Search in sources :

Example 1 with SAMLObject

use of org.opensaml.common.SAMLObject in project MaxKey by dromara.

the class WebServicePostEncoder method encodeMsgContext.

@SuppressWarnings("rawtypes")
public VelocityContext encodeMsgContext(MessageContext messageContext) throws MessageEncodingException {
    SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
    SAMLObject outboundMessage = samlMsgCtx.getOutboundSAMLMessage();
    if (outboundMessage == null) {
        throw new MessageEncodingException("No outbound SAML message contained in message context");
    }
    signMessage(samlMsgCtx);
    samlMsgCtx.setOutboundMessage(outboundMessage);
    return encodeMsgContext(samlMsgCtx);
}
Also used : SAMLMessageContext(org.opensaml.common.binding.SAMLMessageContext) SAMLObject(org.opensaml.common.SAMLObject) MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)

Example 2 with SAMLObject

use of org.opensaml.common.SAMLObject in project entcore by opendigitaleducation.

the class SamlValidator method decryptAssertion.

private Assertion decryptAssertion(Response response) throws Exception {
    EncryptedAssertion encryptedAssertion;
    if (response.getEncryptedAssertions() != null && response.getEncryptedAssertions().size() == 1) {
        encryptedAssertion = response.getEncryptedAssertions().get(0);
    } else {
        throw new ValidationException("Encrypted Assertion not found.");
    }
    BasicX509Credential decryptionCredential = new BasicX509Credential();
    decryptionCredential.setPrivateKey(privateKey);
    Decrypter decrypter = new Decrypter(null, new StaticKeyInfoCredentialResolver(decryptionCredential), new InlineEncryptedKeyResolver());
    decrypter.setRootInNewDocument(true);
    Assertion assertion = decrypter.decrypt(encryptedAssertion);
    if (assertion != null && assertion.getSubject() != null && assertion.getSubject().getEncryptedID() != null) {
        SAMLObject s = decrypter.decrypt(assertion.getSubject().getEncryptedID());
        if (s instanceof BaseID) {
            assertion.getSubject().setBaseID((BaseID) s);
        } else if (s instanceof NameID) {
            assertion.getSubject().setNameID((NameID) s);
        }
        assertion.getSubject().setEncryptedID(null);
    }
    if (assertion != null && assertion.getAttributeStatements() != null) {
        for (AttributeStatement statement : assertion.getAttributeStatements()) {
            for (EncryptedAttribute ea : statement.getEncryptedAttributes()) {
                Attribute a = decrypter.decrypt(ea);
                statement.getAttributes().add(a);
            }
            statement.getEncryptedAttributes().clear();
        }
    }
    return assertion;
}
Also used : ValidationException(org.opensaml.xml.validation.ValidationException) SAMLObject(org.opensaml.common.SAMLObject) Decrypter(org.opensaml.saml2.encryption.Decrypter) StaticKeyInfoCredentialResolver(org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver) BasicX509Credential(org.opensaml.xml.security.x509.BasicX509Credential) InlineEncryptedKeyResolver(org.opensaml.xml.encryption.InlineEncryptedKeyResolver)

Aggregations

SAMLObject (org.opensaml.common.SAMLObject)2 SAMLMessageContext (org.opensaml.common.binding.SAMLMessageContext)1 Decrypter (org.opensaml.saml2.encryption.Decrypter)1 MessageEncodingException (org.opensaml.ws.message.encoder.MessageEncodingException)1 InlineEncryptedKeyResolver (org.opensaml.xml.encryption.InlineEncryptedKeyResolver)1 StaticKeyInfoCredentialResolver (org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver)1 BasicX509Credential (org.opensaml.xml.security.x509.BasicX509Credential)1 ValidationException (org.opensaml.xml.validation.ValidationException)1