Examples with Assertion org.opensaml.saml2.core.Assertion used on opensource projects

Search in sources :

Example 46 with Assertion

use of org.opensaml.saml2.core.Assertion in project ddf by codice.

the class SamlAssertionValidatorImplTest method createHolderOfKeyAssertion.

private Assertion createHolderOfKeyAssertion() throws Exception {
    Assertion assertion = new AssertionBuilder().buildObject();
    assertion.setID(UUID.randomUUID().toString());
    assertion.setIssueInstant(new DateTime());
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(ISSUER);
    assertion.setIssuer(issuer);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
    nameID.setNameQualifier("http://cxf.apache.org/sts");
    nameID.setValue("admin");
    X509SubjectName x509SubjectName = new X509SubjectNameBuilder().buildObject();
    x509SubjectName.setValue("EMAILADDRESS=localhost@example.org, CN=localhost, OU=Dev, O=DDF, ST=AZ, C=US");
    org.opensaml.xmlsec.signature.X509Certificate x509Certificate = new X509CertificateBuilder().buildObject();
    byte[] certBytes = certificate.getEncoded();
    String certString = new String(Base64.encode(certBytes));
    x509Certificate.setValue(certString);
    X509Data x509Data = new X509DataBuilder().buildObject();
    x509Data.getX509SubjectNames().add(x509SubjectName);
    x509Data.getX509Certificates().add(x509Certificate);
    KeyInfo keyInfo = new KeyInfoBuilder().buildObject();
    keyInfo.getX509Datas().add(x509Data);
    KeyInfoConfirmationDataType keyInfoConfirmationDataType = new KeyInfoConfirmationDataTypeBuilder().buildObject();
    keyInfoConfirmationDataType.getKeyInfos().add(keyInfo);
    SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
    subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
    subjectConfirmation.setSubjectConfirmationData(keyInfoConfirmationDataType);
    Subject subject = new SubjectBuilder().buildObject();
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    assertion.setSubject(subject);
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(new DateTime().minusDays(3));
    conditions.setNotOnOrAfter(new DateTime().plusDays(3));
    assertion.setConditions(conditions);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setAuthnInstant(new DateTime());
    AuthnContext authnContext = new AuthnContextBuilder().buildObject();
    AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
    authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
    authnContext.setAuthnContextClassRef(authnContextClassRef);
    authnStatement.setAuthnContext(authnContext);
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    Attribute attribute = new AttributeBuilder().buildObject();
    AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
    attributeValue.setValue("admin");
    attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
    attribute.getAttributeValues().add(attributeValue);
    attributeStatement.getAttributes().add(attribute);
    assertion.getAttributeStatements().add(attributeStatement);
    Signature signature = OpenSAMLUtil.buildSignature();
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    signature.setSignatureAlgorithm(WSS4JConstants.RSA);
    BasicX509Credential signingCredential;
    signingCredential = new BasicX509Credential(certificate);
    signingCredential.setPrivateKey(privateKey);
    signature.setSigningCredential(signingCredential);
    X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
    KeyInfo signatureKeyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
    signature.setKeyInfo(signatureKeyInfo);
    assertion.setSignature(signature);
    return assertion;
}
Also used : Issuer(org.opensaml.saml.saml2.core.Issuer) KeyInfoBuilder(org.opensaml.xmlsec.signature.impl.KeyInfoBuilder) Attribute(org.opensaml.saml.saml2.core.Attribute) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) AuthnStatementBuilder(org.opensaml.saml.saml2.core.impl.AuthnStatementBuilder) AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder) X509Data(org.opensaml.xmlsec.signature.X509Data) DateTime(org.joda.time.DateTime) Conditions(org.opensaml.saml.saml2.core.Conditions) AuthnContext(org.opensaml.saml.saml2.core.AuthnContext) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) X509DataBuilder(org.opensaml.xmlsec.signature.impl.X509DataBuilder) SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SubjectBuilder(org.opensaml.saml.saml2.core.impl.SubjectBuilder) SubjectConfirmationBuilder(org.opensaml.saml.saml2.core.impl.SubjectConfirmationBuilder) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory) AttributeStatementBuilder(org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder) AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder) X509SubjectNameBuilder(org.opensaml.xmlsec.signature.impl.X509SubjectNameBuilder) KeyInfoConfirmationDataTypeBuilder(org.opensaml.saml.saml2.core.impl.KeyInfoConfirmationDataTypeBuilder) NameID(org.opensaml.saml.saml2.core.NameID) AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType) AuthnContextBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextBuilder) Assertion(org.opensaml.saml.saml2.core.Assertion) X509CertificateBuilder(org.opensaml.xmlsec.signature.impl.X509CertificateBuilder) KeyInfoConfirmationDataType(org.opensaml.saml.saml2.core.KeyInfoConfirmationDataType) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) AssertionBuilder(org.opensaml.saml.saml2.core.impl.AssertionBuilder) Subject(org.opensaml.saml.saml2.core.Subject) ConditionsBuilder(org.opensaml.saml.saml2.core.impl.ConditionsBuilder) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Signature(org.opensaml.xmlsec.signature.Signature) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) X509SubjectName(org.opensaml.xmlsec.signature.X509SubjectName) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) AttributeValueTypeImplBuilder(org.opensaml.xacml.ctx.impl.AttributeValueTypeImplBuilder)

Example 47 with Assertion

use of org.opensaml.saml2.core.Assertion in project verify-hub by alphagov.

the class IdpResponseValidatorTest method shouldValidateSamlAssertionSignature.

