use of org.opensaml.saml2.core.EncryptedAssertion in project cas by apereo.
the class SamlProfileSaml2ResponseBuilder method buildResponse.
@Override
public Response buildResponse(final Assertion assertion, final SamlProfileBuilderContext context) throws Exception {
val id = '_' + String.valueOf(RandomUtils.nextLong());
val samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), context.getSamlRequest().getID(), null);
samlResponse.setVersion(SAMLVersion.VERSION_20);
val issuerId = FunctionUtils.doIf(StringUtils.isNotBlank(context.getRegisteredService().getIssuerEntityId()), context.getRegisteredService()::getIssuerEntityId, Unchecked.supplier(() -> {
val criteriaSet = new CriteriaSet(new EvaluableEntityRoleEntityDescriptorCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME), new SamlIdPSamlRegisteredServiceCriterion(context.getRegisteredService()));
LOGGER.trace("Resolving entity id from SAML2 IdP metadata to determine issuer for [{}]", context.getRegisteredService().getName());
val entityDescriptor = Objects.requireNonNull(getConfigurationContext().getSamlIdPMetadataResolver().resolveSingle(criteriaSet));
return entityDescriptor.getEntityID();
})).get();
samlResponse.setIssuer(buildSamlResponseIssuer(issuerId));
val acs = SamlIdPUtils.determineEndpointForRequest(Pair.of(context.getSamlRequest(), context.getMessageContext()), context.getAdaptor(), context.getBinding());
val location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
samlResponse.setDestination(location);
if (getConfigurationContext().getCasProperties().getAuthn().getSamlIdp().getCore().isAttributeQueryProfileEnabled()) {
storeAttributeQueryTicketInRegistry(assertion, context);
}
val finalAssertion = encryptAssertion(assertion, context);
if (finalAssertion instanceof EncryptedAssertion) {
LOGGER.trace("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
} else {
LOGGER.trace("Built assertion is not encrypted, so the response will add it to the assertions collection");
samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
}
val status = newStatus(StatusCode.SUCCESS, null);
samlResponse.setStatus(status);
SamlUtils.logSamlObject(this.openSamlConfigBean, samlResponse);
if (context.getRegisteredService().isSignResponses()) {
LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", context.getAdaptor().getEntityId());
val samlResponseSigned = getConfigurationContext().getSamlObjectSigner().encode(samlResponse, context.getRegisteredService(), context.getAdaptor(), context.getHttpResponse(), context.getHttpRequest(), context.getBinding(), context.getSamlRequest(), context.getMessageContext());
SamlUtils.logSamlObject(openSamlConfigBean, samlResponseSigned);
return samlResponseSigned;
}
return samlResponse;
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class EncryptedResponseFromIdpValidatorTest method validate_shouldThrowIfResponseContainsTooFewAssertions.
@Test
public void validate_shouldThrowIfResponseContainsTooFewAssertions() throws Exception {
EncryptedAssertion assertion = anAssertion().build();
Response response = aResponse().addEncryptedAssertion(assertion).build();
assertValidationFailure(response, unexpectedNumberOfAssertions(2, 1));
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class AssertionDecrypter method unmarshall.
private EncryptedAssertion unmarshall(Element element) {
UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
try {
return (EncryptedAssertion) unmarshaller.unmarshall(element);
} catch (UnmarshallingException e) {
throw new RuntimeException(e);
}
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class AttributeQueryRequestBuilder method build.
public AttributeQueryRequestDto build(String persistentIdName, String matchingDatasetAssertionId, String authnStatementAssertionId, String requestId) {
XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
final PersistentId persistentId = aPersistentId().withNameId(persistentIdName).buildSamlEnginePersistentId();
EncryptedAssertion encryptedAuthnAssertion = AssertionBuilder.anAssertion().withId(authnStatementAssertionId).build();
String encryptedAuthnAssertionString = toBase64EncodedStringTransformer.apply(encryptedAuthnAssertion);
EncryptedAssertion encryptedMdsAssertion = AssertionBuilder.anAssertion().withId(matchingDatasetAssertionId).build();
String encryptedMdsAssertionString = toBase64EncodedStringTransformer.apply(encryptedMdsAssertion);
return aHubMatchingServiceRequestDto().withId(requestId).withMatchingServiceEntityId(TestEntityIds.TEST_RP_MS).withPersistentId(persistentId).withEncryptedMatchingDatasetAssertion(encryptedMdsAssertionString).withEncryptedAuthnAssertion(encryptedAuthnAssertionString).build();
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class EncryptedAssertionUnmarshallerTest method shouldCreateAEncryptedAssertionObjectFromAGivenString.
@Test
public void shouldCreateAEncryptedAssertionObjectFromAGivenString() {
EncryptedAssertionUnmarshaller encryptedAssertionUnmarshaller = new EncryptedAssertionUnmarshaller(stringToEncryptedAssertionTransformer);
final EncryptedAssertion expected = new EncryptedAssertionBuilder().buildObject();
when(stringToEncryptedAssertionTransformer.apply(ENCRYPTED_ASSERTION_BLOB)).thenReturn(expected);
final EncryptedAssertion encryptedAssertion = encryptedAssertionUnmarshaller.transform(ENCRYPTED_ASSERTION_BLOB);
assertThat(encryptedAssertion).isEqualTo(expected);
}
Aggregations