Example 6 with CertificateDto
use of uk.gov.ida.hub.samlproxy.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStore method getVerifyingKeysForEntity.
public List<PublicKey> getVerifyingKeysForEntity(String entityId) {
Collection<CertificateDto> certificates = certificatesConfigProxy.getSignatureVerificationCertificates(entityId);
List<PublicKey> publicKeys = new ArrayList<>();
for (CertificateDto keyFromConfig : certificates) {
String base64EncodedCertificateValue = keyFromConfig.getCertificate();
final X509Certificate certificate = x509CertificateFactory.createCertificate(base64EncodedCertificateValue);
KeyStore trustStore = trustStoreForCertificateProvider.getTrustStoreFor(keyFromConfig.getFederationEntityType());
validate(certificate, trustStore);
publicKeys.add(certificate.getPublicKey());
}
return publicKeys;
}
Also used :
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
PublicKey(java.security.PublicKey)
ArrayList(java.util.ArrayList)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Example 7 with CertificateDto
use of uk.gov.ida.hub.samlproxy.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.
@Test
public void getEncryptionKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
try {
configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
} catch (CertificateChainValidationException success) {
assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
assertThat(success.getCause()).isEqualTo(underlyingException);
}
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Example 8 with CertificateDto
use of uk.gov.ida.hub.samlproxy.domain.CertificateDto in project verify-hub by alphagov.
the class ConfigServiceKeyStoreTest method getEncryptionKeyForEntity_shouldValidateTheKeyReturnedByConfig.
@Test
public void getEncryptionKeyForEntity_shouldValidateTheKeyReturnedByConfig() throws Exception {
final CertificateDto certOneDto = getX509Certificate(STUB_IDP_ONE);
when(certificatesConfigProxy.getEncryptionCertificate(issuerId)).thenReturn(certOneDto);
when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(valid());
configServiceKeyStore.getEncryptionKeyForEntity(issuerId);
verify(certificateChainValidator).validate(x509Certificate, trustStore);
}
Also used :
CertificateDtoBuilder.aCertificateDto(uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)
CertificateDto(uk.gov.ida.hub.samlproxy.domain.CertificateDto)
FederationEntityType(uk.gov.ida.hub.samlproxy.domain.FederationEntityType)
Test(org.junit.Test)
Aggregations
CertificateDto (uk.gov.ida.hub.samlproxy.domain.CertificateDto)8
Test (org.junit.Test)5
CertificateDtoBuilder.aCertificateDto (uk.gov.ida.hub.samlproxy.builders.CertificateDtoBuilder.aCertificateDto)5
FederationEntityType (uk.gov.ida.hub.samlproxy.domain.FederationEntityType)5
KeyStore (java.security.KeyStore)2
PublicKey (java.security.PublicKey)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
CertificateChainValidationException (uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)2
