Example 1 with SignatureImpl
use of org.opensaml.xmlsec.signature.impl.SignatureImpl in project verify-hub by alphagov.
the class RpAuthnRequestTranslatorServiceTest method shouldTranslateSamlAuthnRequest.
@Test
public void shouldTranslateSamlAuthnRequest() {
RpAuthnRequestTranslatorService service = new RpAuthnRequestTranslatorService(stringToAuthnRequestTransformer, samlAuthnRequestToAuthnRequestFromRelyingPartyTransformer, vspVersionGauge);
boolean forceAuthentication = true;
String id = UUID.randomUUID().toString();
String issuer = UUID.randomUUID().toString();
URI assertionConsumerServiceUrl = URI.create("http://someassertionuri");
int assertionConsumerServiceIndex = 1;
Signature signature = aSignature().withSignatureAlgorithm(SIGNATURE_ALGORITHM).build();
((SignatureImpl) signature).setXMLSignature(BuilderHelper.createXMLSignature(SIGNATURE_ALGORITHM, new DigestSHA256()));
SamlRequestWithAuthnRequestInformationDto samlRequestWithAuthnRequestInformationDto = SamlAuthnRequestDtoBuilder.aSamlAuthnRequest().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerIndex(assertionConsumerServiceIndex).withPublicCert(TEST_RP_PUBLIC_SIGNING_CERT).withPrivateKey(TEST_RP_PRIVATE_SIGNING_KEY).build();
AuthnRequest authnRequest = AuthnRequestBuilder.anAuthnRequest().build();
TranslatedAuthnRequestDto expected = TranslatedAuthnRequestDtoBuilder.aTranslatedAuthnRequest().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerServiceUrl(assertionConsumerServiceUrl).withAssertionConsumerServiceIndex(assertionConsumerServiceIndex).build();
AuthnRequestFromRelyingParty intermediateBlah = anAuthnRequestFromRelyingParty().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerServiceUrl(assertionConsumerServiceUrl).withAssertionConsumerServiceIndex(assertionConsumerServiceIndex).withSignature(signature).build();
when(stringToAuthnRequestTransformer.apply(samlRequestWithAuthnRequestInformationDto.getSamlMessage())).thenReturn(authnRequest);
when(samlAuthnRequestToAuthnRequestFromRelyingPartyTransformer.apply(authnRequest)).thenReturn(intermediateBlah);
when(vspVersionGauge.labels(anyString(), anyString())).thenReturn(childGauge);
TranslatedAuthnRequestDto actual = service.translate(samlRequestWithAuthnRequestInformationDto);
assertThat(actual).isEqualToComparingFieldByField(expected);
verify(vspVersionGauge).labels(intermediateBlah.getIssuer(), intermediateBlah.getVerifyServiceProviderVersion().get());
verify(childGauge).set(1.0);
}
Also used :
SamlRequestWithAuthnRequestInformationDto(uk.gov.ida.hub.samlengine.contracts.SamlRequestWithAuthnRequestInformationDto)
DigestSHA256(org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnRequestFromRelyingParty(uk.gov.ida.saml.hub.domain.AuthnRequestFromRelyingParty)
AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty(uk.gov.ida.hub.samlengine.builders.AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty)
Signature(org.opensaml.xmlsec.signature.Signature)
SignatureBuilder.aSignature(uk.gov.ida.saml.core.test.builders.SignatureBuilder.aSignature)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
TranslatedAuthnRequestDto(uk.gov.ida.hub.samlengine.contracts.TranslatedAuthnRequestDto)
SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl)
URI(java.net.URI)
Test(org.junit.jupiter.api.Test)
Example 2 with SignatureImpl
use of org.opensaml.xmlsec.signature.impl.SignatureImpl in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorServiceTest method setup.
