Polish OpenSamlAuthenticationProvider
Remove deprecated usage Issue gh-8769
This commit is contained in:
Josh Cummings
parent
c8cbf06d8d
commit
5699670a43
|
|
@ -112,6 +112,7 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
|
|||
import org.springframework.security.saml2.Saml2Exception;
|
||||
import org.springframework.security.saml2.core.OpenSamlInitializationService;
|
||||
import org.springframework.security.saml2.core.Saml2Error;
|
||||
import org.springframework.security.saml2.core.Saml2ErrorCodes;
|
||||
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
|
||||
import org.springframework.security.saml2.core.Saml2X509Credential;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
|
|||
|
|
@ -58,10 +58,12 @@ import org.springframework.core.convert.converter.Converter;
|
|||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.saml2.Saml2Exception;
|
||||
import org.springframework.security.saml2.core.Saml2Error;
|
||||
import org.springframework.security.saml2.core.Saml2ErrorCodes;
|
||||
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
|
||||
import org.springframework.security.saml2.credentials.Saml2X509Credential;
|
||||
import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
|
||||
import org.springframework.security.saml2.core.TestSaml2X509Credentials;
|
||||
import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
|
@ -116,14 +118,13 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
.getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(Assertion.DEFAULT_ELEMENT_NAME);
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(
|
||||
token(serialize(assertion), TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
|
||||
new Saml2AuthenticationToken(verifying(registration()).build(), serialize(assertion))))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenXmlErrorThenThrowAuthenticationException() {
|
||||
Saml2AuthenticationToken token = token("invalid xml",
|
||||
TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = new Saml2AuthenticationToken(verifying(registration()).build(), "invalid xml");
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
|
||||
|
|
@ -135,7 +136,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getAssertions().add(TestOpenSamlObjects.assertion());
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.INVALID_DESTINATION));
|
||||
|
|
@ -143,8 +144,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
|
||||
@Test
|
||||
public void authenticateWhenNoAssertionsPresentThenThrowAuthenticationException() {
|
||||
Saml2AuthenticationToken token = token(TestOpenSamlObjects.response(),
|
||||
TestSaml2X509Credentials.assertingPartySigningCredential());
|
||||
Saml2AuthenticationToken token = token();
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response."));
|
||||
|
|
@ -154,14 +154,14 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
public void authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
response.getAssertions().add(TestOpenSamlObjects.assertion());
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationException() throws Exception {
|
||||
public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationException() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
Assertion assertion = TestOpenSamlObjects.assertion();
|
||||
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData()
|
||||
|
|
@ -169,7 +169,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
response.getAssertions().add(assertion);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.INVALID_ASSERTION));
|
||||
|
|
@ -183,28 +183,28 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
response.getAssertions().add(assertion);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenUsernameMissingThenThrowAuthenticationException() throws Exception {
|
||||
public void authenticateWhenUsernameMissingThenThrowAuthenticationException() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
Assertion assertion = TestOpenSamlObjects.assertion();
|
||||
assertion.getSubject().getNameID().setValue(null);
|
||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
response.getAssertions().add(assertion);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenAssertionContainsValidationAddressThenItSucceeds() throws Exception {
|
||||
public void authenticateWhenAssertionContainsValidationAddressThenItSucceeds() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
Assertion assertion = TestOpenSamlObjects.assertion();
|
||||
assertion.getSubject().getSubjectConfirmations()
|
||||
|
|
@ -212,7 +212,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
response.getAssertions().add(assertion);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
this.provider.authenticate(token);
|
||||
}
|
||||
|
||||
|
|
@ -225,7 +225,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
response.getAssertions().add(assertion);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
Authentication authentication = this.provider.authenticate(token);
|
||||
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
|
||||
Map<String, Object> expected = new LinkedHashMap<>();
|
||||
|
|
@ -241,21 +241,21 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception {
|
||||
public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
||||
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
||||
Saml2AuthenticationToken token = token(response, decrypting(registration()));
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenEncryptedAssertionWithSignatureThenItSucceeds() throws Exception {
|
||||
public void authenticateWhenEncryptedAssertionWithSignatureThenItSucceeds() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
Assertion assertion = TestOpenSamlObjects.signed(TestOpenSamlObjects.assertion(),
|
||||
TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
|
||||
|
|
@ -264,26 +264,24 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
||||
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||
this.provider.authenticate(token);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenEncryptedAssertionWithResponseSignatureThenItSucceeds() throws Exception {
|
||||
