Example 1 with HubIdentityProviderMetadataDto
use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.
the class HubAsIdpMetadataHandler method getMetadataAsAnIdentityProvider.
public HubIdentityProviderMetadataDto getMetadataAsAnIdentityProvider() {
URI hubFrontend = samlProxyConfiguration.getFrontendExternalUri();
SamlEndpointDto binding = new SamlEndpointDto(SamlEndpointDto.Binding.POST, URI.create(hubFrontend + SAML2_SSO_REQUEST_ENDPOINT));
Iterable<EntityDescriptor> entityDescriptors;
try {
CriteriaSet criteria = new CriteriaSet(new EntitiesDescriptorNameCriterion(hubFederationId));
entityDescriptors = metadataResolver.resolve(criteria);
LOG.info("Retrieved metadata from " + samlProxyConfiguration.getMetadataConfiguration().getUri());
} catch (ResolverException e) {
throw ApplicationException.createUnauditedException(ExceptionType.METADATA_PROVIDER_EXCEPTION, e.getMessage(), e);
}
final Iterable<EntityDescriptor> idpEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) != null).collect(Collectors.toList());
final Iterable<EntityDescriptor> hubEntityDescriptors = StreamSupport.stream(entityDescriptors.spliterator(), false).filter(input -> input.getEntityID().equals(hubEntityId)).collect(Collectors.toList());
final Iterable<List<Certificate>> idpSigningCertificates = StreamSupport.stream(idpEntityDescriptors.spliterator(), false).map(this::getIDPSigningCertificates).collect(Collectors.toList());
final Iterable<Certificate> hubEncryptionCertificate = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubEncryptionCertificate).collect(Collectors.toList());
final Iterable<List<Certificate>> hubSigningCertificates = StreamSupport.stream(hubEntityDescriptors.spliterator(), false).map(this::getHubSigningCertificates).collect(Collectors.toList());
return new HubIdentityProviderMetadataDto(singletonList(binding), hubEntityId, organisationDto, Collections.emptySet(), ImmutableList.copyOf(Iterables.concat(idpSigningCertificates)), DateTime.now().plus(samlProxyConfiguration.getMetadataValidDuration().toMilliseconds()), ImmutableList.copyOf(Iterables.concat(hubSigningCertificates)), hubEncryptionCertificate.iterator().next());
}
Also used :
Iterables(com.google.common.collect.Iterables)
ExceptionType(uk.gov.ida.common.ExceptionType)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
Collections.singletonList(java.util.Collections.singletonList)
Inject(javax.inject.Inject)
HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto)
ImmutableList(com.google.common.collect.ImmutableList)
StreamSupport(java.util.stream.StreamSupport)
Named(javax.inject.Named)
URI(java.net.URI)
SamlEndpointDto(uk.gov.ida.saml.metadata.domain.SamlEndpointDto)
SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants)
ApplicationException(uk.gov.ida.exceptions.ApplicationException)
ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException)
UsageType(org.opensaml.security.credential.UsageType)
DateTime(org.joda.time.DateTime)
MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver)
OrganisationDto(uk.gov.ida.saml.metadata.domain.OrganisationDto)
Logger(java.util.logging.Logger)
Collectors(java.util.stream.Collectors)
List(java.util.List)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
X509Data(org.opensaml.xmlsec.signature.X509Data)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
Collections(java.util.Collections)
Certificate(uk.gov.ida.common.shared.security.Certificate)
SamlProxyConfiguration(uk.gov.ida.hub.samlproxy.SamlProxyConfiguration)
EntitiesDescriptorNameCriterion(uk.gov.ida.saml.metadata.EntitiesDescriptorNameCriterion)
SAML2_SSO_REQUEST_ENDPOINT(uk.gov.ida.hub.samlproxy.Urls.FrontendUrls.SAML2_SSO_REQUEST_ENDPOINT)
SamlEndpointDto(uk.gov.ida.saml.metadata.domain.SamlEndpointDto)
ResolverException(net.shibboleth.utilities.java.support.resolver.ResolverException)
EntitiesDescriptorNameCriterion(uk.gov.ida.saml.metadata.EntitiesDescriptorNameCriterion)
URI(java.net.URI)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
Collections.singletonList(java.util.Collections.singletonList)
ImmutableList(com.google.common.collect.ImmutableList)
List(java.util.List)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Certificate(uk.gov.ida.common.shared.security.Certificate)
Example 2 with HubIdentityProviderMetadataDto
use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.
the class HubAsIdpMetadataHandlerTest method shouldReturnHubSigningCerts.
