Polish OpenSamlAuthenticationProvider
Remove deprecated usage Issue gh-8769
This commit is contained in:
Josh Cummings
parent
c8cbf06d8d
commit
5699670a43
|
|
@ -112,6 +112,7 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
|
||||||
import org.springframework.security.saml2.Saml2Exception;
|
import org.springframework.security.saml2.Saml2Exception;
|
||||||
import org.springframework.security.saml2.core.OpenSamlInitializationService;
|
import org.springframework.security.saml2.core.OpenSamlInitializationService;
|
||||||
import org.springframework.security.saml2.core.Saml2Error;
|
import org.springframework.security.saml2.core.Saml2Error;
|
||||||
|
import org.springframework.security.saml2.core.Saml2ErrorCodes;
|
||||||
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
|
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
|
||||||
import org.springframework.security.saml2.core.Saml2X509Credential;
|
import org.springframework.security.saml2.core.Saml2X509Credential;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
|
|
||||||
|
|
@ -58,10 +58,12 @@ import org.springframework.core.convert.converter.Converter;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.saml2.Saml2Exception;
|
import org.springframework.security.saml2.Saml2Exception;
|
||||||
import org.springframework.security.saml2.core.Saml2Error;
|
import org.springframework.security.saml2.core.Saml2Error;
|
||||||
|
import org.springframework.security.saml2.core.Saml2ErrorCodes;
|
||||||
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
|
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
|
||||||
import org.springframework.security.saml2.credentials.Saml2X509Credential;
|
import org.springframework.security.saml2.core.TestSaml2X509Credentials;
|
||||||
import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
|
|
||||||
import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken;
|
import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken;
|
||||||
|
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||||
|
import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
|
@ -116,14 +118,13 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
.getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(Assertion.DEFAULT_ELEMENT_NAME);
|
.getBuilder(Assertion.DEFAULT_ELEMENT_NAME).buildObject(Assertion.DEFAULT_ELEMENT_NAME);
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(
|
.isThrownBy(() -> this.provider.authenticate(
|
||||||
token(serialize(assertion), TestSaml2X509Credentials.relyingPartyVerifyingCredential())))
|
new Saml2AuthenticationToken(verifying(registration()).build(), serialize(assertion))))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
|
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenXmlErrorThenThrowAuthenticationException() {
|
public void authenticateWhenXmlErrorThenThrowAuthenticationException() {
|
||||||
Saml2AuthenticationToken token = token("invalid xml",
|
Saml2AuthenticationToken token = new Saml2AuthenticationToken(verifying(registration()).build(), "invalid xml");
|
||||||
TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
|
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA));
|
||||||
|
|
@ -135,7 +136,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getAssertions().add(TestOpenSamlObjects.assertion());
|
response.getAssertions().add(TestOpenSamlObjects.assertion());
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.INVALID_DESTINATION));
|
.satisfies(errorOf(Saml2ErrorCodes.INVALID_DESTINATION));
|
||||||
|
|
@ -143,8 +144,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenNoAssertionsPresentThenThrowAuthenticationException() {
|
public void authenticateWhenNoAssertionsPresentThenThrowAuthenticationException() {
|
||||||
Saml2AuthenticationToken token = token(TestOpenSamlObjects.response(),
|
Saml2AuthenticationToken token = token();
|
||||||
TestSaml2X509Credentials.assertingPartySigningCredential());
|
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response."));
|
.satisfies(errorOf(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, "No assertions found in response."));
|
||||||
|
|
@ -154,14 +154,14 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
public void authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException() {
|
public void authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
response.getAssertions().add(TestOpenSamlObjects.assertion());
|
response.getAssertions().add(TestOpenSamlObjects.assertion());
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE));
|
.satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationException() throws Exception {
|
public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationException() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
Assertion assertion = TestOpenSamlObjects.assertion();
|
Assertion assertion = TestOpenSamlObjects.assertion();
|
||||||
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData()
|
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData()
|
||||||
|
|
