org.opensaml.saml.saml2.core.EncryptedAssertion Java Examples
The following examples show how to use
org.opensaml.saml.saml2.core.EncryptedAssertion.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 6 votes |
|
public static EncryptedAssertion anEidasEncryptedAssertionWithInvalidSignature(String assertionIssuerId) {
return anAssertion()
.addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().build())
.withIssuer(
anIssuer()
.withIssuerId(assertionIssuerId)
.build())
.withSignature(aSignature()
.withSigningCredential(
new TestCredentialFactory(
TEST_RP_PUBLIC_SIGNING_CERT,
TEST_RP_PRIVATE_SIGNING_KEY
).getSigningCredential()
).build())
.withConditions(aConditions())
.buildWithEncrypterCredential(
new TestCredentialFactory(
TEST_RP_MS_PUBLIC_ENCRYPTION_CERT,
TEST_RP_MS_PRIVATE_ENCRYPTION_KEY
).getEncryptingCredential()
);
}
Example #2
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 5 votes |
|
public static EncryptedAssertion anUnsignedEidasEncryptedAssertion(String requestId,
String issuerId,
Signature assertionSignature) {
return anEidasEncryptedAssertion(
requestId,
issuerId,
assertionSignature,
anEidasAttributeStatement().build(),
false,
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM
);
}
Example #3
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 5 votes |
|
public static EncryptedAssertion anEidasEncryptedAssertion(String requestId,
String issuerId,
Signature assertionSignature,
AttributeStatement attributeStatement) {
return anEidasEncryptedAssertion(
requestId,
issuerId,
assertionSignature,
attributeStatement,
true,
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128
);
}
Example #4
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 5 votes |
|
public static EncryptedAssertion anEidasEncryptedAssertion(String requestId,
String issuerId,
Signature assertionSignature,
AttributeStatement attributeStatement,
boolean shouldSign,
String encryptionAlgorithm)
{
AssertionBuilder assertionBuilder = anAssertion()
.withSubject(
aSubject().withSubjectConfirmation(
aSubjectConfirmation().withSubjectConfirmationData(
aSubjectConfirmationData()
.withInResponseTo(requestId)
.build())
.build())
.build())
.withIssuer(
anIssuer()
.withIssuerId(issuerId)
.build())
.addAttributeStatement(attributeStatement)
.addAuthnStatement(anEidasAuthnStatement().build())
.withConditions(aConditionsForEidas());
if (shouldSign) {
assertionBuilder.withSignature(assertionSignature);
} else {
assertionBuilder.withoutSigning();
assertionBuilder.withSignature(null);
}
return assertionBuilder.buildWithEncrypterCredential(
new TestCredentialFactory(
TEST_RP_PUBLIC_ENCRYPTION_CERT,
TEST_RP_PRIVATE_ENCRYPTION_KEY
).getEncryptingCredential(),
encryptionAlgorithm
);
}
Example #5
| Source File: UnsignedAssertionResponseHandlerTest.java From verify-service-provider with MIT License | 5 votes |
|
@Test
public void decryptAssertionShouldDecryptWithCorrectKey() throws Exception {
Assertion eidasSamlAssertion = anEidasSamlAssertion(singleKeyList);
Assertion expectedAssertion = anEidasAssertion().buildUnencrypted();
when(secretKeyDecryptorFactory.createDecrypter(singleKeyList.get(0))).thenReturn(decrypter);
when(decrypter.decrypt(any(EncryptedAssertion.class))).thenReturn(expectedAssertion);
List<Assertion> assertions = handler.decryptAssertion(validatedResponse, eidasSamlAssertion);
assertThat(assertions.size()).isEqualTo(1);
assertThat(assertions.get(0)).isEqualTo(expectedAssertion);
}
Example #6
| Source File: UnsignedAssertionResponseHandlerTest.java From verify-service-provider with MIT License | 5 votes |
|
@Test
public void decryptAssertionShouldTryMultipleKeys() throws Exception {
Assertion eidasSamlAssertion = anEidasSamlAssertion(Arrays.asList("wrongKey", "anotherWrongKey", "theCorretKey"));
Assertion expectedAssertion = anEidasAssertion().buildUnencrypted();
when(secretKeyDecryptorFactory.createDecrypter("theCorretKey")).thenReturn(decrypter);
when(decrypter.decrypt(any(EncryptedAssertion.class))).thenReturn(expectedAssertion);
List<Assertion> assertions = handler.decryptAssertion(validatedResponse, eidasSamlAssertion);
verify(secretKeyDecryptorFactory, times(3)).createDecrypter(any());
assertThat(assertions.size()).isEqualTo(1);
assertThat(assertions.get(0)).isEqualTo(expectedAssertion);
}
Example #7
| Source File: SamlClient.java From saml-client with MIT License | 5 votes |
|
/**
* Decode the encrypted assertion.
