Commit c995c1e

mo <mo@mokhan.ca>
2018-01-10 22:59:05
check if use is correct.
main
1 parent 9ff3b0f
Changed files (2)
lib
saml
kit
configuration.rb
spec
saml
configuration_spec.rb
lib/saml/kit/configuration.rb
@@ -20,6 +20,7 @@ module Saml
     #     configuration.add_key_pair(ENV["X509_CERTIFICATE"], ENV["PRIVATE_KEY"], passphrase: ENV['PRIVATE_KEY_PASSPHRASE'], use: :encryption)
     #   end
     class Configuration
+      USES = [:signing, :encryption]
       # The issuer or entity_id to use.
       attr_accessor :issuer
       # The signature method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::SIGNATURE_METHODS})
@@ -53,6 +54,7 @@ module Saml
       # @param passphrase [String] the password to decrypt the private key.
       # @param use [Symbol] the type of key pair, `:signing` or `:encryption`
       def add_key_pair(certificate, private_key, passphrase: '', use: :signing)
+        ensure_proper_use!(use)
         @key_pairs.push(::Xml::Kit::KeyPair.new(certificate, private_key, passphrase, use.to_sym))
       end
 
@@ -61,6 +63,7 @@ module Saml
       # @param use [Symbol] the type of key pair, `:signing` or `:encryption`
       # @param passphrase [String] the private key passphrase to use.
       def generate_key_pair_for(use:, passphrase: SecureRandom.uuid)
+        ensure_proper_use!(use)
         certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
         add_key_pair(certificate, private_key, passphrase: passphrase, use: use)
       end
@@ -108,6 +111,15 @@ module Saml
       def sign?
         certificates(use: :signing).any?
       end
+
+      private
+
+      def ensure_proper_use!(use)
+        unless USES.include?(use)
+          error_message = "Use must be either :signing or :encryption"
+          raise ArgumentError.new(error_message)
+        end
+      end
     end
   end
 end
spec/saml/configuration_spec.rb
@@ -0,0 +1,47 @@
+RSpec.describe Saml::Kit::Configuration do
+  describe "#generate_key_pair_for" do
+    subject { described_class.new }
+
+    it 'raises an error when the use is not known' do
+      expect do
+        subject.generate_key_pair_for(use: :blah)
+      end.to raise_error(/:signing or :encryption/)
+    end
+
+    it 'generates a signing key pair' do
+      subject.generate_key_pair_for(use: :signing)
+      expect(subject.key_pairs(use: :signing).count).to eql(1)
+    end
+
+    it 'generates an encryption key pair' do
+      subject.generate_key_pair_for(use: :encryption)
+      expect(subject.key_pairs(use: :encryption).count).to eql(1)
+    end
+  end
+
+  describe "#add_key_pair" do
+    subject { described_class.new }
+    let(:certificate) do
+      certificate = OpenSSL::X509::Certificate.new
+      certificate.public_key = private_key.public_key
+      certificate
+    end
+    let(:private_key) { OpenSSL::PKey::RSA.new(2048) }
+
+    it 'raises an error when the use is not known' do
+      expect do
+        subject.add_key_pair(certificate, private_key.export, use: :blah)
+      end.to raise_error(/:signing or :encryption/)
+    end
+
+    it 'adds a signing key pair' do
+      subject.add_key_pair(certificate.to_pem, private_key.export, use: :signing)
+      expect(subject.key_pairs(use: :signing).count).to eql(1)
+    end
+
+    it 'adds an encryption key pair' do
+      subject.add_key_pair(certificate.to_pem, private_key.export, use: :encryption)
+      expect(subject.key_pairs(use: :encryption).count).to eql(1)
+    end
+  end
+end