use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds.
@Test
public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() {
Response response = response();
Assertion assertion = assertion();
NameID nameId = assertion.getSubject().getNameID();
EncryptedID encryptedID = TestOpenSamlObjects.encrypted(nameId, TestSaml2X509Credentials.assertingPartyEncryptingCredential());
assertion.getSubject().setNameID(null);
assertion.getSubject().setEncryptedID(encryptedID);
response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
this.provider.authenticate(token);
}
use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.
the class TestOpenSamlObjects method encrypted.
static EncryptedID encrypted(NameID nameId, Saml2X509Credential credential) {
X509Certificate certificate = credential.getCertificate();
Encrypter encrypter = getEncrypter(certificate);
try {
return encrypter.encrypt(nameId);
} catch (EncryptionException ex) {
throw new Saml2Exception("Unable to encrypt nameID.", ex);
}
}
use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertion.
@Test
public void authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertion() {
Response response = response();
Assertion assertion = assertion();
EncryptedID id = new EncryptedIDBuilder().buildObject();
id.setEncryptedData(new EncryptedDataBuilder().buildObject());
assertion.getSubject().setEncryptedID(id);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration()));
this.provider.setAssertionElementsDecrypter((tuple) -> {
NameID name = new NameIDBuilder().buildObject();
name.setValue("decrypted name");
tuple.getAssertion().getSubject().setNameID(name);
});
Authentication authentication = this.provider.authenticate(token);
assertThat(authentication.getName()).isEqualTo("decrypted name");
}
use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProviderTests method authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertion.
@Test
public void authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertion() {
Response response = response();
Assertion assertion = assertion();
EncryptedID id = new EncryptedIDBuilder().buildObject();
id.setEncryptedData(new EncryptedDataBuilder().buildObject());
assertion.getSubject().setEncryptedID(id);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration()));
this.provider.setAssertionElementsDecrypter((tuple) -> {
NameID name = new NameIDBuilder().buildObject();
name.setValue("decrypted name");
tuple.getAssertion().getSubject().setNameID(name);
});
Authentication authentication = this.provider.authenticate(token);
assertThat(authentication.getName()).isEqualTo("decrypted name");
}
use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidator method getNameId.
private NameID getNameId(LogoutRequest request, RelyingPartyRegistration registration) {
NameID nameId = request.getNameID();
if (nameId != null) {
return nameId;
}
EncryptedID encryptedId = request.getEncryptedID();
if (encryptedId == null) {
return null;
}
return decryptNameId(encryptedId, registration);
}
Aggregations