use of org.opensaml.saml.saml2.core.Status in project ddf by codice.
the class SamlAssertionValidatorImpl method createStatus.
/**
* Creates the status object for the response.
*
* @param statusCodeValue
* @param statusMessage
* @return Status
*/
private static Status createStatus(String statusCodeValue, String statusMessage) {
if (statusBuilder == null) {
statusBuilder = (SAMLObjectBuilder<Status>) builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
}
if (statusCodeBuilder == null) {
statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
}
if (statusMessageBuilder == null) {
statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
}
Status status = statusBuilder.buildObject();
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
return status;
}
use of org.opensaml.saml.saml2.core.Status in project cxf by apache.
the class SAMLSSOResponseValidatorTest method testSignedResponseInvalidDestination.
@org.junit.Test
public void testSignedResponseInvalidDestination() throws Exception {
Document doc = DOMUtils.createDocument();
Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
// Create an AuthenticationAssertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
callbackHandler.setIssuer("http://cxf.apache.org/issuer");
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
ConditionsBean conditions = new ConditionsBean();
conditions.setNotBefore(new DateTime());
conditions.setNotAfter(new DateTime().plusMinutes(5));
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList("http://service.apache.org"));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(conditions);
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress("http://apache.org");
subjectConfirmationData.setInResponseTo("12345");
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient("http://recipient.apache.org");
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
response.getAssertions().add(assertion.getSaml2());
response.setDestination("xyz");
Crypto issuerCrypto = new Merlin();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class);
InputStream input = Merlin.loadInputStream(loader, "alice.jks");
keyStore.load(input, "password".toCharArray());
((Merlin) issuerCrypto).setKeyStore(keyStore);
signResponse(response, "alice", "password", issuerCrypto, true);
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
assertNotNull(policyElement);
Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
// Validate the Response
SAMLSSOResponseValidator validator = new SAMLSSOResponseValidator();
validator.setIssuerIDP("http://cxf.apache.org/issuer");
validator.setAssertionConsumerURL("http://recipient.apache.org");
validator.setClientAddress("http://apache.org");
validator.setRequestId("12345");
validator.setSpIdentifier("http://service.apache.org");
try {
validator.validateSamlResponse(marshalledResponse, false);
fail("Expected failure on bad response");
} catch (WSSecurityException ex) {
// expected
}
}
use of org.opensaml.saml.saml2.core.Status in project cxf by apache.
the class SAMLSSOResponseValidatorTest method createResponse.
private Response createResponse(SubjectConfirmationDataBean subjectConfirmationData, SAML2CallbackHandler callbackHandler) throws Exception {
Document doc = DOMUtils.createDocument();
Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
// Create an AuthenticationAssertion
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
response.getAssertions().add(assertion.getSaml2());
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
assertNotNull(policyElement);
return (Response) OpenSAMLUtil.fromDom(policyElement);
}
use of org.opensaml.saml.saml2.core.Status in project cxf by apache.
the class SAML2PResponseComponentBuilder method createStatus.
@SuppressWarnings("unchecked")
public static Status createStatus(String statusCodeValue, String statusMessage) {
if (statusBuilder == null) {
statusBuilder = (SAMLObjectBuilder<Status>) builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
}
if (statusCodeBuilder == null) {
statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
}
if (statusMessageBuilder == null) {
statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
}
Status status = statusBuilder.buildObject();
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
return status;
}
use of org.opensaml.saml.saml2.core.Status in project cxf by apache.
the class SAML2PResponseComponentBuilder method createSAMLResponse.
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(String inResponseTo, String issuer, Status status) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>) builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
Aggregations