summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/saml/authentication_request_spec.rb22
1 files changed, 22 insertions, 0 deletions
diff --git a/spec/saml/authentication_request_spec.rb b/spec/saml/authentication_request_spec.rb
index f1516b3..5c17beb 100644
--- a/spec/saml/authentication_request_spec.rb
+++ b/spec/saml/authentication_request_spec.rb
@@ -133,6 +133,28 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
subject = described_class.new(raw_xml, configuration: configuration)
expect(subject).to be_invalid
end
+
+ context "when the certificate is expired" do
+ let(:expired_certificate) do
+ certificate = OpenSSL::X509::Certificate.new
+ certificate.public_key = private_key.public_key
+ certificate.not_before = 1.day.ago
+ certificate.not_after = 1.second.ago
+ certificate
+ end
+ let(:private_key) { OpenSSL::PKey::RSA.new(2048) }
+ let(:configuration) do
+ Saml::Kit::Configuration.new do |config|
+ config.add_key_pair(expired_certificate, private_key, passphrase: nil, use: :signing)
+ end
+ end
+
+ it 'is invalid' do
+ subject = described_class.new(raw_xml, configuration: configuration)
+ expect(subject).to be_invalid
+ expect(subject.errors[:certificate]).to be_present
+ end
+ end
end
describe "#assertion_consumer_service_url" do
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 19:27:56 +0000