*
* @param response the response
* @throws DecryptionException the decryption exception
*/
private void decodeEncryptedAssertion(Response response) throws DecryptionException {
if (response.getEncryptedAssertions().size() == 0) {
return;
}
for (EncryptedAssertion encryptedAssertion : response.getEncryptedAssertions()) {
// Create a decrypter.
List<KeyInfoCredentialResolver> resolverChain = new ArrayList<>();
if(spCredential != null) {
resolverChain.add(new StaticKeyInfoCredentialResolver(spCredential));
}
if(!additionalSpCredentials.isEmpty()) {
resolverChain.add(new CollectionKeyInfoCredentialResolver(additionalSpCredentials));
}
Decrypter decrypter =
new Decrypter(
null,
new ChainingKeyInfoCredentialResolver(resolverChain),
new InlineEncryptedKeyResolver());
decrypter.setRootInNewDocument(true);
// Decrypt the assertion.
Assertion decryptedAssertion = decrypter.decrypt(encryptedAssertion);
// Add the assertion
response.getAssertions().add(decryptedAssertion);
}
}
Example #8
| Source File: SamlAssertionConsumerFunction.java From armeria with Apache License 2.0 | 5 votes |
|
private static Assertion decryptAssertion(EncryptedAssertion encryptedAssertion,
Credential decryptionCredential) {
final StaticKeyInfoCredentialResolver keyInfoCredentialResolver =
new StaticKeyInfoCredentialResolver(decryptionCredential);
final Decrypter decrypter =
new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver());
decrypter.setRootInNewDocument(true);
try {
return decrypter.decrypt(encryptedAssertion);
} catch (DecryptionException e) {
throw new InvalidSamlRequestException("failed to decrypt an assertion", e);
}
}
Example #9
| Source File: AssertionHelper.java From verify-service-provider with MIT License | 4 votes |
|
public static EncryptedAssertion anEidasEncryptedAssertion(String requestId, String issuerId, Signature assertionSignature) {
return anEidasEncryptedAssertion(requestId, issuerId, assertionSignature, anEidasAttributeStatement().build());
}
Example #10
| Source File: SAMLProcessorImpl.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
private void decryptEncryptedAssertions(org.opensaml.saml.saml2.core.Response responseObject, FedizContext config)
throws ProcessingException {
if (responseObject.getEncryptedAssertions() != null && !responseObject.getEncryptedAssertions().isEmpty()) {
KeyManager decryptionKeyManager = config.getDecryptionKey();
if (decryptionKeyManager == null || decryptionKeyManager.getCrypto() == null) {
LOG.debug("We must have a decryption Crypto instance configured to decrypt encrypted tokens");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
String keyPassword = decryptionKeyManager.getKeyPassword();
if (keyPassword == null) {
LOG.debug("We must have a decryption key password to decrypt encrypted tokens");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
String keyAlias = decryptionKeyManager.getKeyAlias();
if (keyAlias == null) {
LOG.debug("No alias configured for decrypt");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
try {
// Get the private key
PrivateKey privateKey = decryptionKeyManager.getCrypto().getPrivateKey(keyAlias, keyPassword);
if (privateKey == null) {
LOG.debug("No private key available");
throw new ProcessingException(TYPE.BAD_REQUEST);
}
BasicX509Credential cred = new BasicX509Credential(
CertsUtils.getX509CertificateFromCrypto(decryptionKeyManager.getCrypto(), keyAlias));
cred.setPrivateKey(privateKey);
StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(cred);
ChainingEncryptedKeyResolver keyResolver = new ChainingEncryptedKeyResolver(
Arrays.<EncryptedKeyResolver>asList(
new InlineEncryptedKeyResolver(),
new EncryptedElementTypeEncryptedKeyResolver(),
new SimpleRetrievalMethodEncryptedKeyResolver(),
new SimpleKeyInfoReferenceEncryptedKeyResolver()));
Decrypter decrypter = new Decrypter(null, resolver, keyResolver);
for (EncryptedAssertion encryptedAssertion : responseObject.getEncryptedAssertions()) {
Assertion decrypted = decrypter.decrypt(encryptedAssertion);
Element decryptedToken = decrypted.getDOM();
if (LOG.isDebugEnabled()) {
LOG.debug("Decrypted assertion: {}", DOM2Writer.nodeToString(decryptedToken));
}
responseObject.getAssertions().add(decrypted);
// Add the decrypted Assertion to the Response DOM, as otherwise there's a problem with
// doc.getElementById() when trying to verify the signature of the decrypted assertion
decryptedToken.getOwnerDocument().getDocumentElement().appendChild(decryptedToken);
}
} catch (Exception e) {
LOG.debug("Cannot decrypt assertions", e);
throw new ProcessingException(TYPE.BAD_REQUEST);
}
}
}
