public void testAutoCredentialCreation() {
   AssertionCredentialsManager cm = null;
   try {
     cm = Utils.getAssertionCredentialsManager();
     X509Certificate cert = cm.getIdPCertificate();
     assertNotNull(cert);
     assertNotNull(cm.getIdPKey());
     String expectedSub = Utils.CA_SUBJECT_PREFIX + ",CN=" + AssertionCredentialsManager.CERT_DN;
     assertEquals(expectedSub, cert.getSubjectDN().toString());
     SAMLAssertion saml =
         cm.getAuthenticationAssertion(TEST_UID, TEST_FIRST_NAME, TEST_LAST_NAME, TEST_EMAIL);
     verifySAMLAssertion(saml, cm);
     String xml = SAMLUtils.samlAssertionToString(saml);
     SAMLAssertion saml2 = SAMLUtils.stringToSAMLAssertion(xml);
     verifySAMLAssertion(saml2, cm);
   } catch (Exception e) {
     FaultUtil.printFault(e);
     assertTrue(false);
   } finally {
     try {
       cm.clearDatabase();
     } catch (Exception e) {
       e.printStackTrace();
     }
   }
 }
  public void testAutoCredentialCreationNoRenewal() {

    AssertionCredentialsManager cm = null;
    try {
      IdentityProviderProperties props = Utils.getIdentityProviderProperties();
      props.setAutoRenewAssertingCredentials(false);
      cm = new AssertionCredentialsManager(props, ca, db);
      X509Certificate cert = cm.getIdPCertificate();
      assertNotNull(cert);
      assertNotNull(cm.getIdPKey());
      String expectedSub = Utils.CA_SUBJECT_PREFIX + ",CN=" + AssertionCredentialsManager.CERT_DN;
      assertEquals(expectedSub, cert.getSubjectDN().toString());

      String subject = cert.getSubjectDN().toString();
      KeyPair pair = KeyUtil.generateRSAKeyPair1024();
      GregorianCalendar cal = new GregorianCalendar();
      Date start = cal.getTime();
      cal.add(Calendar.SECOND, 2);
      Date end = cal.getTime();
      cm.deleteAssertingCredentials();
      X509Certificate shortCert = ca.signCertificate(subject, pair.getPublic(), start, end);
      cm.storeCredentials(shortCert, pair.getPrivate());
      if (cert.equals(shortCert)) {
        assertTrue(false);
      }

      Thread.sleep(2500);
      assertTrue(CertUtil.isExpired(shortCert));

      try {
        cm.getIdPCertificate();
        assertTrue(false);
      } catch (DorianInternalFault fault) {

      }

    } catch (Exception e) {
      FaultUtil.printFault(e);
      assertTrue(false);
    } finally {
      try {
        cm.clearDatabase();
      } catch (Exception e) {
        e.printStackTrace();
      }
    }
  }
  public void verifySAMLAssertion(SAMLAssertion saml, AssertionCredentialsManager cm)
      throws Exception {
    assertNotNull(saml);
    saml.verify(cm.getIdPCertificate());

    try {
      // Test against a bad certificate
      InputStream resource = TestCase.class.getResourceAsStream(Constants.BMI_CACERT);
      saml.verify(CertUtil.loadCertificate(resource));
      assertTrue(false);
    } catch (InvalidCryptoException ex) {

    }
    assertEquals(cm.getIdPCertificate().getSubjectDN().toString(), saml.getIssuer());
    Iterator itr = saml.getStatements();
    int count = 0;
    boolean authFound = false;
    while (itr.hasNext()) {
      count = count + 1;
      SAMLStatement stmt = (SAMLStatement) itr.next();
      if (stmt instanceof SAMLAuthenticationStatement) {
        if (authFound) {
          assertTrue(false);
        } else {
          authFound = true;
        }
        SAMLAuthenticationStatement auth = (SAMLAuthenticationStatement) stmt;
        assertEquals(TEST_UID, auth.getSubject().getNameIdentifier().getName());
        assertEquals("urn:oasis:names:tc:SAML:1.0:am:password", auth.getAuthMethod());
      }

      if (stmt instanceof SAMLAttributeStatement) {

        String uid =
            Utils.getAttribute(
                saml, SAMLConstants.UID_ATTRIBUTE_NAMESPACE, SAMLConstants.UID_ATTRIBUTE);
        assertNotNull(uid);
        String email =
            Utils.getAttribute(
                saml, SAMLConstants.EMAIL_ATTRIBUTE_NAMESPACE, SAMLConstants.EMAIL_ATTRIBUTE);
        assertNotNull(email);
        String firstName =
            Utils.getAttribute(
                saml,
                SAMLConstants.FIRST_NAME_ATTRIBUTE_NAMESPACE,
                SAMLConstants.FIRST_NAME_ATTRIBUTE);
        assertNotNull(firstName);
        String lastName =
            Utils.getAttribute(
                saml,
                SAMLConstants.LAST_NAME_ATTRIBUTE_NAMESPACE,
                SAMLConstants.LAST_NAME_ATTRIBUTE);
        assertNotNull(lastName);

        assertEquals(TEST_UID, uid);
        assertEquals(TEST_FIRST_NAME, firstName);
        assertEquals(TEST_LAST_NAME, lastName);
        assertEquals(TEST_EMAIL, email);
      }
    }

    assertEquals(2, count);
    assertTrue(authFound);
  }
  public void testAutoCredentialCreationRenew() {
    AssertionCredentialsManager cm = null;
    try {
      cm = Utils.getAssertionCredentialsManager();
      X509Certificate cert = cm.getIdPCertificate();
      assertNotNull(cert);
      assertNotNull(cm.getIdPKey());
      String expectedSub = Utils.CA_SUBJECT_PREFIX + ",CN=" + AssertionCredentialsManager.CERT_DN;
      assertEquals(expectedSub, cert.getSubjectDN().toString());

      String subject = cert.getSubjectDN().toString();
      KeyPair pair = KeyUtil.generateRSAKeyPair1024();
      GregorianCalendar cal = new GregorianCalendar();
      Date start = cal.getTime();
      cal.add(Calendar.SECOND, 6);
      Date end = cal.getTime();
      cm.deleteAssertingCredentials();
      X509Certificate shortCert = ca.signCertificate(subject, pair.getPublic(), start, end);

      cm.storeCredentials(shortCert, pair.getPrivate());

      X509Certificate idpShortCert = cm.getIdPCertificate();

      assertEquals(shortCert, idpShortCert);
      if (cert.equals(idpShortCert)) {
        assertTrue(false);
      }

      Thread.sleep(6500);
      assertTrue(CertUtil.isExpired(idpShortCert));
      X509Certificate renewedCert = cm.getIdPCertificate();
      assertNotNull(renewedCert);

      PrivateKey renewedKey = cm.getIdPKey();
      assertNotNull(renewedKey);

      assertTrue(!CertUtil.isExpired(renewedCert));

      if (renewedCert.equals(idpShortCert)) {
        assertTrue(false);
      }

      if (renewedKey.equals(pair.getPrivate())) {
        assertTrue(false);
      }

      SAMLAssertion saml =
          cm.getAuthenticationAssertion(TEST_UID, TEST_FIRST_NAME, TEST_LAST_NAME, TEST_EMAIL);
      verifySAMLAssertion(saml, cm);
      String xml = SAMLUtils.samlAssertionToString(saml);
      SAMLAssertion saml2 = SAMLUtils.stringToSAMLAssertion(xml);
      verifySAMLAssertion(saml2, cm);

    } catch (Exception e) {
      FaultUtil.printFault(e);
      assertTrue(false);
    } finally {
      try {
        cm.clearDatabase();
      } catch (Exception e) {
        e.printStackTrace();
      }
    }
  }