org.opensaml.saml.saml2.metadata.EntityDescriptor Java Examples

The following examples show how to use org.opensaml.saml.saml2.metadata.EntityDescriptor. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleNoMatchSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(SamlStatusCode.NO_MATCH).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(NO_MATCH);
}
 
Example #2
Source File: MockMetadataAggregatorServer.java    From verify-service-provider with MIT License 6 votes vote down vote up
private String buildTestCountryEntityDescriptor(String countryEntityId) throws Exception {
    KeyDescriptor signingKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor()
        .withX509ForSigning(STUB_COUNTRY_PUBLIC_PRIMARY_CERT)
        .build();

    IDPSSODescriptor idpSsoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor()
        .withoutDefaultSigningKey()
        .addKeyDescriptor(signingKeyDescriptor)
        .build();

    Signature signature = SignatureBuilder.aSignature()
        .withSigningCredential(new TestCredentialFactory(METADATA_SIGNING_A_PUBLIC_CERT, METADATA_SIGNING_A_PRIVATE_KEY).getSigningCredential())
        .withX509Data(METADATA_SIGNING_A_PUBLIC_CERT)
        .build();

    EntityDescriptor entityDescriptor = EntityDescriptorBuilder.anEntityDescriptor()
        .withEntityId(countryEntityId)
        .withIdpSsoDescriptor(idpSsoDescriptor)
        .setAddDefaultSpServiceDescriptor(false)
        .withValidUntil(DateTime.now().plusWeeks(2))
        .withSignature(signature)
        .build();

    String s = new MetadataFactory().singleEntityMetadata(entityDescriptor);
    return s;
}
 
Example #3
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenIssueInstantIsInTheFuture() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage("Response IssueInstant is in the future ");

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    ResponseBuilder responseBuilder = aResponse().withIssueInstant(DateTime.now().plusMinutes(1));
    Response response = signResponse(responseBuilder, testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #4
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenIssueInstantIsTooOld() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage("Response IssueInstant is too far in the past ");

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    ResponseBuilder responseBuilder = aResponse().withIssueInstant(DateTime.now().minusMinutes(10));
    Response response = signResponse(responseBuilder, testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #5
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenInResponseToDoesNotMatchRequestId() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage(String.format("Expected InResponseTo to be some-incorrect-request-id, but was %s", DEFAULT_REQUEST_ID));

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        "some-incorrect-request-id",
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #6
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailValidationWhenHubResponseIsNotSigned() throws Exception {
    expectedException.expect(SamlTransformationErrorException.class);
    expectedException.expectMessage("SAML Validation Specification: Message signature is not signed");

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = createNoAttributeResponseBuilder(successStatus).withoutSigning().build();
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);

    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #7
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailValidationWhenHubMetadataDoesNotContainCorrectCertificate() throws Exception {
    expectedException.expect(SamlTransformationErrorException.class);
    expectedException.expectMessage("SAML Validation Specification: Signature was not valid.");

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_PUBLIC_CERT);

    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #8
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenUnrecognizedSubStatus() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage("Unknown SAML sub-status: UNKNOWN");

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue("UNKNOWN").build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #9
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenUnrecognizedStatus() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage("Unknown SAML status: UNKNOWN");

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue("UNKNOWN")
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #10
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleAuthenticationFailedSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.AUTHN_FAILED).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(AUTHENTICATION_FAILED);
}
 
Example #11
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleNoAuthnContextSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.NO_AUTHN_CONTEXT).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(CANCELLATION);
}
 
Example #12
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleRequestErrorSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.REQUESTER).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(REQUEST_ERROR);
}
 
Example #13
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void nonMatchingResponseServiceShouldThrowIfConfiguredIncorrectlyForUnsignedAssertions() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Response response = signResponse(createUnsignedAttributeResponseBuilder(), testRpSigningCredential);

    assertThrows(MissingUnsignedAssertionsHandlerException.class, () -> {
        badlyConfiguredEidasNonMatchingResponseService.convertTranslatedResponseBody(
                responseToBase64StringTransformer.apply(response),
                response.getInResponseTo(),
                LevelOfAssurance.LEVEL_2,
                VERIFY_SERVICE_PROVIDER_ENTITY_ID
        );
    });
}
 
Example #14
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void matchingResponseServiceShouldHandleAccountCreationSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createAttributeResponseBuilder(successStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(ACCOUNT_CREATION);
    assertThat(result.getAttributes()).isNotNull();
}
 
