Examples with EntityIdCriterion org.opensaml.core.criterion.EntityIdCriterion used on opensource projects

Example 6 with EntityIdCriterion

use of org.opensaml.core.criterion.EntityIdCriterion in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method validateSignature.

/**
 * Validate the given digital signature by checking its profile and value.
 *
 * @param signature   the signature
 * @param idpEntityId the idp entity id
 * @param trustEngine the trust engine
 */
protected final void validateSignature(final Signature signature, final String idpEntityId, final SignatureTrustEngine trustEngine) {
    final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
    try {
        validator.validate(signature);
    } catch (final SignatureException e) {
        throw new SAMLSignatureValidationException("SAMLSignatureProfileValidator failed to validate signature", e);
    }
    final CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
    criteriaSet.add(new EntityIdCriterion(idpEntityId));
    final boolean valid;
    try {
        valid = trustEngine.validate(signature, criteriaSet);
    } catch (final SecurityException e) {
        throw new SAMLSignatureValidationException("An error occurred during signature validation", e);
    }
    if (!valid) {
        throw new SAMLSignatureValidationException("Signature is not trusted");
    }
}

Example 7 with EntityIdCriterion

use of org.opensaml.core.criterion.EntityIdCriterion in project pac4j by pac4j.

the class SAML2ContextProvider method addContext.

protected final void addContext(final SAML2MetadataResolver entityId, final BaseContext parentContext, final QName elementName) {
    final EntityDescriptor entityDescriptor;
    final RoleDescriptor roleDescriptor;
    try {
        final CriteriaSet set = new CriteriaSet();
        set.add(new EntityIdCriterion(entityId.getEntityId()));
        entityDescriptor = this.metadata.resolveSingle(set);
        if (entityDescriptor == null) {
            throw new SAMLException("Cannot find entity " + entityId + " in metadata provider");
        }
        final List<RoleDescriptor> list = entityDescriptor.getRoleDescriptors(elementName, SAMLConstants.SAML20P_NS);
        roleDescriptor = CommonHelper.isNotEmpty(list) ? list.get(0) : null;
        if (roleDescriptor == null) {
            throw new SAMLException("Cannot find entity " + entityId + " or role " + elementName + " in metadata provider");
        }
    } catch (final ResolverException e) {
        throw new SAMLException("An error occured while getting IDP descriptors", e);
    }
    final SAMLMetadataContext mdCtx = parentContext.getSubcontext(SAMLMetadataContext.class, true);
    mdCtx.setEntityDescriptor(entityDescriptor);
    mdCtx.setRoleDescriptor(roleDescriptor);
}

Example 8 with EntityIdCriterion

use of org.opensaml.core.criterion.EntityIdCriterion in project pac4j by pac4j.

the class KeyStoreCredentialProvider method getCredential.

@Override
public final Credential getCredential() {
    try {
        final CriteriaSet cs = new CriteriaSet();
        final EntityIdCriterion criteria = new EntityIdCriterion(this.privateKey);
        cs.add(criteria);
        final X509Credential creds = (X509Credential) this.credentialResolver.resolveSingle(cs);
        return creds;
    } catch (final ResolverException e) {
        throw new SAMLException("Can't obtain SP private key", e);
    }
}

Example 9 with EntityIdCriterion

use of org.opensaml.core.criterion.EntityIdCriterion in project cas by apereo.

the class SamlObjectSignatureValidatorTests method setupTestContextFor.

private void setupTestContextFor(final String spMetadataPath, final String spEntityId) throws Exception {
    val idpMetadata = new File("src/test/resources/metadata/idp-metadata.xml").getCanonicalPath();
    val keystorePath = new File(FileUtils.getTempDirectory(), "keystore").getCanonicalPath();
    saml2ClientConfiguration = new SAML2Configuration(keystorePath, "changeit", "changeit", idpMetadata);
    saml2ClientConfiguration.setServiceProviderEntityId(spEntityId);
    saml2ClientConfiguration.setServiceProviderMetadataPath(spMetadataPath);
    saml2ClientConfiguration.init();
    val saml2Client = new SAML2Client(saml2ClientConfiguration);
    saml2Client.setCallbackUrl("http://callback.example.org");
    saml2Client.init();
    samlContext = new MessageContext();
    saml2MessageContext = new SAML2MessageContext();
    saml2MessageContext.setSaml2Configuration(saml2ClientConfiguration);
    saml2MessageContext.setWebContext(new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()));
    val peer = saml2MessageContext.getMessageContext().getSubcontext(SAMLPeerEntityContext.class, true);
    assertNotNull(peer);
    peer.setEntityId("https://cas.example.org/idp");
    val md = peer.getSubcontext(SAMLMetadataContext.class, true);
    assertNotNull(md);
    val idpResolver = SamlIdPUtils.getRoleDescriptorResolver(casSamlIdPMetadataResolver, true);
    md.setRoleDescriptor(idpResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(peer.getEntityId())), new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME))));
    val self = saml2MessageContext.getMessageContext().getSubcontext(SAMLSelfEntityContext.class, true);
    assertNotNull(self);
    self.setEntityId(saml2ClientConfiguration.getServiceProviderEntityId());
    val sp = self.getSubcontext(SAMLMetadataContext.class, true);
    assertNotNull(sp);
    val spRes = new InMemoryResourceMetadataResolver(saml2ClientConfiguration.getServiceProviderMetadataResource(), openSamlConfigBean);
    spRes.setId(getClass().getSimpleName());
    spRes.initialize();
    val spResolver = SamlIdPUtils.getRoleDescriptorResolver(spRes, true);
    sp.setRoleDescriptor(spResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(self.getEntityId())), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME))));
    val service = new SamlRegisteredService();
    service.setName("Sample");
    service.setServiceId(saml2ClientConfiguration.getServiceProviderEntityId());
    service.setId(100);
    service.setDescription("SAML Service");
    service.setMetadataLocation(spMetadataPath);
    val facade = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId());
    this.adaptor = facade.get();
}

Example 10 with EntityIdCriterion

use of org.opensaml.core.criterion.EntityIdCriterion in project cas by apereo.

the class SamlIdPMetadataResolverTests method verifyOperationWithService.

@Test
public void verifyOperationWithService() throws Exception {
    val criteria = new CriteriaSet(new SamlIdPSamlRegisteredServiceCriterion(getSamlRegisteredServiceFor(UUID.randomUUID().toString())), new EntityIdCriterion(casProperties.getAuthn().getSamlIdp().getCore().getEntityId()));
    var locator = mock(SamlIdPMetadataLocator.class);
    when(locator.shouldGenerateMetadataFor(any())).thenReturn(true);
    when(locator.exists(any())).thenReturn(false);
    when(locator.resolveMetadata(any())).thenReturn(new ByteArrayResource(ArrayUtils.EMPTY_BYTE_ARRAY));
    val resolver = new SamlIdPMetadataResolver(locator, mock(SamlIdPMetadataGenerator.class), openSamlConfigBean, casProperties);
    val result1 = resolver.resolve(criteria);
    assertTrue(Iterables.isEmpty(result1));
}