Example 1 with CertificateDto
use of uk.gov.ida.hub.samlengine.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType)
Test(org.junit.Test)
Example 2 with CertificateDto
use of uk.gov.ida.hub.samlengine.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerifyingKeysForEntity_shouldReturnAllKeysReturnedByConfig.
@Test
public void getVerifyingKeysForEntity_shouldReturnAllKeysReturnedByConfig() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
final CertificateDto certTwoDto = getX509Certificate(SECOND_IDP_ENTITY_ID);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto, certTwoDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(x509CertificateFactory.createCertificate(certTwoDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(valid());
List<PublicKey> keys = configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
assertThat(keys.size()).isEqualTo(2);
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)
PublicKey(java.security.PublicKey)
FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType)
Test(org.junit.Test)
Example 3 with CertificateDto
use of uk.gov.ida.hub.samlengine.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStore method getEncryptionKeyForEntity.
public PublicKey getEncryptionKeyForEntity(String entityId) {
CertificateDto certificateDto = certificatesConfigProxy.getEncryptionCertificate(entityId);
String base64EncodedCertificateValue = certificateDto.getCertificate();
final X509Certificate certificate = x509CertificateFactory.createCertificate(base64EncodedCertificateValue);
KeyStore trustStore = trustStoreForCertificateProvider.getTrustStoreFor(certificateDto.getFederationEntityType());
validate(certificate, trustStore);
return certificate.getPublicKey();
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with CertificateDto
use of uk.gov.ida.hub.samlengine.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerifyingKeysForEntity_shouldValidateEachKeyReturnedByConfig.
@Test
public void getVerifyingKeysForEntity_shouldValidateEachKeyReturnedByConfig() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
final CertificateDto certTwoDto = getX509Certificate(SECOND_IDP_ENTITY_ID);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto, certTwoDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(x509CertificateFactory.createCertificate(certTwoDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(valid());
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
verify(certificateChainValidator, times(2)).validate(x509Certificate, trustStore);
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)
FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType)
Test(org.junit.Test)
Example 5 with CertificateDto
use of uk.gov.ida.hub.samlengine.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(IDP_ENTITY_ID);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDto(uk.gov.ida.hub.samlengine.domain.CertificateDto)
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlengine.domain.FederationEntityType)
Test(org.junit.Test)
Aggregations
CertificateDto (uk.gov.ida.hub.samlengine.domain.CertificateDto)8
Test (org.junit.Test)5
CertificateDtoBuilder.aCertificateDto (uk.gov.ida.hub.samlengine.builders.CertificateDtoBuilder.aCertificateDto)5
FederationEntityType (uk.gov.ida.hub.samlengine.domain.FederationEntityType)5
KeyStore (java.security.KeyStore)2
PublicKey (java.security.PublicKey)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
X509Certificate (java.security.cert.X509Certificate)2
CertificateChainValidationException (uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)2
ArrayList (java.util.ArrayList)1
