lib/saml/kit/configuration.rb in saml-kit-0.3.4 vs lib/saml/kit/configuration.rb in saml-kit-0.3.5

@@ -18,10 +18,11 @@
     #     configuration.issuer = "https://www.example.com/saml/metadata"
     #     configuration.generate_key_pair_for(use: :signing)
     #     configuration.add_key_pair(ENV["X509_CERTIFICATE"], ENV["PRIVATE_KEY"], passphrase: ENV['PRIVATE_KEY_PASSPHRASE'], use: :encryption)
     #   end
     class Configuration
+      USES = [:signing, :encryption]
       # The issuer or entity_id to use.
       attr_accessor :issuer
       # The signature method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::SIGNATURE_METHODS})
       attr_accessor :signature_method
       # The digest method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::DIGEST_METHODS})
@@ -51,18 +52,20 @@
       # @param certificate [String] the x509 certificate with public key.
       # @param private_key [String] the plain text private key.
       # @param passphrase [String] the password to decrypt the private key.
       # @param use [Symbol] the type of key pair, `:signing` or `:encryption`
       def add_key_pair(certificate, private_key, passphrase: '', use: :signing)
+        ensure_proper_use!(use)
         @key_pairs.push(::Xml::Kit::KeyPair.new(certificate, private_key, passphrase, use.to_sym))
       end
 
       # Generates a unique key pair that can be used for signing or encryption.
       #
       # @param use [Symbol] the type of key pair, `:signing` or `:encryption`
       # @param passphrase [String] the private key passphrase to use.
       def generate_key_pair_for(use:, passphrase: SecureRandom.uuid)
+        ensure_proper_use!(use)
         certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
         add_key_pair(certificate, private_key, passphrase: passphrase, use: use)
       end
 
       # Return each key pair for a specific use.
@@ -105,9 +108,18 @@
       end
 
       # Returns true if there is at least one signing certificate registered.
       def sign?
         certificates(use: :signing).any?
+      end
+
+      private
+
+      def ensure_proper_use!(use)
+        unless USES.include?(use)
+          error_message = "Use must be either :signing or :encryption"
+          raise ArgumentError.new(error_message)
+        end
       end
     end
   end
 end