conf.MetadataIDPConfig.CacheDuration == "" {
-			conf.MetadataIDPConfig.CacheDuration = DefaultCacheDuration
-		}*/
 	if conf.MetadataIDPConfig.ValidUntil == 0 {
 		conf.MetadataIDPConfig.ValidUntil = DefaultValidUntil
 	}
@@ -233,7 +229,7 @@ func getResponseCert(ctx context.Context, storage IdentityProviderStorage) ([]by
 		return nil, nil, fmt.Errorf("certificate is nil")
 	}
 	cert, ok := certWebKey.Key.([]byte)
-	if !ok || cert == nil {
+	if !ok || len(cert) == 0 {
 		return nil, nil, fmt.Errorf("failed to parse certificate")
 	}
 

diff --git a/pkg/provider/identityprovider_test.go b/pkg/provider/identityprovider_test.go
@@ -108,6 +108,24 @@ func TestIDP_certificateHandleFunc(t *testing.T) {
 				err:  false,
 			},
 		},
+		{
+			"key with certificate empty",
+			args{
+				metadataEndpoint: "/saml/metadata",
+				issuer:           "http://localhost:50002",
+				config: &IdentityProviderConfig{
+					SignatureAlgorithm: dsig.RSASHA256SignatureMethod,
+					MetadataIDPConfig:  &MetadataIDPConfig{},
+					Endpoints:          &EndpointConfig{},
+				},
+				certificate: []byte(""),
+				key:         []byte("-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7XKdCRxUZXjdq\nVqwwwOJqc1Ch0nOSmk+UerkUqlviWHdeLR+FolHKjqLzCBloAz4xVc0DFfR76gWc\nWAHJloqZ7GBS7NpDhzV8G+cXQ+bTU0Lu2e73zCQb30XUdKhWiGfDKaU+1xg9CD/2\ngIfsYPs3TTq1sq7oCs5qLdUHaVL5kcRaHKdnTi7cs5i9xzs3TsUnXcrJPwydjp+a\nEkyRh07oMpXBEobGisfF2p1MA6pVW2gjmywf7D5iYEFELQhM7poqPN3/kfBvU1n7\nLfgq7oxmv/8LFi4Zopr5nyqsz26XPtUy1WqTzgznAmP+nN0oBTERFVbXXdRa3k2v\n4cxTNPn/AgMBAAECggEAF+rV9yH30Ysza8GwrXCR9qDN1Dp3QmmsavnXkonEvPoq\nEr2T3o0//6mBp6CLDboMQGQBjblJwl+3Y6PgZolvHAMOsMdHfYNPEo7FSzUBzEw+\nqRrs5HkMyvoPgfV6X8F97W3tiD4Q/AmHkMILl+MxbnfPXM54gWqPuwIqxY1uaCk5\nREwyb7WBon3rd58ceOI1SLRjod6SbqWBMMSN3cJ+5VEPObFjw/RlhNQ5rBI8G5Kt\nso2zBU5C4BB2CvqlWy98WDKJkTvWHbiTjZCy8BQ+gQ6UJM2vaNELFOVpuMGQnMIi\noWiX10Jg2e1gP9j3TdrohlGF8M3+TXjSFKNmeX0DUQKBgQDx7UazUWS5RtkgnjH9\nw2xH2xkstJVD7nAS8VTxNwcrgjVXPvTJha9El904obUjyRX7ppb02tuH5ML/bZh6\n9lL4bP5+SHcJ10e4q8CK/KAGHD6BYAbaGXRq0CoSk5a3vv5XPdob4T5qKCIHFpnu\nMfbvdbEoameLOyRYOGu/yVZIiwKBgQDGQs7FRTisHV0xooiRmlvYF0dcd19qpLed\nqhgJNqBPOTEvvGvJNRoi39haEY3cuTqsxZ5FAlFlVFMUUozz+d0xBLLInoVY/Y4h\nhSdGmdw/A6oHodLqyEp3N5RZNdLlh8/nDS3xXzMotAl75bW5kc2ttcRhRdtyNJ9Z\nup0PgppO3QKBgEC45upAQz8iCiKkz+EA8C4FGqYQJcLHvmoC8GOcAioMqrKNoDVt\ns2cZbdChynEpcd0iQ058YrDnbZeiPWHgFnBp0Gf+gQI7+u8X2+oTDci0s7Au/YZJ\nuxB8YlUX8QF1clvqqzg8OVNzKy9UR5gm+9YyWVPjq5HfH6kOZx0nAxNjAoGAERt8\nqgsCC9/wxbKnpCC0oh3IG5N1WUdjTKh7sHfVN2DQ/LR+fHsniTDVg1gWbKBTDsty\nj7PWgC7ZiFxjKz45NtyX7LW4/efLFttdezsVhR500nnFMFseCdFy7Iu3afThHKfH\nehdj27RFSTqWBrAtFjsj+dzERcOCqIRwvwDe/cUCgYEA5+1mzVXDVjKsWylKJPk+\nZZA4LUfvmTj3VLNDZrlSAI/xEikCFio0QWEA2TQYTAwbXTrKwQSeHQRhv7OTc1h+\nMhpAgvs189ze5J4jiNmULEkkrO+Cxxnw8tyV+UFRZtzW9gUoVBwXiZ/Wbl9sfnlO\nwLJHc0j6OltPcPJmxHP8gQI=\n-----END PRIVATE KEY-----\n"),
+			},
+			res{
+				code: 500,
+				err:  false,
+			},
+		},
 		{
 			"certificate with key nil",
 			args{

diff --git a/pkg/provider/metadata.go b/pkg/provider/metadata.go
@@ -17,8 +17,7 @@ import (
 )
 
 const (
-	DefaultValidUntil    time.Duration = 5 * time.Minute
-	DefaultCacheDuration string        = "PT300S"
+	DefaultValidUntil = 5 * time.Minute
 )
 
 func (p *Provider) metadataHandle(w http.ResponseWriter, r *http.Request) {