Wrong cert data inserted in the metadata files by the Get-SPIDMetadatas PS script #34
Comments
|
@PaoloCastAway , can you give it a look? That would be great if the script could handle correctly both cert format |
fume
added a commit
to vifani/SPID-and-Digital-Identity-Enabler
that referenced
this issue
Sep 16, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Get-SPIDMetadatas PS script use the following code to load the certificate:
$cert = (New-Object System.IO.StreamReader($certificateFilePath)).ReadToEnd()This code considers that the certificate file contains the plain certificate in base64. Unfortunately usually .cer file format is defined as follow
-----BEGIN CERTIFICATE----- <base64 certificate> -----END CERTIFICATE-----So, at current time, the PS script generates the XML metadata as follows
<md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>-----BEGIN CERTIFICATE----- ..... -----END CERTIFICATE----- </ds:X509Certificate>This is a not valid certificate data inside the XML metadata
The text was updated successfully, but these errors were encountered: