Examples with Assertion org.opensaml.saml.saml2.core.Assertion used on opensource projects

Example 81 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlProfileSamlAuthNStatementBuilder method buildSubjectLocality.

/**
 * Build subject locality subject locality.
 *
 * @param assertion    the assertion
 * @param authnRequest the authn request
 * @param adaptor      the adaptor
 * @param binding      the binding
 * @return the subject locality
 * @throws SamlException the saml exception
 */
protected SubjectLocality buildSubjectLocality(final Object assertion, final RequestAbstractType authnRequest, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
    final SubjectLocality subjectLocality = newSamlObject(SubjectLocality.class);
    final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
    if (acs != null && StringUtils.isNotBlank(acs.getLocation())) {
        final InetAddress ip = InetAddressUtils.getByName(acs.getLocation());
        if (ip != null) {
            subjectLocality.setAddress(ip.getHostName());
        }
    }
    return subjectLocality;
}

Example 82 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlObjectEncrypter method getEncrypter.

/**
 * Gets encrypter.
 *
 * @param samlObject    the saml object
 * @param service       the service
 * @param adaptor       the adaptor
 * @param keyEncParams  the key enc params
 * @param dataEncParams the data enc params
 * @return the encrypter
 */
protected Encrypter getEncrypter(final Assertion samlObject, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final KeyEncryptionParameters keyEncParams, final DataEncryptionParameters dataEncParams) {
    final Encrypter encrypter = new Encrypter(dataEncParams, keyEncParams);
    encrypter.setKeyPlacement(Encrypter.KeyPlacement.PEER);
    return encrypter;
}

Example 83 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlObjectEncrypter method encode.

/**
 * Encode a given saml object by invoking a number of outbound security handlers on the context.
 *
 * @param samlObject the saml object
 * @param service    the service
 * @param adaptor    the adaptor
 * @param response   the response
 * @param request    the request
 * @return the t
 * @throws SamlException the saml exception
 */
@SneakyThrows
public EncryptedAssertion encode(final Assertion samlObject, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletResponse response, final HttpServletRequest request) throws SamlException {
    final String className = samlObject.getClass().getName();
    final String entityId = adaptor.getEntityId();
    LOGGER.debug("Attempting to encrypt [{}] for [{}]", className, entityId);
    final Credential credential = getKeyEncryptionCredential(entityId, adaptor, service);
    LOGGER.info("Found encryption public key: [{}]", EncodingUtils.encodeBase64(credential.getPublicKey().getEncoded()));
    final KeyEncryptionParameters keyEncParams = getKeyEncryptionParameters(samlObject, service, adaptor, credential);
    LOGGER.debug("Key encryption algorithm for [{}] is [{}]", keyEncParams.getRecipient(), keyEncParams.getAlgorithm());
    final DataEncryptionParameters dataEncParams = getDataEncryptionParameters(samlObject, service, adaptor);
    LOGGER.debug("Data encryption algorithm for [{}] is [{}]", entityId, dataEncParams.getAlgorithm());
    final Encrypter encrypter = getEncrypter(samlObject, service, adaptor, keyEncParams, dataEncParams);
    LOGGER.debug("Attempting to encrypt [{}] for [{}] with key placement of [{}]", className, entityId, encrypter.getKeyPlacement());
    return encrypter.encrypt(samlObject);
}

Example 84 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method encodeNameIdBasedOnNameFormat.

/**
 * Encode name id based on name format name id.
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param nameFormat   the name format
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the name id
 */
protected NameID encodeNameIdBasedOnNameFormat(final RequestAbstractType authnRequest, final Object assertion, final String nameFormat, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    try {
        if (authnRequest instanceof AttributeQuery) {
            final AttributeQuery query = AttributeQuery.class.cast(authnRequest);
            final NameID nameID = query.getSubject().getNameID();
            nameID.detach();
            return nameID;
        }
        final IdPAttribute attribute = prepareNameIdAttribute(assertion, nameFormat, adaptor);
        final SAML2StringNameIDEncoder encoder = prepareNameIdEncoder(authnRequest, nameFormat, attribute, service, adaptor);
        LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
        final NameID nameid = encoder.encode(attribute);
        LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameid.getFormat(), nameid.getValue());
        return nameid;
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}

Example 85 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project cas by apereo.

the class SamlProfileSamlNameIdBuilder method buildNameId.

/**
 * Build name id.
 * If there are no explicitly defined NameIDFormats, include the default format.
 * see: http://saml2int.org/profile/current/#section92
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the name id
 * @throws SamlException the saml exception
 */
private NameID buildNameId(final RequestAbstractType authnRequest, final Object assertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    final List<String> supportedNameFormats = getSupportedNameIdFormats(service, adaptor);
    final String requiredNameFormat = getRequiredNameIdFormatIfAny(authnRequest);
    validateRequiredNameIdFormatIfAny(authnRequest, adaptor, supportedNameFormats, requiredNameFormat);
    final NameID nameid = determineNameId(authnRequest, assertion, supportedNameFormats, service, adaptor);
    return finalizeNameId(nameid, authnRequest, assertion, supportedNameFormats, service, adaptor);
}