use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class EncryptedResponseFromIdpValidator method validateAssertionPresence.
protected void validateAssertionPresence(Response response) {
if (!response.getAssertions().isEmpty())
throw new SamlValidationException(unencryptedAssertion());
boolean responseWasSuccessful = response.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS);
List<EncryptedAssertion> encryptedAssertions = response.getEncryptedAssertions();
if (responseWasSuccessful && encryptedAssertions.isEmpty()) {
throw new SamlValidationException(missingSuccessUnEncryptedAssertions());
}
if (!responseWasSuccessful && !encryptedAssertions.isEmpty()) {
throw new SamlValidationException(nonSuccessHasUnEncryptedAssertions());
}
if (responseWasSuccessful && encryptedAssertions.size() != 2) {
throw new SamlValidationException(unexpectedNumberOfAssertions(2, encryptedAssertions.size()));
}
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class EidasAttributeQueryRequestBuilder method build.
public EidasAttributeQueryRequestDto build() {
XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
EncryptedAssertion encryptedIdentityAssertion = AssertionBuilder.anAssertion().withId(UUID.randomUUID().toString()).build();
String encryptedIdentityAssertionString = toBase64EncodedStringTransformer.apply(encryptedIdentityAssertion);
return anEidasAttributeQueryRequestDto().withEncryptedIdentityAssertion(encryptedIdentityAssertionString).build();
}
use of org.opensaml.saml2.core.EncryptedAssertion in project pac4j by pac4j.
the class SAML2DefaultResponseValidator method decryptEncryptedAssertions.
/**
* Decrypt encrypted assertions and add them to the assertions list of the response.
*
* @param response the response
* @param decrypter the decrypter
*/
protected final void decryptEncryptedAssertions(final Response response, final Decrypter decrypter) {
for (final EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) {
try {
final Assertion decryptedAssertion = decrypter.decrypt(encryptedAssertion);
response.getAssertions().add(decryptedAssertion);
} catch (final DecryptionException e) {
logger.error("Decryption of assertion failed, continue with the next one", e);
}
}
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class HubAttributeQueryRequestToSamlAttributeQueryTransformerTest method transform_shouldContainBothMdsAndAuthnAssertionsEncrypted.
@Test
public void transform_shouldContainBothMdsAndAuthnAssertionsEncrypted() {
HubAttributeQueryRequest originalQuery = aHubAttributeQueryRequest().withEncryptedMatchingDatasetAssertion(ENCRYPTED_MDS_ASSERTION).withEncryptedAuthnAssertion(ENCRYPTED_AUTHN_ASSERTION).build();
final EncryptedAssertion value1 = new EncryptedAssertionBuilder().buildObject();
final EncryptedAssertion value2 = new EncryptedAssertionBuilder().buildObject();
when(encryptedAssertionUnmarshaller.transform(ENCRYPTED_MDS_ASSERTION)).thenReturn(value1);
when(encryptedAssertionUnmarshaller.transform(ENCRYPTED_AUTHN_ASSERTION)).thenReturn(value2);
AttributeQuery transformedQuery = transformer.apply(originalQuery);
List<XMLObject> encryptedAssertions = transformedQuery.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().getUnknownXMLObjects(EncryptedAssertion.DEFAULT_ELEMENT_NAME);
assertThat(encryptedAssertions.size()).isEqualTo(2);
assertThat(encryptedAssertions).contains(value1, value2);
}
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class OutboundResponseFromHubToSamlResponseTransformerTest method transformAssertions_shouldTransformMatchingServiceAssertions.
@Test
public void transformAssertions_shouldTransformMatchingServiceAssertions() throws Exception {
PassthroughAssertion matchingServiceAssertion = aPassthroughAssertion().buildMatchingServiceAssertion();
Response transformedResponse = aResponse().withNoDefaultAssertion().build();
EncryptedAssertion transformedMatchingDatasetAssertion = anAssertion().build();
when(encryptedAssertionUnmarshaller.transform(matchingServiceAssertion.getUnderlyingAssertionBlob())).thenReturn(transformedMatchingDatasetAssertion);
String encryptedMatchingServiceAssertion = matchingServiceAssertion.getUnderlyingAssertionBlob();
transformer.transformAssertions(anAuthnResponse().withEncryptedAssertions(Collections.singletonList(encryptedMatchingServiceAssertion)).buildOutboundResponseFromHub(), transformedResponse);
assertThat(transformedResponse.getEncryptedAssertions().size()).isEqualTo(1);
assertThat(transformedResponse.getEncryptedAssertions().get(0)).isEqualTo(transformedMatchingDatasetAssertion);
}
Aggregations