Search in sources :

Example 11 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project cas by apereo.

the class SamlProfileSaml2ResponseBuilder method buildResponse.

@Override
public Response buildResponse(final Assertion assertion, final SamlProfileBuilderContext context) throws Exception {
    val id = '_' + String.valueOf(RandomUtils.nextLong());
    val samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), context.getSamlRequest().getID(), null);
    samlResponse.setVersion(SAMLVersion.VERSION_20);
    val issuerId = FunctionUtils.doIf(StringUtils.isNotBlank(context.getRegisteredService().getIssuerEntityId()), context.getRegisteredService()::getIssuerEntityId, Unchecked.supplier(() -> {
        val criteriaSet = new CriteriaSet(new EvaluableEntityRoleEntityDescriptorCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME), new SamlIdPSamlRegisteredServiceCriterion(context.getRegisteredService()));
        LOGGER.trace("Resolving entity id from SAML2 IdP metadata to determine issuer for [{}]", context.getRegisteredService().getName());
        val entityDescriptor = Objects.requireNonNull(getConfigurationContext().getSamlIdPMetadataResolver().resolveSingle(criteriaSet));
        return entityDescriptor.getEntityID();
    })).get();
    samlResponse.setIssuer(buildSamlResponseIssuer(issuerId));
    val acs = SamlIdPUtils.determineEndpointForRequest(Pair.of(context.getSamlRequest(), context.getMessageContext()), context.getAdaptor(), context.getBinding());
    val location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
    samlResponse.setDestination(location);
    if (getConfigurationContext().getCasProperties().getAuthn().getSamlIdp().getCore().isAttributeQueryProfileEnabled()) {
        storeAttributeQueryTicketInRegistry(assertion, context);
    }
    val finalAssertion = encryptAssertion(assertion, context);
    if (finalAssertion instanceof EncryptedAssertion) {
        LOGGER.trace("Built assertion is encrypted, so the response will add it to the encrypted assertions collection");
        samlResponse.getEncryptedAssertions().add(EncryptedAssertion.class.cast(finalAssertion));
    } else {
        LOGGER.trace("Built assertion is not encrypted, so the response will add it to the assertions collection");
        samlResponse.getAssertions().add(Assertion.class.cast(finalAssertion));
    }
    val status = newStatus(StatusCode.SUCCESS, null);
    samlResponse.setStatus(status);
    SamlUtils.logSamlObject(this.openSamlConfigBean, samlResponse);
    if (context.getRegisteredService().isSignResponses()) {
        LOGGER.debug("SAML entity id [{}] indicates that SAML responses should be signed", context.getAdaptor().getEntityId());
        val samlResponseSigned = getConfigurationContext().getSamlObjectSigner().encode(samlResponse, context.getRegisteredService(), context.getAdaptor(), context.getHttpResponse(), context.getHttpRequest(), context.getBinding(), context.getSamlRequest(), context.getMessageContext());
        SamlUtils.logSamlObject(openSamlConfigBean, samlResponseSigned);
        return samlResponseSigned;
    }
    return samlResponse;
}
Also used : lombok.val(lombok.val) EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion)

Example 12 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class EncryptedResponseFromIdpValidatorTest method validate_shouldThrowIfResponseContainsTooFewAssertions.

@Test
public void validate_shouldThrowIfResponseContainsTooFewAssertions() throws Exception {
    EncryptedAssertion assertion = anAssertion().build();
    Response response = aResponse().addEncryptedAssertion(assertion).build();
    assertValidationFailure(response, unexpectedNumberOfAssertions(2, 1));
}
Also used : Response(org.opensaml.saml.saml2.core.Response) ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Test(org.junit.jupiter.api.Test)

Example 13 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class AssertionDecrypter method unmarshall.

private EncryptedAssertion unmarshall(Element element) {
    UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
    Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
    try {
        return (EncryptedAssertion) unmarshaller.unmarshall(element);
    } catch (UnmarshallingException e) {
        throw new RuntimeException(e);
    }
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) UnmarshallerFactory(org.opensaml.core.xml.io.UnmarshallerFactory) Unmarshaller(org.opensaml.core.xml.io.Unmarshaller) UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException)

Example 14 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class AttributeQueryRequestBuilder method build.

public AttributeQueryRequestDto build(String persistentIdName, String matchingDatasetAssertionId, String authnStatementAssertionId, String requestId) {
    XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
    final PersistentId persistentId = aPersistentId().withNameId(persistentIdName).buildSamlEnginePersistentId();
    EncryptedAssertion encryptedAuthnAssertion = AssertionBuilder.anAssertion().withId(authnStatementAssertionId).build();
    String encryptedAuthnAssertionString = toBase64EncodedStringTransformer.apply(encryptedAuthnAssertion);
    EncryptedAssertion encryptedMdsAssertion = AssertionBuilder.anAssertion().withId(matchingDatasetAssertionId).build();
    String encryptedMdsAssertionString = toBase64EncodedStringTransformer.apply(encryptedMdsAssertion);
    return aHubMatchingServiceRequestDto().withId(requestId).withMatchingServiceEntityId(TestEntityIds.TEST_RP_MS).withPersistentId(persistentId).withEncryptedMatchingDatasetAssertion(encryptedMdsAssertionString).withEncryptedAuthnAssertion(encryptedAuthnAssertionString).build();
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) XMLObject(org.opensaml.core.xml.XMLObject) XmlObjectToBase64EncodedStringTransformer(uk.gov.ida.saml.serializers.XmlObjectToBase64EncodedStringTransformer) PersistentId(uk.gov.ida.hub.samlengine.domain.PersistentId) PersistentIdBuilder.aPersistentId(uk.gov.ida.hub.samlengine.builders.PersistentIdBuilder.aPersistentId)

Example 15 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class EncryptedAssertionUnmarshallerTest method shouldCreateAEncryptedAssertionObjectFromAGivenString.

@Test
public void shouldCreateAEncryptedAssertionObjectFromAGivenString() {
    EncryptedAssertionUnmarshaller encryptedAssertionUnmarshaller = new EncryptedAssertionUnmarshaller(stringToEncryptedAssertionTransformer);
    final EncryptedAssertion expected = new EncryptedAssertionBuilder().buildObject();
    when(stringToEncryptedAssertionTransformer.apply(ENCRYPTED_ASSERTION_BLOB)).thenReturn(expected);
    final EncryptedAssertion encryptedAssertion = encryptedAssertionUnmarshaller.transform(ENCRYPTED_ASSERTION_BLOB);
    assertThat(encryptedAssertion).isEqualTo(expected);
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertionBuilder(org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder) Test(org.junit.jupiter.api.Test)

Aggregations

EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)29 Test (org.junit.jupiter.api.Test)17 Response (org.opensaml.saml.saml2.core.Response)17 Assertion (org.opensaml.saml.saml2.core.Assertion)11 XMLObject (org.opensaml.core.xml.XMLObject)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 ObjectOutputStream (java.io.ObjectOutputStream)4 EncryptedAssertionBuilder (org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder)4 IOException (java.io.IOException)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Element (org.w3c.dom.Element)3 Instant (java.time.Instant)2 Arrays (java.util.Arrays)2 Collections (java.util.Collections)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2 List (java.util.List)2 Map (java.util.Map)2 Consumer (java.util.function.Consumer)2 QName (javax.xml.namespace.QName)2