@ -169,7 +169,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.INVALID_ASSERTION));
|
.satisfies(errorOf(Saml2ErrorCodes.INVALID_ASSERTION));
|
||||||
|
|
@ -183,28 +183,28 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
|
.satisfies(errorOf(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenUsernameMissingThenThrowAuthenticationException() throws Exception {
|
public void authenticateWhenUsernameMissingThenThrowAuthenticationException() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
Assertion assertion = TestOpenSamlObjects.assertion();
|
Assertion assertion = TestOpenSamlObjects.assertion();
|
||||||
assertion.getSubject().getNameID().setValue(null);
|
assertion.getSubject().getNameID().setValue(null);
|
||||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
|
.satisfies(errorOf(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenAssertionContainsValidationAddressThenItSucceeds() throws Exception {
|
public void authenticateWhenAssertionContainsValidationAddressThenItSucceeds() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
Assertion assertion = TestOpenSamlObjects.assertion();
|
Assertion assertion = TestOpenSamlObjects.assertion();
|
||||||
assertion.getSubject().getSubjectConfirmations()
|
assertion.getSubject().getSubjectConfirmations()
|
||||||
|
|
@ -212,7 +212,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
this.provider.authenticate(token);
|
this.provider.authenticate(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -225,7 +225,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
Authentication authentication = this.provider.authenticate(token);
|
Authentication authentication = this.provider.authenticate(token);
|
||||||
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
|
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
|
||||||
Map<String, Object> expected = new LinkedHashMap<>();
|
Map<String, Object> expected = new LinkedHashMap<>();
|
||||||
|
|
@ -241,21 +241,21 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() throws Exception {
|
public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
||||||
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
||||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
Saml2AuthenticationToken token = token(response, decrypting(registration()));
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE));
|
.satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenEncryptedAssertionWithSignatureThenItSucceeds() throws Exception {
|
public void authenticateWhenEncryptedAssertionWithSignatureThenItSucceeds() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
Assertion assertion = TestOpenSamlObjects.signed(TestOpenSamlObjects.assertion(),
|
Assertion assertion = TestOpenSamlObjects.signed(TestOpenSamlObjects.assertion(),
|
||||||
TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
|
TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
|
||||||
|
|
@ -264,26 +264,24 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
|
||||||
this.provider.authenticate(token);
|
this.provider.authenticate(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenEncryptedAssertionWithResponseSignatureThenItSucceeds() throws Exception {
|
public void authenticateWhenEncryptedAssertionWithResponseSignatureThenItSucceeds() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
||||||
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
||||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
|
||||||
this.provider.authenticate(token);
|
this.provider.authenticate(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() throws Exception {
|
public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
Assertion assertion = TestOpenSamlObjects.assertion();
|
Assertion assertion = TestOpenSamlObjects.assertion();
|
||||||
NameID nameId = assertion.getSubject().getNameID();
|
NameID nameId = assertion.getSubject().getNameID();
|
||||||
|
|
@ -294,8 +292,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
|
||||||
this.provider.authenticate(token);
|
this.provider.authenticate(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -311,38 +308,36 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
|
||||||
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
|
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
|
||||||
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
|
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
|
||||||
assertThat(principal.getAttribute("name")).containsExactly("value");
|
assertThat(principal.getAttribute("name")).containsExactly("value");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() throws Exception {
|
public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
||||||
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
||||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(serialize(response),
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
|
.satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() throws Exception {
|
public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationException() {
|
||||||
Response response = TestOpenSamlObjects.response();
