use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class MatchingServiceRequestSenderTest method socketTimeoutRetryWithBackoffTests_thirdCallFailsAndThrowsException.
@Test
public void socketTimeoutRetryWithBackoffTests_thirdCallFailsAndThrowsException() {
final String firstCallState = "Call 1 Complete";
final String secondCallState = "Call 2 Complete";
final String thirdCallState = "Call 3 Complete";
final String scenarioName = "socket timeout scenario";
errorSimulationServer.stubFor(post(urlEqualTo(attibute_query_resource)).inScenario(scenarioName).whenScenarioStateIs(Scenario.STARTED).willReturn(WireMock.aResponse().withFixedDelay(2000).withStatus(Response.Status.OK.getStatusCode()).withHeader("Content-Type", MediaType.TEXT_XML_TYPE.toString()).withBody(soapResponse)).willSetStateTo(firstCallState));
errorSimulationServer.stubFor(post(urlEqualTo(attibute_query_resource)).inScenario(scenarioName).whenScenarioStateIs(firstCallState).willReturn(WireMock.aResponse().withFixedDelay(2000).withStatus(Response.Status.OK.getStatusCode()).withHeader("Content-Type", MediaType.TEXT_XML_TYPE.toString()).withBody(soapResponse)).willSetStateTo(secondCallState));
errorSimulationServer.stubFor(post(urlEqualTo(attibute_query_resource)).inScenario(scenarioName).whenScenarioStateIs(secondCallState).willReturn(WireMock.aResponse().withStatus(Response.Status.OK.getStatusCode()).withFixedDelay(2000).withHeader("Content-Type", MediaType.TEXT_XML_TYPE.toString()).withBody(soapResponse)).willSetStateTo(thirdCallState));
Credential signingCredential = hubSigningCredential;
AttributeQueryContainerDto attributeQueryContainerDto = AttributeQueryContainerDtoBuilder.anAttributeQueryContainerDto(AttributeQueryBuilder.anAttributeQuery().withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(HUB_ENTITY_ID).build()).build()).withIssuerId(HUB_ENTITY_ID).withMatchingServiceUri(msaStub.getAttributeQueryRequestUri()).build();
long start = System.currentTimeMillis();
SoapMessageManager soapMessageManager = new SoapMessageManager();
Document requestDocument = soapMessageManager.wrapWithSoapEnvelope(convertToElementAndValidate(attributeQueryContainerDto));
Entity entity = Entity.xml(requestDocument);
try {
backOffClient.target(URI.create(format("http://localhost:%d%s", errorSimulationServer.port(), attibute_query_resource))).request(MediaType.TEXT_XML_TYPE).post(entity);
} catch (Exception ex) {
assertThat(ex).isInstanceOf(ProcessingException.class);
assertThat(ex.getCause()).isInstanceOf(SocketTimeoutException.class);
}
long end = System.currentTimeMillis();
assertThat(getScenario(scenarioName).getState()).isEqualTo(thirdCallState);
assertThat((end - start)).isGreaterThanOrEqualTo(getTotalBackoffPeriod(2, Duration.milliseconds(1000)));
}
use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class MatchingServiceRequestSenderTest method sendHubMatchingServiceRequest_shouldAcceptAValidRequest.
@Test
public void sendHubMatchingServiceRequest_shouldAcceptAValidRequest() {
Credential signingCredential = hubSigningCredential;
AttributeQueryContainerDto attributeQueryContainerDto = AttributeQueryContainerDtoBuilder.anAttributeQueryContainerDto(AttributeQueryBuilder.anAttributeQuery().withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(HUB_ENTITY_ID).build()).build()).withIssuerId(HUB_ENTITY_ID).withMatchingServiceUri(msaStub.getAttributeQueryRequestUri()).build();
SessionId sessionId = SessionId.createNewSessionId();
final URI uri = UriBuilder.fromPath(Urls.SamlSoapProxyUrls.MATCHING_SERVICE_REQUEST_SENDER_RESOURCE).queryParam(Urls.SharedUrls.SESSION_ID_PARAM, sessionId).build();
String path = UriBuilder.fromPath(ATTRIBUTE_QUERY_RESPONSE_RESOURCE).build(sessionId).getPath();
policyStub.register(path, 200);
Response response = makepost(attributeQueryContainerDto, uri);
assertThat(response.getStatus()).isEqualTo(Response.Status.ACCEPTED.getStatusCode());
andPolicyShouldReceiveASuccess(sessionId);
}
use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class MatchingServiceRequestSenderTest method socketTimeoutRetryWithBackoffTests_thirdCallSucceeds.
