Example 61 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.
the class IdaResponseFromIdpUnmarshallerTest method transform_shouldTransformTheSamlResponseToIdaResponseByIdp.
@Test
public void transform_shouldTransformTheSamlResponseToIdaResponseByIdp() {
Assertion mdsAssertion = anAssertion().addAttributeStatement(anAttributeStatement().build()).buildUnencrypted();
Assertion authnStatementAssertion = anAssertion().addAuthnStatement(anAuthnStatement().build()).buildUnencrypted();
when(response.getAssertions()).thenReturn(List.of(mdsAssertion, authnStatementAssertion));
PassthroughAssertion passthroughMdsAssertion = aPassthroughAssertion().buildMatchingDatasetAssertion();
when(passthroughAssertionUnmarshaller.fromAssertion(mdsAssertion)).thenReturn(passthroughMdsAssertion);
PassthroughAssertion passthroughAuthnAssertion = aPassthroughAssertion().buildAuthnStatementAssertion();
when(passthroughAssertionUnmarshaller.fromAssertion(authnStatementAssertion)).thenReturn(passthroughAuthnAssertion);
InboundResponseFromIdp inboundResponseFromIdp = unmarshaller.fromSaml(new ValidatedResponse(response), new ValidatedAssertions(response.getAssertions()));
assertThat(inboundResponseFromIdp.getSignature().isPresent()).isEqualTo(true);
assertThat(inboundResponseFromIdp.getMatchingDatasetAssertion().isPresent()).isEqualTo(true);
assertThat(inboundResponseFromIdp.getAuthnStatementAssertion().isPresent()).isEqualTo(true);
assertThat(inboundResponseFromIdp.getSignature().get()).isEqualTo(signature);
assertThat(inboundResponseFromIdp.getAuthnStatementAssertion().get()).isEqualTo(passthroughAuthnAssertion);
assertThat(inboundResponseFromIdp.getMatchingDatasetAssertion().get()).isEqualTo(passthroughMdsAssertion);
}
Also used :
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
PassthroughAssertionBuilder.aPassthroughAssertion(uk.gov.ida.saml.core.test.builders.PassthroughAssertionBuilder.aPassthroughAssertion)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)
PassthroughAssertionBuilder.aPassthroughAssertion(uk.gov.ida.saml.core.test.builders.PassthroughAssertionBuilder.aPassthroughAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp)
ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Test(org.junit.jupiter.api.Test)
Example 62 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.
the class ResponseAssertionsFromIdpValidatorTest method validate_shouldDelegateToIpAddressValidator.
@Test
public void validate_shouldDelegateToIpAddressValidator() throws Exception {
Assertion authnStatementAssertion = anAssertion().addAuthnStatement(anAuthnStatement().build()).buildUnencrypted();
Response response = aResponse().addEncryptedAssertion(anAssertion().addAttributeStatement(aMatchingDatasetAttributeStatement_1_1().build()).build()).addEncryptedAssertion(anAssertion().addAuthnStatement(anAuthnStatement().build()).build()).build();
List<Assertion> assertions = asList(anAssertion().addAttributeStatement(aMatchingDatasetAttributeStatement_1_1().build()).buildUnencrypted(), authnStatementAssertion);
validator.validate(new ValidatedResponse(response), new ValidatedAssertions(assertions));
verify(ipAddressValidator).validate(authnStatementAssertion);
}
Also used :
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Response(org.opensaml.saml.saml2.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Test(org.junit.jupiter.api.Test)
Example 63 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.
the class ResponseAssertionsFromIdpValidatorTest method validate_shouldThrowExceptionIfAuthnStatementAssertionIsMissing.
