Examples with Response org.opensaml.saml2.core.Response used on opensource projects

Example 51 with Response

use of org.opensaml.saml2.core.Response in project ddf by codice.

the class SamlAssertionValidatorImpl method validate.

/**
 * Validates a SAMLAuthenticationToken by checking it's signature against the configured system
 * certs.
 *
 * @param token token to validate
 * @throws AuthenticationFailureException thrown when the cert fails to validate
 */
@Override
public void validate(SAMLAuthenticationToken token) throws AuthenticationFailureException {
    try {
        LOGGER.debug("Validation received SAML Assertion");
        PrincipalCollection principalCollection = (PrincipalCollection) token.getCredentials();
        Collection<SecurityAssertion> securityAssertions = principalCollection.byType(SecurityAssertion.class);
        SecurityAssertion securityAssertion = null;
        for (SecurityAssertion assertion : securityAssertions) {
            if (SecurityAssertionSaml.SAML2_TOKEN_TYPE.equals(assertion.getTokenType())) {
                securityAssertion = assertion;
                break;
            }
        }
        if (securityAssertion == null) {
            throw new AuthenticationFailureException("Unable to validate SAML token. Token is not SAML.");
        }
        SamlAssertionWrapper assertion = new SamlAssertionWrapper((Element) securityAssertion.getToken());
        // get the crypto junk
        Crypto crypto = getSignatureCrypto();
        Response samlResponse = createSamlResponse(token.getRequestURI(), assertion.getIssuerString(), createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null));
        BUILDER.get().reset();
        Document doc = BUILDER.get().newDocument();
        Element policyElement = OpenSAMLUtil.toDom(samlResponse, doc);
        doc.appendChild(policyElement);
        Credential credential = new Credential();
        credential.setSamlAssertion(assertion);
        RequestData requestData = new RequestData();
        requestData.setWsDocInfo(new WSDocInfo(samlResponse.getDOM().getOwnerDocument()));
        requestData.setSigVerCrypto(crypto);
        WSSConfig wssConfig = WSSConfig.getNewInstance();
        requestData.setWssConfig(wssConfig);
        X509Certificate[] x509Certs = token.getX509Certs();
        requestData.setTlsCerts(x509Certs);
        validateHolderOfKeyConfirmation(assertion, x509Certs);
        if (assertion.isSigned()) {
            // Verify the signature
            WSSSAMLKeyInfoProcessor wsssamlKeyInfoProcessor = new WSSSAMLKeyInfoProcessor(requestData);
            assertion.verifySignature(wsssamlKeyInfoProcessor, crypto);
            assertion.parseSubject(new WSSSAMLKeyInfoProcessor(requestData), requestData.getSigVerCrypto(), requestData.getCallbackHandler());
        }
        assertionValidator.validate(credential, requestData);
    } catch (SecurityServiceException e) {
        LOGGER.debug("Unable to get subject from SAML request.", e);
        throw new AuthenticationFailureException(e);
    } catch (WSSecurityException e) {
        LOGGER.debug("Unable to read/validate security token from request.", e);
        throw new AuthenticationFailureException(e);
    }
}

Example 52 with Response

use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.

the class ExecuteAttributeQueryRequest method validateResponseSignature.

private void validateResponseSignature(Element responseFromMatchingService) {
    Response response = elementToSamlResponseTransformer.apply(responseFromMatchingService);
    SamlValidationResponse signatureValidationResponse = matchingResponseSignatureValidator.validate(response, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
    String message = hasStatusMessage(response.getStatus()) ? response.getStatus().getStatusMessage().getMessage() : "";
    protectiveMonitoringLogger.logAttributeQueryResponse(response.getID(), response.getInResponseTo(), response.getIssuer().getValue(), signatureValidationResponse.isOK(), response.getStatus().getStatusCode().getValue(), message);
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
}

Example 53 with Response

use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.

the class MatchingServiceHealthCheckerTest method mockHealthcheckResponseId.

private void mockHealthcheckResponseId(String version) {
    Response response = mock(Response.class);
    when(elementToResponseTransformer.apply(any())).thenReturn(response);
    when(response.getID()).thenReturn(version);
}

Example 54 with Response

use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.

the class EncryptedResponseFromIdpValidatorTest method validateStatus_shouldNotErrorIfStatusIsResponderWithSubStatusNoAuthnContext.

@Test
public void validateStatus_shouldNotErrorIfStatusIsResponderWithSubStatusNoAuthnContext() throws Exception {
    Status status = createStatus(StatusCode.RESPONDER, createSubStatusCode(StatusCode.NO_AUTHN_CONTEXT));
    Response response = aResponse().withStatus(status).withNoDefaultAssertion().build();
    validator.validate(response);
}

Example 55 with Response

use of org.opensaml.saml2.core.Response in project verify-hub by alphagov.

the class EncryptedResponseFromIdpValidatorTest method validateRequest_shouldThrowExceptionIfResponseIsNotSigned.

@Test
public void validateRequest_shouldThrowExceptionIfResponseIsNotSigned() throws Exception {
    Response response = aResponse().withoutSigning().build();
    assertValidationFailure(response, signatureNotSigned());
}