@Test
public void socketTimeoutRetryWithBackoffTests_thirdCallSucceeds() {
final String firstCallState = "Call 1 Complete";
final String secondCallState = "Call 2 Complete";
final String thirdCallState = "Call 3 Complete";
final String scenarioName = "socket timeout scenario";
errorSimulationServer.stubFor(post(urlEqualTo(attibute_query_resource)).inScenario(scenarioName).whenScenarioStateIs(Scenario.STARTED).willReturn(WireMock.aResponse().withFixedDelay(2000).withStatus(Response.Status.OK.getStatusCode()).withHeader("Content-Type", MediaType.TEXT_XML_TYPE.toString()).withBody(soapResponse)).willSetStateTo(firstCallState));
errorSimulationServer.stubFor(post(urlEqualTo(attibute_query_resource)).inScenario(scenarioName).whenScenarioStateIs(firstCallState).willReturn(WireMock.aResponse().withFixedDelay(2000).withStatus(Response.Status.OK.getStatusCode()).withHeader("Content-Type", MediaType.TEXT_XML_TYPE.toString()).withBody(soapResponse)).willSetStateTo(secondCallState));
errorSimulationServer.stubFor(post(urlEqualTo(attibute_query_resource)).inScenario(scenarioName).whenScenarioStateIs(secondCallState).willReturn(WireMock.aResponse().withStatus(Response.Status.OK.getStatusCode()).withHeader("Content-Type", MediaType.TEXT_XML_TYPE.toString()).withBody(soapResponse)).willSetStateTo(thirdCallState));
Credential signingCredential = hubSigningCredential;
AttributeQueryContainerDto attributeQueryContainerDto = AttributeQueryContainerDtoBuilder.anAttributeQueryContainerDto(AttributeQueryBuilder.anAttributeQuery().withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(HUB_ENTITY_ID).build()).build()).withIssuerId(HUB_ENTITY_ID).withMatchingServiceUri(msaStub.getAttributeQueryRequestUri()).build();
long start = System.currentTimeMillis();
SoapMessageManager soapMessageManager = new SoapMessageManager();
Document requestDocument = soapMessageManager.wrapWithSoapEnvelope(convertToElementAndValidate(attributeQueryContainerDto));
Entity entity = Entity.xml(requestDocument);
Response response = backOffClient.target(URI.create(format("http://localhost:%d%s", errorSimulationServer.port(), attibute_query_resource))).request(MediaType.TEXT_XML_TYPE).post(entity);
long end = System.currentTimeMillis();
assertThat(response.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
assertThat(getScenario(scenarioName).getState()).isEqualTo(thirdCallState);
assertThat((end - start)).isGreaterThanOrEqualTo(getTotalBackoffPeriod(2, Duration.milliseconds(1000)));
}
use of org.opensaml.security.credential.Credential in project spring-security by spring-projects.
the class OpenSamlSigningUtils method resolveSigningCredentials.
private static List<Credential> resolveSigningCredentials(RelyingPartyRegistration relyingPartyRegistration) {
List<Credential> credentials = new ArrayList<>();
for (Saml2X509Credential x509Credential : relyingPartyRegistration.getSigningX509Credentials()) {
X509Certificate certificate = x509Credential.getCertificate();
PrivateKey privateKey = x509Credential.getPrivateKey();
BasicCredential credential = CredentialSupport.getSimpleCredential(certificate, privateKey);
credential.setEntityId(relyingPartyRegistration.getEntityId());
credential.setUsageType(UsageType.SIGNING);
credentials.add(credential);
}
return credentials;
}
use of org.opensaml.security.credential.Credential in project spring-security by spring-projects.
the class OpenSamlSigningUtils method resolveSigningParameters.
private static SignatureSigningParameters resolveSigningParameters(RelyingPartyRegistration relyingPartyRegistration) {
List<Credential> credentials = resolveSigningCredentials(relyingPartyRegistration);
List<String> algorithms = relyingPartyRegistration.getAssertingPartyDetails().getSigningAlgorithms();
List<String> digests = Collections.singletonList(SignatureConstants.ALGO_ID_DIGEST_SHA256);
String canonicalization = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
SignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
CriteriaSet criteria = new CriteriaSet();
BasicSignatureSigningConfiguration signingConfiguration = new BasicSignatureSigningConfiguration();
signingConfiguration.setSigningCredentials(credentials);
signingConfiguration.setSignatureAlgorithms(algorithms);
signingConfiguration.setSignatureReferenceDigestMethods(digests);
signingConfiguration.setSignatureCanonicalizationAlgorithm(canonicalization);
signingConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager());
criteria.add(new SignatureSigningConfigurationCriterion(signingConfiguration));
try {
SignatureSigningParameters parameters = resolver.resolveSingle(criteria);
Assert.notNull(parameters, "Failed to resolve any signing credential");
return parameters;
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
Aggregations