digidentity · benoist · Mar 21, 2016 · Mar 18, 2016 · Mar 21, 2016
diff --git a/lib/saml/complex_types/role_descriptor_type.rb b/lib/saml/complex_types/role_descriptor_type.rb
@@ -27,9 +27,11 @@ def initialize(*args)
       end
 
       def find_key_descriptor(key_name, use)
+        return key_descriptors.first unless key_name_or_use_specified?
+
         key_descriptors_by_use = find_key_descriptors_by_use(use)
 
-        if key_name.present?
+        if key_name.present? && key_name_specified?
           key_descriptors_by_use.find { |key| key.key_info.key_name == key_name }
         else
           key_descriptors_by_use.first
@@ -41,6 +43,14 @@ def find_key_descriptor(key_name, use)
       def find_key_descriptors_by_use(use)
         key_descriptors.select { |key| key.use == use || key.use.blank? }
       end
+
+      def key_name_or_use_specified?
+        key_descriptors.any? { |key| key.use.present? || key.key_info.key_name.present? }
+      end
+
+      def key_name_specified?
+        key_descriptors.any? { |key| key.key_info.key_name.present? }
+      end
     end
   end
 end
diff --git a/lib/saml/config.rb b/lib/saml/config.rb
@@ -18,6 +18,9 @@ module Config
     mattr_accessor :registered_stores
     @@registered_stores = {}
 
+    mattr_accessor :generate_key_name
+    @@generate_key_name = true
+
     mattr_accessor :default_store
 
     mattr_accessor :inclusive_namespaces_prefix_list

diff --git a/lib/saml/elements/key_info.rb b/lib/saml/elements/key_info.rb
@@ -19,7 +19,7 @@ def initialize(cert = nil)
         if cert
           self.x509Data = X509Data.new(cert)
         end
-        if self.x509Data && self.x509Data.x509certificate
+        if self.x509Data && self.x509Data.x509certificate && Saml::Config.generate_key_name
           self.key_name = Digest::SHA1.hexdigest(self.x509Data.x509certificate.to_der)
         end
       end

diff --git a/spec/lib/saml/complex_types/role_descriptor_type_spec.rb b/spec/lib/saml/complex_types/role_descriptor_type_spec.rb
@@ -83,5 +83,37 @@
         end
       end
     end
+
+    context "when the key descriptors did not set use or key name" do
+      let(:key_descriptor) do
+        key_descriptor = FactoryGirl.build :key_descriptor
+        key_descriptor.key_info.key_name = nil
+        key_descriptor
+      end
+
+      before do
+        role_descriptor.key_descriptors = [key_descriptor]
+      end
+
+      it "returns the first key descriptor even if use and keyname are requested" do
+        role_descriptor.find_key_descriptor('key', 'signing').should eq key_descriptor
+      end
+    end
+
+    context "when the key descriptors did not set key name but the message contains it" do
+      let(:key_descriptor) do
+        key_descriptor = FactoryGirl.build :key_descriptor, use: 'signing'
+        key_descriptor.key_info.key_name = nil
+        key_descriptor
+      end
+
+      before do
+        role_descriptor.key_descriptors = [key_descriptor]
+      end
+
+      it "returns the first key descriptor even if use and keyname are requested" do
+        role_descriptor.find_key_descriptor('key', 'signing').should eq key_descriptor
+      end
+    end
   end
 end