Search in sources :

Example 1 with EncryptedAssertionType

use of org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20EncryptedAssertionsSignedReceivedWithRedirectBinding.

@Test
public void testSaml20EncryptedAssertionsSignedReceivedWithRedirectBinding() throws Exception {
    ResponseType resp = assertParsed("saml20-encrypted-signed-redirect-response.xml", ResponseType.class);
    assertThat(resp.getSignature(), nullValue());
    assertThat(resp.getConsent(), nullValue());
    assertThat(resp.getIssuer(), not(nullValue()));
    assertThat(resp.getIssuer().getValue(), is("http://localhost:8081/auth/realms/saml-demo"));
    assertThat(resp.getIssuer().getFormat(), is(JBossSAMLURIConstants.NAMEID_FORMAT_ENTITY.getUri()));
    assertThat(resp.getExtensions(), not(nullValue()));
    assertThat(resp.getExtensions().getAny().size(), is(1));
    assertThat(resp.getExtensions().getAny().get(0), instanceOf(Element.class));
    Element el = (Element) resp.getExtensions().getAny().get(0);
    assertThat(el.getLocalName(), is("KeyInfo"));
    assertThat(el.getNamespaceURI(), is("urn:keycloak:ext:key:1.0"));
    assertThat(el.hasAttribute("MessageSigningKeyId"), is(true));
    assertThat(el.getAttribute("MessageSigningKeyId"), is("FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"));
    assertThat(resp.getAssertions(), not(nullValue()));
    assertThat(resp.getAssertions().size(), is(1));
    final EncryptedAssertionType ea = resp.getAssertions().get(0).getEncryptedAssertion();
    assertThat(ea, notNullValue());
    assertThat(ea.getEncryptedElement(), notNullValue());
    assertThat(ea.getEncryptedElement().getLocalName(), is("EncryptedAssertion"));
}
Also used : Element(org.w3c.dom.Element) EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 2 with EncryptedAssertionType

use of org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType in project keycloak by keycloak.

the class SAMLEncryptedAssertionParser method parse.

@Override
public EncryptedAssertionType parse(XMLEventReader xmlEventReader) throws ParsingException {
    EncryptedAssertionType res = new EncryptedAssertionType();
    res.setEncryptedElement(StaxParserUtil.getDOMElement(xmlEventReader));
    return res;
}
Also used : EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)

Example 3 with EncryptedAssertionType

use of org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType in project keycloak by keycloak.

the class SAMLResponseWriter method write.

/**
 * Write a {@code ResponseType} to stream
 *
 * @param response
 * @param out
 *
 * @throws org.keycloak.saml.common.exceptions.ProcessingException
 */
public void write(ResponseType response) throws ProcessingException {
    StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.RESPONSE__PROTOCOL.get(), JBossSAMLURIConstants.PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, JBossSAMLURIConstants.ASSERTION_NSURI.get());
    writeBaseAttributes(response);
    NameIDType issuer = response.getIssuer();
    if (issuer != null) {
        write(issuer, new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    }
    ExtensionsType extensions = response.getExtensions();
    if (extensions != null && extensions.getAny() != null && !extensions.getAny().isEmpty()) {
        write(extensions);
    }
    StatusType status = response.getStatus();
    write(status);
    List<ResponseType.RTChoiceType> choiceTypes = response.getAssertions();
    if (choiceTypes != null) {
        for (ResponseType.RTChoiceType choiceType : choiceTypes) {
            AssertionType assertion = choiceType.getAssertion();
            if (assertion != null) {
                assertionWriter.write(assertion);
            }
            EncryptedAssertionType encryptedAssertion = choiceType.getEncryptedAssertion();
            if (encryptedAssertion != null) {
                Element encElement = encryptedAssertion.getEncryptedElement();
                StaxUtil.writeDOMElement(writer, encElement);
            }
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : QName(javax.xml.namespace.QName) StatusType(org.keycloak.dom.saml.v2.protocol.StatusType) ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType) Element(org.w3c.dom.Element) EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)

Example 4 with EncryptedAssertionType

use of org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType in project keycloak by keycloak.

the class JBossSAMLAuthnResponseFactory method createResponseType.

/**
 * Create a Response Type
 *
 * @param ID
 * @param issuerInfo
 * @param encryptedAssertion a DOM {@link Element} that represents an encrypted assertion
 *
 * @return
 *
 * @throws ConfigurationException
 */
public static ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, Element encryptedAssertion) {
    ResponseType responseType = new ResponseType(ID, XMLTimeUtil.getIssueInstant());
    // Issuer
    NameIDType issuer = issuerInfo.getIssuer();
    responseType.setIssuer(issuer);
    // Status
    String statusCode = issuerInfo.getStatusCode();
    if (statusCode == null)
        throw logger.issuerInfoMissingStatusCodeError();
    responseType.setStatus(createStatusType(statusCode));
    responseType.addAssertion(new RTChoiceType(new EncryptedAssertionType(encryptedAssertion)));
    return responseType;
}
Also used : RTChoiceType(org.keycloak.dom.saml.v2.protocol.ResponseType.RTChoiceType) EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 5 with EncryptedAssertionType

use of org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType in project keycloak by keycloak.

the class AssertionUtil method getAssertion.

public static AssertionType getAssertion(SAMLDocumentHolder holder, ResponseType responseType, PrivateKey privateKey) throws ParsingException, ProcessingException, ConfigurationException {
    List<ResponseType.RTChoiceType> assertions = responseType.getAssertions();
    if (assertions.isEmpty()) {
        throw new ProcessingException("No assertion from response.");
    }
    ResponseType.RTChoiceType rtChoiceType = assertions.get(0);
    EncryptedAssertionType encryptedAssertion = rtChoiceType.getEncryptedAssertion();
    if (encryptedAssertion != null) {
        if (privateKey == null) {
            throw new ProcessingException("Encryptd assertion and decrypt private key is null");
        }
        decryptAssertion(holder, responseType, privateKey);
    }
    return responseType.getAssertions().get(0).getAssertion();
}
Also used : EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Aggregations

EncryptedAssertionType (org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)7 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)4 Test (org.junit.Test)2 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)2 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)2 Element (org.w3c.dom.Element)2 QName (javax.xml.namespace.QName)1 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)1 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)1 ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)1 RTChoiceType (org.keycloak.dom.saml.v2.protocol.ResponseType.RTChoiceType)1 StatusType (org.keycloak.dom.saml.v2.protocol.StatusType)1 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)1 SAMLParser (org.keycloak.saml.processing.core.parsers.saml.SAMLParser)1 Document (org.w3c.dom.Document)1