Example #15
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void matchingResponseServiceShouldHandleSuccessMatchSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);

    TranslatedResponseBody result = matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result).isEqualTo(new TranslatedMatchingResponseBody(
        SUCCESS_MATCH,
        "some-pid",
        LevelOfAssurance.LEVEL_2,
        null
    ));
}
 
Example #16
Source File: BuildMetadataContextAction.java    From shibboleth-oidc with Apache License 2.0 6 votes vote down vote up
@Nonnull
@Override
protected Event doExecute(@Nonnull final RequestContext springRequestContext,
                          @Nonnull final ProfileRequestContext profileRequestContext) {
    final RelyingPartyContext rpCtx = profileRequestContext.getSubcontext(RelyingPartyContext.class, false);
    if (rpCtx == null) {
        throw new OIDCException("Relying party context not found in the profile request");
    }
    if (rpCtx.getRelyingPartyId() == null) {
        throw new OIDCException("Relying  party id is blank");
    }
    final SAMLMetadataContext mdCtx = new SAMLMetadataContext();

    log.debug("Created client entity descriptor for {}", rpCtx.getRelyingPartyId());
    final EntityDescriptor clientEntityDescriptor = new ClientEntityDescriptor(rpCtx.getRelyingPartyId());
    mdCtx.setEntityDescriptor(clientEntityDescriptor);
    rpCtx.setRelyingPartyIdContextTree(mdCtx);

    return Events.Success.event(this);

}
 
Example #17
Source File: SAML2IdPCache.java    From syncope with Apache License 2.0 5 votes vote down vote up
@Transactional(readOnly = true)
public SAML2IdPEntity put(final SAML2IdP idp)
        throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, WSSecurityException,
        XMLParserException {

    Element element = OpenSAMLUtil.getParserPool().parse(
            new InputStreamReader(new ByteArrayInputStream(idp.getMetadata()))).getDocumentElement();
    EntityDescriptor entityDescriptor = (EntityDescriptor) OpenSAMLUtil.fromDom(element);
    return put(entityDescriptor, binder.getIdPTO(idp));
}
 
Example #18
Source File: SamlClient.java    From saml-client with MIT License 5 votes vote down vote up
private static EntityDescriptor getEntityDescriptor(DOMMetadataResolver metadata)
    throws SamlException {
  List<EntityDescriptor> entityDescriptors = new ArrayList<>();
  metadata.forEach(entityDescriptors::add);
  if (entityDescriptors.size() != 1) {
    throw new SamlException("Bad entity descriptor count: " + entityDescriptors.size());
  }
  return entityDescriptors.get(0);
}
 
Example #19
Source File: SamlClient.java    From saml-client with MIT License 5 votes vote down vote up
private static IDPSSODescriptor getIDPSSODescriptor(EntityDescriptor entityDescriptor)
    throws SamlException {
  IDPSSODescriptor idpssoDescriptor =
      entityDescriptor.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
  if (idpssoDescriptor == null) {
    throw new SamlException("Cannot retrieve IDP SSO descriptor");
  }

  return idpssoDescriptor;
}
 
Example #20
Source File: SamlServiceProviderTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldRespondMetadataWithoutAuthentication() throws Exception {
    final AggregatedHttpResponse resp = client.get("/saml/metadata").aggregate().join();
    assertThat(resp.status()).isEqualTo(HttpStatus.OK);
    assertThat(resp.contentType()).isEqualTo(CONTENT_TYPE_SAML_METADATA);

    final EntityDescriptor metadata =
            (EntityDescriptor) deserialize(resp.contentUtf8().getBytes());
    assertThat(metadata).isNotNull();

    final SPSSODescriptor sp = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
    assertThat(sp.isAuthnRequestsSigned()).isTrue();
    assertThat(sp.getWantAssertionsSigned()).isTrue();

    final List<KeyDescriptor> kd = sp.getKeyDescriptors();
    assertThat(kd.get(0).getUse().name()).isEqualToIgnoringCase("signing");
    assertThat(kd.get(1).getUse().name()).isEqualToIgnoringCase("encryption");

    final List<SingleLogoutService> slo = sp.getSingleLogoutServices();
    assertThat(slo.get(0).getLocation())
            .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/slo/post");
    assertThat(slo.get(0).getBinding()).isEqualTo(SAMLConstants.SAML2_POST_BINDING_URI);
    assertThat(slo.get(1).getLocation())
            .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/slo/redirect");
    assertThat(slo.get(1).getBinding()).isEqualTo(SAMLConstants.SAML2_REDIRECT_BINDING_URI);

