Example 1 with CertificateChainValidationException
use of uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Example 2 with CertificateChainValidationException
use of uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException in project verify-hub by alphagov.
the class AttributeQueryRequestRunnableTest method run_shouldNotifySamlEngineAndLogErrorWhenACertificateCannotBeChainedToThoseInTheTrustStore.
@Test
public void run_shouldNotifySamlEngineAndLogErrorWhenACertificateCannotBeChainedToThoseInTheTrustStore() throws IOException, SAXException, ParserConfigurationException {
when(executeAttributeQueryRequest.execute(sessionId, attributeQueryContainerDto)).thenThrow(new CertificateChainValidationException("cert chain validation error", new Exception()));
attributeQueryRequestRunnable.run();
final ArgumentCaptor<EventSinkHubEvent> loggedHubEvent = ArgumentCaptor.forClass(EventSinkHubEvent.class);
final ArgumentCaptor<EventSinkHubEvent> emitterLoggedHubEvent = ArgumentCaptor.forClass(EventSinkHubEvent.class);
verify(eventSinkProxy).logHubEvent(loggedHubEvent.capture());
verify(eventEmitter).record(emitterLoggedHubEvent.capture());
assertThat(loggedHubEvent.getValue().getSessionId()).isEqualTo(sessionId.toString());
assertThat(emitterLoggedHubEvent.getValue().getSessionId()).isEqualTo(sessionId.toString());
verify(hubMatchingServiceResponseReceiverProxy, times(1)).notifyHubOfMatchingServiceRequestFailure(sessionId);
verify(timeoutEvaluator, times(2)).hasAttributeQueryTimedOut(attributeQueryContainerDto);
assertThat(loggedHubEvent.getValue().getDetails().get(message)).contains("Problem with the matching service's signing certificate");
assertThat(emitterLoggedHubEvent.getValue().getDetails().get(message)).contains("Problem with the matching service's signing certificate");
}
Also used :
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
AttributeQueryTimeoutException(uk.gov.ida.hub.samlsoapproxy.exceptions.AttributeQueryTimeoutException)
InvalidSamlRequestInAttributeQueryException(uk.gov.ida.hub.samlsoapproxy.exceptions.InvalidSamlRequestInAttributeQueryException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAXException(org.xml.sax.SAXException)
EventSinkHubEvent(uk.gov.ida.eventsink.EventSinkHubEvent)
Test(org.junit.Test)
Example 3 with CertificateChainValidationException
use of uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType)
Test(org.junit.Test)
Example 4 with CertificateChainValidationException
use of uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType)
Test(org.junit.Test)
Example 5 with CertificateChainValidationException
use of uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)7
CertificateChainValidationException (uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)7
CertPathValidatorException (java.security.cert.CertPathValidatorException)6
CertificateDtoBuilder.aCertificateDto (uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)2
CertificateDto (uk.gov.ida.hub.samlengine.domain.CertificateDto)2
FederationEntityType (uk.gov.ida.hub.samlengine.domain.FederationEntityType)2
CertificateDtoBuilder.aCertificateDto (uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)2
CertificateDto (uk.gov.ida.hub.samlproxy.domain.CertificateDto)2
FederationEntityType (uk.gov.ida.hub.samlproxy.domain.FederationEntityType)2
CertificateDto (uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto)2
FederationEntityType (uk.gov.ida.hub.samlsoapproxy.domain.FederationEntityType)2
IOException (java.io.IOException)1
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1
SAXException (org.xml.sax.SAXException)1
EventSinkHubEvent (uk.gov.ida.eventsink.EventSinkHubEvent)1
AttributeQueryTimeoutException (uk.gov.ida.hub.samlsoapproxy.exceptions.AttributeQueryTimeoutException)1
InvalidSamlRequestInAttributeQueryException (uk.gov.ida.hub.samlsoapproxy.exceptions.InvalidSamlRequestInAttributeQueryException)1
SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)1
