SONAR-24023 Added test for SonarqubeRelyingPartyRegistrationRepositor…

…y + refactoring

server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/RedirectToUrlProvider.java

@@ -35,7 +35,7 @@ public class RedirectToUrlProvider {
 
   private final RelyingPartyRegistrationRepositoryProvider relyingPartyRegistrationRepositoryProvider;
 
-  public RedirectToUrlProvider(RelyingPartyRegistrationRepositoryProvider relyingPartyRegistrationRepositoryProvider) {
+  RedirectToUrlProvider(RelyingPartyRegistrationRepositoryProvider relyingPartyRegistrationRepositoryProvider) {
     this.relyingPartyRegistrationRepositoryProvider = relyingPartyRegistrationRepositoryProvider;
   }
 

server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/RelyingPartyRegistrationRepositoryProvider.java

@@ -27,13 +27,17 @@
 public class RelyingPartyRegistrationRepositoryProvider {
 
   private final SamlSettings samlSettings;
+  private final SamlCertificateConverter samlCertificateConverter;
+  private final SamlPrivateKeyConverter samlPrivateKeyConverter;
 
-  public RelyingPartyRegistrationRepositoryProvider(SamlSettings samlSettings) {
+  public RelyingPartyRegistrationRepositoryProvider(SamlSettings samlSettings, SamlCertificateConverter samlCertificateConverter, SamlPrivateKeyConverter samlPrivateKeyConverter) {
     this.samlSettings = samlSettings;
+    this.samlCertificateConverter = samlCertificateConverter;
+    this.samlPrivateKeyConverter = samlPrivateKeyConverter;
   }
 
   RelyingPartyRegistrationRepository provide(@Nullable String callbackUrl) {
-    return new SonarqubeRelyingPartyRegistrationRepository(samlSettings, callbackUrl);
+    return new SonarqubeRelyingPartyRegistrationRepository(samlSettings, samlCertificateConverter, samlPrivateKeyConverter, callbackUrl);
   }
 
 }

server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java

@@ -0,0 +1,31 @@
+package org.sonar.auth.saml;
+
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Base64;
+import org.sonar.api.server.ServerSide;
+
+@ServerSide
+class SamlCertificateConverter {
+
+  X509Certificate toX509Certificate(String certificateString) {
+    String cleanedCertificateString = sanitizeCertificateString(certificateString);
+
+    byte[] decoded = Base64.getDecoder().decode(cleanedCertificateString);
+    try {
+      CertificateFactory factory = CertificateFactory.getInstance("X.509");
+      return (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(decoded));
+    } catch (CertificateException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  private static String sanitizeCertificateString(String certificateString) {
+    return certificateString
+      .replace("-----BEGIN CERTIFICATE-----", "")
+      .replace("-----END CERTIFICATE-----", "")
+      .replaceAll("\\s+", "");
+  }
+}

server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlModule.java

@@ -32,8 +32,10 @@ protected void configureModule() {
       RelyingPartyRegistrationRepositoryProvider.class,
       SamlAuthenticator.class,
       SamlConfiguration.class,
+      SamlCertificateConverter.class,
       SamlIdentityProvider.class,
       SamlMessageIdChecker.class,
+      SamlPrivateKeyConverter.class,
       SamlResponseAuthenticator.class,
       SamlSettings.class,
       RedirectToUrlProvider.class,

server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java

@@ -0,0 +1,32 @@
+package org.sonar.auth.saml;
+
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+import org.sonar.api.server.ServerSide;
+
+@ServerSide
+class SamlPrivateKeyConverter {
+  PrivateKey toPrivateKey(String privateKeyString) {
+    String cleanedPrivateKeyString = sanitizePrivateKeyString(privateKeyString);
+
+    byte[] decoded = Base64.getDecoder().decode(cleanedPrivateKeyString);
+    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decoded);
+    try {
+      KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+      return keyFactory.generatePrivate(keySpec);
+    } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  private static String sanitizePrivateKeyString(String privateKeyString) {
+    return privateKeyString
+      .replace("-----BEGIN PRIVATE KEY-----", "")
+      .replace("-----END PRIVATE KEY-----", "")
+      .replaceAll("\\s+", "");
+  }
+}

server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlResponseAuthenticator.java

@@ -30,12 +30,12 @@
 import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
 
 @ServerSide
-public class SamlResponseAuthenticator {
+class SamlResponseAuthenticator {
 
   private final OpenSaml4AuthenticationProvider openSaml4AuthenticationProvider;
   private final RelyingPartyRegistrationRepositoryProvider relyingPartyRegistrationRepositoryProvider;
 
-  public SamlResponseAuthenticator(OpenSaml4AuthenticationProvider openSaml4AuthenticationProvider,
+  SamlResponseAuthenticator(OpenSaml4AuthenticationProvider openSaml4AuthenticationProvider,
     RelyingPartyRegistrationRepositoryProvider relyingPartyRegistrationRepositoryProvider) {
     this.openSaml4AuthenticationProvider = openSaml4AuthenticationProvider;
     this.relyingPartyRegistrationRepositoryProvider = relyingPartyRegistrationRepositoryProvider;