use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest method assertCertificateIsPresent.
private void assertCertificateIsPresent(List<KeyDescriptor> keyDescriptors, Certificate encryptionCert) {
for (KeyDescriptor keyDescriptor : keyDescriptors) {
String keyEntityId = keyDescriptor.getKeyInfo().getKeyNames().get(0).getValue();
String x509Value = keyDescriptor.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
UsageType keyUse = keyDescriptor.getUse();
if (keyEntityId.equals(encryptionCert.getIssuerId()) && x509Value.equals(encryptionCert.getCertificate()) && keyUse == UsageType.ENCRYPTION) {
return;
}
}
Assertions.fail("Certificate is not present.");
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest method transform_shouldTransformHubEncryptionCertificate.
@Test
public void transform_shouldTransformHubEncryptionCertificate() {
final Certificate encryptionCert = aCertificate().withKeyUse(Certificate.KeyUse.Encryption).build();
final EntityDescriptor result = transformer.apply(IdentityProviderMetadataDtoBuilder.anIdentityProviderMetadataDto().withHubEncryptionCertificate(encryptionCert).build());
final List<KeyDescriptor> keyDescriptors = result.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
assertCertificateIsPresent(keyDescriptors, encryptionCert);
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class KeyDescriptorFinderTest method find_shouldFindKeyDescriptorWithMatchingUsageWhenItHasNoKeyName.
@Test
public void find_shouldFindKeyDescriptorWithMatchingUsageWhenItHasNoKeyName() {
final String entityId = UUID.randomUUID().toString();
final KeyDescriptor desiredKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(aKeyInfo().withKeyName(null).build()).withUse(UsageType.SIGNING.toString()).build();
final KeyDescriptor result = finder.find(asList(KeyDescriptorBuilder.aKeyDescriptor().build(), desiredKeyDescriptor), UsageType.SIGNING, entityId);
Assertions.assertThat(result).isEqualTo(desiredKeyDescriptor);
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class KeyDescriptorFinderTest method find_shouldThrowExceptionWhenKeyNameIsPresentButDoesNotMatchExpectedEntityId.
@Test
public void find_shouldThrowExceptionWhenKeyNameIsPresentButDoesNotMatchExpectedEntityId() {
final KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withUse(UsageType.SIGNING.toString()).build();
SamlTransformationErrorManagerTestHelper.validateFail(() -> finder.find(singletonList(keyDescriptor), UsageType.SIGNING, "wrong-value"), SamlTransformationErrorFactory.missingKey(UsageType.SIGNING.toString(), "wrong-value"));
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class SigningCertFromMetadataExtractorTest method beforeClass.
@BeforeAll
public static void beforeClass() throws MarshallingException, SignatureException {
KeyDescriptor secondKeyDescriptor = aKeyDescriptor().withKeyInfo(aKeyInfo().withKeyName(TestEntityIds.HUB_ENTITY_ID).withX509Data(aX509Data().withX509Certificate(aX509Certificate().withCert(TestCertificateStrings.HUB_TEST_SECONDARY_PUBLIC_SIGNING_CERT).build()).build()).build()).withUse(UsageType.SIGNING.toString()).build();
hubEntityDescriptor = EntityDescriptorBuilder.anEntityDescriptor().withEntityId(HUB_ENTITY_ID).addSpServiceDescriptor(SPSSODescriptorBuilder.anSpServiceDescriptor().addKeyDescriptor(secondKeyDescriptor).build()).build();
}
Aggregations