Example 1 with DigestSHA256
use of org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256 in project verify-hub by alphagov.
the class RpAuthnRequestTranslatorServiceTest method shouldTranslateSamlAuthnRequest.
@Test
public void shouldTranslateSamlAuthnRequest() throws Exception {
RpAuthnRequestTranslatorService service = new RpAuthnRequestTranslatorService(stringToAuthnRequestTransformer, samlAuthnRequestToAuthnRequestFromRelyingPartyTransformer);
boolean forceAuthentication = true;
String id = UUID.randomUUID().toString();
String issuer = UUID.randomUUID().toString();
URI assertionConsumerServiceUrl = URI.create("http://someassertionuri");
int assertionConsumerServiceIndex = 1;
Signature signature = aSignature().withSignatureAlgorithm(SIGNATURE_ALGORITHM).build();
((SignatureImpl) signature).setXMLSignature(BuilderHelper.createXMLSignature(SIGNATURE_ALGORITHM, new DigestSHA256()));
SamlRequestWithAuthnRequestInformationDto samlRequestWithAuthnRequestInformationDto = SamlAuthnRequestDtoBuilder.aSamlAuthnRequest().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerIndex(assertionConsumerServiceIndex).withPublicCert(TEST_RP_PUBLIC_SIGNING_CERT).withPrivateKey(TEST_RP_PRIVATE_SIGNING_KEY).build();
AuthnRequest authnRequest = AuthnRequestBuilder.anAuthnRequest().build();
TranslatedAuthnRequestDto expected = TranslatedAuthnRequestDtoBuilder.aTranslatedAuthnRequest().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerServiceUrl(assertionConsumerServiceUrl).withAssertionConsumerServiceIndex(assertionConsumerServiceIndex).build();
AuthnRequestFromRelyingParty intermediateBlah = anAuthnRequestFromRelyingParty().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerServiceUrl(assertionConsumerServiceUrl).withAssertionConsumerServiceIndex(assertionConsumerServiceIndex).withSignature(signature).build();
stub(stringToAuthnRequestTransformer.apply(samlRequestWithAuthnRequestInformationDto.getSamlMessage())).toReturn(authnRequest);
stub(samlAuthnRequestToAuthnRequestFromRelyingPartyTransformer.apply(authnRequest)).toReturn(intermediateBlah);
TranslatedAuthnRequestDto actual = service.translate(samlRequestWithAuthnRequestInformationDto);
assertThat(actual).isEqualToComparingFieldByField(expected);
}
Also used :
SamlRequestWithAuthnRequestInformationDto(uk.gov.ida.hub.samlengine.contracts.SamlRequestWithAuthnRequestInformationDto)
DigestSHA256(org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnRequestFromRelyingParty(uk.gov.ida.saml.hub.domain.AuthnRequestFromRelyingParty)
AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty(uk.gov.ida.hub.samlengine.builders.AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty)
Signature(org.opensaml.xmlsec.signature.Signature)
SignatureBuilder.aSignature(uk.gov.ida.saml.core.test.builders.SignatureBuilder.aSignature)
TranslatedAuthnRequestDto(uk.gov.ida.hub.samlengine.contracts.TranslatedAuthnRequestDto)
SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl)
URI(java.net.URI)
Test(org.junit.Test)
Example 2 with DigestSHA256
use of org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256 in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorServiceTest method setup.
@Before
public void setup() {
IdaSamlBootstrap.bootstrap();
final String idpEntityId = TestEntityIds.STUB_IDP_ONE;
final String assertionId1 = randomUUID().toString();
final String assertionId2 = randomUUID().toString();
final String requestId = randomUUID().toString();
final SignatureAlgorithm signatureAlgorithm = new SignatureRSASHA1();
final DigestAlgorithm digestAlgorithm = new DigestSHA256();
final Subject mdsAssertionSubject = aSubject().withSubjectConfirmation(aSubjectConfirmation().withSubjectConfirmationData(aSubjectConfirmationData().withInResponseTo(requestId).build()).build()).build();
final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
final Subject authnAssertionSubject = aSubject().withSubjectConfirmation(aSubjectConfirmation().withSubjectConfirmationData(aSubjectConfirmationData().withInResponseTo(requestId).build()).build()).build();
final AttributeStatement ipAddress = anAttributeStatement().addAttribute(IPAddressAttributeBuilder.anIPAddress().build()).build();
final Optional<Signature> signature = of(SignatureBuilder.aSignature().build());
final SignatureImpl signatureImpl = ((SignatureImpl) signature.get());
signatureImpl.setXMLSignature(BuilderHelper.createXMLSignature(signatureAlgorithm, digestAlgorithm));
authnStatementAssertion = AssertionBuilder.anAssertion().withId(assertionId1).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSubject(authnAssertionSubject).addAttributeStatement(ipAddress).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().build()).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId1, digestAlgorithm).build()).buildUnencrypted();
matchingDatasetAssertion = AssertionBuilder.anAssertion().withId(assertionId2).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSubject(mdsAssertionSubject).addAttributeStatement(matchingDatasetAttributeStatement).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId2, digestAlgorithm).build()).buildUnencrypted();
when(responseContainer.getSamlResponse()).thenReturn(saml);
when(stringToOpenSamlResponseTransformer.apply(saml)).thenReturn(samlResponse);
when(samlResponseToIdaResponseIssuedByIdpTransformer.apply(samlResponse)).thenReturn(responseFromIdp);
when(authStatementAssertion.getUnderlyingAssertionBlob()).thenReturn(authStatementUnderlyingAssertionBlob);
when(authStatementAssertion.getAuthnContext()).thenReturn(Optional.empty());
when(authStatementAssertion.getFraudDetectedDetails()).thenReturn(Optional.empty());
when(authStatementAssertion.getPrincipalIpAddressAsSeenByIdp()).thenReturn(Optional.of(principalIpAddressSeenByIdp));
when(authnStatementPersistentId.getNameId()).thenReturn("a name id");
when(authnStatementPersistentId.getNameId()).thenReturn(persistentIdName);
when(authStatementAssertion.getPersistentId()).thenReturn(authnStatementPersistentId);
when(responseFromIdp.getIssuer()).thenReturn(responseIssuer);
when(responseFromIdp.getStatus()).thenReturn(status);
when(responseFromIdp.getMatchingDatasetAssertion()).thenReturn(empty());
when(responseFromIdp.getAuthnStatementAssertion()).thenReturn(empty());
when(responseFromIdp.getSignature()).thenReturn(signature);
;
when(samlResponse.getIssuer()).thenReturn(issuer);
when(stringToAssertionTransformer.apply(authStatementUnderlyingAssertionBlob)).thenReturn(authnStatementAssertion);
when(stringToAssertionTransformer.apply(matchingDatasetUnderlyingAssertionBlob)).thenReturn(matchingDatasetAssertion);
InboundResponseFromIdpDataGenerator inboundResponseFromIdpDataGenerator = new InboundResponseFromIdpDataGenerator(assertionBlobEncrypter);
service = new IdpAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, stringToAssertionTransformer, samlResponseToIdaResponseIssuedByIdpTransformer, inboundResponseFromIdpDataGenerator, idpAssertionMetricsCollector);
}
Also used :
DigestSHA256(org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256)
SignatureRSASHA1(org.opensaml.xmlsec.algorithm.descriptors.SignatureRSASHA1)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
AttributeStatementBuilder.anAttributeStatement(uk.gov.ida.saml.idp.test.builders.AttributeStatementBuilder.anAttributeStatement)
Signature(org.opensaml.xmlsec.signature.Signature)
SignatureAlgorithm(org.opensaml.xmlsec.algorithm.SignatureAlgorithm)
SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl)
InboundResponseFromIdpDataGenerator(uk.gov.ida.saml.hub.transformers.inbound.InboundResponseFromIdpDataGenerator)
Subject(org.opensaml.saml.saml2.core.Subject)
SubjectBuilder.aSubject(uk.gov.ida.saml.idp.test.builders.SubjectBuilder.aSubject)
DigestAlgorithm(org.opensaml.xmlsec.algorithm.DigestAlgorithm)
Before(org.junit.Before)
Example 3 with DigestSHA256
use of org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256 in project verify-hub by alphagov.
the class CryptoModule method configure.