@BeforeEach
public void setup() {
final String idpEntityId = TestEntityIds.STUB_IDP_ONE;
final String assertionId1 = randomUUID().toString();
final String assertionId2 = randomUUID().toString();
final SignatureAlgorithm signatureAlgorithm = new SignatureRSASHA1();
final DigestAlgorithm digestAlgorithm = new DigestSHA256();
final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
final AttributeStatement ipAddress = anAttributeStatement().addAttribute(IPAddressAttributeBuilder.anIPAddress().build()).build();
final Optional<Signature> signature = of(SignatureBuilder.aSignature().build());
final SignatureImpl signatureImpl = ((SignatureImpl) signature.get());
signatureImpl.setXMLSignature(BuilderHelper.createXMLSignature(signatureAlgorithm, digestAlgorithm));
authnStatementAssertion = AssertionBuilder.anAssertion().withId(assertionId1).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).addAttributeStatement(ipAddress).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().build()).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId1, digestAlgorithm).build()).buildUnencrypted();
matchingDatasetAssertion = AssertionBuilder.anAssertion().withId(assertionId2).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).addAttributeStatement(matchingDatasetAttributeStatement).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId2, digestAlgorithm).build()).buildUnencrypted();
when(responseContainer.getSamlResponse()).thenReturn(saml);
when(assertionBlobEncrypter.encryptAssertionBlob(any(), eq(authStatementUnderlyingAssertionBlob))).thenReturn(encryptedAuthnAssertion);
when(stringToOpenSamlResponseTransformer.apply(saml)).thenReturn(samlResponse);
when(samlResponseToIdaResponseIssuedByIdpTransformer.apply(samlResponse)).thenReturn(responseFromIdp);
when(authStatementAssertion.getUnderlyingAssertionBlob()).thenReturn(authStatementUnderlyingAssertionBlob);
when(authStatementAssertion.getAuthnContext()).thenReturn(Optional.empty());
when(authStatementAssertion.getFraudDetectedDetails()).thenReturn(Optional.empty());
when(authStatementAssertion.getPrincipalIpAddressAsSeenByIdp()).thenReturn(Optional.of(principalIpAddressSeenByIdp));
when(authnStatementPersistentId.getNameId()).thenReturn("a name id");
when(authnStatementPersistentId.getNameId()).thenReturn(persistentIdName);
when(authStatementAssertion.getPersistentId()).thenReturn(authnStatementPersistentId);
when(responseFromIdp.getIssuer()).thenReturn(responseIssuer);
when(responseFromIdp.getStatus()).thenReturn(status);
when(responseFromIdp.getMatchingDatasetAssertion()).thenReturn(empty());
when(responseFromIdp.getAuthnStatementAssertion()).thenReturn(empty());
when(responseFromIdp.getSignature()).thenReturn(signature);
when(samlResponse.getIssuer()).thenReturn(issuer);
when(stringToAssertionTransformer.apply(authStatementUnderlyingAssertionBlob)).thenReturn(authnStatementAssertion);
when(stringToAssertionTransformer.apply(matchingDatasetUnderlyingAssertionBlob)).thenReturn(matchingDatasetAssertion);
InboundResponseFromIdpDataGenerator inboundResponseFromIdpDataGenerator = new InboundResponseFromIdpDataGenerator(assertionBlobEncrypter);
service = new IdpAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, stringToAssertionTransformer, samlResponseToIdaResponseIssuedByIdpTransformer, inboundResponseFromIdpDataGenerator, idpAssertionMetricsCollector, transactionsConfigProxy);
}
Also used :
DigestSHA256(org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256)
SignatureRSASHA1(org.opensaml.xmlsec.algorithm.descriptors.SignatureRSASHA1)
AttributeStatementBuilder.anAttributeStatement(uk.gov.ida.saml.core.test.builders.AttributeStatementBuilder.anAttributeStatement)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Signature(org.opensaml.xmlsec.signature.Signature)
SignatureAlgorithm(org.opensaml.xmlsec.algorithm.SignatureAlgorithm)
SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl)
InboundResponseFromIdpDataGenerator(uk.gov.ida.saml.hub.transformers.inbound.InboundResponseFromIdpDataGenerator)
DigestAlgorithm(org.opensaml.xmlsec.algorithm.DigestAlgorithm)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 3 with SignatureImpl
use of org.opensaml.xmlsec.signature.impl.SignatureImpl in project verify-hub by alphagov.
the class UnknownMethodAlgorithmLoggerTest method setUp.
@BeforeEach
public void setUp() throws Exception {
final Logger logger = (Logger) LoggerFactory.getLogger(Logger.ROOT_LOGGER_NAME);
logger.addAppender(mockAppender);
logger.setLevel(Level.INFO);
signature = Optional.of(SignatureBuilder.aSignature().build());
SignatureImpl signatureImpl = ((SignatureImpl) signature.get());
signatureImpl.setXMLSignature(BuilderHelper.createXMLSignature(SIGNATURE_RSA_SHA256, DIGEST_SHA256));
signatureWithUnknownSignatureAlgorithm = Optional.of(SignatureBuilder.aSignature().withSignatureAlgorithm(SIGNATURE_RSA_SHA1).build());
SignatureImpl signatureWithUnknownSignatureAlgorithmImpl = ((SignatureImpl) signatureWithUnknownSignatureAlgorithm.get());
signatureWithUnknownSignatureAlgorithmImpl.setXMLSignature(BuilderHelper.createXMLSignature(SIGNATURE_RSA_SHA1, DIGEST_SHA256));
signatureWithUnknownDigestAlgorithm = Optional.of(SignatureBuilder.aSignature().withDigestAlgorithm(ID, DIGEST_SHA1).build());
SignatureImpl signatureWithUnknownDigestAlgorithmImpl = ((SignatureImpl) signatureWithUnknownDigestAlgorithm.get());
signatureWithUnknownDigestAlgorithmImpl.setXMLSignature(BuilderHelper.createXMLSignature(SIGNATURE_RSA_SHA256, DIGEST_SHA1));
signatureWithUnknownSignatureAndDigestAlgorithms = Optional.of(SignatureBuilder.aSignature().withSignatureAlgorithm(SIGNATURE_RSA_SHA1).withDigestAlgorithm(ID, DIGEST_SHA1).build());
SignatureImpl signatureWithUnknownSignatureAndDigestAlgorithmsImpl = ((SignatureImpl) signatureWithUnknownSignatureAndDigestAlgorithms.get());
signatureWithUnknownSignatureAndDigestAlgorithmsImpl.setXMLSignature(BuilderHelper.createXMLSignature(SIGNATURE_RSA_SHA1, DIGEST_SHA1));
}
Also used :
Logger(ch.qos.logback.classic.Logger)
SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 4 with SignatureImpl
use of org.opensaml.xmlsec.signature.impl.SignatureImpl in project verify-hub by alphagov.
the class AuthnRequestFromRelyingPartyUnmarshallerTest method fromSamlMessage_shouldMapAuthnRequestToAuthnRequestFromRelyingParty.
@Test
public void fromSamlMessage_shouldMapAuthnRequestToAuthnRequestFromRelyingParty() throws Exception {
DateTime issueInstant = new DateTime();
SignatureImpl signature = new SignatureBuilder().buildObject();
AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
authnRequest.setID("some-id");
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue("some-service-entity-id");
authnRequest.setIssuer(issuer);
authnRequest.setIssueInstant(issueInstant);
authnRequest.setDestination("http://example.com");
authnRequest.setForceAuthn(true);
authnRequest.setAssertionConsumerServiceURL("some-url");
authnRequest.setAssertionConsumerServiceIndex(5);
authnRequest.setSignature(signature);
authnRequest.setExtensions(createApplicationVersionExtensions("some-version"));
AuthnRequestFromRelyingParty authnRequestFromRelyingParty = unmarshaller.fromSamlMessage(authnRequest);
AuthnRequestFromRelyingParty expected = new AuthnRequestFromRelyingParty("some-id", "some-service-entity-id", issueInstant, URI.create("http://example.com"), Optional.of(true), Optional.of(URI.create("some-url")), Optional.of(5), Optional.of(signature), Optional.of("some-version"));
assertThat(authnRequestFromRelyingParty).isEqualTo(expected);
}
Also used :
SignatureBuilder(org.opensaml.xmlsec.signature.impl.SignatureBuilder)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Issuer(org.opensaml.saml.saml2.core.Issuer)
AuthnRequestFromRelyingParty(uk.gov.ida.saml.hub.domain.AuthnRequestFromRelyingParty)
AuthnRequestBuilder(org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder)
IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder)
SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl)
DateTime(org.joda.time.DateTime)
Test(org.junit.jupiter.api.Test)
Aggregations
SignatureImpl (org.opensaml.xmlsec.signature.impl.SignatureImpl)4
BeforeEach (org.junit.jupiter.api.BeforeEach)2
Test (org.junit.jupiter.api.Test)2
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2
DigestSHA256 (org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256)2
Signature (org.opensaml.xmlsec.signature.Signature)2
AuthnRequestFromRelyingParty (uk.gov.ida.saml.hub.domain.AuthnRequestFromRelyingParty)2
Logger (ch.qos.logback.classic.Logger)1
URI (java.net.URI)1
DateTime (org.joda.time.DateTime)1
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)1
Issuer (org.opensaml.saml.saml2.core.Issuer)1
AuthnRequestBuilder (org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder)1
IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)1
DigestAlgorithm (org.opensaml.xmlsec.algorithm.DigestAlgorithm)1
SignatureAlgorithm (org.opensaml.xmlsec.algorithm.SignatureAlgorithm)1
SignatureRSASHA1 (org.opensaml.xmlsec.algorithm.descriptors.SignatureRSASHA1)1
SignatureBuilder (org.opensaml.xmlsec.signature.impl.SignatureBuilder)1
AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty (uk.gov.ida.hub.samlengine.builders.AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty)1
