From 068cec05d37e05fcdb6f8ab35e60bca381bc0263 Mon Sep 17 00:00:00 2001 From: Jeppe Sommer Date: Wed, 29 Jan 2025 10:20:49 +0100 Subject: [PATCH] OIOSAMLTokenIssuer now takes a bootstrapTokenIssuer as param --- .../trifork/unsealed/OIOSAMLTokenIssuer.java | 56 ++++++++++--------- .../unsealed/OIOSAMLTokenIssuerParams.java | 1 + .../com/trifork/unsealed/OIOSamlTest.java | 8 ++- 3 files changed, 39 insertions(+), 26 deletions(-) diff --git a/src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuer.java b/src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuer.java index b7b9e4e..feb28de 100755 --- a/src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuer.java +++ b/src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuer.java @@ -41,6 +41,12 @@ public OIOSAMLTokenIssuer spCert(X509Certificate spCert) { return new OIOSAMLTokenIssuer(params); } + public OIOSAMLTokenIssuer bootstrapTokenIssuer(BootstrapTokenIssuer bootstrapTokenIssuer) { + OIOSAMLTokenIssuerParams params = this.params.copy(); + params.bootstrapTokenIssuer = bootstrapTokenIssuer; + return new OIOSAMLTokenIssuer(params); + } + public OIOSAMLTokenIssuer recipient(String recipient) { OIOSAMLTokenIssuerParams params = this.params.copy(); params.recipient = recipient; @@ -171,22 +177,22 @@ public OIOSAMLToken issueForProfessional() throws Exception { addSamlAttribute(attributeStatement, OIOSAMLToken.ASSURANCE_LEVEL, "3", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"); - CertAndKey spCertAndNoKey = new CertAndKey(params.spCert, null); - BootstrapTokenIssuer bootstrapTokenIssuer = new BootstrapTokenIssuer() - .idpCertAndKey(params.idpCertAndKey) - .spCertAndKey(spCertAndNoKey) - .cpr(params.cprNumber) - .cvr(params.cvrNumber) - .uuid(params.profUuid) - .orgName(params.organisationName); - - BootstrapToken bootstrapToken = bootstrapTokenIssuer.cvr(params.cvrNumber).orgName(params.organisationName).issueForProfessional(); + BootstrapTokenIssuer bootstrapTokenIssuer = params.bootstrapTokenIssuer; + if (bootstrapTokenIssuer != null) { + BootstrapToken bootstrapToken = bootstrapTokenIssuer + .spCert(params.spCert) + .cpr(params.cprNumber) + .cvr(params.cvrNumber) + .uuid(params.profUuid) + .orgName(params.organisationName) + .issueForProfessional(); - String encodedBootstrapToken = Base64.getEncoder() - .encodeToString(bootstrapToken.getXml().getBytes(StandardCharsets.UTF_8)); + String encodedBootstrapToken = Base64.getEncoder() + .encodeToString(bootstrapToken.getXml().getBytes(StandardCharsets.UTF_8)); - addSamlAttribute(attributeStatement, OIOSAML3Constants.BOOTSTRAP_TOKEN, encodedBootstrapToken, - "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"); + addSamlAttribute(attributeStatement, OIOSAML3Constants.BOOTSTRAP_TOKEN, encodedBootstrapToken, + "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"); + } if (params.surName != null) { addSamlAttribute(attributeStatement, OIOSAML3Constants.SURNAME, params.surName, @@ -226,19 +232,19 @@ public OIOSAMLToken issueForCitizen() throws Exception { addSamlAttribute(attributeStatement, OIOSAMLToken.ASSURANCE_LEVEL, "3", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"); - CertAndKey spCertAndNoKey = new CertAndKey(params.spCert, null); - BootstrapTokenIssuer bootstrapTokenIssuer = new BootstrapTokenIssuer() - .idpCertAndKey(params.idpCertAndKey) - .spCertAndKey(spCertAndNoKey) - .cpr(params.cprNumber); - - BootstrapToken bootstrapToken = bootstrapTokenIssuer.issueForCitizen(); + BootstrapTokenIssuer bootstrapTokenIssuer = params.bootstrapTokenIssuer; + if (bootstrapTokenIssuer != null) { + BootstrapToken bootstrapToken = bootstrapTokenIssuer + .spCert(params.spCert) + .cpr(params.cprNumber) + .issueForCitizen(); - String encodedBootstrapToken = Base64.getEncoder() - .encodeToString(bootstrapToken.getXml().getBytes(StandardCharsets.UTF_8)); + String encodedBootstrapToken = Base64.getEncoder() + .encodeToString(bootstrapToken.getXml().getBytes(StandardCharsets.UTF_8)); - addSamlAttribute(attributeStatement, OIOSAML3Constants.BOOTSTRAP_TOKEN, encodedBootstrapToken, - "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"); + addSamlAttribute(attributeStatement, OIOSAML3Constants.BOOTSTRAP_TOKEN, encodedBootstrapToken, + "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"); + } if (params.surName != null) { addSamlAttribute(attributeStatement, OIOSAML3Constants.SURNAME, params.surName, diff --git a/src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuerParams.java b/src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuerParams.java index 32cdc0d..c932efd 100644 --- a/src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuerParams.java +++ b/src/main/java/com/trifork/unsealed/OIOSAMLTokenIssuerParams.java @@ -19,6 +19,7 @@ public class OIOSAMLTokenIssuerParams extends AbstractBuilderParams { String organisationName; CertAndKey idpCertAndKey; X509Certificate spCert; + BootstrapTokenIssuer bootstrapTokenIssuer; OIOSAMLTokenIssuerParams copy() { try { diff --git a/src/test/java/com/trifork/unsealed/OIOSamlTest.java b/src/test/java/com/trifork/unsealed/OIOSamlTest.java index e80010c..9c2e6a6 100755 --- a/src/test/java/com/trifork/unsealed/OIOSamlTest.java +++ b/src/test/java/com/trifork/unsealed/OIOSamlTest.java @@ -13,6 +13,7 @@ public class OIOSamlTest extends AbstractTest { private static final String KEYSTORE_PASSWORD = "Test1234"; private OIOSAMLTokenIssuer samlTokenIssuer; + private BootstrapTokenIssuer bootstrapTokenIssuer; @BeforeEach void setup0() throws Exception { @@ -21,9 +22,14 @@ void setup0() throws Exception { CertAndKey spCertAndKey = new KeyStoreLoader().fromClassPath("FMKOnlineBilletOmv-T_OCES3.p12").password(KEYSTORE_PASSWORD).load(); CertAndKey idpCertAndKey = new KeyStoreLoader().fromClassPath("TEST whitelisted SP SOSI alias.p12").password(KEYSTORE_PASSWORD).load(); + bootstrapTokenIssuer = new BootstrapTokenIssuer() + .idpCertAndKey(idpCertAndKey); + + // Note that bootstrapTokenIssuer could be using a different CertAndKey than samlTokenIssuer samlTokenIssuer = new OIOSAMLTokenIssuer() .idpCertAndKey(idpCertAndKey) - .spCert(spCertAndKey.certificate); + .spCert(spCertAndKey.certificate) + .bootstrapTokenIssuer(bootstrapTokenIssuer); }