From c5a0e03b7724ff0abb1f7dfd76b4b2cb62f8ca67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hendrik=20L=C3=BCth?= <hendrik.lueth@cancom.de>
Date: Mon, 12 Feb 2024 14:46:25 +0100
Subject: [PATCH] introduce custom filenames for idp/sp cert/key

---
 src/onelogin/saml2/settings.py                | 54 +++++++++++++------
 tests/data/customPath/certs/Test_Root_CA.crt  | 16 ++++++
 .../src/OneLogin/saml2_tests/settings_test.py | 15 +++++-
 3 files changed, 68 insertions(+), 17 deletions(-)
 create mode 100644 tests/data/customPath/certs/Test_Root_CA.crt

diff --git a/src/onelogin/saml2/settings.py b/src/onelogin/saml2/settings.py
index ace5cf50..8a9e46cb 100644
--- a/src/onelogin/saml2/settings.py
+++ b/src/onelogin/saml2/settings.py
@@ -194,6 +194,24 @@ def set_cert_path(self, path):
         """
         self._paths['cert'] = path
 
+    def set_sp_cert_filename(self, filename):
+        """
+        Set the filename of the SP certificate
+        """
+        self._sp['cert_filename'] = filename
+
+    def set_sp_key_filename(self, filename):
+        """
+        Set the filename of the SP key
+        """
+        self._sp['key_filename'] = filename
+
+    def set_idp_cert_filename(self, filename):
+        """
+        Set the filename of the idp certificate
+        """
+        self._idp['cert_filename'] = filename
+
     def get_lib_path(self):
         """
         Returns lib path
@@ -214,7 +232,7 @@ def get_schemas_path(self):
 
     def _load_settings_from_dict(self, settings):
         """
-        Loads settings info from a settings Dict
+        Loads settings info from a settings Dict, adds default values and validates the settings
 
         :param settings: SAML Toolkit Settings
         :type settings: dict
@@ -222,18 +240,19 @@ def _load_settings_from_dict(self, settings):
         :returns: True if the settings info is valid
         :rtype: boolean
         """
+        self._sp = settings.get('sp', {})
+        self._idp = settings.get('idp', {})
+        self._strict = settings.get('strict', True)
+        self._debug = settings.get('debug', False)
+        self._security = settings.get('security', {})
+        self._contacts = settings.get('contactPerson', {})
+        self._organization = settings.get('organization', {})
+        self._add_default_values()
+
+        self._errors = []
         errors = self.check_settings(settings)
+
         if len(errors) == 0:
-            self._errors = []
-            self._sp = settings['sp']
-            self._idp = settings.get('idp', {})
-            self._strict = settings.get('strict', True)
-            self._debug = settings.get('debug', False)
-            self._security = settings.get('security', {})
-            self._contacts = settings.get('contactPerson', {})
-            self._organization = settings.get('organization', {})
-
-            self._add_default_values()
             return True
 
         self._errors = errors
@@ -328,6 +347,11 @@ def _add_default_values(self):
         self._sp.setdefault('x509cert', '')
         self._sp.setdefault('privateKey', '')
 
+        # Set the default filenames for the certificates and keys
+        self._idp.setdefault('cert_filename', 'idp.crt')
+        self._sp.setdefault('cert_filename', 'sp.crt')
+        self._sp.setdefault('key_filename', 'sp.key')
+
         self._security.setdefault('requestedAuthnContext', True)
         self._security.setdefault('requestedAuthnContextComparison', 'exact')
         self._security.setdefault('failOnAuthnContextMismatch', False)
@@ -389,7 +413,7 @@ def check_idp_settings(self, settings):
                 if 'security' in settings:
                     security = settings['security']
 
-                    exists_x509 = bool(idp.get('x509cert'))
+                    exists_x509 = bool(self.get_idp_cert())
                     exists_fingerprint = bool(idp.get('certFingerprint'))
 
                     exists_multix509sign = 'x509certMulti' in idp and \
@@ -566,7 +590,7 @@ def get_sp_key(self):
         :rtype: string or None
         """
         key = self._sp.get('privateKey')
-        key_file_name = self._paths['cert'] + 'sp.key'
+        key_file_name = self._paths['cert'] + self._sp['key_filename']
 
         if not key and exists(key_file_name):
             with open(key_file_name) as f:
@@ -581,7 +605,7 @@ def get_sp_cert(self):
         :rtype: string or None
         """
         cert = self._sp.get('x509cert')
-        cert_file_name = self._paths['cert'] + 'sp.crt'
+        cert_file_name = self._paths['cert'] + self._sp['cert_filename']
 
         if not cert and exists(cert_file_name):
             with open(cert_file_name) as f:
@@ -612,7 +636,7 @@ def get_idp_cert(self):
         :rtype: string
         """
         cert = self._idp.get('x509cert')
-        cert_file_name = self.get_cert_path() + 'idp.crt'
+        cert_file_name = self.get_cert_path() + self._idp['cert_filename']
         if not cert and exists(cert_file_name):
             with open(cert_file_name) as f:
                 cert = f.read()
diff --git a/tests/data/customPath/certs/Test_Root_CA.crt b/tests/data/customPath/certs/Test_Root_CA.crt
new file mode 100644
index 00000000..52530954
--- /dev/null
+++ b/tests/data/customPath/certs/Test_Root_CA.crt
@@ -0,0 +1,16 @@
+----- Begin Certificate -----
+MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhM
+CTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDg
+YDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqh
+kiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0w
+NzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyB
+Tb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBA
+MTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZ
+XR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqK
+xupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLC
+n7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo0
+78dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVf
+p86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFD
+bStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJV
+hTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/tests/src/OneLogin/saml2_tests/settings_test.py b/tests/src/OneLogin/saml2_tests/settings_test.py
index 36505cae..2b5135db 100644
--- a/tests/src/OneLogin/saml2_tests/settings_test.py
+++ b/tests/src/OneLogin/saml2_tests/settings_test.py
@@ -95,12 +95,23 @@ def testLoadSettingsFromDict(self):
         except Exception as e:
             self.assertIn('Invalid dict settings: sp_cert_not_found_and_required', str(e))
 
+        # test if the cert-file is loaded correct with the default filename
         settings_info = self.loadSettingsJSON()
         settings_info['security']['nameIdEncrypted'] = True
         del settings_info['idp']['x509cert']
+        settings_7 = OneLogin_Saml2_Settings(settings_info)
+        self.assertEqual(len(settings_7.get_errors()), 0)
+
+        # test if the cert-file is loaded correct with a custom filename
+        settings_info['idp']['cert_filename'] = "Test_Root_CA.crt"
+        settings_8 = OneLogin_Saml2_Settings(settings_info)
+        self.assertEqual(len(settings_8.get_errors()), 0)
+
+        # test for the correct error, if there is no cert at all
+        settings_info['idp']['cert_filename'] = "not_existing_file.crt"
         try:
-            settings_7 = OneLogin_Saml2_Settings(settings_info)
-            self.assertNotEqual(len(settings_7.get_errors()), 0)
+            settings_9 = OneLogin_Saml2_Settings(settings_info)
+            self.assertNotEqual(len(settings_9.get_errors()), 0)
         except Exception as e:
             self.assertIn('Invalid dict settings: idp_cert_not_found_and_required', str(e))