use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.
the class HubAsIdpMetadataHandler method getMetadataAsAnIdentityProvider.
public HubIdentityProviderMetadataDto getMetadataAsAnIdentityProvider() {
URI hubFrontend = samlProxyConfiguration.getFrontendExternalUri();
SamlEndpointDto binding = new SamlEndpointDto(SamlEndpointDto.Binding.POST, URI.create(hubFrontend + SAML2_SSO_REQUEST_ENDPOINT));
Iterable<EntityDescriptor> entityDescriptors;
try {
CriteriaSet criteria = new CriteriaSet(new EntitiesDescriptorNameCriterion(hubFederationId));
entityDescriptors = metadataResolver.resolve(criteria);
LOG.info("Retrieved metadata from " + samlProxyConfiguration.getMetadataConfiguration().getUri());
} catch (ResolverException e) {
throw ApplicationException.createUnauditedException(ExceptionType.METADATA_PROVIDER_EXCEPTION, e.getMessage(), e);
}
final Iterable<EntityDescriptor> idpEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) != null).collect(Collectors.toList());
final Iterable<EntityDescriptor> hubEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getEntityID().equals(hubEntityId)).collect(Collectors.toList());
final Iterable<List<Certificate>> idpSigningCertificates = StreamSupport.stream(idpEntityDescriptors.spliterator(), false).map(this::getIDPSigningCertificates).collect(Collectors.toList());
final Iterable<Certificate> hubEncryptionCertificate = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubEncryptionCertificate).collect(Collectors.toList());
final Iterable<List<Certificate>> hubSigningCertificates = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubSigningCertificates).collect(Collectors.toList());
return new HubIdentityProviderMetadataDto(singletonList(binding), hubEntityId, organisationDto, Collections.emptySet(), ImmutableList.copyOf(Iterables.concat(idpSigningCertificates)), DateTime.now().plus(samlProxyConfiguration.getMetadataValidDuration().toMilliseconds()), ImmutableList.copyOf(Iterables.concat(hubSigningCertificates)), hubEncryptionCertificate.iterator().next());
}
use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.
the class HubAsIdpMetadataHandlerTest method shouldReturnHubSigningCerts.
@Test
public void shouldReturnHubSigningCerts() {
HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
final List<Certificate> signingCertificates = metadataAsAnIdentityProvider.getSigningCertificates();
assertThat(signingCertificates).hasSize(2);
assertThat(signingCertificates.get(0).getKeyUse()).isEqualTo(Certificate.KeyUse.Signing);
assertThat(signingCertificates.get(1).getKeyUse()).isEqualTo(Certificate.KeyUse.Signing);
}
use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.
the class HubAsIdpMetadataHandlerTest method shouldReturnSingleHubEncryptionCert.
@Test
public void shouldReturnSingleHubEncryptionCert() {
HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
final List<Certificate> encryptionCertificates = metadataAsAnIdentityProvider.getEncryptionCertificates();
assertThat(encryptionCertificates).hasSize(1);
final Optional<Certificate> hubEncryptionCertificate = encryptionCertificates.stream().filter(getPredicateByIssuerId(TestEntityIds.HUB_ENTITY_ID)).findFirst();
assertThat(hubEncryptionCertificate.isPresent()).isTrue();
assertThat(hubEncryptionCertificate.get().getKeyUse()).isEqualTo(Certificate.KeyUse.Encryption);
}
use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.
the class HubAsIdpMetadataHandlerTest method shouldReturnListOfIDPSigningCerts.
@Test
public void shouldReturnListOfIDPSigningCerts() {
HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
List<String> idpSigningCertificates = metadataAsAnIdentityProvider.getIdpSigningCertificates().stream().map(Certificate::getIssuerId).collect(Collectors.toList());
assertThat(idpSigningCertificates).containsOnly(TestEntityIds.STUB_IDP_ONE, TestEntityIds.STUB_IDP_TWO, TestEntityIds.STUB_IDP_THREE, TestEntityIds.STUB_IDP_FOUR);
}
Aggregations