Example 6 with KeyDescriptor
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest method assertCertificateIsPresent.
private void assertCertificateIsPresent(List<KeyDescriptor> keyDescriptors, Certificate encryptionCert) {
for (KeyDescriptor keyDescriptor : keyDescriptors) {
String keyEntityId = keyDescriptor.getKeyInfo().getKeyNames().get(0).getValue();
String x509Value = keyDescriptor.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
UsageType keyUse = keyDescriptor.getUse();
if (keyEntityId.equals(encryptionCert.getIssuerId()) && x509Value.equals(encryptionCert.getCertificate()) && keyUse == UsageType.ENCRYPTION) {
return;
}
}
Assertions.fail("Certificate is not present.");
}
Also used :
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
UsageType(org.opensaml.security.credential.UsageType)
Example 7 with KeyDescriptor
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest method transform_shouldTransformHubEncryptionCertificate.
@Test
public void transform_shouldTransformHubEncryptionCertificate() {
final Certificate encryptionCert = aCertificate().withKeyUse(Certificate.KeyUse.Encryption).build();
final EntityDescriptor result = transformer.apply(IdentityProviderMetadataDtoBuilder.anIdentityProviderMetadataDto().withHubEncryptionCertificate(encryptionCert).build());
final List<KeyDescriptor> keyDescriptors = result.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
assertCertificateIsPresent(keyDescriptors, encryptionCert);
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
CertificateBuilder.aCertificate(uk.gov.ida.saml.core.test.builders.CertificateBuilder.aCertificate)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Certificate(uk.gov.ida.common.shared.security.Certificate)
Test(org.junit.jupiter.api.Test)
Example 8 with KeyDescriptor
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class KeyDescriptorFinderTest method find_shouldFindKeyDescriptorWithMatchingUsageWhenItHasNoKeyName.
@Test
public void find_shouldFindKeyDescriptorWithMatchingUsageWhenItHasNoKeyName() {
final String entityId = UUID.randomUUID().toString();
final KeyDescriptor desiredKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(aKeyInfo().withKeyName(null).build()).withUse(UsageType.SIGNING.toString()).build();
final KeyDescriptor result = finder.find(asList(KeyDescriptorBuilder.aKeyDescriptor().build(), desiredKeyDescriptor), UsageType.SIGNING, entityId);
Assertions.assertThat(result).isEqualTo(desiredKeyDescriptor);
}
Also used :
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
Test(org.junit.jupiter.api.Test)
Example 9 with KeyDescriptor
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class KeyDescriptorFinderTest method find_shouldThrowExceptionWhenKeyNameIsPresentButDoesNotMatchExpectedEntityId.
@Test
public void find_shouldThrowExceptionWhenKeyNameIsPresentButDoesNotMatchExpectedEntityId() {
final KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withUse(UsageType.SIGNING.toString()).build();
SamlTransformationErrorManagerTestHelper.validateFail(() -> finder.find(singletonList(keyDescriptor), UsageType.SIGNING, "wrong-value"), SamlTransformationErrorFactory.missingKey(UsageType.SIGNING.toString(), "wrong-value"));
}
Also used :
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
Test(org.junit.jupiter.api.Test)
Example 10 with KeyDescriptor
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class SigningCertFromMetadataExtractorTest method beforeClass.
@BeforeAll
public static void beforeClass() throws MarshallingException, SignatureException {
KeyDescriptor secondKeyDescriptor = aKeyDescriptor().withKeyInfo(aKeyInfo().withKeyName(TestEntityIds.HUB_ENTITY_ID).withX509Data(aX509Data().withX509Certificate(aX509Certificate().withCert(TestCertificateStrings.HUB_TEST_SECONDARY_PUBLIC_SIGNING_CERT).build()).build()).build()).withUse(UsageType.SIGNING.toString()).build();
hubEntityDescriptor = EntityDescriptorBuilder.anEntityDescriptor().withEntityId(HUB_ENTITY_ID).addSpServiceDescriptor(SPSSODescriptorBuilder.anSpServiceDescriptor().addKeyDescriptor(secondKeyDescriptor).build()).build();
}
Also used :
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
KeyDescriptorBuilder.aKeyDescriptor(uk.gov.ida.saml.core.test.builders.metadata.KeyDescriptorBuilder.aKeyDescriptor)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Aggregations
KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)27
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)11
Test (org.junit.jupiter.api.Test)9
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8
X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)8
KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)5
X509Data (org.opensaml.xmlsec.signature.X509Data)5
SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)4
MarshallingException (org.opensaml.core.xml.io.MarshallingException)3
NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)3
SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)3
SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)3
CertificateException (java.security.cert.CertificateException)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)2
Signature (org.opensaml.xmlsec.signature.Signature)2
Saml2Exception (org.springframework.security.saml2.Saml2Exception)2
Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)2