    final List<AssertionConsumerService> acs = sp.getAssertionConsumerServices();
    // index 0 (default)
    assertThat(acs.get(0).getIndex()).isEqualTo(0);
    assertThat(acs.get(0).isDefault()).isTrue();
    assertThat(acs.get(0).getLocation())
            .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/acs/post");
    assertThat(acs.get(0).getBinding()).isEqualTo(SAMLConstants.SAML2_POST_BINDING_URI);
    // index 1
    assertThat(acs.get(1).getIndex()).isEqualTo(1);
    assertThat(acs.get(1).isDefault()).isFalse();
    assertThat(acs.get(1).getLocation())
            .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/acs/redirect");
    assertThat(acs.get(1).getBinding()).isEqualTo(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
}
 
Example #21
Source File: SyncopeWASAML2ClientMetadataGeneratorTest.java    From syncope with Apache License 2.0 5 votes vote down vote up
@Test
public void storeMetadata() throws Exception {
    SAML2Client client = getSAML2Client();
    String keystoreFile = File.createTempFile("keystore", "jks").getCanonicalPath();
    client.getConfiguration().setKeystoreResourceFilepath(keystoreFile);

    SAML2MetadataGenerator generator = new SyncopeWASAML2ClientMetadataGenerator(
        getWaRestClient(Response.created(new URI("http://localhost:9080/syncop-wa")).build()), client);
    EntityDescriptor entityDescriptor = generator.buildEntityDescriptor();
    String metadata = generator.getMetadata(entityDescriptor);
    assertNotNull(generator.storeMetadata(metadata, null, false));
}
 
Example #22
Source File: SyncopeWASAML2ClientMetadataGeneratorTest.java    From syncope with Apache License 2.0 5 votes vote down vote up
@Test
public void storeMetadataFails() throws Exception {
    SAML2Client client = getSAML2Client();
    String keystoreFile = File.createTempFile("keystore", "jks").getCanonicalPath();
    client.getConfiguration().setKeystoreResourceFilepath(keystoreFile);
    WARestClient restClient = getWaRestClient(Response.serverError().build());
    SAML2MetadataGenerator generator = new SyncopeWASAML2ClientMetadataGenerator(restClient, client);
    EntityDescriptor entityDescriptor = generator.buildEntityDescriptor();
    String metadata = generator.getMetadata(entityDescriptor);
    assertThrows(SyncopeClientException.class, () -> generator.storeMetadata(metadata, null, false));
}
 
Example #23
Source File: SAML2IdPCache.java    From syncope with Apache License 2.0 5 votes vote down vote up
public SAML2IdPEntity put(
        final EntityDescriptor entityDescriptor,
        final SAML2IdPTO idpTO)
        throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {

    SAML2IdPEntity idp = new SAML2IdPEntity(entityDescriptor, idpTO, loader.getKeyPass());
    cache.put(entityDescriptor.getEntityID(), idp);
    return idp;
}
 
Example #24
Source File: Saml2SettingsProvider.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
Saml2Settings get() throws SamlConfigException {
    try {
        HashMap<String, Object> configProperties = new HashMap<>();

        EntityDescriptor entityDescriptor = this.metadataResolver
                .resolveSingle(new CriteriaSet(new EntityIdCriterion(this.idpEntityId)));

        if (entityDescriptor == null) {
            throw new SamlConfigException("Could not find entity descriptor for " + this.idpEntityId);
        }

        IDPSSODescriptor idpSsoDescriptor = entityDescriptor
                .getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");

        if (idpSsoDescriptor == null) {
            throw new SamlConfigException("Could not find IDPSSODescriptor supporting SAML 2.0 in "
                    + this.idpEntityId + "; role descriptors: " + entityDescriptor.getRoleDescriptors());
        }

        initIdpEndpoints(idpSsoDescriptor, configProperties);
        initIdpCerts(idpSsoDescriptor, configProperties);

        initSpEndpoints(configProperties);

        initMisc(configProperties);

        SettingsBuilder settingsBuilder = new SettingsBuilder();

        // TODO allow overriding of IdP metadata?
        settingsBuilder.fromValues(configProperties);
        settingsBuilder.fromValues(new SamlSettingsMap(this.esSettings));

        return settingsBuilder.build();
    } catch (ResolverException e) {
        throw new AuthenticatorUnavailableException(e);
    }
}
 
