Always put signing certificate in metadata if we have one

Author: irvingreid

lib/onelogin/ruby-saml/metadata.rb

@@ -36,15 +36,11 @@ def generate(settings, pretty_print=false)
         cert = settings.get_sp_cert
         if cert
           cert_text = Base64.encode64(cert.to_der).gsub("\n", '')
-
-          if settings.security[:authn_requests_signed]
-            cert_text = Base64.encode64(cert.to_der).gsub("\n", '')
-            kd = sp_sso.add_element "md:KeyDescriptor", { "use" => "signing" }
-            ki = kd.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
-            xd = ki.add_element "ds:X509Data"
-            xc = xd.add_element "ds:X509Certificate"
-            xc.text = cert_text
-          end
+          kd = sp_sso.add_element "md:KeyDescriptor", { "use" => "signing" }
+          ki = kd.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
+          xd = ki.add_element "ds:X509Data"
+          xc = xd.add_element "ds:X509Certificate"
+          xc.text = cert_text
 
           if settings.security[:want_assertions_encrypted]
             kd2 = sp_sso.add_element "md:KeyDescriptor", { "use" => "encryption" }

test/metadata_test.rb

@@ -111,6 +111,16 @@ class MetadataTest < Minitest::Test
         settings.certificate = ruby_saml_cert_text
       end
 
+      it "generates Service Provider Metadata with X509Certificate for sign" do
+        assert_equal 1, key_descriptors.length
+        assert_equal "signing", key_descriptors[0].attribute("use").value
+
+        assert_equal 1, cert_nodes.length
+        assert_equal ruby_saml_cert.to_der, cert.to_der
+
+        assert validate_xml!(xml_text, "saml-schema-metadata-2.0.xsd")
+      end
+
       describe "and signed authentication requests" do
         before do
           settings.security[:authn_requests_signed] = true
@@ -122,16 +132,6 @@ class MetadataTest < Minitest::Test
 
           assert validate_xml!(xml_text, "saml-schema-metadata-2.0.xsd")
         end
-
-        it "generates Service Provider Metadata with X509Certificate for sign" do
-          assert_equal 1, key_descriptors.length
-          assert_equal "signing", key_descriptors[0].attribute("use").value
-
-          assert_equal 1, cert_nodes.length
-          assert_equal ruby_saml_cert.to_der, cert.to_der
-
-          assert validate_xml!(xml_text, "saml-schema-metadata-2.0.xsd")
-        end
       end
 
       describe "and encrypted assertions" do
@@ -140,12 +140,11 @@ class MetadataTest < Minitest::Test
         end
 
         it "generates Service Provider Metadata with X509Certificate for encrypt" do
-          assert_equal 1, key_descriptors.length
-          assert_equal "encryption", key_descriptors[0].attribute("use").value
-
-          assert_equal 1, cert_nodes.length
-          assert_equal ruby_saml_cert.to_der, cert.to_der
+          assert_equal 2, key_descriptors.length
+          assert_equal "encryption", key_descriptors[1].attribute("use").value
 
+          assert_equal 2, cert_nodes.length
+          assert_equal cert_nodes[0].text, cert_nodes[1].text
           assert validate_xml!(xml_text, "saml-schema-metadata-2.0.xsd")
         end
       end