use of org.opensaml.saml2.core.EncryptedAssertion in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
samlResponse.setIssuer(buildEntityIssuer());
samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.configBean, samlResponse);
if (service.isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
}
return samlResponse;
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class AttributeQueryRequestBuilder method build.
public AttributeQueryRequestDto build(String persistentIdName, String matchingDatasetAssertionId, String authnStatementAssertionId, String requestId) {
XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
final PersistentId persistentId = aPersistentId().withNameId(persistentIdName).buildSamlEnginePersistentId();
Assertion authnStatementAssertion = AssertionBuilder.anAssertion().withId(authnStatementAssertionId).buildUnencrypted();
String authnStatementAssertionString = toBase64EncodedStringTransformer.apply(authnStatementAssertion);
EncryptedAssertion encryptedMdsAssertion = AssertionBuilder.anAssertion().withId(matchingDatasetAssertionId).build();
String encryptedMdsAssertionString = toBase64EncodedStringTransformer.apply(encryptedMdsAssertion);
return aHubMatchingServiceRequestDto().withId(requestId).withMatchingServiceEntityId(TestEntityIds.TEST_RP_MS).withPersistentId(persistentId).withEncryptedMatchingDatasetAssertion(encryptedMdsAssertionString).withAuthnStatementAssertion(authnStatementAssertionString).build();
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class AssertionDecrypter method unmarshall.
private EncryptedAssertion unmarshall(Element element) {
UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
try {
return (EncryptedAssertion) unmarshaller.unmarshall(element);
} catch (UnmarshallingException e) {
throw new RuntimeException(e);
}
}
use of org.opensaml.saml2.core.EncryptedAssertion in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method encryptAssertion.
/**
* Encrypt assertion.
*
* @param assertion the assertion
* @param request the request
* @param response the response
* @param service the service
* @param adaptor the adaptor
* @return the saml object
* @throws SamlException the saml exception
*/
protected SAMLObject encryptAssertion(final Assertion assertion, final HttpServletRequest request, final HttpServletResponse response, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
if (service.isEncryptAssertions()) {
LOGGER.debug("SAML service [{}] requires assertions to be encrypted", adaptor.getEntityId());
final EncryptedAssertion encryptedAssertion = this.samlObjectEncrypter.encode(assertion, service, adaptor, response, request);
return encryptedAssertion;
}
LOGGER.debug("SAML registered service [{}] does not require assertions to be encrypted", adaptor.getEntityId());
return assertion;
}
use of org.opensaml.saml2.core.EncryptedAssertion in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
public Response buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
samlResponse.setIssuer(buildEntityIssuer());
if (casProperties.getAuthn().getSamlIdp().isAttributeQueryProfileEnabled()) {
storeAttributeQueryTicketInRegistry(assertion, request, adaptor);
}
final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
final Status status = newStatus(StatusCode.SUCCESS, null);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.configBean, samlResponse);
if (service.isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request, binding);
SamlUtils.logSamlObject(configBean, samlResponse);
}
return samlResponse;
}
Aggregations