Search in sources :

Example 26 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class TestOpenSamlObjects method assertingPartyLogoutRequestNameIdInEncryptedId.

public static LogoutRequest assertingPartyLogoutRequestNameIdInEncryptedId(RelyingPartyRegistration registration) {
    LogoutRequestBuilder logoutRequestBuilder = new LogoutRequestBuilder();
    LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();
    logoutRequest.setID("id");
    NameIDBuilder nameIdBuilder = new NameIDBuilder();
    NameID nameId = nameIdBuilder.buildObject();
    nameId.setValue("user");
    logoutRequest.setNameID(null);
    Saml2X509Credential credential = registration.getAssertingPartyDetails().getEncryptionX509Credentials().iterator().next();
    EncryptedID encrypted = encrypted(nameId, credential);
    logoutRequest.setEncryptedID(encrypted);
    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(registration.getAssertingPartyDetails().getEntityId());
    logoutRequest.setIssuer(issuer);
    logoutRequest.setDestination(registration.getSingleLogoutServiceLocation());
    return logoutRequest;
}
Also used : NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) LogoutRequestBuilder(org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder) NameID(org.opensaml.saml.saml2.core.NameID) Issuer(org.opensaml.saml.saml2.core.Issuer) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) EncryptedID(org.opensaml.saml.saml2.core.EncryptedID)

Example 27 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class TestOpenSamlObjects method encrypted.

static EncryptedAttribute encrypted(String name, String value, Saml2X509Credential credential) {
    Attribute attribute = attribute(name, value);
    X509Certificate certificate = credential.getCertificate();
    Encrypter encrypter = getEncrypter(certificate);
    try {
        return encrypter.encrypt(attribute);
    } catch (EncryptionException ex) {
        throw new Saml2Exception("Unable to encrypt nameID.", ex);
    }
}
Also used : Encrypter(org.opensaml.saml.saml2.encryption.Encrypter) Attribute(org.opensaml.saml.saml2.core.Attribute) EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) EncryptionException(org.opensaml.xmlsec.encryption.support.EncryptionException) Saml2Exception(org.springframework.security.saml2.Saml2Exception) X509Certificate(java.security.cert.X509Certificate)

Example 28 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class OpenSaml4AuthenticationRequestFactoryTests method createRedirectAuthenticationRequestWhenSignRequestThenCredentialIsRequired.

@Test
public void createRedirectAuthenticationRequestWhenSignRequestThenCredentialIsRequired() {
    Saml2X509Credential credential = org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials().assertingPartyDetails((party) -> party.verificationX509Credentials((c) -> c.add(credential))).build();
    this.context = this.contextBuilder.relayState("Relay State Value").relyingPartyRegistration(registration).build();
    assertThatExceptionOfType(Saml2Exception.class).isThrownBy(() -> this.factory.createPostAuthenticationRequest(this.context));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) BeforeEach(org.junit.jupiter.api.BeforeEach) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) AuthnRequestUnmarshaller(org.opensaml.saml.saml2.core.impl.AuthnRequestUnmarshaller) ByteArrayInputStream(java.io.ByteArrayInputStream) BDDMockito.given(org.mockito.BDDMockito.given) Document(org.w3c.dom.Document) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) Converter(org.springframework.core.convert.converter.Converter) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Element(org.w3c.dom.Element) TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials) Assertions(org.junit.jupiter.api.Assertions) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Test(org.junit.jupiter.api.Test)

Example 29 with Saml2X509Credential

use of org.springframework.security.saml2.credentials.Saml2X509Credential in project spring-security by spring-projects.

the class OpenSaml4AuthenticationRequestFactoryTests method createPostAuthenticationRequestWhenSignRequestThenCredentialIsRequired.

@Test
public void createPostAuthenticationRequestWhenSignRequestThenCredentialIsRequired() {
    Saml2X509Credential credential = org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials().assertingPartyDetails((party) -> party.verificationX509Credentials((c) -> c.add(credential))).build();
    this.context = this.contextBuilder.relayState("Relay State Value").relyingPartyRegistration(registration).build();
    assertThatExceptionOfType(Saml2Exception.class).isThrownBy(() -> this.factory.createPostAuthenticationRequest(this.context));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) BeforeEach(org.junit.jupiter.api.BeforeEach) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) AuthnRequestUnmarshaller(org.opensaml.saml.saml2.core.impl.AuthnRequestUnmarshaller) ByteArrayInputStream(java.io.ByteArrayInputStream) BDDMockito.given(org.mockito.BDDMockito.given) Document(org.w3c.dom.Document) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) Converter(org.springframework.core.convert.converter.Converter) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Element(org.w3c.dom.Element) TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials) Assertions(org.junit.jupiter.api.Assertions) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Test(org.junit.jupiter.api.Test)

Aggregations

Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)24 X509Certificate (java.security.cert.X509Certificate)17 Saml2Exception (org.springframework.security.saml2.Saml2Exception)14 ArrayList (java.util.ArrayList)10 Credential (org.opensaml.security.credential.Credential)8 PrivateKey (java.security.PrivateKey)7 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)7 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)6 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)6 Document (org.w3c.dom.Document)6 Element (org.w3c.dom.Element)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 CertificateException (java.security.cert.CertificateException)5 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)5 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)5 BasicCredential (org.opensaml.security.credential.BasicCredential)5 SignatureConstants (org.opensaml.xmlsec.signature.support.SignatureConstants)5 TestSaml2X509Credentials (org.springframework.security.saml2.credentials.TestSaml2X509Credentials)5 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)5 StandardCharsets (java.nio.charset.StandardCharsets)4