Search in sources :

Example 21 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class KeyDescriptorFinderTest method find_shouldThrowExceptionWhenEncryptionCertificateIsNotPresent.

@Test
public void find_shouldThrowExceptionWhenEncryptionCertificateIsNotPresent() {
    final KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withUse(UsageType.SIGNING.toString()).build();
    SamlTransformationErrorManagerTestHelper.validateFail(() -> finder.find(singletonList(keyDescriptor), UsageType.ENCRYPTION, keyDescriptor.getKeyInfo().getKeyNames().get(0).getValue()), SamlTransformationErrorFactory.missingKey(UsageType.ENCRYPTION.toString(), "default-key-name"));
}
Also used : KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Test(org.junit.jupiter.api.Test)

Example 22 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class KeyDescriptorFinderTest method find_shouldFindKeyDescriptorWithMatchingUsageAndEntityId.

@Test
public void find_shouldFindKeyDescriptorWithMatchingUsageAndEntityId() {
    final String entityId = UUID.randomUUID().toString();
    final KeyDescriptor desiredKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(aKeyInfo().withKeyName(entityId).build()).withUse(UsageType.SIGNING.toString()).build();
    final KeyDescriptor result = finder.find(asList(KeyDescriptorBuilder.aKeyDescriptor().build(), desiredKeyDescriptor), UsageType.SIGNING, entityId);
    Assertions.assertThat(result).isEqualTo(desiredKeyDescriptor);
}
Also used : KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Test(org.junit.jupiter.api.Test)

Example 23 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class KeyDescriptorFinderTest method find_shouldFindKeyDescriptorWithMatchingUsageWhenKeyNameIsPresentAndExpectedEntityIdIsNull.

@Test
public void find_shouldFindKeyDescriptorWithMatchingUsageWhenKeyNameIsPresentAndExpectedEntityIdIsNull() {
    final KeyDescriptor desiredKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(aKeyInfo().withKeyName("foo").build()).withUse(UsageType.SIGNING.toString()).build();
    final KeyDescriptor result = finder.find(asList(KeyDescriptorBuilder.aKeyDescriptor().withUse(UsageType.ENCRYPTION.toString()).build(), desiredKeyDescriptor), UsageType.SIGNING, null);
    Assertions.assertThat(result).isEqualTo(desiredKeyDescriptor);
}
Also used : KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Test(org.junit.jupiter.api.Test)

Example 24 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest method transform_shouldTransformIdpSigningCertificates.

@Test
public void transform_shouldTransformIdpSigningCertificates() {
    String idpOneIssuerId = UUID.randomUUID().toString();
    String idpTwoIssuerId = UUID.randomUUID().toString();
    final Certificate idpCertOne = aCertificate().withIssuerId(idpOneIssuerId).build();
    final Certificate idpCertTwo = aCertificate().withIssuerId(idpTwoIssuerId).build();
    final EntityDescriptor result = transformer.apply(IdentityProviderMetadataDtoBuilder.anIdentityProviderMetadataDto().addIdpSigningCertificate(idpCertOne).addIdpSigningCertificate(idpCertTwo).build());
    final List<KeyDescriptor> keyDescriptors = result.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors();
    Assertions.assertThat(keyDescriptors.size()).isEqualTo(4);
    assertCertificateCorrect(keyDescriptors.get(1), idpOneIssuerId, idpCertOne);
    assertCertificateCorrect(keyDescriptors.get(2), idpTwoIssuerId, idpCertTwo);
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) CertificateBuilder.aCertificate(uk.gov.ida.saml.core.test.builders.CertificateBuilder.aCertificate) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(uk.gov.ida.common.shared.security.Certificate) Test(org.junit.jupiter.api.Test)

Example 25 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project ddf by codice.

the class IdpMetadata method initCertificates.

private void initCertificates() {
    IDPSSODescriptor descriptor = getDescriptor();
    if (descriptor == null) {
        return;
    }
    for (KeyDescriptor key : descriptor.getKeyDescriptors()) {
        String certificate = null;
        if (!key.getKeyInfo().getX509Datas().isEmpty() && !key.getKeyInfo().getX509Datas().get(0).getX509Certificates().isEmpty()) {
            certificate = key.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
        }
        if (StringUtils.isBlank(certificate)) {
            break;
        }
        if (UsageType.UNSPECIFIED.equals(key.getUse())) {
            encryptionCertificate = certificate;
            signingCertificate = certificate;
        }
        if (UsageType.ENCRYPTION.equals(key.getUse())) {
            encryptionCertificate = certificate;
        }
        if (UsageType.SIGNING.equals(key.getUse())) {
            signingCertificate = certificate;
        }
    }
}
Also used : IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)

Aggregations

KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)27 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)11 Test (org.junit.jupiter.api.Test)9 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8 X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)8 KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)5 X509Data (org.opensaml.xmlsec.signature.X509Data)5 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)4 MarshallingException (org.opensaml.core.xml.io.MarshallingException)3 NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)3 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)3 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)3 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)2 Signature (org.opensaml.xmlsec.signature.Signature)2 Saml2Exception (org.springframework.security.saml2.Saml2Exception)2 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)2