/**
* @group certificate
*
* @test
*/
public function assert_that_key_usage_check_works_correctly()
{
$key = new SAML2_Certificate_Key(array(SAML2_Certificate_Key::USAGE_SIGNING => true));
$this->assertTrue($key->canBeUsedFor(SAML2_Certificate_Key::USAGE_SIGNING));
$this->assertFalse($key->canBeUsedFor(SAML2_Certificate_Key::USAGE_ENCRYPTION));
$key[SAML2_Certificate_Key::USAGE_ENCRYPTION] = false;
$this->assertFalse($key->canBeUsedFor(SAML2_Certificate_Key::USAGE_ENCRYPTION));
}
/**
* Loads the keys given, optionally excluding keys when a usage is given and they
* are not configured to be used with the usage given
*
* @param array $configuredKeys
* @param $usage
*/
public function loadKeys(array $configuredKeys, $usage)
{
foreach ($configuredKeys as $keyData) {
if (isset($key['X509Certificate'])) {
$key = new SAML2_Certificate_X509($keyData);
} else {
$key = new SAML2_Certificate_Key($keyData);
}
if ($usage && !$key->canBeUsedFor($usage)) {
continue;
}
$this->loadedKeys->add($key);
}
}
/**
* {@inheritdoc} Best place to ensure the logic is encapsulated in a single place
*/
public function offsetSet($offset, $value)
{
if ($offset === 'X509Certificate') {
$value = preg_replace('~\\s+~', '', $value);
}
parent::offsetSet($offset, $value);
}
/**
* @param string $usage
*/
public function __construct($usage)
{
$message = sprintf('Invalid key usage given: "%s", usages "%s" allowed', is_string($usage) ? $usage : gettype($usage), implode('", "', SAML2_Certificate_Key::getValidKeyUsages()));
parent::__construct($message);
}
