public CA(String dn) throws Exception {
Calendar c = new GregorianCalendar();
Date now = c.getTime();
c.add(Calendar.YEAR, 5);
Date expires = c.getTime();
KeyPair pair = KeyUtil.generateRSAKeyPair512();
this.key = pair.getPrivate();
cert = CertUtil.generateCACertificate(new X509Name(dn), now, expires, pair);
}
public Credential createIdentityCertificate(String id) throws Exception {
String dn = getCertificate().getSubjectDN().getName();
int index = dn.indexOf("CN=");
dn = dn.substring(0, index + 3) + id;
KeyPair pair = KeyUtil.generateRSAKeyPair512();
Date now = new Date();
Date end = getCertificate().getNotAfter();
return new Credential(
CertUtil.generateCertificate(
new X509Name(dn), now, end, pair.getPublic(), getCertificate(), getPrivateKey(), null),
pair.getPrivate());
}
public void testAutoCredentialCreationNoRenewal() {
AssertionCredentialsManager cm = null;
try {
IdentityProviderProperties props = Utils.getIdentityProviderProperties();
props.setAutoRenewAssertingCredentials(false);
cm = new AssertionCredentialsManager(props, ca, db);
X509Certificate cert = cm.getIdPCertificate();
assertNotNull(cert);
assertNotNull(cm.getIdPKey());
String expectedSub = Utils.CA_SUBJECT_PREFIX + ",CN=" + AssertionCredentialsManager.CERT_DN;
assertEquals(expectedSub, cert.getSubjectDN().toString());
String subject = cert.getSubjectDN().toString();
KeyPair pair = KeyUtil.generateRSAKeyPair1024();
GregorianCalendar cal = new GregorianCalendar();
Date start = cal.getTime();
cal.add(Calendar.SECOND, 2);
Date end = cal.getTime();
cm.deleteAssertingCredentials();
X509Certificate shortCert = ca.signCertificate(subject, pair.getPublic(), start, end);
cm.storeCredentials(shortCert, pair.getPrivate());
if (cert.equals(shortCert)) {
assertTrue(false);
}
Thread.sleep(2500);
assertTrue(CertUtil.isExpired(shortCert));
try {
cm.getIdPCertificate();
assertTrue(false);
} catch (DorianInternalFault fault) {
}
} catch (Exception e) {
FaultUtil.printFault(e);
assertTrue(false);
} finally {
try {
cm.clearDatabase();
} catch (Exception e) {
e.printStackTrace();
}
}
}
public CA(String dn, Date start, Date expires) throws Exception {
KeyPair pair = KeyUtil.generateRSAKeyPair512();
this.key = pair.getPrivate();
cert = CertUtil.generateCACertificate(new X509Name(dn), start, expires, pair);
}
public void testAutoCredentialCreationRenew() {
AssertionCredentialsManager cm = null;
try {
cm = Utils.getAssertionCredentialsManager();
X509Certificate cert = cm.getIdPCertificate();
assertNotNull(cert);
assertNotNull(cm.getIdPKey());
String expectedSub = Utils.CA_SUBJECT_PREFIX + ",CN=" + AssertionCredentialsManager.CERT_DN;
assertEquals(expectedSub, cert.getSubjectDN().toString());
String subject = cert.getSubjectDN().toString();
KeyPair pair = KeyUtil.generateRSAKeyPair1024();
GregorianCalendar cal = new GregorianCalendar();
Date start = cal.getTime();
cal.add(Calendar.SECOND, 6);
Date end = cal.getTime();
cm.deleteAssertingCredentials();
X509Certificate shortCert = ca.signCertificate(subject, pair.getPublic(), start, end);
cm.storeCredentials(shortCert, pair.getPrivate());
X509Certificate idpShortCert = cm.getIdPCertificate();
assertEquals(shortCert, idpShortCert);
if (cert.equals(idpShortCert)) {
assertTrue(false);
}
Thread.sleep(6500);
assertTrue(CertUtil.isExpired(idpShortCert));
X509Certificate renewedCert = cm.getIdPCertificate();
assertNotNull(renewedCert);
PrivateKey renewedKey = cm.getIdPKey();
assertNotNull(renewedKey);
assertTrue(!CertUtil.isExpired(renewedCert));
if (renewedCert.equals(idpShortCert)) {
assertTrue(false);
}
if (renewedKey.equals(pair.getPrivate())) {
assertTrue(false);
}
SAMLAssertion saml =
cm.getAuthenticationAssertion(TEST_UID, TEST_FIRST_NAME, TEST_LAST_NAME, TEST_EMAIL);
verifySAMLAssertion(saml, cm);
String xml = SAMLUtils.samlAssertionToString(saml);
SAMLAssertion saml2 = SAMLUtils.stringToSAMLAssertion(xml);
verifySAMLAssertion(saml2, cm);
} catch (Exception e) {
FaultUtil.printFault(e);
assertTrue(false);
} finally {
try {
cm.clearDatabase();
} catch (Exception e) {
e.printStackTrace();
}
}
}
