Example 1 with CertificateDto
use of uk.gov.ida.hub.samlproxy.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStore method getEncryptionKeyForEntity.
public PublicKey getEncryptionKeyForEntity(String entityId) {
CertificateDto certificateDto = certificatesConfigProxy.getEncryptionCertificate(entityId);
String base64EncodedCertificateValue = certificateDto.getCertificate();
final X509Certificate certificate = x509CertificateFactory.createCertificate(base64EncodedCertificateValue);
KeyStore trustStore = trustStoreForCertificateProvider.getTrustStoreFor(certificateDto.getFederationEntityType());
validate(certificate, trustStore);
return certificate.getPublicKey();
}
Also used :
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with CertificateDto
use of uk.gov.ida.hub.samlproxy.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerifyingKeysForEntity_shouldReturnAllKeysReturnedByConfig.
@Test
public void getVerifyingKeysForEntity_shouldReturnAllKeysReturnedByConfig() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
final CertificateDto certTwoDto = getX509Certificate(STUB_IDP_TWO);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto, certTwoDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(x509CertificateFactory.createCertificate(certTwoDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(valid());
List<PublicKey> keys = configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
assertThat(keys.size()).isEqualTo(2);
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
PublicKey(java.security.PublicKey)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Example 3 with CertificateDto
use of uk.gov.ida.hub.samlproxy.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Example 4 with CertificateDto
use of uk.gov.ida.hub.samlproxy.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getVerifyingKeysForEntity_shouldValidateEachKeyReturnedByConfig.
@Test
public void getVerifyingKeysForEntity_shouldValidateEachKeyReturnedByConfig() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
final CertificateDto certTwoDto = getX509Certificate(STUB_IDP_TWO);
when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto, certTwoDto));
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(x509CertificateFactory.createCertificate(certTwoDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(valid());
configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
verify(certificateChainValidator, times(2)).validate(x509Certificate, trustStore);
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Example 5 with CertificateDto
use of uk.gov.ida.hub.samlproxy.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigStubRule method setupStubForCertificates.
public void setupStubForCertificates(String issuer) throws JsonProcessingException {
String signingCertificateUri = UriBuilder.fromPath(Urls.ConfigUrls.SIGNATURE_VERIFICATION_CERTIFICATES_RESOURCE).buildFromEncoded(StringEncoding.urlEncode(issuer)).toASCIIString();
CertificateDto signingCertificate = CertificateDtoBuilder.aCertificateDto().withIssuerId(issuer).withKeyUse(CertificateDto.KeyUse.Signing).build();
Collection<CertificateDto> signingCertificates = new ArrayList<>();
signingCertificates.add(signingCertificate);
register(signingCertificateUri, Response.Status.OK.getStatusCode(), signingCertificates);
String encryptionCertificateUri = UriBuilder.fromPath(Urls.ConfigUrls.ENCRYPTION_CERTIFICATES_RESOURCE).buildFromEncoded(StringEncoding.urlEncode(issuer)).toASCIIString();
CertificateDto encryptionCertificate = CertificateDtoBuilder.aCertificateDto().withIssuerId(issuer).withKeyUse(CertificateDto.KeyUse.Encryption).build();
register(encryptionCertificateUri, Response.Status.OK.getStatusCode(), encryptionCertificate);
}
Also used :
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
ArrayList(java.util.ArrayList)
Aggregations
CertificateDto (uk.gov.ida.hub.samlproxy.domain.CertificateDto)8
Test (org.junit.Test)5
CertificateDtoBuilder.aCertificateDto (uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)5
FederationEntityType (uk.gov.ida.hub.samlproxy.domain.FederationEntityType)5
KeyStore (java.security.KeyStore)2
PublicKey (java.security.PublicKey)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
CertificateChainValidationException (uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)2
