Search in sources :

Example 1 with HubIdentityProviderMetadataDto

use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.

the class HubAsIdpMetadataHandler method getMetadataAsAnIdentityProvider.

public HubIdentityProviderMetadataDto getMetadataAsAnIdentityProvider() {
    URI hubFrontend = samlProxyConfiguration.getFrontendExternalUri();
    SamlEndpointDto binding = new SamlEndpointDto(SamlEndpointDto.Binding.POST, URI.create(hubFrontend + SAML2_SSO_REQUEST_ENDPOINT));
    Iterable<EntityDescriptor> entityDescriptors;
    try {
        CriteriaSet criteria = new CriteriaSet(new EntitiesDescriptorNameCriterion(hubFederationId));
        entityDescriptors = metadataResolver.resolve(criteria);
        LOG.info("Retrieved metadata from " + samlProxyConfiguration.getMetadataConfiguration().getUri());
    } catch (ResolverException e) {
        throw ApplicationException.createUnauditedException(ExceptionType.METADATA_PROVIDER_EXCEPTION, e.getMessage(), e);
    }
    final Iterable<EntityDescriptor> idpEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) != null).collect(Collectors.toList());
    final Iterable<EntityDescriptor> hubEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getEntityID().equals(hubEntityId)).collect(Collectors.toList());
    final Iterable<List<Certificate>> idpSigningCertificates = StreamSupport.stream(idpEntityDescriptors.spliterator(), false).map(this::getIDPSigningCertificates).collect(Collectors.toList());
    final Iterable<Certificate> hubEncryptionCertificate = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubEncryptionCertificate).collect(Collectors.toList());
    final Iterable<List<Certificate>> hubSigningCertificates = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubSigningCertificates).collect(Collectors.toList());
    return new HubIdentityProviderMetadataDto(singletonList(binding), hubEntityId, organisationDto, Collections.emptySet(), ImmutableList.copyOf(Iterables.concat(idpSigningCertificates)), DateTime.now().plus(samlProxyConfiguration.getMetadataValidDuration().toMilliseconds()), ImmutableList.copyOf(Iterables.concat(hubSigningCertificates)), hubEncryptionCertificate.iterator().next());
}
Also used : Iterables(com.google.common.collect.Iterables) ExceptionType(uk.gov.ida.common.ExceptionType) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Collections.singletonList(java.util.Collections.singletonList) Inject(javax.inject.Inject) HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) ImmutableList(com.google.common.collect.ImmutableList) StreamSupport(java.util.stream.StreamSupport) Named(javax.inject.Named) URI(java.net.URI) SamlEndpointDto(uk.gov.ida.saml.metadata.domain.SamlEndpointDto) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) ApplicationException(uk.gov.ida.exceptions.ApplicationException) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) UsageType(org.opensaml.security.credential.UsageType) DateTime(org.joda.time.DateTime) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) OrganisationDto(uk.gov.ida.saml.metadata.domain.OrganisationDto) Logger(java.util.logging.Logger) Collectors(java.util.stream.Collectors) List(java.util.List) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) X509Data(org.opensaml.xmlsec.signature.X509Data) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) Collections(java.util.Collections) Certificate(uk.gov.ida.common.shared.security.Certificate) SamlProxyConfiguration(uk.gov.ida.hub.samlproxy.SamlProxyConfiguration) EntitiesDescriptorNameCriterion(uk.gov.ida.saml.metadata.EntitiesDescriptorNameCriterion) SAML2_SSO_REQUEST_ENDPOINT(uk.gov.ida.hub.samlproxy.Urls.FrontendUrls.SAML2_SSO_REQUEST_ENDPOINT) SamlEndpointDto(uk.gov.ida.saml.metadata.domain.SamlEndpointDto) ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException) EntitiesDescriptorNameCriterion(uk.gov.ida.saml.metadata.EntitiesDescriptorNameCriterion) URI(java.net.URI) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) Collections.singletonList(java.util.Collections.singletonList) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(uk.gov.ida.common.shared.security.Certificate)

Example 2 with HubIdentityProviderMetadataDto

use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.

the class HubAsIdpMetadataHandlerTest method shouldReturnHubSigningCerts.

@Test
public void shouldReturnHubSigningCerts() {
    HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
    final List<Certificate> signingCertificates = metadataAsAnIdentityProvider.getSigningCertificates();
    assertThat(signingCertificates).hasSize(2);
    assertThat(signingCertificates.get(0).getKeyUse()).isEqualTo(Certificate.KeyUse.Signing);
    assertThat(signingCertificates.get(1).getKeyUse()).isEqualTo(Certificate.KeyUse.Signing);
}
Also used : HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) Certificate(uk.gov.ida.common.shared.security.Certificate) Test(org.junit.jupiter.api.Test)

Example 3 with HubIdentityProviderMetadataDto

use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.

the class HubAsIdpMetadataHandlerTest method shouldReturnSingleHubEncryptionCert.

@Test
public void shouldReturnSingleHubEncryptionCert() {
    HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
    final List<Certificate> encryptionCertificates = metadataAsAnIdentityProvider.getEncryptionCertificates();
    assertThat(encryptionCertificates).hasSize(1);
    final Optional<Certificate> hubEncryptionCertificate = encryptionCertificates.stream().filter(getPredicateByIssuerId(TestEntityIds.HUB_ENTITY_ID)).findFirst();
    assertThat(hubEncryptionCertificate.isPresent()).isTrue();
    assertThat(hubEncryptionCertificate.get().getKeyUse()).isEqualTo(Certificate.KeyUse.Encryption);
}
Also used : HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) Certificate(uk.gov.ida.common.shared.security.Certificate) Test(org.junit.jupiter.api.Test)

Example 4 with HubIdentityProviderMetadataDto

use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.

the class HubAsIdpMetadataHandlerTest method shouldReturnListOfIDPSigningCerts.

@Test
public void shouldReturnListOfIDPSigningCerts() {
    HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
    List<String> idpSigningCertificates = metadataAsAnIdentityProvider.getIdpSigningCertificates().stream().map(Certificate::getIssuerId).collect(Collectors.toList());
    assertThat(idpSigningCertificates).containsOnly(TestEntityIds.STUB_IDP_ONE, TestEntityIds.STUB_IDP_TWO, TestEntityIds.STUB_IDP_THREE, TestEntityIds.STUB_IDP_FOUR);
}
Also used : HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto) Test(org.junit.jupiter.api.Test)

Aggregations

HubIdentityProviderMetadataDto (uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto)4 Test (org.junit.jupiter.api.Test)3 Certificate (uk.gov.ida.common.shared.security.Certificate)3 ImmutableList (com.google.common.collect.ImmutableList)1 Iterables (com.google.common.collect.Iterables)1 URI (java.net.URI)1 Collections (java.util.Collections)1 Collections.singletonList (java.util.Collections.singletonList)1 List (java.util.List)1 Logger (java.util.logging.Logger)1 Collectors (java.util.stream.Collectors)1 StreamSupport (java.util.stream.StreamSupport)1 Inject (javax.inject.Inject)1 Named (javax.inject.Named)1 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1 ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)1 DateTime (org.joda.time.DateTime)1 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)1 MetadataResolver (org.opensaml.saml.metadata.resolver.MetadataResolver)1 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)1