Examples with Status org.opensaml.saml2.core.Status used on opensource projects

Search in sources :

Example 16 with Status

use of org.opensaml.saml2.core.Status in project cxf by apache.

the class SAMLResponseValidatorTest method testResponseSignedAssertion.

@org.junit.Test
public void testResponseSignedAssertion() throws Exception {
    Document doc = DOMUtils.createDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Crypto issuerCrypto = new Merlin();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class);
    InputStream input = Merlin.loadInputStream(loader, "alice.jks");
    keyStore.load(input, "password".toCharArray());
    ((Merlin) issuerCrypto).setKeyStore(keyStore);
    assertion.signAssertion("alice", "password", issuerCrypto, false);
    response.getAssertions().add(assertion.getSaml2());
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);
    Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    try {
        validator.validateSamlResponse(marshalledResponse, null, new KeystorePasswordCallback());
        fail("Expected failure on no Signature Crypto");
    } catch (WSSecurityException ex) {
    // expected
    }
    // Validate the Response
    validator.validateSamlResponse(marshalledResponse, issuerCrypto, new KeystorePasswordCallback());
}
Also used : Status(org.opensaml.saml.saml2.core.Status) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Merlin(org.apache.wss4j.common.crypto.Merlin)

Example 17 with Status

use of org.opensaml.saml2.core.Status in project cxf by apache.

the class SAMLResponseValidatorTest method testInvalidStatusCode.

@org.junit.Test
public void testInvalidStatusCode() throws Exception {
    Document doc = DOMUtils.createDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML1_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    response.getAssertions().add(assertion.getSaml2());
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);
    Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    try {
        validator.validateSamlResponse(marshalledResponse, null, null);
        fail("Expected failure on an invalid SAML code");
    } catch (WSSecurityException ex) {
    // expected
    }
}
Also used : Status(org.opensaml.saml.saml2.core.Status) Response(org.opensaml.saml.saml2.core.Response) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document)

Example 18 with Status

use of org.opensaml.saml2.core.Status in project cxf by apache.

the class SAMLResponseValidatorTest method testResponseModifiedSignedAssertion.

@org.junit.Test
public void testResponseModifiedSignedAssertion() throws Exception {
    Document doc = DOMUtils.createDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Crypto issuerCrypto = new Merlin();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class);
    InputStream input = Merlin.loadInputStream(loader, "alice.jks");
    keyStore.load(input, "password".toCharArray());
    ((Merlin) issuerCrypto).setKeyStore(keyStore);
    assertion.signAssertion("alice", "password", issuerCrypto, false);
    response.getAssertions().add(assertion.getSaml2());
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);
    List<Element> assertions = DOMUtils.findAllElementsByTagNameNS(policyElement, SAMLConstants.SAML20_NS, "Assertion");
    assertNotNull(assertions);
    assertTrue(assertions.size() == 1);
    assertions.get(0).setAttributeNS(null, "newattr", "http://apache.org");
    Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    try {
        // Validate the Response
        validator.validateSamlResponse(marshalledResponse, issuerCrypto, new KeystorePasswordCallback());
        fail("Expected failure on a bad signature");
    } catch (WSSecurityException ex) {
    // expected
    }
}
Also used : Status(org.opensaml.saml.saml2.core.Status) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Merlin(org.apache.wss4j.common.crypto.Merlin)

Example 19 with Status

use of org.opensaml.saml2.core.Status in project cxf by apache.

the class SAMLSSOResponseValidatorTest method createResponse.

private Response createResponse(SubjectConfirmationDataBean subjectConfirmationData, List<AudienceRestrictionBean> audienceRestrictions, String authnClassRef) throws Exception {
    Document doc = DOMUtils.createDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
    ConditionsBean conditions = new ConditionsBean();
    conditions.setNotBefore(new DateTime());
    conditions.setNotAfter(new DateTime().plusMinutes(5));
    if (audienceRestrictions == null) {
        AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
        audienceRestriction.setAudienceURIs(Collections.singletonList("http://service.apache.org"));
        conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    } else {
        conditions.setAudienceRestrictions(audienceRestrictions);
    }
    callbackHandler.setConditions(conditions);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    response.getAssertions().add(assertion.getSaml2());
    if (authnClassRef != null) {
        AuthnStatement authnStatement = response.getAssertions().get(0).getAuthnStatements().get(0);
        authnStatement.getAuthnContext().setAuthnContextClassRef(SAML2PResponseComponentBuilder.createAuthnContextClassRef(authnClassRef));
    }
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);
    return (Response) OpenSAMLUtil.fromDom(policyElement);
}
Also used : Status(org.opensaml.saml.saml2.core.Status) Response(org.opensaml.saml.saml2.core.Response) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) Element(org.w3c.dom.Element) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Document(org.w3c.dom.Document) DateTime(org.joda.time.DateTime)

Example 20 with Status

use of org.opensaml.saml2.core.Status in project OpenAttestation by OpenAttestation.

the class SamlGenerator method generateHostAssertion.

/*
    public void setKeystoreResource(Resource keystoreResource) {
        this.keystoreResource = keystoreResource;
    }*/
/**
     * Input is a Host record with all the attributes to assert
     * Output is XML containing the SAML assertions
     * 
     * From /hosts/trust we get BIOS:1,VMM:1
     * From /hosts/location we get location
     * From /pollhosts we get trust level "unknown/untrusted/trusted" and timestamp
     * From /hosts/reports/trust we get host name, mle info string, created on, overall trust status, and verified on
     * From /hosts/reports/manifest we get PCR values, trust status, and verified on for each PCR
     * 
     * @return @SamlAssertion
     * @throws MarshallingException 
     */
public SamlAssertion generateHostAssertion(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws MarshallingException, ConfigurationException, UnknownHostException, GeneralSecurityException, XMLSignatureException, MarshalException {
    samlAssertion = new SamlAssertion();
    Assertion assertion = createAssertion(host, tagCertificate, vmMetaData);
    AssertionMarshaller marshaller = new AssertionMarshaller();
    Element plaintextElement = marshaller.marshall(assertion);
    //String originalAssertionString = XMLHelper.nodeToString(plaintextElement);
    XMLHelper.nodeToString(plaintextElement);
    log.info("Uncomment the next line to see the original Assertion String");
    //System.out.println("Assertion String: " + originalAssertionString);//
    // add signatures and/or encryption
    signAssertion(plaintextElement);
    samlAssertion.assertion = XMLHelper.nodeToString(plaintextElement);
    log.info("Uncomment the next line to see the saml Assertion propertie");
    //System.out.println("Signed Assertion String: " + samlAssertion.assertion );
    return samlAssertion;
}
Also used : AssertionMarshaller(org.opensaml.saml2.core.impl.AssertionMarshaller) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml2.core.Assertion)

Aggregations

Status (org.opensaml.saml.saml2.core.Status)33 Response (org.opensaml.saml.saml2.core.Response)20 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)18 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)18 Element (org.w3c.dom.Element)18 Document (org.w3c.dom.Document)17 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)13 Response (javax.ws.rs.core.Response)8 DateTime (org.joda.time.DateTime)8 Test (org.junit.Test)8 ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)8 StatusBuilder.aStatus (uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus)8 MatchingServiceIdaStatus (uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus)8 InputStream (java.io.InputStream)7 KeyStore (java.security.KeyStore)7 Crypto (org.apache.wss4j.common.crypto.Crypto)7 Merlin (org.apache.wss4j.common.crypto.Merlin)7 SamlResponseDto (uk.gov.ida.hub.samlengine.domain.SamlResponseDto)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 StatusCode (org.opensaml.saml.saml2.core.StatusCode)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial