Commit 4440d8f
Changed files (2)
lib
saml
kit
spec
saml
lib/saml/kit/configuration.rb
@@ -124,12 +124,14 @@ module Saml
end
def active_key_pairs
- @key_pairs.find_all do |x|
- x.certificate.active?
- rescue OpenSSL::X509::CertificateError => error
- Saml::Kit.logger.error(error)
- false
- end
+ @key_pairs.find_all { |x| active?(x) }.sort_by { |x| x.certificate.not_after }.reverse
+ end
+
+ def active?(key_pair)
+ key_pair.certificate.active?
+ rescue OpenSSL::X509::CertificateError => error
+ Saml::Kit.logger.error(error)
+ false
end
end
end
spec/saml/kit/configuration_spec.rb
@@ -112,8 +112,32 @@ RSpec.describe Saml::Kit::Configuration do
end
context "when there is more than one key pair" do
- it 'returns them sorted from newest to oldest' do
+ let(:oldest_certificate) do
+ certificate = OpenSSL::X509::Certificate.new
+ certificate.not_before = 45.minutes.ago
+ certificate.not_after = 15.minutes.from_now
+ certificate.public_key = private_key.public_key
+ certificate.sign(private_key, OpenSSL::Digest::SHA256.new)
+ certificate
+ end
+ let(:newest_certificate) do
+ certificate = OpenSSL::X509::Certificate.new
+ certificate.not_before = 30.minutes.ago
+ certificate.not_after = 30.minutes.from_now
+ certificate.public_key = private_key.public_key
+ certificate.sign(private_key, OpenSSL::Digest::SHA256.new)
+ certificate
end
+ let(:private_key) { OpenSSL::PKey::RSA.new(2048) }
+ let(:fingerprints) { subject.key_pairs.map(&:certificate).map(&:fingerprint) }
+
+ before do
+ subject.add_key_pair(oldest_certificate.to_pem, private_key.export, use: :signing)
+ subject.add_key_pair(newest_certificate.to_pem, private_key.export, use: :signing)
+ end
+
+ specify { expect(fingerprints[0]).to eql(Xml::Kit::Fingerprint.new(newest_certificate)) }
+ specify { expect(fingerprints[1]).to eql( Xml::Kit::Fingerprint.new(oldest_certificate)) }
end
end
end