public void authenticateWhenEncryptedAssertionWithResponseSignatureThenItSucceeds() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
||||
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
||||
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||
this.provider.authenticate(token);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() throws Exception {
|
||||
public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
Assertion assertion = TestOpenSamlObjects.assertion();
|
||||
NameID nameId = assertion.getSubject().getNameID();
|
||||
|
|
@ -294,8 +292,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getAssertions().add(assertion);
|
||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
||||
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||
this.provider.authenticate(token);
|
||||
}
|
||||
|
||||
|
|
@ -311,38 +308,36 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getAssertions().add(assertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
||||
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
|
||||
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
|
||||
assertThat(principal.getAttribute("name")).containsExactly("value");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() throws Exception {
|
||||
public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
||||
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(serialize(response),
|
||||
TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() throws Exception {
|
||||
public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() {
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
||||
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(serialize(response),
|
||||
TestSaml2X509Credentials.assertingPartyPrivateCredential());
|
||||
Saml2AuthenticationToken token = token(response, registration()
|
||||
.decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())));
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(token))
|
||||
.satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
|
||||
|
|
@ -358,8 +353,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
||||
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
|
||||
// the following code will throw an exception if authentication isn't serializable
|
||||
ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
|
||||
|
|
@ -395,7 +389,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getAssertions().add(assertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
ASSERTING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
// @formatter:off
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class)
|
||||
|
|
@ -419,7 +413,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getAssertions().add(assertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
ASSERTING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
given(validator.convert(any(OpenSamlAuthenticationProvider.AssertionToken.class)))
|
||||
.willReturn(Saml2ResponseValidatorResult.success());
|
||||
provider.authenticate(token);
|
||||
|
|
@ -438,7 +432,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getAssertions().add(assertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
ASSERTING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
// @formatter:off
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> provider.authenticate(token))
|
||||
|
|
@ -460,7 +454,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getAssertions().add(assertion);
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
ASSERTING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
// @formatter:off
|
||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||
.isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class)
|
||||
|
|
@ -480,7 +474,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
@Test
|
||||
public void createDefaultResponseAuthenticationConverterWhenResponseThenConverts() {
|
||||
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
ResponseToken responseToken = new ResponseToken(response, token);
|
||||
Saml2Authentication authentication = OpenSamlAuthenticationProvider
|
||||
.createDefaultResponseAuthenticationConverter().convert(responseToken);
|
||||
|
|
@ -493,7 +487,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
|
||||
provider.setResponseAuthenticationConverter(authenticationConverter);
|
||||
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
provider.authenticate(token);
|
||||
verify(authenticationConverter).convert(any());
|
||||
}
|
||||
|
|
@ -525,7 +519,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
response.getEncryptedAssertions().add(new EncryptedAssertionBuilder().buildObject());
|
||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
this.provider.setResponseElementsDecrypter((tuple) -> tuple.getResponse().getAssertions().add(assertion));
|
||||
Authentication authentication = this.provider.authenticate(token);
|
||||
assertThat(authentication.getName()).isEqualTo("test@saml.user");
|
||||
|
|
@ -541,7 +535,7 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||
RELYING_PARTY_ENTITY_ID);
|
||||
response.getAssertions().add(assertion);
|
||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||
this.provider.setAssertionElementsDecrypter((tuple) -> {
|
||||
NameID name = new NameIDBuilder().buildObject();
|
||||
name.setValue("decrypted name");
|
||||
|
|
@ -580,17 +574,29 @@ public class OpenSamlAuthenticationProviderTests {
|
|||
}
|
||||
|
||||
private Saml2AuthenticationToken token() {
|
||||
return token(TestOpenSamlObjects.response(), TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
||||
Response response = TestOpenSamlObjects.response();
|
||||
RelyingPartyRegistration registration = verifying(registration()).build();
|
||||
return new Saml2AuthenticationToken(registration, serialize(response));
|
||||
}
|
||||
|
||||
private Saml2AuthenticationToken token(Response response, Saml2X509Credential... credentials) {
|
||||
String payload = serialize(response);
|
||||
return token(payload, credentials);
|
||||
private Saml2AuthenticationToken token(Response response, RelyingPartyRegistration.Builder registration) {
|
||||
return new Saml2AuthenticationToken(registration.build(), serialize(response));
