Search in sources :

Example 16 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class NodeMetadataFactory method createCountryEntityDescriptor.

public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
    Signature entityDescriptorSignature = createSignature();
    KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
    IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).build();
    try {
        return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
    } catch (MarshallingException | SignatureException e) {
        throw Throwables.propagate(e);
    }
}
Also used : IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) MarshallingException(org.opensaml.core.xml.io.MarshallingException) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Signature(org.opensaml.xmlsec.signature.Signature) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Example 17 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class HubMetadataIntegrationTests method getIdpMetadataFromApi_shouldWork.

@Test
public void getIdpMetadataFromApi_shouldWork() {
    SamlDto samlDto = client.getTargetMain(UriBuilder.fromPath("/API/metadata/idp").build(), SamlDto.class);
    EntityDescriptor entityDescriptor = getEntityDescriptor(samlDto);
    assertThat(entityDescriptor.getEntityID()).isEqualTo(HUB_ENTITY_ID);
    assertThat(entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS)).isNull();
    assertThat(entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)).isNotNull();
    List<KeyDescriptor> keyDescriptors = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
    // this is a bit fragile and dependent on the ordering of IDPs and in federation metadata
    // this endpoint should be removed soon though...
    assertThat(keyDescriptors).hasSize(7);
    // signing certificates
    validateKeyDescriptor(keyDescriptors, 0, HUB_ENTITY_ID);
    validateKeyDescriptor(keyDescriptors, 1, HUB_ENTITY_ID, TestCertificateStrings.PUBLIC_SIGNING_CERTS.get(HUB_SECONDARY_ENTITY_ID));
    validateKeyDescriptor(keyDescriptors, 2, STUB_IDP_ONE);
    validateKeyDescriptor(keyDescriptors, 3, STUB_IDP_TWO);
    validateKeyDescriptor(keyDescriptors, 4, STUB_IDP_THREE);
    validateKeyDescriptor(keyDescriptors, 5, STUB_IDP_FOUR);
    // encryption certificate
    assertThat(getKeyName(keyDescriptors, 6)).isEqualTo(HUB_ENTITY_ID);
    assertThat(getCertificateData(keyDescriptors, 6)).isEqualTo(TestCertificateStrings.getPrimaryPublicEncryptionCert(HUB_ENTITY_ID));
    assertThat(entityDescriptor.getValidUntil()).isEqualTo(DateTime.now(DateTimeZone.UTC).plusHours(1));
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SamlDto(uk.gov.ida.hub.samlproxy.domain.SamlDto) Test(org.junit.jupiter.api.Test)

Example 18 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformer method apply.

@Override
public EntityDescriptor apply(HubIdentityProviderMetadataDto dto) {
    final EntityDescriptor entityDescriptor = doTransform(dto);
    final List<KeyDescriptor> keyDescriptors = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
    keyDescriptors.addAll(getKeyDescriptorsUnmarshaller().fromCertificates(dto.getIdpSigningCertificates()));
    keyDescriptors.addAll(getKeyDescriptorsUnmarshaller().fromCertificates(dto.getEncryptionCertificates()));
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)

Example 19 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class IdpMetadataPublicKeyStoreTest method idpEntityDescriptor.

private static EntityDescriptor idpEntityDescriptor(String idpEntityId, String public_signing_certificate) {
    KeyDescriptor keyDescriptor = buildKeyDescriptor(public_signing_certificate);
    IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).withoutDefaultSigningKey().build();
    try {
        return EntityDescriptorBuilder.anEntityDescriptor().withEntityId(idpEntityId).withIdpSsoDescriptor(idpssoDescriptor).withValidUntil(DateTime.now().plusWeeks(2)).withSignature(null).withoutSigning().setAddDefaultSpServiceDescriptor(false).build();
    } catch (MarshallingException | SignatureException e) {
        throw new RuntimeException(e);
    }
}
Also used : IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) MarshallingException(org.opensaml.core.xml.io.MarshallingException) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Example 20 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class KeyDescriptorFinderTest method find_shouldThrowExceptionWhenSigningCertificateIsNotPresent.

@Test
public void find_shouldThrowExceptionWhenSigningCertificateIsNotPresent() {
    final KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withUse(UsageType.ENCRYPTION.toString()).build();
    SamlTransformationErrorManagerTestHelper.validateFail(() -> finder.find(singletonList(keyDescriptor), UsageType.SIGNING, keyDescriptor.getKeyInfo().getKeyNames().get(0).getValue()), SamlTransformationErrorFactory.missingKey(UsageType.SIGNING.toString(), "default-key-name"));
}
Also used : KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Test(org.junit.jupiter.api.Test)

Aggregations

KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)27 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)11 Test (org.junit.jupiter.api.Test)9 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8 X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)8 KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)5 X509Data (org.opensaml.xmlsec.signature.X509Data)5 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)4 MarshallingException (org.opensaml.core.xml.io.MarshallingException)3 NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)3 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)3 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)3 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)2 Signature (org.opensaml.xmlsec.signature.Signature)2 Saml2Exception (org.springframework.security.saml2.Saml2Exception)2 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)2