Search in sources :

Example 1 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class TestOpenSamlObjects method signed.

static <T extends SignableSAMLObject> T signed(T signable, Saml2X509Credential credential, String entityId, String signAlgorithmUri) {
    SignatureSigningParameters parameters = new SignatureSigningParameters();
    Credential signingCredential = getSigningCredential(credential, entityId);
    parameters.setSigningCredential(signingCredential);
    parameters.setSignatureAlgorithm(signAlgorithmUri);
    parameters.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    parameters.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    try {
        SignatureSupport.signObject(signable, parameters);
    } catch (MarshallingException | SignatureException | SecurityException ex) {
        throw new Saml2Exception(ex);
    }
    return signable;
}
Also used : BasicCredential(org.opensaml.security.credential.BasicCredential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) Credential(org.opensaml.security.credential.Credential) MarshallingException(org.opensaml.core.xml.io.MarshallingException) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) SecurityException(org.opensaml.security.SecurityException) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 2 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class TestOpenSamlObjects method encrypted.

static EncryptedID encrypted(NameID nameId, Saml2X509Credential credential) {
    X509Certificate certificate = credential.getCertificate();
    Encrypter encrypter = getEncrypter(certificate);
    try {
        return encrypter.encrypt(nameId);
    } catch (EncryptionException ex) {
        throw new Saml2Exception("Unable to encrypt nameID.", ex);
    }
}
Also used : Encrypter(org.opensaml.saml.saml2.encryption.Encrypter) EncryptionException(org.opensaml.xmlsec.encryption.support.EncryptionException) Saml2Exception(org.springframework.security.saml2.Saml2Exception) X509Certificate(java.security.cert.X509Certificate)

Example 3 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class OpenSamlSigningUtils method resolveSigningCredentials.

private static List<Credential> resolveSigningCredentials(RelyingPartyRegistration relyingPartyRegistration) {
    List<Credential> credentials = new ArrayList<>();
    for (Saml2X509Credential x509Credential : relyingPartyRegistration.getSigningX509Credentials()) {
        X509Certificate certificate = x509Credential.getCertificate();
        PrivateKey privateKey = x509Credential.getPrivateKey();
        BasicCredential credential = CredentialSupport.getSimpleCredential(certificate, privateKey);
        credential.setEntityId(relyingPartyRegistration.getEntityId());
        credential.setUsageType(UsageType.SIGNING);
        credentials.add(credential);
    }
    return credentials;
}
Also used : BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) PrivateKey(java.security.PrivateKey) ArrayList(java.util.ArrayList) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) X509Certificate(java.security.cert.X509Certificate) BasicCredential(org.opensaml.security.credential.BasicCredential)

Example 4 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class OpenSamlAuthenticationRequestFactoryTests method createPostAuthenticationRequestWhenSignRequestThenCredentialIsRequired.

@Test
public void createPostAuthenticationRequestWhenSignRequestThenCredentialIsRequired() {
    Saml2X509Credential credential = org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials().assertingPartyDetails((party) -> party.verificationX509Credentials((c) -> c.add(credential))).build();
    this.context = this.contextBuilder.relayState("Relay State Value").relyingPartyRegistration(registration).build();
    assertThatExceptionOfType(Saml2Exception.class).isThrownBy(() -> this.factory.createPostAuthenticationRequest(this.context));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) BeforeEach(org.junit.jupiter.api.BeforeEach) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) AuthnRequestUnmarshaller(org.opensaml.saml.saml2.core.impl.AuthnRequestUnmarshaller) ByteArrayInputStream(java.io.ByteArrayInputStream) BDDMockito.given(org.mockito.BDDMockito.given) Document(org.w3c.dom.Document) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) Converter(org.springframework.core.convert.converter.Converter) DateTime(org.joda.time.DateTime) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Element(org.w3c.dom.Element) TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials) Assertions(org.junit.jupiter.api.Assertions) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Test(org.junit.jupiter.api.Test)

Example 5 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class OpenSamlAuthenticationRequestFactoryTests method createRedirectAuthenticationRequestWhenSignRequestThenCredentialIsRequired.

@Test
public void createRedirectAuthenticationRequestWhenSignRequestThenCredentialIsRequired() {
    Saml2X509Credential credential = org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials().assertingPartyDetails((party) -> party.verificationX509Credentials((c) -> c.add(credential))).build();
    this.context = this.contextBuilder.relayState("Relay State Value").relyingPartyRegistration(registration).build();
    assertThatExceptionOfType(Saml2Exception.class).isThrownBy(() -> this.factory.createPostAuthenticationRequest(this.context));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) BeforeEach(org.junit.jupiter.api.BeforeEach) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) AuthnRequestUnmarshaller(org.opensaml.saml.saml2.core.impl.AuthnRequestUnmarshaller) ByteArrayInputStream(java.io.ByteArrayInputStream) BDDMockito.given(org.mockito.BDDMockito.given) Document(org.w3c.dom.Document) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) Converter(org.springframework.core.convert.converter.Converter) DateTime(org.joda.time.DateTime) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Element(org.w3c.dom.Element) TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials) Assertions(org.junit.jupiter.api.Assertions) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Test(org.junit.jupiter.api.Test)

Aggregations

Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)22 X509Certificate (java.security.cert.X509Certificate)15 Saml2Exception (org.springframework.security.saml2.Saml2Exception)14 ArrayList (java.util.ArrayList)10 Credential (org.opensaml.security.credential.Credential)8 PrivateKey (java.security.PrivateKey)7 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)7 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)6 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)6 Document (org.w3c.dom.Document)6 Element (org.w3c.dom.Element)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 CertificateException (java.security.cert.CertificateException)5 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)5 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)5 BasicCredential (org.opensaml.security.credential.BasicCredential)5 SignatureConstants (org.opensaml.xmlsec.signature.support.SignatureConstants)5 TestSaml2X509Credentials (org.springframework.security.saml2.credentials.TestSaml2X509Credentials)5 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)5 StandardCharsets (java.nio.charset.StandardCharsets)4