|
||||
}
|
||||
|
||||
private Saml2AuthenticationToken token(String payload, Saml2X509Credential... credentials) {
|
||||
return new Saml2AuthenticationToken(payload, DESTINATION, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID,
|
||||
Arrays.asList(credentials));
|
||||
private RelyingPartyRegistration.Builder registration() {
|
||||
return TestRelyingPartyRegistrations.noCredentials().entityId(RELYING_PARTY_ENTITY_ID)
|
||||
.assertionConsumerServiceLocation(DESTINATION)
|
||||
.assertingPartyDetails((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID));
|
||||
}
|
||||
|
||||
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
|
||||
return builder.assertingPartyDetails((party) -> party
|
||||
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
|
||||
}
|
||||
|
||||
private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) {
|
||||
return builder
|
||||
.decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyDecryptingCredential()));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,10 +19,7 @@ package org.springframework.security.saml2.provider.service.authentication;
|
|||
import java.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Base64;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
|
|
@ -50,8 +47,6 @@ import org.opensaml.core.xml.schema.impl.XSStringBuilder;
|
|||
import org.opensaml.core.xml.schema.impl.XSURIBuilder;
|
||||
import org.opensaml.saml.common.SAMLVersion;
|
||||
import org.opensaml.saml.common.SignableSAMLObject;
|
||||
import org.opensaml.saml.common.assertion.ValidationContext;
|
||||
import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters;
|
||||
import org.opensaml.saml.saml2.core.Assertion;
|
||||
import org.opensaml.saml.saml2.core.Attribute;
|
||||
import org.opensaml.saml.saml2.core.AttributeStatement;
|
||||
|
|
@ -206,23 +201,10 @@ public final class TestOpenSamlObjects {
|
|||
return cred;
|
||||
}
|
||||
|
||||
static Credential getSigningCredential(
|
||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential, String entityId) {
|
||||
BasicCredential cred = getBasicCredential(credential);
|
||||
cred.setEntityId(entityId);
|
||||
cred.setUsageType(UsageType.SIGNING);
|
||||
return cred;
|
||||
}
|
||||
|
||||
static BasicCredential getBasicCredential(Saml2X509Credential credential) {
|
||||
return CredentialSupport.getSimpleCredential(credential.getCertificate(), credential.getPrivateKey());
|
||||
}
|
||||
|
||||
static BasicCredential getBasicCredential(
|
||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
|
||||
return CredentialSupport.getSimpleCredential(credential.getCertificate(), credential.getPrivateKey());
|
||||
}
|
||||
|
||||
static <T extends SignableSAMLObject> T signed(T signable, Saml2X509Credential credential, String entityId) {
|
||||
SignatureSigningParameters parameters = new SignatureSigningParameters();
|
||||
Credential signingCredential = getSigningCredential(credential, entityId);
|
||||
|
|
@ -239,23 +221,6 @@ public final class TestOpenSamlObjects {
|
|||
return signable;
|
||||
}
|
||||
|
||||
static <T extends SignableSAMLObject> T signed(T signable,
|
||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential, String entityId) {
|
||||
SignatureSigningParameters parameters = new SignatureSigningParameters();
|
||||
Credential signingCredential = getSigningCredential(credential, entityId);
|
||||
parameters.setSigningCredential(signingCredential);
|
||||
parameters.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
|
||||
parameters.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
|
||||
parameters.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
|
||||
try {
|
||||
SignatureSupport.signObject(signable, parameters);
|
||||
}
|
||||
catch (MarshallingException | SignatureException | SecurityException ex) {
|
||||
throw new Saml2Exception(ex);
|
||||
}
|
||||
return signable;
|
||||
}
|
||||
|
||||
static EncryptedAssertion encrypted(Assertion assertion, Saml2X509Credential credential) {
|
||||
X509Certificate certificate = credential.getCertificate();
|
||||
Encrypter encrypter = getEncrypter(certificate);
|
||||
|
|
@ -267,18 +232,6 @@ public final class TestOpenSamlObjects {
|
|||
}
|
||||
}
|
||||
|
||||
static EncryptedAssertion encrypted(Assertion assertion,
|
||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
|
||||
X509Certificate certificate = credential.getCertificate();
|
||||
Encrypter encrypter = getEncrypter(certificate);
|
||||
try {
|
||||
return encrypter.encrypt(assertion);
|
||||
}
|
||||
catch (EncryptionException ex) {
|
||||
throw new Saml2Exception("Unable to encrypt assertion.", ex);
|
||||
}
|
||||
}
|
||||
|
||||
static EncryptedID encrypted(NameID nameId, Saml2X509Credential credential) {
|
||||
X509Certificate certificate = credential.getCertificate();
|
||||
Encrypter encrypter = getEncrypter(certificate);
|
||||
|
|
@ -290,18 +243,6 @@ public final class TestOpenSamlObjects {
|
|||
}
|
||||
}
|
||||
|
||||
static EncryptedID encrypted(NameID nameId,
|
||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
|
||||
X509Certificate certificate = credential.getCertificate();
|
||||
Encrypter encrypter = getEncrypter(certificate);
|
||||
try {
|
||||
return encrypter.encrypt(nameId);
|
||||
}
|
||||
catch (EncryptionException ex) {
|
||||
throw new Saml2Exception("Unable to encrypt nameID.", ex);
|
||||
}
|
||||
}
|
||||
|
||||
static EncryptedAttribute encrypted(String name, String value, Saml2X509Credential credential) {
|
||||
Attribute attribute = attribute(name, value);
|
||||
X509Certificate certificate = credential.getCertificate();
|
||||
|
|
@ -392,12 +333,6 @@ public final class TestOpenSamlObjects {
|
|||
return attributeStatements;
|
||||
}
|
||||
|
||||
static ValidationContext validationContext() {
|
||||
Map<String, Object> params = new HashMap<>();
|
||||
params.put(SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS, Collections.singleton(DESTINATION));
|
||||
return new ValidationContext(params);
|
||||
}
|
||||
|
||||
static <T extends XMLObject> T build(QName qName) {
|
||||
return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue