Example 11 with BasicCredential
use of org.opensaml.security.credential.BasicCredential in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method handleResponseFromIdp_shouldDecryptAssertionEncryptedWithPrimaryEncryptionCertificates.
@Test
public void handleResponseFromIdp_shouldDecryptAssertionEncryptedWithPrimaryEncryptionCertificates() throws Exception {
BasicCredential primaryEncryptionKey = new BasicCredential(new HardCodedKeyStore(HUB_ENTITY_ID).getPrimaryEncryptionKeyForEntity(HUB_ENTITY_ID));
SamlAuthnResponseTranslatorDto samlResponseDto = getSuccessSamlAuthnResponseTranslatorDto(primaryEncryptionKey);
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
}
Also used :
Response(javax.ws.rs.core.Response)
HardCodedKeyStore(uk.gov.ida.saml.core.test.HardCodedKeyStore)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
BasicCredential(org.opensaml.security.credential.BasicCredential)
Test(org.junit.jupiter.api.Test)
Example 12 with BasicCredential
use of org.opensaml.security.credential.BasicCredential in project verify-hub by alphagov.
the class AuthnRequestFromRelyingPartyUnmarshallerTest method setUp.
@BeforeAll
public static void setUp() {
final BasicCredential basicCredential = createBasicCredential();
encrypter = new EncrypterFactory().createEncrypter(basicCredential);
unmarshaller = new AuthnRequestFromRelyingPartyUnmarshaller(new DecrypterFactory().createDecrypter(List.of(basicCredential)));
}
Also used :
DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory)
EncrypterFactory(uk.gov.ida.saml.security.EncrypterFactory)
BasicCredential(org.opensaml.security.credential.BasicCredential)
BeforeAll(org.junit.jupiter.api.BeforeAll)
Example 13 with BasicCredential
use of org.opensaml.security.credential.BasicCredential in project verify-hub by alphagov.
the class AuthnRequestFromRelyingPartyUnmarshallerTest method createBasicCredential.
private static BasicCredential createBasicCredential() {
final PublicKey publicKey = new PublicKeyFactory(new X509CertificateFactory()).createPublicKey(HUB_TEST_PUBLIC_ENCRYPTION_CERT);
PrivateKey privateKey = new PrivateKeyFactory().createPrivateKey(Base64.decodeBase64(HUB_TEST_PRIVATE_ENCRYPTION_KEY));
return new BasicCredential(publicKey, privateKey);
}
Also used :
X509CertificateFactory(uk.gov.ida.common.shared.security.X509CertificateFactory)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
PrivateKeyFactory(uk.gov.ida.common.shared.security.PrivateKeyFactory)
PublicKeyFactory(uk.gov.ida.common.shared.security.PublicKeyFactory)
BasicCredential(org.opensaml.security.credential.BasicCredential)
Example 14 with BasicCredential
use of org.opensaml.security.credential.BasicCredential in project cxf by apache.
the class SAMLProtocolResponseValidator method validateSignatureAgainstProfiles.
/**
* Validate a signature against the profiles
*/
private void validateSignatureAgainstProfiles(Signature signature, SAMLKeyInfo samlKeyInfo) throws WSSecurityException {
// Validate Signature against profiles
SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
try {
validator.validate(signature);
} catch (SignatureException ex) {
LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
final BasicCredential credential;
if (samlKeyInfo.getCerts() != null) {
credential = new BasicX509Credential(samlKeyInfo.getCerts()[0]);
} else if (samlKeyInfo.getPublicKey() != null) {
credential = new BasicCredential(samlKeyInfo.getPublicKey());
} else {
LOG.warning("Can't get X509Certificate or PublicKey to verify signature");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
try {
SignatureValidationProvider responseSignatureValidator = new ApacheSantuarioSignatureValidationProviderImpl();
responseSignatureValidator.validate(signature, credential);
} catch (SignatureException ex) {
LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
}
Also used :
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)
SignatureValidationProvider(org.opensaml.xmlsec.signature.support.SignatureValidationProvider)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)
BasicCredential(org.opensaml.security.credential.BasicCredential)
ApacheSantuarioSignatureValidationProviderImpl(org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl)
Example 15 with BasicCredential
use of org.opensaml.security.credential.BasicCredential in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method handleResponseFromIdp_shouldNotDecryptAssertionEncryptedWithIncorrectEncryptionCertificates.
@Test
public void handleResponseFromIdp_shouldNotDecryptAssertionEncryptedWithIncorrectEncryptionCertificates() throws Exception {
BasicCredential incorrectEncryptionKey = new BasicCredential(new HardCodedKeyStore(HUB_ENTITY_ID).getPrimaryEncryptionKeyForEntity(TEST_RP));
SamlAuthnResponseTranslatorDto samlResponseDto = getSuccessSamlAuthnResponseTranslatorDto(incorrectEncryptionKey);
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
ErrorStatusDto errorStatusDto = clientResponse.readEntity(ErrorStatusDto.class);
assertThat(errorStatusDto.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML_FAILED_TO_DECRYPT);
}
Also used :
Response(javax.ws.rs.core.Response)
HardCodedKeyStore(uk.gov.ida.saml.core.test.HardCodedKeyStore)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
BasicCredential(org.opensaml.security.credential.BasicCredential)
Test(org.junit.jupiter.api.Test)
Aggregations
BasicCredential (org.opensaml.security.credential.BasicCredential)19
Credential (org.opensaml.security.credential.Credential)6
PrivateKey (java.security.PrivateKey)5
X509Certificate (java.security.cert.X509Certificate)5
ArrayList (java.util.ArrayList)5
Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)5
Response (javax.ws.rs.core.Response)4
Test (org.junit.jupiter.api.Test)4
lombok.val (lombok.val)3
BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)3
SamlAuthnResponseTranslatorDto (uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)3
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto (uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)3
HardCodedKeyStore (uk.gov.ida.saml.core.test.HardCodedKeyStore)3
SamlException (org.apereo.cas.support.saml.SamlException)2
DecrypterFactory (uk.gov.ida.saml.security.DecrypterFactory)2
PublicKey (java.security.PublicKey)1
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)1
SamlIdPResponseProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPResponseProperties)1
