Example 16 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class EncryptedResponseFromIdpValidator method validateAssertionPresence.
protected void validateAssertionPresence(Response response) {
if (!response.getAssertions().isEmpty())
throw new SamlValidationException(unencryptedAssertion());
boolean responseWasSuccessful = response.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS);
List<EncryptedAssertion> encryptedAssertions = response.getEncryptedAssertions();
if (responseWasSuccessful && encryptedAssertions.isEmpty()) {
throw new SamlValidationException(missingSuccessUnEncryptedAssertions());
}
if (!responseWasSuccessful && !encryptedAssertions.isEmpty()) {
throw new SamlValidationException(nonSuccessHasUnEncryptedAssertions());
}
if (responseWasSuccessful && encryptedAssertions.size() != 2) {
throw new SamlValidationException(unexpectedNumberOfAssertions(2, encryptedAssertions.size()));
}
}
Also used :
SamlValidationException(uk.gov.ida.saml.hub.exception.SamlValidationException)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Example 17 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class EidasAttributeQueryRequestBuilder method build.
public EidasAttributeQueryRequestDto build() {
XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
EncryptedAssertion encryptedIdentityAssertion = AssertionBuilder.anAssertion().withId(UUID.randomUUID().toString()).build();
String encryptedIdentityAssertionString = toBase64EncodedStringTransformer.apply(encryptedIdentityAssertion);
return anEidasAttributeQueryRequestDto().withEncryptedIdentityAssertion(encryptedIdentityAssertionString).build();
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
XMLObject(org.opensaml.core.xml.XMLObject)
XmlObjectToBase64EncodedStringTransformer(uk.gov.ida.saml.serializers.XmlObjectToBase64EncodedStringTransformer)
Example 18 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project pac4j by pac4j.
the class SAML2DefaultResponseValidator method decryptEncryptedAssertions.
/**
* Decrypt encrypted assertions and add them to the assertions list of the response.
*
* @param response the response
* @param decrypter the decrypter
*/
protected final void decryptEncryptedAssertions(final Response response, final Decrypter decrypter) {
for (final EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) {
try {
final Assertion decryptedAssertion = decrypter.decrypt(encryptedAssertion);
response.getAssertions().add(decryptedAssertion);
} catch (final DecryptionException e) {
logger.error("Decryption of assertion failed, continue with the next one", e);
}
}
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
DecryptionException(org.opensaml.xmlsec.encryption.support.DecryptionException)
SAMLNameIdDecryptionException(org.pac4j.saml.exceptions.SAMLNameIdDecryptionException)
Example 19 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class HubAttributeQueryRequestToSamlAttributeQueryTransformerTest method transform_shouldContainBothMdsAndAuthnAssertionsEncrypted.
@Test
public void transform_shouldContainBothMdsAndAuthnAssertionsEncrypted() {
HubAttributeQueryRequest originalQuery = aHubAttributeQueryRequest().withEncryptedMatchingDatasetAssertion(ENCRYPTED_MDS_ASSERTION).withEncryptedAuthnAssertion(ENCRYPTED_AUTHN_ASSERTION).build();
final EncryptedAssertion value1 = new EncryptedAssertionBuilder().buildObject();
final EncryptedAssertion value2 = new EncryptedAssertionBuilder().buildObject();
when(encryptedAssertionUnmarshaller.transform(ENCRYPTED_MDS_ASSERTION)).thenReturn(value1);
when(encryptedAssertionUnmarshaller.transform(ENCRYPTED_AUTHN_ASSERTION)).thenReturn(value2);
AttributeQuery transformedQuery = transformer.apply(originalQuery);
List<XMLObject> encryptedAssertions = transformedQuery.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().getUnknownXMLObjects(EncryptedAssertion.DEFAULT_ELEMENT_NAME);
assertThat(encryptedAssertions.size()).isEqualTo(2);
assertThat(encryptedAssertions).contains(value1, value2);
}
Also used :
AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedAssertionBuilder(org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder)
XMLObject(org.opensaml.core.xml.XMLObject)
HubAttributeQueryRequestBuilder.aHubAttributeQueryRequest(uk.gov.ida.saml.hub.test.builders.HubAttributeQueryRequestBuilder.aHubAttributeQueryRequest)
HubAttributeQueryRequest(uk.gov.ida.saml.hub.domain.HubAttributeQueryRequest)
Test(org.junit.jupiter.api.Test)
Example 20 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class OutboundResponseFromHubToSamlResponseTransformerTest method transformAssertions_shouldTransformMatchingServiceAssertions.
@Test
public void transformAssertions_shouldTransformMatchingServiceAssertions() throws Exception {
PassthroughAssertion matchingServiceAssertion = aPassthroughAssertion().buildMatchingServiceAssertion();
Response transformedResponse = aResponse().withNoDefaultAssertion().build();
EncryptedAssertion transformedMatchingDatasetAssertion = anAssertion().build();
when(encryptedAssertionUnmarshaller.transform(matchingServiceAssertion.getUnderlyingAssertionBlob())).thenReturn(transformedMatchingDatasetAssertion);
String encryptedMatchingServiceAssertion = matchingServiceAssertion.getUnderlyingAssertionBlob();
transformer.transformAssertions(anAuthnResponse().withEncryptedAssertions(Collections.singletonList(encryptedMatchingServiceAssertion)).buildOutboundResponseFromHub(), transformedResponse);
assertThat(transformedResponse.getEncryptedAssertions().size()).isEqualTo(1);
assertThat(transformedResponse.getEncryptedAssertions().get(0)).isEqualTo(transformedMatchingDatasetAssertion);
}
Also used :
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
ResponseForHubBuilder.anAuthnResponse(uk.gov.ida.saml.core.test.builders.ResponseForHubBuilder.anAuthnResponse)
Response(org.opensaml.saml.saml2.core.Response)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
PassthroughAssertionBuilder.aPassthroughAssertion(uk.gov.ida.saml.core.test.builders.PassthroughAssertionBuilder.aPassthroughAssertion)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Test(org.junit.jupiter.api.Test)
Aggregations
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)29
Test (org.junit.jupiter.api.Test)17
Response (org.opensaml.saml.saml2.core.Response)17
Assertion (org.opensaml.saml.saml2.core.Assertion)11
XMLObject (org.opensaml.core.xml.XMLObject)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
ObjectOutputStream (java.io.ObjectOutputStream)4
EncryptedAssertionBuilder (org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder)4
IOException (java.io.IOException)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
Element (org.w3c.dom.Element)3
Instant (java.time.Instant)2
Arrays (java.util.Arrays)2
Collections (java.util.Collections)2
HashMap (java.util.HashMap)2
LinkedHashMap (java.util.LinkedHashMap)2
List (java.util.List)2
Map (java.util.Map)2
Consumer (java.util.function.Consumer)2
QName (javax.xml.namespace.QName)2