|
Response response = TestOpenSamlObjects.response();
|
||||||
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(TestOpenSamlObjects.assertion(),
|
||||||
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
|
||||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(serialize(response),
|
Saml2AuthenticationToken token = token(response, registration()
|
||||||
TestSaml2X509Credentials.assertingPartyPrivateCredential());
|
.decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())));
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> this.provider.authenticate(token))
|
.isThrownBy(() -> this.provider.authenticate(token))
|
||||||
.satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
|
.satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
|
||||||
|
|
@ -358,8 +353,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getEncryptedAssertions().add(encryptedAssertion);
|
response.getEncryptedAssertions().add(encryptedAssertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential(),
|
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
|
||||||
TestSaml2X509Credentials.relyingPartyDecryptingCredential());
|
|
||||||
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
|
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
|
||||||
// the following code will throw an exception if authentication isn't serializable
|
// the following code will throw an exception if authentication isn't serializable
|
||||||
ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
|
ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
|
||||||
|
|
@ -395,7 +389,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
ASSERTING_PARTY_ENTITY_ID);
|
ASSERTING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class)
|
.isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class)
|
||||||
|
|
@ -419,7 +413,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
ASSERTING_PARTY_ENTITY_ID);
|
ASSERTING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
given(validator.convert(any(OpenSamlAuthenticationProvider.AssertionToken.class)))
|
given(validator.convert(any(OpenSamlAuthenticationProvider.AssertionToken.class)))
|
||||||
.willReturn(Saml2ResponseValidatorResult.success());
|
.willReturn(Saml2ResponseValidatorResult.success());
|
||||||
provider.authenticate(token);
|
provider.authenticate(token);
|
||||||
|
|
@ -438,7 +432,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
ASSERTING_PARTY_ENTITY_ID);
|
ASSERTING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> provider.authenticate(token))
|
.isThrownBy(() -> provider.authenticate(token))
|
||||||
|
|
@ -460,7 +454,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
ASSERTING_PARTY_ENTITY_ID);
|
ASSERTING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
assertThatExceptionOfType(Saml2AuthenticationException.class)
|
||||||
.isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class)
|
.isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class)
|
||||||
|
|
@ -480,7 +474,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
@Test
|
@Test
|
||||||
public void createDefaultResponseAuthenticationConverterWhenResponseThenConverts() {
|
public void createDefaultResponseAuthenticationConverterWhenResponseThenConverts() {
|
||||||
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
ResponseToken responseToken = new ResponseToken(response, token);
|
ResponseToken responseToken = new ResponseToken(response, token);
|
||||||
Saml2Authentication authentication = OpenSamlAuthenticationProvider
|
Saml2Authentication authentication = OpenSamlAuthenticationProvider
|
||||||
.createDefaultResponseAuthenticationConverter().convert(responseToken);
|
.createDefaultResponseAuthenticationConverter().convert(responseToken);
|
||||||
|
|
@ -493,7 +487,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
|
OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
|
||||||
provider.setResponseAuthenticationConverter(authenticationConverter);
|
provider.setResponseAuthenticationConverter(authenticationConverter);
|
||||||
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
provider.authenticate(token);
|
provider.authenticate(token);
|
||||||
verify(authenticationConverter).convert(any());
|
verify(authenticationConverter).convert(any());
|
||||||
}
|
}
|
||||||
|
|
@ -525,7 +519,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
response.getEncryptedAssertions().add(new EncryptedAssertionBuilder().buildObject());
|
response.getEncryptedAssertions().add(new EncryptedAssertionBuilder().buildObject());
|
||||||
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
this.provider.setResponseElementsDecrypter((tuple) -> tuple.getResponse().getAssertions().add(assertion));
|
this.provider.setResponseElementsDecrypter((tuple) -> tuple.getResponse().getAssertions().add(assertion));
|
||||||
Authentication authentication = this.provider.authenticate(token);
|
Authentication authentication = this.provider.authenticate(token);
|
||||||
assertThat(authentication.getName()).isEqualTo("test@saml.user");
|