@Test
public void shouldReturnHubSigningCerts() {
HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
final List<Certificate> signingCertificates = metadataAsAnIdentityProvider.getSigningCertificates();
assertThat(signingCertificates).hasSize(2);
assertThat(signingCertificates.get(0).getKeyUse()).isEqualTo(Certificate.KeyUse.Signing);
assertThat(signingCertificates.get(1).getKeyUse()).isEqualTo(Certificate.KeyUse.Signing);
}
Also used :
HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto)
Certificate(uk.gov.ida.common.shared.security.Certificate)
Test(org.junit.jupiter.api.Test)
Example 3 with HubIdentityProviderMetadataDto
use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.
the class HubAsIdpMetadataHandlerTest method shouldReturnSingleHubEncryptionCert.
@Test
public void shouldReturnSingleHubEncryptionCert() {
HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
final List<Certificate> encryptionCertificates = metadataAsAnIdentityProvider.getEncryptionCertificates();
assertThat(encryptionCertificates).hasSize(1);
final Optional<Certificate> hubEncryptionCertificate = encryptionCertificates.stream().filter(getPredicateByIssuerId(TestEntityIds.HUB_ENTITY_ID)).findFirst();
assertThat(hubEncryptionCertificate.isPresent()).isTrue();
assertThat(hubEncryptionCertificate.get().getKeyUse()).isEqualTo(Certificate.KeyUse.Encryption);
}
Also used :
HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto)
Certificate(uk.gov.ida.common.shared.security.Certificate)
Test(org.junit.jupiter.api.Test)
Example 4 with HubIdentityProviderMetadataDto
use of uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto in project verify-hub by alphagov.
the class HubAsIdpMetadataHandlerTest method shouldReturnListOfIDPSigningCerts.
@Test
public void shouldReturnListOfIDPSigningCerts() {
HubIdentityProviderMetadataDto metadataAsAnIdentityProvider = handler.getMetadataAsAnIdentityProvider();
List<String> idpSigningCertificates = metadataAsAnIdentityProvider.getIdpSigningCertificates().stream().map(Certificate::getIssuerId).collect(Collectors.toList());
assertThat(idpSigningCertificates).containsOnly(TestEntityIds.STUB_IDP_ONE, TestEntityIds.STUB_IDP_TWO, TestEntityIds.STUB_IDP_THREE, TestEntityIds.STUB_IDP_FOUR);
}
Also used :
HubIdentityProviderMetadataDto(uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto)
Test(org.junit.jupiter.api.Test)
Aggregations
HubIdentityProviderMetadataDto (uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto)4
Test (org.junit.jupiter.api.Test)3
Certificate (uk.gov.ida.common.shared.security.Certificate)3
ImmutableList (com.google.common.collect.ImmutableList)1
Iterables (com.google.common.collect.Iterables)1
URI (java.net.URI)1
Collections (java.util.Collections)1
Collections.singletonList (java.util.Collections.singletonList)1
List (java.util.List)1
Logger (java.util.logging.Logger)1
Collectors (java.util.stream.Collectors)1
StreamSupport (java.util.stream.StreamSupport)1
Inject (javax.inject.Inject)1
Named (javax.inject.Named)1
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
ResolverException (net.shibboleth.utilities.java.support.resolver.ResolverException)1
DateTime (org.joda.time.DateTime)1
SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)1
MetadataResolver (org.opensaml.saml.metadata.resolver.MetadataResolver)1
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)1
