use of org.opensaml.security.credential.Credential in project pac4j by pac4j.
the class KeyStoreCredentialProvider method getKeyInfoGenerator.
@Override
public final KeyInfoGenerator getKeyInfoGenerator() {
final NamedKeyInfoGeneratorManager mgmr = DefaultSecurityConfigurationBootstrap.buildBasicKeyInfoGeneratorManager();
final Credential credential = getCredential();
return mgmr.getDefaultManager().getFactory(credential).newInstance();
}
use of org.opensaml.security.credential.Credential in project pac4j by pac4j.
the class KeyStoreCredentialProvider method getKeyInfo.
@Override
public KeyInfo getKeyInfo() {
final Credential serverCredential = getCredential();
final KeyInfo keyInfo = generateKeyInfoForCredential(serverCredential);
return keyInfo;
}
use of org.opensaml.security.credential.Credential in project cas by apereo.
the class WsFederationHelper method createCredentialFromToken.
/**
* createCredentialFromToken converts a SAML 1.1 assertion to a WSFederationCredential.
*
* @param assertion the provided assertion
* @return an equivalent credential.
*/
public WsFederationCredential createCredentialFromToken(final Assertion assertion) {
val retrievedOn = ZonedDateTime.now(clock);
LOGGER.trace("Retrieved on [{}]", retrievedOn);
val credential = new WsFederationCredential();
credential.setRetrievedOn(retrievedOn);
credential.setId(assertion.getID());
credential.setIssuer(assertion.getIssuer());
credential.setIssuedOn(DateTimeUtils.zonedDateTimeOf(assertion.getIssueInstant()));
val conditions = assertion.getConditions();
if (conditions != null) {
credential.setNotBefore(DateTimeUtils.zonedDateTimeOf(conditions.getNotBefore()));
credential.setNotOnOrAfter(DateTimeUtils.zonedDateTimeOf(conditions.getNotOnOrAfter()));
if (!conditions.getAudienceRestrictionConditions().isEmpty()) {
credential.setAudience(conditions.getAudienceRestrictionConditions().get(0).getAudiences().get(0).getURI());
}
}
if (!assertion.getAuthenticationStatements().isEmpty()) {
credential.setAuthenticationMethod(assertion.getAuthenticationStatements().get(0).getAuthenticationMethod());
}
val attributes = new HashMap<String, List<Object>>();
assertion.getAttributeStatements().stream().flatMap(attributeStatement -> attributeStatement.getAttributes().stream()).forEach(item -> {
LOGGER.trace("Processed attribute: [{}]", item.getAttributeName());
final List<Object> itemList = item.getAttributeValues().stream().map(xmlObject -> ((XSAny) xmlObject).getTextContent()).collect(Collectors.toList());
if (!itemList.isEmpty()) {
attributes.put(item.getAttributeName(), itemList);
}
});
credential.setAttributes(attributes);
LOGGER.debug("WsFederation Credential retrieved as: [{}]", credential);
return credential;
}
use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class AuthnResponseFactory method aFraudResponseFromIdpBuilder.
public ResponseBuilder aFraudResponseFromIdpBuilder(String idpEntityId, String persistentId) {
TestCredentialFactory idpSigningCredentialFactory = new TestCredentialFactory(publicSigningCerts.get(idpEntityId), privateSigningKeys.get(idpEntityId));
String requestId = generateId();
final Subject mdsAssertionSubject = SubjectBuilder.aSubject().withPersistentId(persistentId).withSubjectConfirmation(SubjectConfirmationBuilder.aSubjectConfirmation().withSubjectConfirmationData(SubjectConfirmationDataBuilder.aSubjectConfirmationData().withInResponseTo(requestId).build()).build()).build();
final Subject authnAssertionSubject = SubjectBuilder.aSubject().withNameId(buildNameID(persistentId)).withSubjectConfirmation(SubjectConfirmationBuilder.aSubjectConfirmation().withSubjectConfirmationData(SubjectConfirmationDataBuilder.aSubjectConfirmationData().withInResponseTo(requestId).build()).build()).build();
final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
final Credential encryptingCredential = hubEncryptionCredentialFactory.getEncryptingCredential();
final Credential signingCredential = idpSigningCredentialFactory.getSigningCredential();
final AssertionBuilder mdsAssertion = AssertionBuilder.anAssertion().withId(generateId()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSubject(mdsAssertionSubject).addAttributeStatement(matchingDatasetAttributeStatement);
final AssertionBuilder authnAssertion = AssertionBuilder.anAssertion().withId(generateId()).addAttributeStatement(anAttributeStatement().addAttribute(IdpFraudEventIdAttributeBuilder.anIdpFraudEventIdAttribute().withValue("a-fraud-event").build()).addAttribute(Gpg45StatusAttributeBuilder.aGpg45StatusAttribute().withValue("IT01").build()).addAttribute(anIPAddress().build()).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSubject(authnAssertionSubject).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().withAuthnContext(AuthnContextBuilder.anAuthnContext().withAuthnContextClassRef(AuthnContextClassRefBuilder.anAuthnContextClassRef().withAuthnContextClasRefValue(IdaAuthnContext.LEVEL_X_AUTHN_CTX).build()).build()).build());
ResponseBuilder responseBuilder = ResponseBuilder.aResponse().withId(generateId()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withInResponseTo(requestId).addEncryptedAssertion(mdsAssertion.withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).buildWithEncrypterCredential(encryptingCredential)).addEncryptedAssertion(authnAssertion.withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).buildWithEncrypterCredential(encryptingCredential));
return responseBuilder;
}
use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class MatchingServiceRequestSenderTest method createMsaResponse.
private static String createMsaResponse() throws MarshallingException, SignatureException {
Credential signingCredential = msaSigningCredential;
org.opensaml.saml.saml2.core.Response response = aResponse().withIssuer(IssuerBuilder.anIssuer().withIssuerId(TEST_RP_MS).build()).withSigningCredential(signingCredential).build();
Document soapEnvelope = new SoapMessageManager().wrapWithSoapEnvelope(new XmlObjectToElementTransformer<>().apply(response));
return XmlUtils.writeToString(soapEnvelope);
}
Aggregations