@Override
protected void configure() {
bind(EncryptionKeyStore.class).to(HubEncryptionKeyStore.class).asEagerSingleton();
bind(SigningKeyStore.class).annotatedWith(Names.named("authnRequestKeyStore")).to(AuthnRequestKeyStore.class).asEagerSingleton();
bind(SigningKeyStore.class).annotatedWith(Names.named("samlResponseFromMatchingServiceKeyStore")).to(SamlResponseFromMatchingServiceKeyStore.class).asEagerSingleton();
bind(X509CertificateFactory.class).toInstance(new X509CertificateFactory());
bind(CertificateChainValidator.class);
bind(PKIXParametersProvider.class).toInstance(new PKIXParametersProvider());
bind(CertificatesConfigProxy.class);
bind(TrustStoreForCertificateProvider.class);
bind(EncryptionCredentialFactory.class);
bind(KeyStoreCache.class);
bind(KeyStoreLoader.class).toInstance(new KeyStoreLoader());
bind(SignatureFactory.class);
bind(IdaKeyStoreCredentialRetriever.class);
bind(SamlResponseAssertionEncrypter.class);
bind(AssertionBlobEncrypter.class);
bind(EncrypterFactory.class).toInstance(new EncrypterFactory());
bind(SignatureAlgorithm.class).toInstance(new SignatureRSASHA1());
bind(DigestAlgorithm.class).toInstance(new DigestSHA256());
}
Also used :
X509CertificateFactory(uk.gov.ida.common.shared.security.X509CertificateFactory)
DigestSHA256(org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256)
AuthnRequestKeyStore(uk.gov.ida.hub.samlengine.security.AuthnRequestKeyStore)
SignatureRSASHA1(org.opensaml.xmlsec.algorithm.descriptors.SignatureRSASHA1)
KeyStoreLoader(uk.gov.ida.truststore.KeyStoreLoader)
EncrypterFactory(uk.gov.ida.saml.security.EncrypterFactory)
SignatureAlgorithm(org.opensaml.xmlsec.algorithm.SignatureAlgorithm)
SigningKeyStore(uk.gov.ida.saml.security.SigningKeyStore)
PKIXParametersProvider(uk.gov.ida.common.shared.security.verification.PKIXParametersProvider)
SamlResponseFromMatchingServiceKeyStore(uk.gov.ida.hub.samlengine.security.SamlResponseFromMatchingServiceKeyStore)
HubEncryptionKeyStore(uk.gov.ida.hub.samlengine.security.HubEncryptionKeyStore)
DigestAlgorithm(org.opensaml.xmlsec.algorithm.DigestAlgorithm)
Aggregations
DigestSHA256 (org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256)3
DigestAlgorithm (org.opensaml.xmlsec.algorithm.DigestAlgorithm)2
SignatureAlgorithm (org.opensaml.xmlsec.algorithm.SignatureAlgorithm)2
SignatureRSASHA1 (org.opensaml.xmlsec.algorithm.descriptors.SignatureRSASHA1)2
Signature (org.opensaml.xmlsec.signature.Signature)2
SignatureImpl (org.opensaml.xmlsec.signature.impl.SignatureImpl)2
URI (java.net.URI)1
Before (org.junit.Before)1
Test (org.junit.Test)1
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)1
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)1
Subject (org.opensaml.saml.saml2.core.Subject)1
X509CertificateFactory (uk.gov.ida.common.shared.security.X509CertificateFactory)1
PKIXParametersProvider (uk.gov.ida.common.shared.security.verification.PKIXParametersProvider)1
AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty (uk.gov.ida.hub.samlengine.builders.AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty)1
SamlRequestWithAuthnRequestInformationDto (uk.gov.ida.hub.samlengine.contracts.SamlRequestWithAuthnRequestInformationDto)1
TranslatedAuthnRequestDto (uk.gov.ida.hub.samlengine.contracts.TranslatedAuthnRequestDto)1
AuthnRequestKeyStore (uk.gov.ida.hub.samlengine.security.AuthnRequestKeyStore)1
HubEncryptionKeyStore (uk.gov.ida.hub.samlengine.security.HubEncryptionKeyStore)1
SamlResponseFromMatchingServiceKeyStore (uk.gov.ida.hub.samlengine.security.SamlResponseFromMatchingServiceKeyStore)1
