use of org.opensaml.saml.saml1.core.Attribute in project verify-hub by alphagov.
the class EidasAttributeStatementAssertionValidator method validateAttributes.
private void validateAttributes(Assertion assertion) {
final List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements.isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsStatementMissing();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (attributeStatements.size() > 1) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsMultipleStatements();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
final List<Attribute> attributes = attributeStatements.get(0).getAttributes();
if (attributes.isEmpty()) {
SamlValidationSpecificationFailure failure = attributeStatementEmpty(assertion.getID());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
Set<String> attributeNames = attributes.stream().map(Attribute::getName).collect(Collectors.toSet());
if (!attributeNames.containsAll(MANDATORY_ATTRIBUTES.keySet())) {
throw new SamlTransformationErrorException(String.format("Mandatory attributes not provided. Expected %s but got %s", MANDATORY_ATTRIBUTES.values().stream().collect(Collectors.joining(",")), attributes.stream().map(Attribute::getFriendlyName).collect(Collectors.joining(","))), Level.ERROR);
}
for (Attribute attribute : attributes) {
final String attributeName = attribute.getName();
if (!VALID_EIDAS_ATTRIBUTE_NAMES.contains(attributeName)) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsAttributeNotRecognised(attributeName);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (attribute.getAttributeValues().isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyAttribute(attributeName);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!VALID_TYPE_FOR_ATTRIBUTE.get(attributeName).equals(attribute.getAttributeValues().get(0).getSchemaType())) {
final QName schemaType = attribute.getAttributeValues().get(0).getSchemaType();
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.attributeWithIncorrectType(attributeName, VALID_TYPE_FOR_ATTRIBUTE.get(attributeName), schemaType);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!VALID_ATTRIBUTE_NAME_FORMATS.contains(attribute.getNameFormat())) {
SamlTransformationErrorManager.warn(invalidAttributeNameFormat(attribute.getNameFormat()));
}
}
}
use of org.opensaml.saml.saml1.core.Attribute in project verify-hub by alphagov.
the class VerifiedAttributesLoggerTest method shouldLogDateOfBirthHistory.
@Test
public void shouldLogDateOfBirthHistory() throws Exception {
Attribute dateOfBirthAttribute = new AttributeBuilder().buildObject();
dateOfBirthAttribute.setName(IdaConstants.Attributes_1_1.DateOfBirth.NAME);
AttributeValue oldDateOfBirthAttributeValue = new DateAttributeValueBuilder().withTo(DateTime.now().minusDays(1)).withVerified(true).build();
AttributeValue currentDateOfBirthAttributeValue = new DateAttributeValueBuilder().withTo(null).build();
dateOfBirthAttribute.getAttributeValues().add(oldDateOfBirthAttributeValue);
dateOfBirthAttribute.getAttributeValues().add(currentDateOfBirthAttributeValue);
List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().withDateOfBirth(dateOfBirthAttribute).build().getAttributes();
AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
assertThat(attributesMap.get(IdaConstants.Attributes_1_1.DateOfBirth.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(true, "less than 180 days"), new VerifiedAttributeLogData(false, null)));
}
use of org.opensaml.saml.saml1.core.Attribute in project verify-hub by alphagov.
the class VerifiedAttributesLoggerTest method shouldLogPreviousAddressHistory.
@Test
public void shouldLogPreviousAddressHistory() throws Exception {
AttributeValue previousAddressAttributeValue = new AddressAttributeValueBuilder_1_1().withFrom(DateTime.now().minusYears(10)).withTo(DateTime.now().minusYears(1)).withVerified(false).build();
Attribute previousAddressAttribute = new AttributeBuilder().buildObject();
previousAddressAttribute.setName(IdaConstants.Attributes_1_1.PreviousAddress.NAME);
previousAddressAttribute.getAttributeValues().add(previousAddressAttributeValue);
List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().addPreviousAddress(previousAddressAttribute).build().getAttributes();
AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
assertThat(attributesMap.get(IdaConstants.Attributes_1_1.PreviousAddress.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(false, "more than 180 days")));
}
use of org.opensaml.saml.saml1.core.Attribute in project verify-hub by alphagov.
the class VerifiedAttributesLoggerTest method shouldLogFirstNameHistory.
@Test
public void shouldLogFirstNameHistory() throws Exception {
AttributeValue oldFirstNameAttributeValue = new PersonNameAttributeValueBuilder().withTo(DateTime.now().minusDays(181)).withVerified(true).build();
AttributeValue currentFirstNameAttributeValue = new PersonNameAttributeValueBuilder().withFrom(DateTime.now()).withTo(null).build();
Attribute firstNameAttribute = new AttributeBuilder().buildObject();
firstNameAttribute.setName(IdaConstants.Attributes_1_1.Firstname.NAME);
firstNameAttribute.getAttributeValues().add(oldFirstNameAttributeValue);
firstNameAttribute.getAttributeValues().add(currentFirstNameAttributeValue);
List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().withFirstname(firstNameAttribute).build().getAttributes();
AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
assertThat(attributesMap.get(IdaConstants.Attributes_1_1.Firstname.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(true, "more than 180 days"), new VerifiedAttributeLogData(false, null)));
}
use of org.opensaml.saml.saml1.core.Attribute in project cxf by apache.
the class SAMLClaimsTest method testSaml2StaticClaims.
/**
* Test the creation of a SAML2 Assertion with StaticClaimsHandler
*/
@org.junit.Test
public void testSaml2StaticClaims() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, null);
ClaimsManager claimsManager = new ClaimsManager();
StaticClaimsHandler claimsHandler = new StaticClaimsHandler();
Map<String, String> staticClaimsMap = new HashMap<>();
staticClaimsMap.put(CLAIM_STATIC_COMPANY.toString(), CLAIM_STATIC_COMPANY_VALUE);
claimsHandler.setGlobalClaims(staticClaimsMap);
claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(CLAIM_STATIC_COMPANY);
claims.add(claim);
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
List<Attribute> attributes = assertion.getSaml2().getAttributeStatements().get(0).getAttributes();
assertEquals(attributes.size(), 1);
assertEquals(attributes.get(0).getName(), CLAIM_STATIC_COMPANY.toString());
XMLObject valueObj = attributes.get(0).getAttributeValues().get(0);
assertEquals(valueObj.getDOM().getTextContent(), CLAIM_STATIC_COMPANY_VALUE);
}
Aggregations