Examples with IdaKeyStoreCredentialRetriever uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever used on opensource projects

Search in sources :

Example 1 with IdaKeyStoreCredentialRetriever

use of uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever in project verify-hub by alphagov.

the class SamlEngineModule method getAES256WithGCMAssertionDecrypter.

@Provides
@Named("AES256DecrypterWithGCM")
private AssertionDecrypter getAES256WithGCMAssertionDecrypter(IdaKeyStore keyStore) {
    IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
    Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
    return new AssertionDecrypter(new EncryptionAlgorithmValidator(ImmutableSet.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM)), decrypter);
}
Also used : IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever) DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory) AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter) EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter) Named(javax.inject.Named) Provides(com.google.inject.Provides)

Example 2 with IdaKeyStoreCredentialRetriever

use of uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever in project verify-hub by alphagov.

the class SamlMessageSenderApiResourceTest method sendSignedJsonAuthnResponseFromHub_shouldRespondWithNextLocation.

@Test
public void sendSignedJsonAuthnResponseFromHub_shouldRespondWithNextLocation() throws Exception {
    SessionId sessionId = SessionId.createNewSessionId();
    URI nextLocationUri = URI.create("http://blah");
    String requestId = UUID.randomUUID().toString();
    ResponseAssertionSigner responseAssertionSigner = new ResponseAssertionSigner(new SignatureFactory(new IdaKeyStoreCredentialRetriever(getKeyStore()), SIGNATURE_ALGORITHM, DIGEST_ALGORITHM));
    Function<OutboundResponseFromHub, String> outboundResponseFromHubToStringTransformer = new HubTransformersFactory().getOutboundResponseFromHubToStringTransformer(new HardCodedKeyStore(HUB_ENTITY_ID), getKeyStore(), new IdpHardCodedEntityToEncryptForLocator(), responseAssertionSigner, SIGNATURE_ALGORITHM, DIGEST_ALGORITHM);
    OutboundResponseFromHub authnResponseFromHub = anAuthnResponse().withInResponseTo(requestId).withIssuerId(HUB_ENTITY_ID).withTransactionIdaStatus(TransactionIdaStatus.Success).buildOutboundResponseFromHub();
    String samlString = outboundResponseFromHubToStringTransformer.apply(authnResponseFromHub);
    AuthnResponseFromHubContainerDto authnResponseFromHubContainerDto = new AuthnResponseFromHubContainerDto(samlString, nextLocationUri, com.google.common.base.Optional.absent(), authnResponseFromHub.getId());
    policyStubRule.anAuthnResponseFromHubToRp(sessionId, authnResponseFromHubContainerDto);
    javax.ws.rs.core.Response response = getResponseFromSamlProxy(Urls.SamlProxyUrls.SEND_RESPONSE_FROM_HUB_API_RESOURCE, sessionId);
    assertThat(response.readEntity(SamlMessageSenderHandler.SamlMessage.class).getPostEndpoint()).isEqualTo(nextLocationUri.toASCIIString());
}
Also used : HubTransformersFactory(uk.gov.ida.saml.hub.api.HubTransformersFactory) HardCodedKeyStore(uk.gov.ida.saml.core.test.HardCodedKeyStore) AuthnResponseFromHubContainerDto(uk.gov.ida.hub.samlproxy.contracts.AuthnResponseFromHubContainerDto) URI(java.net.URI) ResponseAssertionSigner(uk.gov.ida.saml.core.transformers.outbound.decorators.ResponseAssertionSigner) IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever) OutboundResponseFromHub(uk.gov.ida.saml.core.domain.OutboundResponseFromHub) Response(javax.ws.rs.core.Response) SignatureFactory(uk.gov.ida.saml.security.SignatureFactory) SessionId(uk.gov.ida.common.SessionId) Test(org.junit.Test)

Example 3 with IdaKeyStoreCredentialRetriever

use of uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever in project verify-hub by alphagov.

the class AssertionDecrypter method decryptAssertions.

public List<Assertion> decryptAssertions(Response response) {
    KeyPair encryptionKeyPair = new KeyPair(publicKey, privateKey);
    KeyPair signingKeyPair = new KeyPair(publicKey, privateKey);
    IdaKeyStore keyStore = new IdaKeyStore(signingKeyPair, Collections.singletonList(encryptionKeyPair));
    IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
    Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
    uk.gov.ida.saml.security.AssertionDecrypter assertionDecrypter = new uk.gov.ida.saml.security.AssertionDecrypter(new EncryptionAlgorithmValidator(ImmutableSet.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM)), decrypter);
    return assertionDecrypter.decryptAssertions(new ValidatedResponse(response));
}
Also used : KeyPair(java.security.KeyPair) EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) IdaKeyStore(uk.gov.ida.saml.security.IdaKeyStore) IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever) DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory)

Aggregations

IdaKeyStoreCredentialRetriever (uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever)3 Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)2 DecrypterFactory (uk.gov.ida.saml.security.DecrypterFactory)2 EncryptionAlgorithmValidator (uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator)2 Provides (com.google.inject.Provides)1 URI (java.net.URI)1 KeyPair (java.security.KeyPair)1 Named (javax.inject.Named)1 Response (javax.ws.rs.core.Response)1 Test (org.junit.Test)1 SessionId (uk.gov.ida.common.SessionId)1 AuthnResponseFromHubContainerDto (uk.gov.ida.hub.samlproxy.contracts.AuthnResponseFromHubContainerDto)1 OutboundResponseFromHub (uk.gov.ida.saml.core.domain.OutboundResponseFromHub)1 HardCodedKeyStore (uk.gov.ida.saml.core.test.HardCodedKeyStore)1 ResponseAssertionSigner (uk.gov.ida.saml.core.transformers.outbound.decorators.ResponseAssertionSigner)1 HubTransformersFactory (uk.gov.ida.saml.hub.api.HubTransformersFactory)1 AssertionDecrypter (uk.gov.ida.saml.security.AssertionDecrypter)1 IdaKeyStore (uk.gov.ida.saml.security.IdaKeyStore)1 SignatureFactory (uk.gov.ida.saml.security.SignatureFactory)1 ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial