Ensure that trust_mark_owners claim is not possible in subordinate statements

Author: cicnavi

tests/src/Federation/EntityStatementTest.php

@@ -380,6 +380,26 @@ public function testTrustMarkOwnersIsBuildUsingFactoryOptional(): void
     }
 
 
+    public function testTrustMarkOwnersClaimIsAllowedInConfigurationStatementOnly(): void
+    {
+        $this->validPayload['trust_mark_owners'] = [
+            'trustMarkType' => [
+                'sub' => 'subject',
+                'jwks' => ['keys' => [['key' => 'value']]],
+            ],
+        ];
+        $this->validPayload['iss'] = 'something-else';
+
+        $this->expectException(JwsException::class);
+        $this->expectExceptionMessage('non-configuration');
+
+        $this->signatureMock->method('getProtectedHeader')->willReturn($this->sampleHeader);
+        $this->jsonHelperMock->method('decode')->willReturn($this->validPayload);
+
+        $this->sut()->getTrustMarkOwners();
+    }
+
+
     public function testTrustMarkIssuersIsBuildUsingFactoryOptional(): void
     {
         $this->validPayload['trust_mark_issuers'] = [