use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class KeyDescriptorFinderTest method find_shouldThrowExceptionWhenEncryptionCertificateIsNotPresent.
@Test
public void find_shouldThrowExceptionWhenEncryptionCertificateIsNotPresent() {
final KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withUse(UsageType.SIGNING.toString()).build();
SamlTransformationErrorManagerTestHelper.validateFail(() -> finder.find(singletonList(keyDescriptor), UsageType.ENCRYPTION, keyDescriptor.getKeyInfo().getKeyNames().get(0).getValue()), SamlTransformationErrorFactory.missingKey(UsageType.ENCRYPTION.toString(), "default-key-name"));
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class KeyDescriptorFinderTest method find_shouldFindKeyDescriptorWithMatchingUsageAndEntityId.
@Test
public void find_shouldFindKeyDescriptorWithMatchingUsageAndEntityId() {
final String entityId = UUID.randomUUID().toString();
final KeyDescriptor desiredKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(aKeyInfo().withKeyName(entityId).build()).withUse(UsageType.SIGNING.toString()).build();
final KeyDescriptor result = finder.find(asList(KeyDescriptorBuilder.aKeyDescriptor().build(), desiredKeyDescriptor), UsageType.SIGNING, entityId);
Assertions.assertThat(result).isEqualTo(desiredKeyDescriptor);
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class KeyDescriptorFinderTest method find_shouldFindKeyDescriptorWithMatchingUsageWhenKeyNameIsPresentAndExpectedEntityIdIsNull.
@Test
public void find_shouldFindKeyDescriptorWithMatchingUsageWhenKeyNameIsPresentAndExpectedEntityIdIsNull() {
final KeyDescriptor desiredKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(aKeyInfo().withKeyName("foo").build()).withUse(UsageType.SIGNING.toString()).build();
final KeyDescriptor result = finder.find(asList(KeyDescriptorBuilder.aKeyDescriptor().withUse(UsageType.ENCRYPTION.toString()).build(), desiredKeyDescriptor), UsageType.SIGNING, null);
Assertions.assertThat(result).isEqualTo(desiredKeyDescriptor);
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest method transform_shouldTransformIdpSigningCertificates.
@Test
public void transform_shouldTransformIdpSigningCertificates() {
String idpOneIssuerId = UUID.randomUUID().toString();
String idpTwoIssuerId = UUID.randomUUID().toString();
final Certificate idpCertOne = aCertificate().withIssuerId(idpOneIssuerId).build();
final Certificate idpCertTwo = aCertificate().withIssuerId(idpTwoIssuerId).build();
final EntityDescriptor result = transformer.apply(IdentityProviderMetadataDtoBuilder.anIdentityProviderMetadataDto().addIdpSigningCertificate(idpCertOne).addIdpSigningCertificate(idpCertTwo).build());
final List<KeyDescriptor> keyDescriptors = result.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
Assertions.assertThat(keyDescriptors.size()).isEqualTo(4);
assertCertificateCorrect(keyDescriptors.get(1), idpOneIssuerId, idpCertOne);
assertCertificateCorrect(keyDescriptors.get(2), idpTwoIssuerId, idpCertTwo);
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project ddf by codice.
the class IdpMetadata method initCertificates.
private void initCertificates() {
IDPSSODescriptor descriptor = getDescriptor();
if (descriptor == null) {
return;
}
for (KeyDescriptor key : descriptor.getKeyDescriptors()) {
String certificate = null;
if (!key.getKeyInfo().getX509Datas().isEmpty() && !key.getKeyInfo().getX509Datas().get(0).getX509Certificates().isEmpty()) {
certificate = key.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
}
if (StringUtils.isBlank(certificate)) {
break;
}
if (UsageType.UNSPECIFIED.equals(key.getUse())) {
encryptionCertificate = certificate;
signingCertificate = certificate;
}
if (UsageType.ENCRYPTION.equals(key.getUse())) {
encryptionCertificate = certificate;
}
if (UsageType.SIGNING.equals(key.getUse())) {
signingCertificate = certificate;
}
}
}
Aggregations