assertThat(authentication.getName()).isEqualTo("test@saml.user");
|
||||||
|
|
@ -541,7 +535,7 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
|
||||||
RELYING_PARTY_ENTITY_ID);
|
RELYING_PARTY_ENTITY_ID);
|
||||||
response.getAssertions().add(assertion);
|
response.getAssertions().add(assertion);
|
||||||
Saml2AuthenticationToken token = token(response, TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Saml2AuthenticationToken token = token(response, verifying(registration()));
|
||||||
this.provider.setAssertionElementsDecrypter((tuple) -> {
|
this.provider.setAssertionElementsDecrypter((tuple) -> {
|
||||||
NameID name = new NameIDBuilder().buildObject();
|
NameID name = new NameIDBuilder().buildObject();
|
||||||
name.setValue("decrypted name");
|
name.setValue("decrypted name");
|
||||||
|
|
@ -580,17 +574,29 @@ public class OpenSamlAuthenticationProviderTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
private Saml2AuthenticationToken token() {
|
private Saml2AuthenticationToken token() {
|
||||||
return token(TestOpenSamlObjects.response(), TestSaml2X509Credentials.relyingPartyVerifyingCredential());
|
Response response = TestOpenSamlObjects.response();
|
||||||
|
RelyingPartyRegistration registration = verifying(registration()).build();
|
||||||
|
return new Saml2AuthenticationToken(registration, serialize(response));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Saml2AuthenticationToken token(Response response, Saml2X509Credential... credentials) {
|
private Saml2AuthenticationToken token(Response response, RelyingPartyRegistration.Builder registration) {
|
||||||
String payload = serialize(response);
|
return new Saml2AuthenticationToken(registration.build(), serialize(response));
|
||||||
return token(payload, credentials);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private Saml2AuthenticationToken token(String payload, Saml2X509Credential... credentials) {
|
private RelyingPartyRegistration.Builder registration() {
|
||||||
return new Saml2AuthenticationToken(payload, DESTINATION, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID,
|
return TestRelyingPartyRegistrations.noCredentials().entityId(RELYING_PARTY_ENTITY_ID)
|
||||||
Arrays.asList(credentials));
|
.assertionConsumerServiceLocation(DESTINATION)
|
||||||
|
.assertingPartyDetails((party) -> party.entityId(ASSERTING_PARTY_ENTITY_ID));
|
||||||
|
}
|
||||||
|
|
||||||
|
private RelyingPartyRegistration.Builder verifying(RelyingPartyRegistration.Builder builder) {
|
||||||
|
return builder.assertingPartyDetails((party) -> party
|
||||||
|
.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential())));
|
||||||
|
}
|
||||||
|
|
||||||
|
private RelyingPartyRegistration.Builder decrypting(RelyingPartyRegistration.Builder builder) {
|
||||||
|
return builder
|
||||||
|
.decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyDecryptingCredential()));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,10 +19,7 @@ package org.springframework.security.saml2.provider.service.authentication;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import javax.crypto.SecretKey;
|
import javax.crypto.SecretKey;
|
||||||
|
|
@ -50,8 +47,6 @@ import org.opensaml.core.xml.schema.impl.XSStringBuilder;
|
||||||
import org.opensaml.core.xml.schema.impl.XSURIBuilder;
|
import org.opensaml.core.xml.schema.impl.XSURIBuilder;
|
||||||
import org.opensaml.saml.common.SAMLVersion;
|
import org.opensaml.saml.common.SAMLVersion;
|
||||||
import org.opensaml.saml.common.SignableSAMLObject;
|
import org.opensaml.saml.common.SignableSAMLObject;
|
||||||
import org.opensaml.saml.common.assertion.ValidationContext;
|
|
||||||
import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters;
|
|
||||||
import org.opensaml.saml.saml2.core.Assertion;
|
import org.opensaml.saml.saml2.core.Assertion;
|
||||||
import org.opensaml.saml.saml2.core.Attribute;
|
import org.opensaml.saml.saml2.core.Attribute;
|
||||||
import org.opensaml.saml.saml2.core.AttributeStatement;
|
import org.opensaml.saml.saml2.core.AttributeStatement;
|
||||||
|
|
@ -206,23 +201,10 @@ public final class TestOpenSamlObjects {
|
||||||
return cred;
|
return cred;
|
||||||
}
|
}
|
||||||
|
|
||||||
static Credential getSigningCredential(
|
|
||||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential, String entityId) {
|
|
||||||
BasicCredential cred = getBasicCredential(credential);
|
|
||||||
cred.setEntityId(entityId);
|
|
||||||
cred.setUsageType(UsageType.SIGNING);
|
|
||||||
return cred;
|
|
||||||
}
|
|
||||||
|
|
||||||
static BasicCredential getBasicCredential(Saml2X509Credential credential) {
|
static BasicCredential getBasicCredential(Saml2X509Credential credential) {
|
||||||
return CredentialSupport.getSimpleCredential(credential.getCertificate(), credential.getPrivateKey());
|
return CredentialSupport.getSimpleCredential(credential.getCertificate(), credential.getPrivateKey());
|
||||||
}
|
}
|
||||||
|
|
||||||
static BasicCredential getBasicCredential(
|
|
||||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
