Search in sources :

Example 16 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class EncryptedResponseFromIdpValidator method validateAssertionPresence.

protected void validateAssertionPresence(Response response) {
    if (!response.getAssertions().isEmpty())
        throw new SamlValidationException(unencryptedAssertion());
    boolean responseWasSuccessful = response.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS);
    List<EncryptedAssertion> encryptedAssertions = response.getEncryptedAssertions();
    if (responseWasSuccessful && encryptedAssertions.isEmpty()) {
        throw new SamlValidationException(missingSuccessUnEncryptedAssertions());
    }
    if (!responseWasSuccessful && !encryptedAssertions.isEmpty()) {
        throw new SamlValidationException(nonSuccessHasUnEncryptedAssertions());
    }
    if (responseWasSuccessful && encryptedAssertions.size() != 2) {
        throw new SamlValidationException(unexpectedNumberOfAssertions(2, encryptedAssertions.size()));
    }
}
Also used : SamlValidationException(uk.gov.ida.saml.hub.exception.SamlValidationException) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)

Example 17 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class EidasAttributeQueryRequestBuilder method build.

public EidasAttributeQueryRequestDto build() {
    XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
    EncryptedAssertion encryptedIdentityAssertion = AssertionBuilder.anAssertion().withId(UUID.randomUUID().toString()).build();
    String encryptedIdentityAssertionString = toBase64EncodedStringTransformer.apply(encryptedIdentityAssertion);
    return anEidasAttributeQueryRequestDto().withEncryptedIdentityAssertion(encryptedIdentityAssertionString).build();
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) XMLObject(org.opensaml.core.xml.XMLObject) XmlObjectToBase64EncodedStringTransformer(uk.gov.ida.saml.serializers.XmlObjectToBase64EncodedStringTransformer)

Example 18 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method decryptEncryptedAssertions.

/**
 * Decrypt encrypted assertions and add them to the assertions list of the response.
 *
 * @param response  the response
 * @param decrypter the decrypter
 */
protected final void decryptEncryptedAssertions(final Response response, final Decrypter decrypter) {
    for (final EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) {
        try {
            final Assertion decryptedAssertion = decrypter.decrypt(encryptedAssertion);
            response.getAssertions().add(decryptedAssertion);
        } catch (final DecryptionException e) {
            logger.error("Decryption of assertion failed, continue with the next one", e);
        }
    }
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) DecryptionException(org.opensaml.xmlsec.encryption.support.DecryptionException) SAMLNameIdDecryptionException(org.pac4j.saml.exceptions.SAMLNameIdDecryptionException)

Example 19 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class HubAttributeQueryRequestToSamlAttributeQueryTransformerTest method transform_shouldContainBothMdsAndAuthnAssertionsEncrypted.

@Test
public void transform_shouldContainBothMdsAndAuthnAssertionsEncrypted() {
    HubAttributeQueryRequest originalQuery = aHubAttributeQueryRequest().withEncryptedMatchingDatasetAssertion(ENCRYPTED_MDS_ASSERTION).withEncryptedAuthnAssertion(ENCRYPTED_AUTHN_ASSERTION).build();
    final EncryptedAssertion value1 = new EncryptedAssertionBuilder().buildObject();
    final EncryptedAssertion value2 = new EncryptedAssertionBuilder().buildObject();
    when(encryptedAssertionUnmarshaller.transform(ENCRYPTED_MDS_ASSERTION)).thenReturn(value1);
    when(encryptedAssertionUnmarshaller.transform(ENCRYPTED_AUTHN_ASSERTION)).thenReturn(value2);
    AttributeQuery transformedQuery = transformer.apply(originalQuery);
    List<XMLObject> encryptedAssertions = transformedQuery.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().getUnknownXMLObjects(EncryptedAssertion.DEFAULT_ELEMENT_NAME);
    assertThat(encryptedAssertions.size()).isEqualTo(2);
    assertThat(encryptedAssertions).contains(value1, value2);
}
Also used : AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertionBuilder(org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder) XMLObject(org.opensaml.core.xml.XMLObject) HubAttributeQueryRequestBuilder.aHubAttributeQueryRequest(uk.gov.ida.saml.hub.test.builders.HubAttributeQueryRequestBuilder.aHubAttributeQueryRequest) HubAttributeQueryRequest(uk.gov.ida.saml.hub.domain.HubAttributeQueryRequest) Test(org.junit.jupiter.api.Test)

Example 20 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class OutboundResponseFromHubToSamlResponseTransformerTest method transformAssertions_shouldTransformMatchingServiceAssertions.

@Test
public void transformAssertions_shouldTransformMatchingServiceAssertions() throws Exception {
    PassthroughAssertion matchingServiceAssertion = aPassthroughAssertion().buildMatchingServiceAssertion();
    Response transformedResponse = aResponse().withNoDefaultAssertion().build();
    EncryptedAssertion transformedMatchingDatasetAssertion = anAssertion().build();
    when(encryptedAssertionUnmarshaller.transform(matchingServiceAssertion.getUnderlyingAssertionBlob())).thenReturn(transformedMatchingDatasetAssertion);
    String encryptedMatchingServiceAssertion = matchingServiceAssertion.getUnderlyingAssertionBlob();
    transformer.transformAssertions(anAuthnResponse().withEncryptedAssertions(Collections.singletonList(encryptedMatchingServiceAssertion)).buildOutboundResponseFromHub(), transformedResponse);
    assertThat(transformedResponse.getEncryptedAssertions().size()).isEqualTo(1);
    assertThat(transformedResponse.getEncryptedAssertions().get(0)).isEqualTo(transformedMatchingDatasetAssertion);
}
Also used : ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) ResponseForHubBuilder.anAuthnResponse(uk.gov.ida.saml.core.test.builders.ResponseForHubBuilder.anAuthnResponse) Response(org.opensaml.saml.saml2.core.Response) PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) PassthroughAssertionBuilder.aPassthroughAssertion(uk.gov.ida.saml.core.test.builders.PassthroughAssertionBuilder.aPassthroughAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Test(org.junit.jupiter.api.Test)

Aggregations

EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)29 Test (org.junit.jupiter.api.Test)17 Response (org.opensaml.saml.saml2.core.Response)17 Assertion (org.opensaml.saml.saml2.core.Assertion)11 XMLObject (org.opensaml.core.xml.XMLObject)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 ObjectOutputStream (java.io.ObjectOutputStream)4 EncryptedAssertionBuilder (org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder)4 IOException (java.io.IOException)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Element (org.w3c.dom.Element)3 Instant (java.time.Instant)2 Arrays (java.util.Arrays)2 Collections (java.util.Collections)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2 List (java.util.List)2 Map (java.util.Map)2 Consumer (java.util.function.Consumer)2 QName (javax.xml.namespace.QName)2