Search in sources :

Example 1 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method buildResponse.

@Override
protected Response buildResponse(final Assertion assertion, final org.jasig.cas.client.validation.Assertion casAssertion, final AuthnRequest authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response) throws SamlException {
    final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
    Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
    samlResponse.setVersion(SAMLVersion.VERSION_20);
    samlResponse.setIssuer(buildEntityIssuer());
    samlResponse.setConsent(RequestAbstractType.UNSPECIFIED_CONSENT);
    final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
    if (finalAssertion instanceof EncryptedAssertion) {
        LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
        samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
    } else {
        LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
        samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
    }
    final Status status = newStatus(StatusCode.SUCCESS, StatusCode.SUCCESS);
    samlResponse.setStatus(status);
    SamlUtils.logSamlObject(this.configBean, samlResponse);
    if (service.isSignResponses()) {
        LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
        samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request);
    }
    return samlResponse;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) Status(org.opensaml.saml.saml2.core.Status) SAMLObject(org.opensaml.saml.common.SAMLObject) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) SecureRandom(java.security.SecureRandom)

Example 2 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class AttributeQueryRequestBuilder method build.

public AttributeQueryRequestDto build(String persistentIdName, String matchingDatasetAssertionId, String authnStatementAssertionId, String requestId) {
    XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
    final PersistentId persistentId = aPersistentId().withNameId(persistentIdName).buildSamlEnginePersistentId();
    Assertion authnStatementAssertion = AssertionBuilder.anAssertion().withId(authnStatementAssertionId).buildUnencrypted();
    String authnStatementAssertionString = toBase64EncodedStringTransformer.apply(authnStatementAssertion);
    EncryptedAssertion encryptedMdsAssertion = AssertionBuilder.anAssertion().withId(matchingDatasetAssertionId).build();
    String encryptedMdsAssertionString = toBase64EncodedStringTransformer.apply(encryptedMdsAssertion);
    return aHubMatchingServiceRequestDto().withId(requestId).withMatchingServiceEntityId(TestEntityIds.TEST_RP_MS).withPersistentId(persistentId).withEncryptedMatchingDatasetAssertion(encryptedMdsAssertionString).withAuthnStatementAssertion(authnStatementAssertionString).build();
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) XMLObject(org.opensaml.core.xml.XMLObject) XmlObjectToBase64EncodedStringTransformer(uk.gov.ida.saml.serializers.XmlObjectToBase64EncodedStringTransformer) PersistentId(uk.gov.ida.hub.samlengine.domain.PersistentId) PersistentIdBuilder.aPersistentId(uk.gov.ida.hub.samlengine.builders.PersistentIdBuilder.aPersistentId)

Example 3 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class AssertionDecrypter method unmarshall.

private EncryptedAssertion unmarshall(Element element) {
    UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
    Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
    try {
        return (EncryptedAssertion) unmarshaller.unmarshall(element);
    } catch (UnmarshallingException e) {
        throw new RuntimeException(e);
    }
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) UnmarshallerFactory(org.opensaml.core.xml.io.UnmarshallerFactory) Unmarshaller(org.opensaml.core.xml.io.Unmarshaller) UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException)

Example 4 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project cas by apereo.

the class BaseSamlProfileSamlResponseBuilder method encryptAssertion.

/**
 * Encrypt assertion.
 *
 * @param assertion the assertion
 * @param request   the request
 * @param response  the response
 * @param service   the service
 * @param adaptor   the adaptor
 * @return the saml object
 * @throws SamlException the saml exception
 */
protected SAMLObject encryptAssertion(final Assertion assertion, final HttpServletRequest request, final HttpServletResponse response, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
    if (service.isEncryptAssertions()) {
        LOGGER.debug("SAML service [{}] requires assertions to be encrypted", adaptor.getEntityId());
        final EncryptedAssertion encryptedAssertion = this.samlObjectEncrypter.encode(assertion, service, adaptor, response, request);
        return encryptedAssertion;
    }
    LOGGER.debug("SAML registered service [{}] does not require assertions to be encrypted", adaptor.getEntityId());
    return assertion;
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)

Example 5 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method buildResponse.

@Override
public Response buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
    final String id = '_' + String.valueOf(Math.abs(RandomUtils.getNativeInstance().nextLong()));
    Response samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null);
    samlResponse.setVersion(SAMLVersion.VERSION_20);
    samlResponse.setIssuer(buildEntityIssuer());
    if (casProperties.getAuthn().getSamlIdp().isAttributeQueryProfileEnabled()) {
        storeAttributeQueryTicketInRegistry(assertion, request, adaptor);
    }
    final SAMLObject finalAssertion = encryptAssertion(assertion, request, response, service, adaptor);
    if (finalAssertion instanceof EncryptedAssertion) {
        LOGGER.debug("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
        samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
    } else {
        LOGGER.debug("Built assertion is not encrypted, so the response will add it to the assertions collection");
        samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
    }
    final Status status = newStatus(StatusCode.SUCCESS, null);
    samlResponse.setStatus(status);
    SamlUtils.logSamlObject(this.configBean, samlResponse);
    if (service.isSignResponses()) {
        LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", adaptor.getEntityId());
        samlResponse = this.samlObjectSigner.encode(samlResponse, service, adaptor, response, request, binding);
        SamlUtils.logSamlObject(configBean, samlResponse);
    }
    return samlResponse;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) Status(org.opensaml.saml.saml2.core.Status) SAMLObject(org.opensaml.saml.common.SAMLObject) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion)

Aggregations

EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)21 Response (org.opensaml.saml.saml2.core.Response)14 Test (org.junit.jupiter.api.Test)12 Assertion (org.opensaml.saml.saml2.core.Assertion)11 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 ObjectOutputStream (java.io.ObjectOutputStream)4 XMLObject (org.opensaml.core.xml.XMLObject)4 IOException (java.io.IOException)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Element (org.w3c.dom.Element)3 Instant (java.time.Instant)2 Arrays (java.util.Arrays)2 Collections (java.util.Collections)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2 List (java.util.List)2 Map (java.util.Map)2 Consumer (java.util.function.Consumer)2 QName (javax.xml.namespace.QName)2 SerializeSupport (net.shibboleth.utilities.java.support.xml.SerializeSupport)2