Add missing case

johnnyshields · johnnyshields · commit b97bea3997fb · 2023-11-26T16:49:09.000+09:00
diff --git a/test/metadata_test.rb b/test/metadata_test.rb
@@ -227,6 +227,32 @@ class MetadataTest < Minitest::Test
           assert validate_xml!(xml_text, "saml-schema-metadata-2.0.xsd")
         end
       end
+
+      describe "with check_sp_cert_expiration and expired keys" do
+        before do
+          settings.security[:want_assertions_encrypted] = true
+          settings.security[:check_sp_cert_expiration] = true
+          valid_pair = CertificateHelper.generate_pair_hash
+          early_pair = CertificateHelper.generate_pair_hash(not_before: Time.now + 60)
+          expired_pair = CertificateHelper.generate_pair_hash(not_after: Time.now - 60)
+          settings.certificate = nil
+          settings.certificate_new = nil
+          settings.private_key = nil
+          settings.sp_cert_multi = {
+            signing: [valid_pair, early_pair, expired_pair],
+            encryption: [valid_pair, early_pair, expired_pair]
+          }
+        end
+
+        it "generates Service Provider Metadata with X509Certificate for encrypt" do
+          assert_equal 2, key_descriptors.length
+          assert_equal "signing", key_descriptors[0].attribute("use").value
+          assert_equal "encryption", key_descriptors[1].attribute("use").value
+
+          assert_equal 2, cert_nodes.length
+          assert validate_xml!(xml_text, "saml-schema-metadata-2.0.xsd")
+        end
+      end
     end
 
     describe "when attribute service is configured with multiple attribute values" do
