OIOSAMLTokenIssuer now takes a bootstrapTokenIssuer as param

src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuer.java

@@ -41,6 +41,12 @@ public OIOSAMLTokenIssuer spCert(X509Certificate spCert) {
         return new OIOSAMLTokenIssuer(params);
     }
 
+    public OIOSAMLTokenIssuer bootstrapTokenIssuer(BootstrapTokenIssuer bootstrapTokenIssuer) {
+        OIOSAMLTokenIssuerParams params = this.params.copy();
+        params.bootstrapTokenIssuer = bootstrapTokenIssuer;
+        return new OIOSAMLTokenIssuer(params);
+    }
+
     public OIOSAMLTokenIssuer recipient(String recipient) {
         OIOSAMLTokenIssuerParams params = this.params.copy();
         params.recipient = recipient;
@@ -171,22 +177,22 @@ public OIOSAMLToken issueForProfessional() throws Exception {
         addSamlAttribute(attributeStatement, OIOSAMLToken.ASSURANCE_LEVEL, "3",
                 "urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
 
-        CertAndKey spCertAndNoKey = new CertAndKey(params.spCert, null);
-        BootstrapTokenIssuer bootstrapTokenIssuer = new BootstrapTokenIssuer()
-                .idpCertAndKey(params.idpCertAndKey)
-                .spCertAndKey(spCertAndNoKey)
-                .cpr(params.cprNumber)
-                .cvr(params.cvrNumber)
-                .uuid(params.profUuid)
-                .orgName(params.organisationName);
-
-        BootstrapToken bootstrapToken = bootstrapTokenIssuer.cvr(params.cvrNumber).orgName(params.organisationName).issueForProfessional();
+        BootstrapTokenIssuer bootstrapTokenIssuer = params.bootstrapTokenIssuer;
+        if (bootstrapTokenIssuer != null) {
+            BootstrapToken bootstrapToken = bootstrapTokenIssuer
+                    .spCert(params.spCert)
+                    .cpr(params.cprNumber)
+                    .cvr(params.cvrNumber)
+                    .uuid(params.profUuid)
+                    .orgName(params.organisationName)
+                    .issueForProfessional();
 
-        String encodedBootstrapToken = Base64.getEncoder()
-                .encodeToString(bootstrapToken.getXml().getBytes(StandardCharsets.UTF_8));
+            String encodedBootstrapToken = Base64.getEncoder()
+                    .encodeToString(bootstrapToken.getXml().getBytes(StandardCharsets.UTF_8));
 
-        addSamlAttribute(attributeStatement, OIOSAML3Constants.BOOTSTRAP_TOKEN, encodedBootstrapToken,
-                "urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
+            addSamlAttribute(attributeStatement, OIOSAML3Constants.BOOTSTRAP_TOKEN, encodedBootstrapToken,
+                    "urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
+        }
 
         if (params.surName != null) {
             addSamlAttribute(attributeStatement, OIOSAML3Constants.SURNAME, params.surName,
@@ -226,19 +232,19 @@ public OIOSAMLToken issueForCitizen() throws Exception {
         addSamlAttribute(attributeStatement, OIOSAMLToken.ASSURANCE_LEVEL, "3",
                 "urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
 
-        CertAndKey spCertAndNoKey = new CertAndKey(params.spCert, null);
-        BootstrapTokenIssuer bootstrapTokenIssuer = new BootstrapTokenIssuer()
-                .idpCertAndKey(params.idpCertAndKey)
-                .spCertAndKey(spCertAndNoKey)
-                .cpr(params.cprNumber);
-
-        BootstrapToken bootstrapToken = bootstrapTokenIssuer.issueForCitizen();
+        BootstrapTokenIssuer bootstrapTokenIssuer = params.bootstrapTokenIssuer;
+        if (bootstrapTokenIssuer != null) {
+            BootstrapToken bootstrapToken = bootstrapTokenIssuer
+                    .spCert(params.spCert)
+                    .cpr(params.cprNumber)
+                    .issueForCitizen();
 
-        String encodedBootstrapToken = Base64.getEncoder()
-                .encodeToString(bootstrapToken.getXml().getBytes(StandardCharsets.UTF_8));
+            String encodedBootstrapToken = Base64.getEncoder()
+                    .encodeToString(bootstrapToken.getXml().getBytes(StandardCharsets.UTF_8));
 
-        addSamlAttribute(attributeStatement, OIOSAML3Constants.BOOTSTRAP_TOKEN, encodedBootstrapToken,
-                "urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
+            addSamlAttribute(attributeStatement, OIOSAML3Constants.BOOTSTRAP_TOKEN, encodedBootstrapToken,
+                    "urn:oasis:names:tc:SAML:2.0:attrname-format:basic");
+        }
 
         if (params.surName != null) {
             addSamlAttribute(attributeStatement, OIOSAML3Constants.SURNAME, params.surName,

src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuerParams.java

@@ -19,6 +19,7 @@ public class OIOSAMLTokenIssuerParams extends AbstractBuilderParams {
     String organisationName;
     CertAndKey idpCertAndKey;
     X509Certificate spCert;
+    BootstrapTokenIssuer bootstrapTokenIssuer;
 
     OIOSAMLTokenIssuerParams copy() {
         try {

src/test/java/com/trifork/unsealed/OIOSamlTest.java

@@ -13,6 +13,7 @@
 public class OIOSamlTest extends AbstractTest {
     private static final String KEYSTORE_PASSWORD = "Test1234";
     private OIOSAMLTokenIssuer samlTokenIssuer;
+    private BootstrapTokenIssuer bootstrapTokenIssuer;
 
     @BeforeEach
     void setup0() throws Exception {
@@ -21,9 +22,14 @@ void setup0() throws Exception {
         CertAndKey spCertAndKey = new KeyStoreLoader().fromClassPath("FMKOnlineBilletOmv-T_OCES3.p12").password(KEYSTORE_PASSWORD).load();
         CertAndKey idpCertAndKey = new KeyStoreLoader().fromClassPath("TEST whitelisted SP SOSI alias.p12").password(KEYSTORE_PASSWORD).load();
 
+        bootstrapTokenIssuer = new BootstrapTokenIssuer()
+                .idpCertAndKey(idpCertAndKey);
+
+        // Note that bootstrapTokenIssuer could be using a different CertAndKey than samlTokenIssuer
         samlTokenIssuer = new OIOSAMLTokenIssuer()
                 .idpCertAndKey(idpCertAndKey)
-                .spCert(spCertAndKey.certificate);
+                .spCert(spCertAndKey.certificate)
+                .bootstrapTokenIssuer(bootstrapTokenIssuer);
 
     }