Example 21 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class AssertionDecrypter method decryptAssertion.
public Assertion decryptAssertion(String base64EncodedBlob) {
Element assertionElement = parseXml(new String(Base64.decodeBase64(base64EncodedBlob)));
EncryptedAssertion encryptedAssertion = unmarshall(assertionElement);
return decrypt(encryptedAssertion);
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Element(org.w3c.dom.Element)
Example 22 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class EncryptedResponseFromIdpValidatorTest method validate_shouldThrowIfResponseContainsTooManyAssertions.
@Test
public void validate_shouldThrowIfResponseContainsTooManyAssertions() throws Exception {
EncryptedAssertion assertion = anAssertion().build();
Response response = getResponseBuilderWithTwoAssertions().addEncryptedAssertion(assertion).build();
assertValidationFailure(response, unexpectedNumberOfAssertions(2, 3));
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Test(org.junit.jupiter.api.Test)
Example 23 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.
the class EncryptedAssertionUnmarshaller method transform.
public EncryptedAssertion transform(String assertionString) {
EncryptedAssertion assertion = stringAssertionTransformer.apply(assertionString);
assertion.detach();
return assertion;
}
Also used :
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Example 24 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException.
@Test
public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() {
Response response = response();
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, registration().decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())));
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
Arrays(java.util.Arrays)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedDataBuilder(org.opensaml.xmlsec.encryption.impl.EncryptedDataBuilder)
EncryptedID(org.opensaml.saml.saml2.core.EncryptedID)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
BDDMockito.given(org.mockito.BDDMockito.given)
Map(java.util.Map)
SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants)
Marshaller(org.opensaml.core.xml.io.Marshaller)
XSDateTimeBuilder(org.opensaml.core.xml.schema.impl.XSDateTimeBuilder)
Response(org.opensaml.saml.saml2.core.Response)
Saml2ResponseValidatorResult(org.springframework.security.saml2.core.Saml2ResponseValidatorResult)
EncryptedAssertionBuilder(org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder)
Mockito.atLeastOnce(org.mockito.Mockito.atLeastOnce)
Instant(java.time.Instant)
EncryptedIDBuilder(org.opensaml.saml.saml2.core.impl.EncryptedIDBuilder)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
SubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData)
Test(org.junit.jupiter.api.Test)
List(java.util.List)
XSDateTime(org.opensaml.core.xml.schema.XSDateTime)
OneTimeUse(org.opensaml.saml.saml2.core.OneTimeUse)
ValidationContext(org.opensaml.saml.common.assertion.ValidationContext)
QName(javax.xml.namespace.QName)
Authentication(org.springframework.security.core.Authentication)
Mockito.mock(org.mockito.Mockito.mock)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Duration(org.joda.time.Duration)
HashMap(java.util.HashMap)
Conditions(org.opensaml.saml.saml2.core.Conditions)
LinkedHashMap(java.util.LinkedHashMap)
StatusCode(org.opensaml.saml.saml2.core.StatusCode)
SerializeSupport(net.shibboleth.utilities.java.support.xml.SerializeSupport)
SAML2AssertionValidationParameters(org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType)
ObjectOutputStream(java.io.ObjectOutputStream)
AttributeValue(org.opensaml.saml.saml2.core.AttributeValue)
XMLObject(org.opensaml.core.xml.XMLObject)
MarshallingException(org.opensaml.core.xml.io.MarshallingException)
Converter(org.springframework.core.convert.converter.Converter)
Saml2ErrorCodes(org.springframework.security.saml2.core.Saml2ErrorCodes)
DateTime(org.joda.time.DateTime)
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
IOException(java.io.IOException)
TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials)
XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport)
NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder)
Mockito.verify(org.mockito.Mockito.verify)
Consumer(java.util.function.Consumer)
Element(org.w3c.dom.Element)
ResponseToken(org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken)
Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException)
Collections(java.util.Collections)
TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)
NameID(org.opensaml.saml.saml2.core.NameID)
StringUtils(org.springframework.util.StringUtils)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Test(org.junit.jupiter.api.Test)
Example 25 with EncryptedAssertion
use of org.opensaml.saml2.core.EncryptedAssertion in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method writeObjectWhenTypeIsSaml2AuthenticationThenNoException.
@Test
public void writeObjectWhenTypeIsSaml2AuthenticationThenNoException() throws IOException {
Response response = response();
Assertion assertion = TestOpenSamlObjects.signed(assertion(), TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion, TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
// the following code will throw an exception if authentication isn't serializable
ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteStream);
objectOutputStream.writeObject(authentication);
objectOutputStream.flush();
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ObjectOutputStream(java.io.ObjectOutputStream)
Test(org.junit.jupiter.api.Test)
Aggregations
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)29
Test (org.junit.jupiter.api.Test)17
Response (org.opensaml.saml.saml2.core.Response)17
Assertion (org.opensaml.saml.saml2.core.Assertion)11
XMLObject (org.opensaml.core.xml.XMLObject)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
ObjectOutputStream (java.io.ObjectOutputStream)4
EncryptedAssertionBuilder (org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder)4
IOException (java.io.IOException)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
Element (org.w3c.dom.Element)3
Instant (java.time.Instant)2
Arrays (java.util.Arrays)2
Collections (java.util.Collections)2
HashMap (java.util.HashMap)2
LinkedHashMap (java.util.LinkedHashMap)2
List (java.util.List)2
Map (java.util.Map)2
Consumer (java.util.function.Consumer)2
QName (javax.xml.namespace.QName)2