|
|
||||||
return CredentialSupport.getSimpleCredential(credential.getCertificate(), credential.getPrivateKey());
|
|
||||||
}
|
|
||||||
|
|
||||||
static <T extends SignableSAMLObject> T signed(T signable, Saml2X509Credential credential, String entityId) {
|
static <T extends SignableSAMLObject> T signed(T signable, Saml2X509Credential credential, String entityId) {
|
||||||
SignatureSigningParameters parameters = new SignatureSigningParameters();
|
SignatureSigningParameters parameters = new SignatureSigningParameters();
|
||||||
Credential signingCredential = getSigningCredential(credential, entityId);
|
Credential signingCredential = getSigningCredential(credential, entityId);
|
||||||
|
|
@ -239,23 +221,6 @@ public final class TestOpenSamlObjects {
|
||||||
return signable;
|
return signable;
|
||||||
}
|
}
|
||||||
|
|
||||||
static <T extends SignableSAMLObject> T signed(T signable,
|
|
||||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential, String entityId) {
|
|
||||||
SignatureSigningParameters parameters = new SignatureSigningParameters();
|
|
||||||
Credential signingCredential = getSigningCredential(credential, entityId);
|
|
||||||
parameters.setSigningCredential(signingCredential);
|
|
||||||
parameters.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
|
|
||||||
parameters.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
|
|
||||||
parameters.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
|
|
||||||
try {
|
|
||||||
SignatureSupport.signObject(signable, parameters);
|
|
||||||
}
|
|
||||||
catch (MarshallingException | SignatureException | SecurityException ex) {
|
|
||||||
throw new Saml2Exception(ex);
|
|
||||||
}
|
|
||||||
return signable;
|
|
||||||
}
|
|
||||||
|
|
||||||
static EncryptedAssertion encrypted(Assertion assertion, Saml2X509Credential credential) {
|
static EncryptedAssertion encrypted(Assertion assertion, Saml2X509Credential credential) {
|
||||||
X509Certificate certificate = credential.getCertificate();
|
X509Certificate certificate = credential.getCertificate();
|
||||||
Encrypter encrypter = getEncrypter(certificate);
|
Encrypter encrypter = getEncrypter(certificate);
|
||||||
|
|
@ -267,18 +232,6 @@ public final class TestOpenSamlObjects {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static EncryptedAssertion encrypted(Assertion assertion,
|
|
||||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
|
|
||||||
X509Certificate certificate = credential.getCertificate();
|
|
||||||
Encrypter encrypter = getEncrypter(certificate);
|
|
||||||
try {
|
|
||||||
return encrypter.encrypt(assertion);
|
|
||||||
}
|
|
||||||
catch (EncryptionException ex) {
|
|
||||||
throw new Saml2Exception("Unable to encrypt assertion.", ex);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static EncryptedID encrypted(NameID nameId, Saml2X509Credential credential) {
|
static EncryptedID encrypted(NameID nameId, Saml2X509Credential credential) {
|
||||||
X509Certificate certificate = credential.getCertificate();
|
X509Certificate certificate = credential.getCertificate();
|
||||||
Encrypter encrypter = getEncrypter(certificate);
|
Encrypter encrypter = getEncrypter(certificate);
|
||||||
|
|
@ -290,18 +243,6 @@ public final class TestOpenSamlObjects {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static EncryptedID encrypted(NameID nameId,
|
|
||||||
org.springframework.security.saml2.credentials.Saml2X509Credential credential) {
|
|
||||||
X509Certificate certificate = credential.getCertificate();
|
|
||||||
Encrypter encrypter = getEncrypter(certificate);
|
|
||||||
try {
|
|
||||||
return encrypter.encrypt(nameId);
|
|
||||||
}
|
|
||||||
catch (EncryptionException ex) {
|
|
||||||
throw new Saml2Exception("Unable to encrypt nameID.", ex);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static EncryptedAttribute encrypted(String name, String value, Saml2X509Credential credential) {
|
static EncryptedAttribute encrypted(String name, String value, Saml2X509Credential credential) {
|
||||||
Attribute attribute = attribute(name, value);
|
Attribute attribute = attribute(name, value);
|
||||||
X509Certificate certificate = credential.getCertificate();
|
X509Certificate certificate = credential.getCertificate();
|
||||||
|
|
@ -392,12 +333,6 @@ public final class TestOpenSamlObjects {
|
||||||
return attributeStatements;
|
return attributeStatements;
|
||||||
}
|
}
|
||||||
|
|
||||||
static ValidationContext validationContext() {
|
|
||||||
Map<String, Object> params = new HashMap<>();
|
|
||||||
params.put(SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS, Collections.singleton(DESTINATION));
|
|
||||||
return new ValidationContext(params);
|
|
||||||
}
|
|
||||||
|
|
||||||
static <T extends XMLObject> T build(QName qName) {
|
static <T extends XMLObject> T build(QName qName) {
|
||||||
return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
|
return (T) XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(qName).buildObject(qName);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue