lib/saml/kit/metadata.rb in saml-kit-0.2.0 vs lib/saml/kit/metadata.rb in saml-kit-0.2.1

@@ -28,24 +28,20 @@
       end
 
       def certificates
         @certificates ||= document.find_all("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
           cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", Xml::NAMESPACES).text
-          {
-            text: cert,
-            fingerprint: Fingerprint.new(cert).algorithm(hash_algorithm),
-            use: item.attribute('use').value.to_sym,
-          }
+          Certificate.new(cert, use: item.attribute('use').value.to_sym)
         end
       end
 
       def encryption_certificates
-        certificates.find_all { |x| x[:use] == :encryption }
+        certificates.find_all(&:encryption?)
       end
 
       def signing_certificates
-        certificates.find_all { |x| x[:use] == :signing }
+        certificates.find_all(&:signing?)
       end
 
       def services(type)
         document.find_all("/md:EntityDescriptor/md:#{name}/md:#{type}").map do |item|
           binding = item.attribute("Binding").value
@@ -66,16 +62,12 @@
       def single_logout_service_for(binding:)
         service_for(binding: binding, type: 'SingleLogoutService')
       end
 
       def matches?(fingerprint, use: :signing)
-        if :signing == use.to_sym
-          hash_value = fingerprint.algorithm(hash_algorithm)
-          signing_certificates.find do |signing_certificate|
-            Saml::Kit.logger.debug [hash_value, signing_certificate[:fingerprint]].inspect
-            hash_value == signing_certificate[:fingerprint]
-          end
+        certificates.find do |certificate|
+          certificate.for?(use) && certificate.fingerprint == fingerprint
         end
       end
 
       def to_h
         @xml_hash ||= Hash.from_xml(to_xml)
@@ -89,12 +81,10 @@
         to_xml
       end
 
       def verify(algorithm, signature, data)
         signing_certificates.find do |cert|
-          x509 = OpenSSL::X509::Certificate.new(Base64.decode64(cert[:text]))
-          public_key = x509.public_key
-          public_key.verify(algorithm, signature, data)
+          cert.public_key.verify(algorithm, signature, data)
         end
       end
 
       def self.from(content)
         hash = Hash.from_xml(content)