@Test
public void validate_shouldThrowExceptionIfAuthnStatementAssertionIsMissing() throws Exception {
Response response = aResponse().addEncryptedAssertion(anAssertion().addAttributeStatement(aMatchingDatasetAttributeStatement_1_1().build()).build()).addEncryptedAssertion(anAssertion().addAttributeStatement(aMatchingDatasetAttributeStatement_1_1().build()).build()).build();
List<Assertion> assertions = asList(anAssertion().addAttributeStatement(aMatchingDatasetAttributeStatement_1_1().build()).buildUnencrypted(), anAssertion().addAttributeStatement(aMatchingDatasetAttributeStatement_1_1().build()).buildUnencrypted());
validateException(assertThrows(SamlTransformationErrorException.class, () -> validator.validate(new ValidatedResponse(response), new ValidatedAssertions(assertions))), SamlTransformationErrorFactory.missingAuthnStatement());
}
Also used :
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Response(org.opensaml.saml.saml2.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Test(org.junit.jupiter.api.Test)
Example 64 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.
the class IdpAssertionMetricsCollectorTest method shouldGetMaxInNotOnOrAfterFromSubjectConfirmations.
@Test
public void shouldGetMaxInNotOnOrAfterFromSubjectConfirmations() {
DateTimeFreezer.freezeTime();
MetricRegistry metricRegistry = new MetricRegistry();
IdpAssertionMetricsCollector idpAssertionMetricsCollector = new IdpAssertionMetricsCollector(metricRegistry);
DateTime notOnOrAfterSmaller = DateTime.now().plusMinutes(15);
DateTime notOnOrAfterBigger = DateTime.now().plusMinutes(30);
Assertion anAssertion = anAssertion().withIssuer(anIssuer().withIssuerId("testIdP").build()).withSubject(aSubject().withSubjectConfirmation(aSubjectConfirmation().withSubjectConfirmationData(aSubjectConfirmationData().withNotOnOrAfter(notOnOrAfterSmaller).build()).build()).withSubjectConfirmation(aSubjectConfirmation().withSubjectConfirmationData(aSubjectConfirmationData().withNotOnOrAfter(notOnOrAfterBigger).build()).build()).build()).buildUnencrypted();
idpAssertionMetricsCollector.update(anAssertion);
Gauge actual = metricRegistry.getGauges().get("notOnOrAfter.testIdP");
assertThat(actual.getValue()).isEqualTo(30L);
}
Also used :
MetricRegistry(com.codahale.metrics.MetricRegistry)
AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
DateTime(org.joda.time.DateTime)
Gauge(com.codahale.metrics.Gauge)
Test(org.junit.jupiter.api.Test)
Example 65 with Assertion
use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.
the class UnknownMethodAlgorithmLoggerTest method shouldReportUnknownDigestAlgorithmInIDPAssertion.
@Test
public void shouldReportUnknownDigestAlgorithmInIDPAssertion() throws Exception {
Assertion authnStatementAssertion = anAssertion().withId(ID).withIssuer(anIssuer().withIssuerId(ISSUER_IDP).build()).withSignature(signatureWithUnknownDigestAlgorithm.get()).buildUnencrypted();
UnknownMethodAlgorithmLogger.probeAssertionForMethodAlgorithm(authnStatementAssertion, AUTHN_STATEMENT);
verifyLog(mockAppender, captorLoggingEvent, 1, String.format(UnknownMethodAlgorithmLogger.DIGEST_ALGORITHM_MESSAGE, IDP, DIGEST_SHA1_ID, AUTHN_STATEMENT + Assertion.DEFAULT_ELEMENT_LOCAL_NAME));
}
Also used :
AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
Test(org.junit.jupiter.api.Test)
Aggregations
Assertion (org.opensaml.saml.saml2.core.Assertion)175
Test (org.junit.jupiter.api.Test)118
Response (org.opensaml.saml.saml2.core.Response)62
AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)61
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)58
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)43
Attribute (org.opensaml.saml.saml2.core.Attribute)25
DateTime (org.joda.time.DateTime)23
Element (org.w3c.dom.Element)22
NameID (org.opensaml.saml.saml2.core.NameID)20
XMLObject (org.opensaml.core.xml.XMLObject)19
PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)17
ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)15
Authentication (org.springframework.security.core.Authentication)14
SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)13
Test (org.junit.Test)12
AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)12
Conditions (org.opensaml.saml.saml2.core.Conditions)12
NameIDBuilder (org.opensaml.saml.saml2.core.impl.NameIDBuilder)11
Saml2ResponseValidatorResult (org.springframework.security.saml2.core.Saml2ResponseValidatorResult)11
