Search in sources :

Example 21 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class AssertionDecrypter method decryptAssertion.

public Assertion decryptAssertion(String base64EncodedBlob) {
    Element assertionElement = parseXml(new String(Base64.decodeBase64(base64EncodedBlob)));
    EncryptedAssertion encryptedAssertion = unmarshall(assertionElement);
    return decrypt(encryptedAssertion);
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Element(org.w3c.dom.Element)

Example 22 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class EncryptedResponseFromIdpValidatorTest method validate_shouldThrowIfResponseContainsTooManyAssertions.

@Test
public void validate_shouldThrowIfResponseContainsTooManyAssertions() throws Exception {
    EncryptedAssertion assertion = anAssertion().build();
    Response response = getResponseBuilderWithTwoAssertions().addEncryptedAssertion(assertion).build();
    assertValidationFailure(response, unexpectedNumberOfAssertions(2, 3));
}
Also used : Response(org.opensaml.saml.saml2.core.Response) ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Test(org.junit.jupiter.api.Test)

Example 23 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project verify-hub by alphagov.

the class EncryptedAssertionUnmarshaller method transform.

public EncryptedAssertion transform(String assertionString) {
    EncryptedAssertion assertion = stringAssertionTransformer.apply(assertionString);
    assertion.detach();
    return assertion;
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)

Example 24 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException.

@Test
public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() {
    Response response = response();
    EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential());
    response.getEncryptedAssertions().add(encryptedAssertion);
    TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    Saml2AuthenticationToken token = token(response, registration().decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())));
    assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
}
Also used : Response(org.opensaml.saml.saml2.core.Response) Arrays(java.util.Arrays) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedDataBuilder(org.opensaml.xmlsec.encryption.impl.EncryptedDataBuilder) EncryptedID(org.opensaml.saml.saml2.core.EncryptedID) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) BDDMockito.given(org.mockito.BDDMockito.given) Map(java.util.Map) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) Marshaller(org.opensaml.core.xml.io.Marshaller) XSDateTimeBuilder(org.opensaml.core.xml.schema.impl.XSDateTimeBuilder) Response(org.opensaml.saml.saml2.core.Response) Saml2ResponseValidatorResult(org.springframework.security.saml2.core.Saml2ResponseValidatorResult) EncryptedAssertionBuilder(org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder) Mockito.atLeastOnce(org.mockito.Mockito.atLeastOnce) Instant(java.time.Instant) EncryptedIDBuilder(org.opensaml.saml.saml2.core.impl.EncryptedIDBuilder) AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder) SubjectConfirmationData(org.opensaml.saml.saml2.core.SubjectConfirmationData) Test(org.junit.jupiter.api.Test) List(java.util.List) XSDateTime(org.opensaml.core.xml.schema.XSDateTime) OneTimeUse(org.opensaml.saml.saml2.core.OneTimeUse) ValidationContext(org.opensaml.saml.common.assertion.ValidationContext) QName(javax.xml.namespace.QName) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Duration(org.joda.time.Duration) HashMap(java.util.HashMap) Conditions(org.opensaml.saml.saml2.core.Conditions) LinkedHashMap(java.util.LinkedHashMap) StatusCode(org.opensaml.saml.saml2.core.StatusCode) SerializeSupport(net.shibboleth.utilities.java.support.xml.SerializeSupport) SAML2AssertionValidationParameters(org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters) Assertion(org.opensaml.saml.saml2.core.Assertion) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) ObjectOutputStream(java.io.ObjectOutputStream) AttributeValue(org.opensaml.saml.saml2.core.AttributeValue) XMLObject(org.opensaml.core.xml.XMLObject) MarshallingException(org.opensaml.core.xml.io.MarshallingException) Converter(org.springframework.core.convert.converter.Converter) Saml2ErrorCodes(org.springframework.security.saml2.core.Saml2ErrorCodes) DateTime(org.joda.time.DateTime) Saml2Error(org.springframework.security.saml2.core.Saml2Error) EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) Saml2Exception(org.springframework.security.saml2.Saml2Exception) IOException(java.io.IOException) TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Element(org.w3c.dom.Element) ResponseToken(org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) Collections(java.util.Collections) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) NameID(org.opensaml.saml.saml2.core.NameID) StringUtils(org.springframework.util.StringUtils) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Test(org.junit.jupiter.api.Test)

Example 25 with EncryptedAssertion

use of org.opensaml.saml2.core.EncryptedAssertion in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method writeObjectWhenTypeIsSaml2AuthenticationThenNoException.

@Test
public void writeObjectWhenTypeIsSaml2AuthenticationThenNoException() throws IOException {
    Response response = response();
    Assertion assertion = TestOpenSamlObjects.signed(assertion(), TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion, TestSaml2X509Credentials.assertingPartyEncryptingCredential());
    response.getEncryptedAssertions().add(encryptedAssertion);
    TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
    Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
    // the following code will throw an exception if authentication isn't serializable
    ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
    ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteStream);
    objectOutputStream.writeObject(authentication);
    objectOutputStream.flush();
}
Also used : Response(org.opensaml.saml.saml2.core.Response) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) Test(org.junit.jupiter.api.Test)

Aggregations

EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)29 Test (org.junit.jupiter.api.Test)17 Response (org.opensaml.saml.saml2.core.Response)17 Assertion (org.opensaml.saml.saml2.core.Assertion)11 XMLObject (org.opensaml.core.xml.XMLObject)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)4 ObjectOutputStream (java.io.ObjectOutputStream)4 EncryptedAssertionBuilder (org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder)4 IOException (java.io.IOException)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Element (org.w3c.dom.Element)3 Instant (java.time.Instant)2 Arrays (java.util.Arrays)2 Collections (java.util.Collections)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2 List (java.util.List)2 Map (java.util.Map)2 Consumer (java.util.function.Consumer)2 QName (javax.xml.namespace.QName)2