Examples with CertificateDto uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto used on opensource projects

Search in sources :

Example 1 with CertificateDto

use of uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto in project verify-hub by alphagov.

the class ConfigServiceKeyStore method getEncryptionKeyForEntity.

public PublicKey getEncryptionKeyForEntity(String entityId) {
    CertificateDto certificateDto = certificatesConfigProxy.getEncryptionCertificate(entityId);
    String base64EncodedCertificateValue = certificateDto.getCertificate();
    final X509Certificate certificate = x509CertificateFactory.createCertificate(base64EncodedCertificateValue);
    KeyStore trustStore = trustStoreForCertificateProvider.getTrustStoreFor(certificateDto.getFederationEntityType());
    validate(certificate, trustStore);
    return certificate.getPublicKey();
}
Also used : CertificateDto(uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate)

Example 2 with CertificateDto

use of uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto in project verify-hub by alphagov.

the class ConfigServiceKeyStoreTest method getVerifyingKeysForEntity_shouldValidateEachKeyReturnedByConfig.

@Test
public void getVerifyingKeysForEntity_shouldValidateEachKeyReturnedByConfig() throws Exception {
    final CertificateDto certOneDto = buildCertificateDto(IDP_ENTITY_ID, idpSigningCertPrimary);
    final CertificateDto certTwoDto = buildCertificateDto(SECOND_IDP_ENTITY_ID, idpSigningCertSecondary);
    when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto, certTwoDto));
    when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
    when(x509CertificateFactory.createCertificate(certTwoDto.getCertificate())).thenReturn(x509Certificate);
    when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
    when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(valid());
    configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
    verify(certificateChainValidator, times(2)).validate(x509Certificate, trustStore);
}
Also used : CertificateDto(uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto) FederationEntityType(uk.gov.ida.hub.samlsoapproxy.domain.FederationEntityType) Test(org.junit.Test)

Example 3 with CertificateDto

use of uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto in project verify-hub by alphagov.

the class ConfigServiceKeyStoreTest method getVerifyingKeysForEntity_shouldReturnAllKeysReturnedByConfig.

@Test
public void getVerifyingKeysForEntity_shouldReturnAllKeysReturnedByConfig() throws Exception {
    final CertificateDto certOneDto = buildCertificateDto(IDP_ENTITY_ID, idpSigningCertPrimary);
    final CertificateDto certTwoDto = buildCertificateDto(SECOND_IDP_ENTITY_ID, idpSigningCertSecondary);
    when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto, certTwoDto));
    when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
    when(x509CertificateFactory.createCertificate(certTwoDto.getCertificate())).thenReturn(x509Certificate);
    when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
    when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(valid());
    List<PublicKey> keys = configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
    assertThat(keys.size()).isEqualTo(2);
}
Also used : CertificateDto(uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto) PublicKey(java.security.PublicKey) FederationEntityType(uk.gov.ida.hub.samlsoapproxy.domain.FederationEntityType) Test(org.junit.Test)

Example 4 with CertificateDto

use of uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto in project verify-hub by alphagov.

the class ConfigServiceKeyStore method getVerifyingKeysForEntity.

public List<PublicKey> getVerifyingKeysForEntity(String entityId) {
    Collection<CertificateDto> certificates = certificatesConfigProxy.getSignatureVerificationCertificates(entityId);
    List<PublicKey> publicKeys = new ArrayList<>();
    for (CertificateDto keyFromConfig : certificates) {
        String base64EncodedCertificateValue = keyFromConfig.getCertificate();
        final X509Certificate certificate = x509CertificateFactory.createCertificate(base64EncodedCertificateValue);
        KeyStore trustStore = trustStoreForCertificateProvider.getTrustStoreFor(keyFromConfig.getFederationEntityType());
        validate(certificate, trustStore);
        publicKeys.add(certificate.getPublicKey());
    }
    return publicKeys;
}
Also used : CertificateDto(uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto) PublicKey(java.security.PublicKey) ArrayList(java.util.ArrayList) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate)

Example 5 with CertificateDto

use of uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto in project verify-hub by alphagov.

the class ConfigServiceKeyStoreTest method getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid.

@Test
public void getVerificationKeyForEntity_shouldThrowExceptionIfCertificateIsInvalid() throws Exception {
    final CertificateDto certOneDto = buildCertificateDto(IDP_ENTITY_ID, idpSigningCertPrimary);
    when(certificatesConfigProxy.getSignatureVerificationCertificates(issuerId)).thenReturn(of(certOneDto));
    when(x509CertificateFactory.createCertificate(certOneDto.getCertificate())).thenReturn(x509Certificate);
    when(trustStoreForCertificateProvider.getTrustStoreFor(any(FederationEntityType.class))).thenReturn(trustStore);
    CertPathValidatorException underlyingException = new CertPathValidatorException("Invalid Certificate");
    when(certificateChainValidator.validate(x509Certificate, trustStore)).thenReturn(invalid(underlyingException));
    try {
        configServiceKeyStore.getVerifyingKeysForEntity(issuerId);
        Assert.fail(String.format("Expected [%s]", CertificateChainValidationException.class.getSimpleName()));
    } catch (CertificateChainValidationException success) {
        assertThat(success.getMessage()).isEqualTo("Certificate is not valid: Unable to get DN");
        assertThat(success.getCause()).isEqualTo(underlyingException);
    }
}
Also used : CertificateDto(uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertificateChainValidationException(uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException) FederationEntityType(uk.gov.ida.hub.samlsoapproxy.domain.FederationEntityType) Test(org.junit.Test)

Aggregations

CertificateDto (uk.gov.ida.hub.samlsoapproxy.domain.CertificateDto)8 Test (org.junit.Test)5 FederationEntityType (uk.gov.ida.hub.samlsoapproxy.domain.FederationEntityType)5 KeyStore (java.security.KeyStore)2 PublicKey (java.security.PublicKey)2 CertPathValidatorException (java.security.cert.CertPathValidatorException)2 X509Certificate (java.security.cert.X509Certificate)2 CertificateChainValidationException (uk.gov.ida.common.shared.security.verification.exceptions.CertificateChainValidationException)2 ArrayList (java.util.ArrayList)1 CertificateDtoBuilder (uk.gov.ida.hub.samlsoapproxy.builders.CertificateDtoBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial