public void testAutoCredentialCreation() {
AssertionCredentialsManager cm = null;
try {
cm = Utils.getAssertionCredentialsManager();
X509Certificate cert = cm.getIdPCertificate();
assertNotNull(cert);
assertNotNull(cm.getIdPKey());
String expectedSub = Utils.CA_SUBJECT_PREFIX + ",CN=" + AssertionCredentialsManager.CERT_DN;
assertEquals(expectedSub, cert.getSubjectDN().toString());
SAMLAssertion saml =
cm.getAuthenticationAssertion(TEST_UID, TEST_FIRST_NAME, TEST_LAST_NAME, TEST_EMAIL);
verifySAMLAssertion(saml, cm);
String xml = SAMLUtils.samlAssertionToString(saml);
SAMLAssertion saml2 = SAMLUtils.stringToSAMLAssertion(xml);
verifySAMLAssertion(saml2, cm);
} catch (Exception e) {
FaultUtil.printFault(e);
assertTrue(false);
} finally {
try {
cm.clearDatabase();
} catch (Exception e) {
e.printStackTrace();
}
}
}
public org.cagrid.gaards.authentication.service.SAMLAssertion authenticate(
org.cagrid.gaards.authentication.service.Credential credential)
throws InvalidCredentialException, InsufficientAttributeException,
AuthenticationProviderException {
if (credential.getBasicAuthenticationCredential() != null) {
if (credential.getCredentialExtension() != null) {
InvalidCredentialException fault =
FaultHelper.createFaultException(
InvalidCredentialException.class,
"The credential extension cannot be used to authenticate with the deprecated authenticate method, only a basic authentication credential is supported.");
throw fault;
} else {
BasicAuthenticationCredential cred = credential.getBasicAuthenticationCredential();
BasicAuthentication auth = new BasicAuthentication();
auth.setUserId(cred.getUserId());
auth.setPassword(cred.getPassword());
try {
SAMLAssertion saml = this.authenticate(auth);
org.cagrid.gaards.authentication.service.SAMLAssertion assertion =
new org.cagrid.gaards.authentication.service.SAMLAssertion();
assertion.setXml(SAMLUtils.samlAssertionToString(saml));
return assertion;
} catch (InsufficientAttributeException e) {
InsufficientAttributeException fault =
FaultHelper.createFaultException(
InsufficientAttributeException.class, e.getMessage());
FaultHelper.addCause(fault, e.getFault());
throw fault;
} catch (InvalidCredentialException e) {
InvalidCredentialException fault =
FaultHelper.createFaultException(InvalidCredentialException.class, e.getMessage());
FaultHelper.addCause(fault, e.getFault());
throw fault;
} catch (Exception e) {
AuthenticationProviderException fault =
FaultHelper.createFaultException(
AuthenticationProviderException.class, e.getMessage());
throw fault;
}
}
} else {
InvalidCredentialException fault =
FaultHelper.createFaultException(
InvalidCredentialException.class,
"No basic authentication credential was provided, a basic authentication credential is required to authenticate to this service using the deprecated authenticate method.");
throw fault;
}
}
public void testAutoCredentialCreationRenew() {
AssertionCredentialsManager cm = null;
try {
cm = Utils.getAssertionCredentialsManager();
X509Certificate cert = cm.getIdPCertificate();
assertNotNull(cert);
assertNotNull(cm.getIdPKey());
String expectedSub = Utils.CA_SUBJECT_PREFIX + ",CN=" + AssertionCredentialsManager.CERT_DN;
assertEquals(expectedSub, cert.getSubjectDN().toString());
String subject = cert.getSubjectDN().toString();
KeyPair pair = KeyUtil.generateRSAKeyPair1024();
GregorianCalendar cal = new GregorianCalendar();
Date start = cal.getTime();
cal.add(Calendar.SECOND, 6);
Date end = cal.getTime();
cm.deleteAssertingCredentials();
X509Certificate shortCert = ca.signCertificate(subject, pair.getPublic(), start, end);
cm.storeCredentials(shortCert, pair.getPrivate());
X509Certificate idpShortCert = cm.getIdPCertificate();
assertEquals(shortCert, idpShortCert);
if (cert.equals(idpShortCert)) {
assertTrue(false);
}
Thread.sleep(6500);
assertTrue(CertUtil.isExpired(idpShortCert));
X509Certificate renewedCert = cm.getIdPCertificate();
assertNotNull(renewedCert);
PrivateKey renewedKey = cm.getIdPKey();
assertNotNull(renewedKey);
assertTrue(!CertUtil.isExpired(renewedCert));
if (renewedCert.equals(idpShortCert)) {
assertTrue(false);
}
if (renewedKey.equals(pair.getPrivate())) {
assertTrue(false);
}
SAMLAssertion saml =
cm.getAuthenticationAssertion(TEST_UID, TEST_FIRST_NAME, TEST_LAST_NAME, TEST_EMAIL);
verifySAMLAssertion(saml, cm);
String xml = SAMLUtils.samlAssertionToString(saml);
SAMLAssertion saml2 = SAMLUtils.stringToSAMLAssertion(xml);
verifySAMLAssertion(saml2, cm);
} catch (Exception e) {
FaultUtil.printFault(e);
assertTrue(false);
} finally {
try {
cm.clearDatabase();
} catch (Exception e) {
e.printStackTrace();
}
}
}