lib/saml/kit/configuration.rb in saml-kit-1.0.26 vs lib/saml/kit/configuration.rb in saml-kit-1.0.27

@@ -88,11 +88,11 @@
       # Return each key pair for a specific use.
       #
       # @param use [Symbol] the type of key pair to return
       # `nil`, `:signing` or `:encryption`
       def key_pairs(use: nil)
-        use.present? ? @key_pairs.find_all { |xxx| xxx.for?(use) } : @key_pairs
+        use.present? ? active_key_pairs.find_all { |xxx| xxx.for?(use) } : active_key_pairs
       end
 
       # Return each certificate for a specific use.
       #
       # @param use [Symbol] the type of key pair to return
@@ -119,9 +119,20 @@
       def ensure_proper_use(use)
         return if USES.include?(use)
 
         error_message = 'Use must be either :signing or :encryption'
         raise ArgumentError, error_message
+      end
+
+      def active_key_pairs
+        @key_pairs.find_all { |x| active?(x) }.sort_by { |x| x.certificate.not_after }.reverse
+      end
+
+      def active?(key_pair)
+        key_pair.certificate.active?
+      rescue OpenSSL::X509::CertificateError => error
+        Saml::Kit.logger.error(error)
+        false
       end
     end
   end
 end