From d98e1034efc4a8c5692e184c12339a9884ba5aa9 Mon Sep 17 00:00:00 2001
From: Benoist Claassen <benoist.claassen@gmail.com>
Date: Fri, 18 Mar 2016 11:07:32 +0100
Subject: [PATCH 1/2] return the first key description if the keyname and usage
 are unspecified closes #113

---
 lib/saml/complex_types/role_descriptor_type.rb   |  6 ++++++
 .../complex_types/role_descriptor_type_spec.rb   | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/lib/saml/complex_types/role_descriptor_type.rb b/lib/saml/complex_types/role_descriptor_type.rb
index 76e3a61..5cd8bac 100644
--- a/lib/saml/complex_types/role_descriptor_type.rb
+++ b/lib/saml/complex_types/role_descriptor_type.rb
@@ -27,6 +27,8 @@ def initialize(*args)
       end
 
       def find_key_descriptor(key_name, use)
+        return key_descriptors.first unless key_name_or_use_specified?
+
         key_descriptors_by_use = find_key_descriptors_by_use(use)
 
         if key_name.present?
@@ -41,6 +43,10 @@ def find_key_descriptor(key_name, use)
       def find_key_descriptors_by_use(use)
         key_descriptors.select { |key| key.use == use || key.use.blank? }
       end
+
+      def key_name_or_use_specified?
+        key_descriptors.any? { |key| key.use.present? || key.key_info.key_name.present? }
+      end
     end
   end
 end
diff --git a/spec/lib/saml/complex_types/role_descriptor_type_spec.rb b/spec/lib/saml/complex_types/role_descriptor_type_spec.rb
index f403408..3a79945 100644
--- a/spec/lib/saml/complex_types/role_descriptor_type_spec.rb
+++ b/spec/lib/saml/complex_types/role_descriptor_type_spec.rb
@@ -83,5 +83,21 @@
         end
       end
     end
+
+    context "when the key descriptors did not set use or key name" do
+      let(:key_descriptor) do
+        key_descriptor = FactoryGirl.build :key_descriptor
+        key_descriptor.key_info.key_name = nil
+        key_descriptor
+      end
+
+      before do
+        role_descriptor.key_descriptors = [key_descriptor]
+      end
+
+      it "returns the first key descriptor even if use and keyname are requested" do
+        role_descriptor.find_key_descriptor('key', 'signing').should eq key_descriptor
+      end
+    end
   end
 end

From 6ff74c2cf8b19cb53dbfccac37c27c10e1a546a7 Mon Sep 17 00:00:00 2001
From: Benoist <bclaassen@digidentity.eu>
Date: Mon, 21 Mar 2016 08:49:55 +0100
Subject: [PATCH 2/2] added config to disable keyname generation and return a
 key descriptor if use is specified but the keyname isn't but the keyname is
 in the message

---
 lib/saml/complex_types/role_descriptor_type.rb   |  6 +++++-
 lib/saml/config.rb                               |  3 +++
 lib/saml/elements/key_info.rb                    |  2 +-
 .../complex_types/role_descriptor_type_spec.rb   | 16 ++++++++++++++++
 4 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/lib/saml/complex_types/role_descriptor_type.rb b/lib/saml/complex_types/role_descriptor_type.rb
index 5cd8bac..3638db8 100644
--- a/lib/saml/complex_types/role_descriptor_type.rb
+++ b/lib/saml/complex_types/role_descriptor_type.rb
@@ -31,7 +31,7 @@ def find_key_descriptor(key_name, use)
 
         key_descriptors_by_use = find_key_descriptors_by_use(use)
 
-        if key_name.present?
+        if key_name.present? && key_name_specified?
           key_descriptors_by_use.find { |key| key.key_info.key_name == key_name }
         else
           key_descriptors_by_use.first
@@ -47,6 +47,10 @@ def find_key_descriptors_by_use(use)
       def key_name_or_use_specified?
         key_descriptors.any? { |key| key.use.present? || key.key_info.key_name.present? }
       end
+
+      def key_name_specified?
+        key_descriptors.any? { |key| key.key_info.key_name.present? }
+      end
     end
   end
 end
diff --git a/lib/saml/config.rb b/lib/saml/config.rb
index e0308c7..8dbe7e0 100644
--- a/lib/saml/config.rb
+++ b/lib/saml/config.rb
@@ -18,6 +18,9 @@ module Config
     mattr_accessor :registered_stores
     @@registered_stores = {}
 
+    mattr_accessor :generate_key_name
+    @@generate_key_name = true
+
     mattr_accessor :default_store
 
     mattr_accessor :inclusive_namespaces_prefix_list
diff --git a/lib/saml/elements/key_info.rb b/lib/saml/elements/key_info.rb
index 03a71fa..4cd3b8a 100644
--- a/lib/saml/elements/key_info.rb
+++ b/lib/saml/elements/key_info.rb
@@ -19,7 +19,7 @@ def initialize(cert = nil)
         if cert
           self.x509Data = X509Data.new(cert)
         end
-        if self.x509Data && self.x509Data.x509certificate
+        if self.x509Data && self.x509Data.x509certificate && Saml::Config.generate_key_name
           self.key_name = Digest::SHA1.hexdigest(self.x509Data.x509certificate.to_der)
         end
       end
diff --git a/spec/lib/saml/complex_types/role_descriptor_type_spec.rb b/spec/lib/saml/complex_types/role_descriptor_type_spec.rb
index 3a79945..7c4bbd2 100644
--- a/spec/lib/saml/complex_types/role_descriptor_type_spec.rb
+++ b/spec/lib/saml/complex_types/role_descriptor_type_spec.rb
@@ -99,5 +99,21 @@
         role_descriptor.find_key_descriptor('key', 'signing').should eq key_descriptor
       end
     end
+
+    context "when the key descriptors did not set key name but the message contains it" do
+      let(:key_descriptor) do
+        key_descriptor = FactoryGirl.build :key_descriptor, use: 'signing'
+        key_descriptor.key_info.key_name = nil
+        key_descriptor
+      end
+
+      before do
+        role_descriptor.key_descriptors = [key_descriptor]
+      end
+
+      it "returns the first key descriptor even if use and keyname are requested" do
+        role_descriptor.find_key_descriptor('key', 'signing').should eq key_descriptor
+      end
+    end
   end
 end