Search in sources :

Example 1 with Certificate

use of uk.gov.ida.common.shared.security.Certificate in project verify-hub by alphagov.

the class HubAsIdpMetadataHandler method getHubEncryptionCertificate.

private Certificate getHubEncryptionCertificate(EntityDescriptor entityDescriptor) {
    KeyDescriptor hubEncryptionKey = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors().stream().filter(// there should only be one and only one hub encryption key
    input1 -> input1.getUse() == UsageType.ENCRYPTION).findFirst().get();
    X509Certificate x509Certificate = hubEncryptionKey.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0);
    return new Certificate(entityDescriptor.getEntityID(), x509Certificate.getValue(), Certificate.KeyUse.Encryption);
}
Also used : KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(uk.gov.ida.common.shared.security.Certificate)

Example 2 with Certificate

use of uk.gov.ida.common.shared.security.Certificate in project verify-hub by alphagov.

the class HubAsIdpMetadataHandler method getMetadataAsAnIdentityProvider.

public HubIdentityProviderMetadataDto getMetadataAsAnIdentityProvider() {
    URI hubFrontend = samlProxyConfiguration.getFrontendExternalUri();
    SamlEndpointDto binding = new SamlEndpointDto(SamlEndpointDto.Binding.POST, URI.create(hubFrontend + SAML2_SSO_REQUEST_ENDPOINT));
    Iterable<EntityDescriptor> entityDescriptors;
    try {
        CriteriaSet criteria = new CriteriaSet(new EntitiesDescriptorNameCriterion(hubFederationId));
        entityDescriptors = metadataResolver.resolve(criteria);
        LOG.info("Retrieved metadata from " + samlProxyConfiguration.getMetadataConfiguration().getUri());
    } catch (ResolverException e) {
        throw ApplicationException.createUnauditedException(ExceptionType.METADATA_PROVIDER_EXCEPTION, e.getMessage(), e);
    }
    final Iterable<EntityDescriptor> idpEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) != null).collect(Collectors.toList());
    final Iterable<EntityDescriptor> hubEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getEntityID().equals(hubEntityId)).collect(Collectors.toList());
    final Iterable<List<Certificate>> idpSigningCertificates = StreamSupport.stream(idpEntityDescriptors.spliterator(), false).map(this::getIDPSigningCertificates).collect(Collectors.toList());
    final Iterable<Certificate> hubEncryptionCertificate = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubEncryptionCertificate).collect(Collectors.toList());
    final Iterable<List<Certificate>> hubSigningCertificates = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubSigningCertificates).collect(Collectors.toList());
    return new HubIdentityProviderMetadataDto(asList(binding), hubEntityId, organisationDto, Collections.<ContactPersonDto>emptySet(), ImmutableList.copyOf(Iterables.concat(idpSigningCertificates)), DateTime.now().plus(samlProxyConfiguration.getMetadataValidDuration().toMilliseconds()), ImmutableList.copyOf(Iterables.concat(hubSigningCertificates)), hubEncryptionCertificate.iterator().next());
}
Also used : Iterables(com.google.common.collect.Iterables) ExceptionType(uk.gov.ida.common.ExceptionType) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Inject(javax.inject.Inject) Logger(org.apache.log4j.Logger) HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) ImmutableList(com.google.common.collect.ImmutableList) Arrays.asList(java.util.Arrays.asList) StreamSupport(java.util.stream.StreamSupport) Named(javax.inject.Named) URI(java.net.URI) SamlEndpointDto(uk.gov.ida.saml.metadata.domain.SamlEndpointDto) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) ApplicationException(uk.gov.ida.exceptions.ApplicationException) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) UsageType(org.opensaml.security.credential.UsageType) DateTime(org.joda.time.DateTime) ContactPersonDto(uk.gov.ida.saml.metadata.domain.ContactPersonDto) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) OrganisationDto(uk.gov.ida.saml.metadata.domain.OrganisationDto) Collectors(java.util.stream.Collectors) List(java.util.List) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) X509Data(org.opensaml.xmlsec.signature.X509Data) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) Collections(java.util.Collections) Certificate(uk.gov.ida.common.shared.security.Certificate) SamlProxyConfiguration(uk.gov.ida.hub.samlproxy.SamlProxyConfiguration) EntitiesDescriptorNameCriterion(uk.gov.ida.saml.metadata.EntitiesDescriptorNameCriterion) SAML2_SSO_REQUEST_ENDPOINT(uk.gov.ida.hub.samlproxy.Urls.FrontendUrls.SAML2_SSO_REQUEST_ENDPOINT) SamlEndpointDto(uk.gov.ida.saml.metadata.domain.SamlEndpointDto) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) EntitiesDescriptorNameCriterion(uk.gov.ida.saml.metadata.EntitiesDescriptorNameCriterion) URI(java.net.URI) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) ImmutableList(com.google.common.collect.ImmutableList) Arrays.asList(java.util.Arrays.asList) List(java.util.List) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(uk.gov.ida.common.shared.security.Certificate)

Example 3 with Certificate

use of uk.gov.ida.common.shared.security.Certificate in project verify-hub by alphagov.

the class HubAsIdpMetadataHandlerTest method shouldReturnSingleHubEncryptionCert.

@Test
public void shouldReturnSingleHubEncryptionCert() throws Exception {
    HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
    final List<Certificate> encryptionCertificates = metadataAsAnIdentityProvider.getEncryptionCertificates();
    assertThat(encryptionCertificates).hasSize(1);
    final Optional<Certificate> hubEncryptionCertificate = Iterables.tryFind(encryptionCertificates, getPredicateByIssuerId(TestEntityIds.HUB_ENTITY_ID));
    assertThat(hubEncryptionCertificate.isPresent()).isTrue();
    assertThat(hubEncryptionCertificate.get().getKeyUse()).isEqualTo(Certificate.KeyUse.Encryption);
}
Also used : HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) Certificate(uk.gov.ida.common.shared.security.Certificate) Test(org.junit.Test)

Example 4 with Certificate

use of uk.gov.ida.common.shared.security.Certificate in project verify-hub by alphagov.

the class HubAsIdpMetadataHandlerTest method shouldReturnHubSigningCerts.

@Test
public void shouldReturnHubSigningCerts() throws Exception {
    HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
    final List<Certificate> signingCertificates = metadataAsAnIdentityProvider.getSigningCertificates();
    assertThat(signingCertificates).hasSize(2);
    assertThat(signingCertificates.get(0).getKeyUse()).isEqualTo(Certificate.KeyUse.Signing);
    assertThat(signingCertificates.get(1).getKeyUse()).isEqualTo(Certificate.KeyUse.Signing);
}
Also used : HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) Certificate(uk.gov.ida.common.shared.security.Certificate) Test(org.junit.Test)

Aggregations

Certificate (uk.gov.ida.common.shared.security.Certificate)4 HubIdentityProviderMetadataDto (uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto)3 Test (org.junit.Test)2 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)2 X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)2 ImmutableList (com.google.common.collect.ImmutableList)1 Iterables (com.google.common.collect.Iterables)1 URI (java.net.URI)1 Arrays.asList (java.util.Arrays.asList)1 Collections (java.util.Collections)1 List (java.util.List)1 Collectors (java.util.stream.Collectors)1 StreamSupport (java.util.stream.StreamSupport)1 Inject (javax.inject.Inject)1 Named (javax.inject.Named)1 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1 ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)1 Logger (org.apache.log4j.Logger)1 DateTime (org.joda.time.DateTime)1 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)1