Examples with Certificate uk.gov.ida.hub.config.domain.Certificate used on opensource projects

Example 6 with Certificate

use of uk.gov.ida.hub.config.domain.Certificate in project verify-hub by alphagov.

the class CertificateServiceTest method encryptionCertificateForEntityIdReturnsCertificateWhenEnabledMatchingCertificateExists.

@Test
public void encryptionCertificateForEntityIdReturnsCertificateWhenEnabledMatchingCertificateExists() {
    MatchingServiceConfig matchingServiceConfig = aMatchingServiceConfig().withEntityId(RP_ONE_ENTITY_ID).withEncryptionCertificate(CERT_ONE_X509).build();
    when(connectedServiceConfigRepository.has(RP_ONE_ENTITY_ID)).thenReturn(false);
    when(matchingServiceConfigRepository.has(RP_ONE_ENTITY_ID)).thenReturn(true);
    when(matchingServiceConfigRepository.get(RP_ONE_ENTITY_ID)).thenReturn(Optional.of(matchingServiceConfig));
    when(certificateValidityChecker.isValid(any(Certificate.class))).thenReturn(true);
    Certificate certificate = certificateService.encryptionCertificateFor(RP_ONE_ENTITY_ID);
    assertThat(certificate).isEqualTo(new Certificate(RP_ONE_ENTITY_ID, FederationEntityType.RP, CERT_ONE_X509, CertificateUse.ENCRYPTION, CertificateOrigin.FEDERATION, true));
}

Example 7 with Certificate

use of uk.gov.ida.hub.config.domain.Certificate in project verify-hub by alphagov.

the class CertificateServiceTest method signatureVerificationCertificatesForEntityIdReturnsValidSignatureVerificationCertificatesWhenMatchingSignatureCertificatesExist.

@Test
public void signatureVerificationCertificatesForEntityIdReturnsValidSignatureVerificationCertificatesWhenMatchingSignatureCertificatesExist() {
    MatchingServiceConfig matchingServiceConfig = aMatchingServiceConfig().withEntityId(RP_ONE_ENTITY_ID).addSignatureVerificationCertificate(CERT_ONE_X509).addSignatureVerificationCertificate(CERT_TWO_X509).build();
    Certificate validCertificate = new Certificate(RP_ONE_ENTITY_ID, FederationEntityType.MS, CERT_ONE_X509, CertificateUse.SIGNING, CertificateOrigin.FEDERATION, true);
    Certificate invalidCertificate = new Certificate(RP_ONE_ENTITY_ID, FederationEntityType.MS, CERT_TWO_X509, CertificateUse.SIGNING, CertificateOrigin.FEDERATION, true);
    when(connectedServiceConfigRepository.has(RP_ONE_ENTITY_ID)).thenReturn(false);
    when(matchingServiceConfigRepository.has(RP_ONE_ENTITY_ID)).thenReturn(true);
    when(matchingServiceConfigRepository.get(RP_ONE_ENTITY_ID)).thenReturn(Optional.of(matchingServiceConfig));
    when(certificateValidityChecker.isValid(invalidCertificate)).thenReturn(false);
    when(certificateValidityChecker.isValid(validCertificate)).thenReturn(true);
    List<Certificate> CertificateFound = certificateService.signatureVerificationCertificatesFor(RP_ONE_ENTITY_ID);
    assertThat(CertificateFound.size()).isEqualTo(1);
    assertThat(CertificateFound.get(0)).isEqualTo(validCertificate);
    String expectedLogMessage = String.format("Signature verification certificates were requested for entityId '%s'; 1 of them is invalid", RP_ONE_ENTITY_ID);
    checkForExpectedLogWarnings(List.of(expectedLogMessage));
}

Example 8 with Certificate

use of uk.gov.ida.hub.config.domain.Certificate in project verify-hub by alphagov.

the class CertificateServiceTest method encryptionCertificateForEntityIdWarnsAndThrowsWhenMatchCertificateExistsButIsInvalid.

@Test
public void encryptionCertificateForEntityIdWarnsAndThrowsWhenMatchCertificateExistsButIsInvalid() {
    Assertions.assertThrows(NoCertificateFoundException.class, () -> {
        MatchingServiceConfig matchingServiceConfig = aMatchingServiceConfig().withEntityId(RP_ONE_ENTITY_ID).build();
        when(matchingServiceConfigRepository.has(RP_ONE_ENTITY_ID)).thenReturn(true);
        when(matchingServiceConfigRepository.get(RP_ONE_ENTITY_ID)).thenReturn(Optional.of(matchingServiceConfig));
        when(certificateValidityChecker.isValid(any(Certificate.class))).thenReturn(false);
        try {
            certificateService.encryptionCertificateFor(RP_ONE_ENTITY_ID);
        } finally {
            String expectedLogMessage = "Encryption certificate for entityId '" + RP_ONE_ENTITY_ID + "' was requested but is invalid";
            checkForExpectedLogWarnings(List.of(expectedLogMessage));
        }
    });
}

Example 9 with Certificate

use of uk.gov.ida.hub.config.domain.Certificate in project verify-hub by alphagov.

the class CertificateHealthCheckDtoTest method testCreateCertificateHealthCheckDto.

@Test
public void testCreateCertificateHealthCheckDto() {
    final Certificate certificate = new Certificate("entityId", FederationEntityType.RP, HUB_TEST_PUBLIC_SIGNING_CERT, CertificateUse.SIGNING, CertificateOrigin.FEDERATION, true);
    DateTimeFreezer.freezeTime(new DateTime(certificate.getNotAfter()).plusYears(1));
    CertificateHealthCheckDto checked = new CertificateHealthCheckDto(certificate, org.joda.time.Duration.millis(1000));
    assertThat(checked.getEntityId()).isEqualTo("entityId");
    assertThat(checked.getStatus()).isEqualTo(CertificateExpiryStatus.CRITICAL);
    assertThat(checked.getMessage()).isEqualTo("EXPIRED");
}

Example 10 with Certificate

use of uk.gov.ida.hub.config.domain.Certificate in project verify-hub by alphagov.

the class CertificateService method encryptionCertificateFor.

public Certificate encryptionCertificateFor(String entityId) {
    CertificateConfigurable<?> config = getConfig(entityId);
    Certificate cert = config.getEncryptionCertificate();
    if (!certificateValidityChecker.isValid(cert)) {
        LOG.warn("Encryption certificate for entityId '{}' was requested but is invalid", entityId);
        throw new NoCertificateFoundException();
    }
    if (!cert.isEnabled()) {
        throw new CertificateDisabledException();
    }
    return cert;
}