use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class NodeMetadataFactory method createCountryEntityDescriptor.
public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
Signature entityDescriptorSignature = createSignature();
KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).build();
try {
return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
} catch (MarshallingException | SignatureException e) {
throw Throwables.propagate(e);
}
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubMetadataIntegrationTests method getIdpMetadataFromApi_shouldWork.
@Test
public void getIdpMetadataFromApi_shouldWork() {
SamlDto samlDto = client.getTargetMain(UriBuilder.fromPath("/API/metadata/idp").build(), SamlDto.class);
EntityDescriptor entityDescriptor = getEntityDescriptor(samlDto);
assertThat(entityDescriptor.getEntityID()).isEqualTo(HUB_ENTITY_ID);
assertThat(entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS)).isNull();
assertThat(entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)).isNotNull();
List<KeyDescriptor> keyDescriptors = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
// this is a bit fragile and dependent on the ordering of IDPs and in federation metadata
// this endpoint should be removed soon though...
assertThat(keyDescriptors).hasSize(7);
// signing certificates
validateKeyDescriptor(keyDescriptors, 0, HUB_ENTITY_ID);
validateKeyDescriptor(keyDescriptors, 1, HUB_ENTITY_ID, TestCertificateStrings.PUBLIC_SIGNING_CERTS.get(HUB_SECONDARY_ENTITY_ID));
validateKeyDescriptor(keyDescriptors, 2, STUB_IDP_ONE);
validateKeyDescriptor(keyDescriptors, 3, STUB_IDP_TWO);
validateKeyDescriptor(keyDescriptors, 4, STUB_IDP_THREE);
validateKeyDescriptor(keyDescriptors, 5, STUB_IDP_FOUR);
// encryption certificate
assertThat(getKeyName(keyDescriptors, 6)).isEqualTo(HUB_ENTITY_ID);
assertThat(getCertificateData(keyDescriptors, 6)).isEqualTo(TestCertificateStrings.getPrimaryPublicEncryptionCert(HUB_ENTITY_ID));
assertThat(entityDescriptor.getValidUntil()).isEqualTo(DateTime.now(DateTimeZone.UTC).plusHours(1));
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformer method apply.
@Override
public EntityDescriptor apply(HubIdentityProviderMetadataDto dto) {
final EntityDescriptor entityDescriptor = doTransform(dto);
final List<KeyDescriptor> keyDescriptors = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
keyDescriptors.addAll(getKeyDescriptorsUnmarshaller().fromCertificates(dto.getIdpSigningCertificates()));
keyDescriptors.addAll(getKeyDescriptorsUnmarshaller().fromCertificates(dto.getEncryptionCertificates()));
return entityDescriptor;
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class IdpMetadataPublicKeyStoreTest method idpEntityDescriptor.
private static EntityDescriptor idpEntityDescriptor(String idpEntityId, String public_signing_certificate) {
KeyDescriptor keyDescriptor = buildKeyDescriptor(public_signing_certificate);
IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).withoutDefaultSigningKey().build();
try {
return EntityDescriptorBuilder.anEntityDescriptor().withEntityId(idpEntityId).withIdpSsoDescriptor(idpssoDescriptor).withValidUntil(DateTime.now().plusWeeks(2)).withSignature(null).withoutSigning().setAddDefaultSpServiceDescriptor(false).build();
} catch (MarshallingException | SignatureException e) {
throw new RuntimeException(e);
}
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class KeyDescriptorFinderTest method find_shouldThrowExceptionWhenSigningCertificateIsNotPresent.
@Test
public void find_shouldThrowExceptionWhenSigningCertificateIsNotPresent() {
final KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withUse(UsageType.ENCRYPTION.toString()).build();
SamlTransformationErrorManagerTestHelper.validateFail(() -> finder.find(singletonList(keyDescriptor), UsageType.SIGNING, keyDescriptor.getKeyInfo().getKeyNames().get(0).getValue()), SamlTransformationErrorFactory.missingKey(UsageType.SIGNING.toString(), "default-key-name"));
}
Aggregations