Example #25
Source File: MockMsaServer.java    From verify-service-provider with MIT License 5 votes vote down vote up
public static String msaMetadata() {
    EntityDescriptor entityDescriptor = new EntityDescriptorFactory().idpEntityDescriptor(MSA_ENTITY_ID);
    try {
        return new MetadataFactory().metadata(anEntitiesDescriptor()
                .withEntityDescriptors(ImmutableList.of(entityDescriptor))
                .withValidUntil(DateTime.now().plusWeeks(2)).build());
    } catch (MarshallingException | SignatureException e) {
        Throwables.throwIfUnchecked(e);
        throw new RuntimeException(e);
    }

}
 
Example #26
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 5 votes vote down vote up
private EntityDescriptor createEntityDescriptorWithSigningCertificate(String signingCert) throws MarshallingException, SignatureException {
    return anEntityDescriptor()
        .addSpServiceDescriptor(anSpServiceDescriptor()
            .withoutDefaultSigningKey()
            .addKeyDescriptor(aKeyDescriptor().withX509ForSigning(signingCert).build())
            .build()
        )
        .build();
}
 
Example #27
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 5 votes vote down vote up
@Test
public void nonMatchingResponseServiceShouldHandleUnsignedAssertions() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Response response = signResponse(createUnsignedAttributeResponseBuilder(), testRpSigningCredential);
    ValidatedResponse validatedResponse = new ValidatedResponse(response);
    List<Assertion> decryptedAssertion = asList(mock(Assertion.class));
    TranslatedNonMatchingResponseBody expectedResponse = mock(TranslatedNonMatchingResponseBody.class);

    when(mockUnsignedAssertionsResponseHandler.getValidatedResponse(any(), eq(validatedResponse.getInResponseTo())))
            .thenReturn(validatedResponse);
    when(mockUnsignedAssertionsResponseHandler.decryptAssertion(eq(validatedResponse), any()))
            .thenReturn(decryptedAssertion);
    when(mockAssertionTranslator.translateSuccessResponse(eq(decryptedAssertion), eq(validatedResponse.getInResponseTo()), any(), any()))
            .thenReturn(expectedResponse);

    TranslatedNonMatchingResponseBody result = (TranslatedNonMatchingResponseBody) eidasNonMatchingResponseService.convertTranslatedResponseBody(
            responseToBase64StringTransformer.apply(response),
            response.getInResponseTo(),
            LevelOfAssurance.LEVEL_2,
            VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    verify(mockUnsignedAssertionsResponseHandler).getValidatedResponse(any(), eq(response.getInResponseTo()));
    verify(mockUnsignedAssertionsResponseHandler).decryptAssertion(eq(validatedResponse), any());

    assertThat(result).isEqualTo(expectedResponse);
}
 
Example #28
Source File: MetadataHealthCheck.java    From verify-service-provider with MIT License 5 votes vote down vote up
@Override
protected Result check() throws Exception {
    try {
        CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion(expectedEntityId));
        EntityDescriptor entityDescriptor = metadataResolver.resolveSingle(criteria);
        if (entityDescriptor != null) {
            return healthy();
        }
        return unhealthy(getMessage("No exception was thrown"));
    } catch (Exception e) {
        return unhealthy(getMessage(e.getMessage()));
    }
}
 
Example #29
Source File: AbstractMetadataResolverAdapter.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
public EntityDescriptor getEntityDescriptorForEntityId(final String entityId) {
    try {
        final CriteriaSet criterions = new CriteriaSet(new EntityIdCriterion(entityId));
        if (this.metadataResolver != null) {
            return metadataResolver.resolveSingle(criterions);
        }
    } catch (final Exception ex) {
        throw new RuntimeException(ex.getMessage(), ex);
    }
    return null;

}
 
Example #30
Source File: SamlMetadataUIParserAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * Gets SP SSO descriptor.
 *
 * @param entityDescriptor the entity descriptor
 * @return the sPSSO descriptor
 */
private SPSSODescriptor getSPSSODescriptor(final EntityDescriptor entityDescriptor) {
    logger.debug("Locating SP SSO descriptor for SAML2 protocol...");
    SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
    if (spssoDescriptor == null) {
        logger.debug("Locating SP SSO descriptor for SAML11 protocol...");
        spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML11P_NS);
    }
    if (spssoDescriptor == null) {
        logger.debug("Locating SP SSO descriptor for SAML1 protocol...");
        spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML10P_NS);
    }
    logger.debug("SP SSO descriptor resolved to be [{}]", spssoDescriptor);
    return spssoDescriptor;
}