@Test
public void shouldValidateSamlAssertionSignature() {
    Assertion assertion = mock(Assertion.class);
    List<Assertion> assertions = ImmutableList.of(assertion);
    ValidatedResponse validatedResponse = mock(ValidatedResponse.class);
    when(samlResponseSignatureValidator.validate(response, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validatedResponse);
    when(assertionDecrypter.decryptAssertions(validatedResponse)).thenReturn(assertions);
    validator.validate(response);
    verify(samlAssertionsSignatureValidator).validate(assertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
}
Also used : Assertion(org.opensaml.saml.saml2.core.Assertion) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) Test(org.junit.jupiter.api.Test)

Example 48 with Assertion

use of org.opensaml.saml2.core.Assertion in project verify-hub by alphagov.

the class IdpResponseValidatorTest method shouldIncrementCounterWheneverADecrypterFailsToDecrypt.

@Test
public void shouldIncrementCounterWheneverADecrypterFailsToDecrypt() throws Exception {
    String issuerValue = "issuerValue";
    Assertion assertion = mock(Assertion.class);
    List<Assertion> assertions = ImmutableList.of(assertion);
    ValidatedResponse validatedResponse = mock(ValidatedResponse.class);
    Issuer responseIssuer = mock(Issuer.class);
    Counter idpDecryptionErrorCounter = mock(Counter.class);
    Counter.Child childCounter = mock(Counter.Child.class);
    setFinalStatic(IdpResponseValidator.class.getDeclaredField("idpDecryptionErrorCounter"), idpDecryptionErrorCounter);
    when(validatedResponse.getIssuer()).thenReturn(responseIssuer);
    when(responseIssuer.getValue()).thenReturn(issuerValue);
    when(samlResponseSignatureValidator.validate(response, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validatedResponse);
    when(assertionDecrypter.decryptAssertions(validatedResponse)).thenThrow(SamlFailedToDecryptException.class);
    when(badAssertionDecrypter.decryptAssertions(validatedResponse)).thenReturn(assertions);
    when(idpDecryptionErrorCounter.labels(anyString())).thenReturn(childCounter);
    doNothing().when(childCounter).inc();
    validator.validate(response);
    String expectedMessage = String.format("IdpResponseValidator failed to decrypt assertions from issuerValue with one of the decrypters", issuerValue);
    verify(mockAppender).doAppend(captorLoggingEvent.capture());
    LoggingEvent loggingEvent = captorLoggingEvent.getValue();
    assertThat(loggingEvent.getLevel()).isEqualTo(Level.WARN);
    assertThat(loggingEvent.getFormattedMessage()).isEqualTo(expectedMessage);
    verify(idpDecryptionErrorCounter).labels(validatedResponse.getIssuer().getValue());
    verify(childCounter).inc();
}
Also used : ILoggingEvent(ch.qos.logback.classic.spi.ILoggingEvent) LoggingEvent(ch.qos.logback.classic.spi.LoggingEvent) Counter(io.prometheus.client.Counter) Issuer(org.opensaml.saml.saml2.core.Issuer) Assertion(org.opensaml.saml.saml2.core.Assertion) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) Test(org.junit.jupiter.api.Test)

Example 49 with Assertion

use of org.opensaml.saml2.core.Assertion in project verify-hub by alphagov.

the class EncryptedResponseFromMatchingServiceValidatorTest method validateResponse_shouldThrowExceptionIfResponseHasUnencryptedAssertion.

@Test
public void validateResponse_shouldThrowExceptionIfResponseHasUnencryptedAssertion() throws Exception {
    Assertion assertion = anAssertion().buildUnencrypted();
    Response response = aResponse().withStatus(happyStatus).addAssertion(assertion).build();
    assertValidationFailure(response, unencryptedAssertion());
}
Also used : ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) Response(org.opensaml.saml.saml2.core.Response) AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Test(org.junit.jupiter.api.Test)

Example 50 with Assertion

use of org.opensaml.saml2.core.Assertion in project verify-hub by alphagov.

the class MatchingServiceResponseValidatorTest method shouldValidateSamlAssertionSignature.

@Test
public void shouldValidateSamlAssertionSignature() {
    Assertion assertion = mock(Assertion.class);
    List<Assertion> assertions = ImmutableList.of(assertion);
    ValidatedResponse validatedResponse = mock(ValidatedResponse.class);
    when(samlResponseSignatureValidator.validate(response, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validatedResponse);
    when(assertionDecrypter.decryptAssertions(validatedResponse)).thenReturn(assertions);
    validator.validate(response);
    verify(samlAssertionsSignatureValidator).validate(assertions, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
}
Also used : Assertion(org.opensaml.saml.saml2.core.Assertion) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) Test(org.junit.jupiter.api.Test)

Aggregations

Assertion (org.opensaml.saml.saml2.core.Assertion)175 Test (org.junit.jupiter.api.Test)118 Response (org.opensaml.saml.saml2.core.Response)62 AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)61 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)58 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)43 Attribute (org.opensaml.saml.saml2.core.Attribute)25 DateTime (org.joda.time.DateTime)22 Element (org.w3c.dom.Element)22 NameID (org.opensaml.saml.saml2.core.NameID)20 XMLObject (org.opensaml.core.xml.XMLObject)19 PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)17 ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)15 Authentication (org.springframework.security.core.Authentication)14 SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)13 Test (org.junit.Test)12 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)12 Conditions (org.opensaml.saml.saml2.core.Conditions)12 HashMap (java.util.HashMap)11 NameIDBuilder (org.opensaml.saml.saml2.core.impl.NameIDBuilder)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial