Refactored OpenSaml4AuthenticationProviderTests

Factored out repeatedly used code for signing a request.
This commit is contained in:
Elias Lousseief 2022-03-10 08:08:05 +01:00 committed by Josh Cummings
parent 73003d59d6
commit 836f203d44
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 31 additions and 69 deletions

View File

@ -39,6 +39,7 @@ import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.schema.XSDateTime; import org.opensaml.core.xml.schema.XSDateTime;
import org.opensaml.core.xml.schema.impl.XSDateTimeBuilder; import org.opensaml.core.xml.schema.impl.XSDateTimeBuilder;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.assertion.ValidationContext; import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters; import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters;
import org.opensaml.saml.saml2.core.Assertion; import org.opensaml.saml.saml2.core.Assertion;
@ -144,9 +145,7 @@ public class OpenSaml4AuthenticationProviderTests {
public void authenticateWhenInvalidDestinationThenThrowAuthenticationException() { public void authenticateWhenInvalidDestinationThenThrowAuthenticationException() {
Response response = response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID); Response response = response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion()); response.getAssertions().add(assertion());
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> this.provider.authenticate(token)) .isThrownBy(() -> this.provider.authenticate(token))
.satisfies(errorOf(Saml2ErrorCodes.INVALID_DESTINATION)); .satisfies(errorOf(Saml2ErrorCodes.INVALID_DESTINATION));
@ -176,9 +175,7 @@ public class OpenSaml4AuthenticationProviderTests {
Assertion assertion = assertion(); Assertion assertion = assertion();
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData() assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData()
.setNotOnOrAfter(Instant.now().minus(Duration.ofDays(3))); .setNotOnOrAfter(Instant.now().minus(Duration.ofDays(3)));
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), response.getAssertions().add(signed(assertion));
RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> this.provider.authenticate(token)) .isThrownBy(() -> this.provider.authenticate(token))
@ -190,9 +187,7 @@ public class OpenSaml4AuthenticationProviderTests {
Response response = response(); Response response = response();
Assertion assertion = assertion(); Assertion assertion = assertion();
assertion.setSubject(null); assertion.setSubject(null);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), response.getAssertions().add(signed(assertion));
RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> this.provider.authenticate(token)) .isThrownBy(() -> this.provider.authenticate(token))
@ -204,9 +199,7 @@ public class OpenSaml4AuthenticationProviderTests {
Response response = response(); Response response = response();
Assertion assertion = assertion(); Assertion assertion = assertion();
assertion.getSubject().getNameID().setValue(null); assertion.getSubject().getNameID().setValue(null);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), response.getAssertions().add(signed(assertion));
RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> this.provider.authenticate(token)) .isThrownBy(() -> this.provider.authenticate(token))
@ -219,9 +212,7 @@ public class OpenSaml4AuthenticationProviderTests {
Assertion assertion = assertion(); Assertion assertion = assertion();
assertion.getSubject().getSubjectConfirmations() assertion.getSubject().getSubjectConfirmations()
.forEach((sc) -> sc.getSubjectConfirmationData().setAddress("10.10.10.10")); .forEach((sc) -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), response.getAssertions().add(signed(assertion));
RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
this.provider.authenticate(token); this.provider.authenticate(token);
} }
@ -232,9 +223,7 @@ public class OpenSaml4AuthenticationProviderTests {
Assertion assertion = assertion(); Assertion assertion = assertion();
List<AttributeStatement> attributes = attributeStatements(); List<AttributeStatement> attributes = attributeStatements();
assertion.getAttributeStatements().addAll(attributes); assertion.getAttributeStatements().addAll(attributes);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), response.getAssertions().add(signed(assertion));
RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
Authentication authentication = this.provider.authenticate(token); Authentication authentication = this.provider.authenticate(token);
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal(); Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
@ -258,9 +247,7 @@ public class OpenSaml4AuthenticationProviderTests {
AttributeStatement attribute = TestOpenSamlObjects.customAttributeStatement("Address", AttributeStatement attribute = TestOpenSamlObjects.customAttributeStatement("Address",
TestCustomOpenSamlObjects.instance()); TestCustomOpenSamlObjects.instance());
assertion.getAttributeStatements().add(attribute); assertion.getAttributeStatements().add(attribute);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), response.getAssertions().add(signed(assertion));
RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
Authentication authentication = this.provider.authenticate(token); Authentication authentication = this.provider.authenticate(token);
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal(); Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
@ -291,9 +278,7 @@ public class OpenSaml4AuthenticationProviderTests {
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion, EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion,
TestSaml2X509Credentials.assertingPartyEncryptingCredential()); TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion); response.getEncryptedAssertions().add(encryptedAssertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), decrypting(verifying(registration())));
RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
this.provider.authenticate(token); this.provider.authenticate(token);
} }
@ -303,9 +288,7 @@ public class OpenSaml4AuthenticationProviderTests {
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(), EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(),
TestSaml2X509Credentials.assertingPartyEncryptingCredential()); TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion); response.getEncryptedAssertions().add(encryptedAssertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), decrypting(verifying(registration())));
RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
this.provider.authenticate(token); this.provider.authenticate(token);
} }
@ -318,9 +301,7 @@ public class OpenSaml4AuthenticationProviderTests {
TestSaml2X509Credentials.assertingPartyEncryptingCredential()); TestSaml2X509Credentials.assertingPartyEncryptingCredential());
assertion.getSubject().setNameID(null); assertion.getSubject().setNameID(null);
assertion.getSubject().setEncryptedID(encryptedID); assertion.getSubject().setEncryptedID(encryptedID);
response.getAssertions().add(assertion); response.getAssertions().add(signed(assertion));
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration()))); Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
this.provider.authenticate(token); this.provider.authenticate(token);
} }
@ -335,9 +316,7 @@ public class OpenSaml4AuthenticationProviderTests {
statement.getEncryptedAttributes().add(attribute); statement.getEncryptedAttributes().add(attribute);
assertion.getAttributeStatements().add(statement); assertion.getAttributeStatements().add(statement);
response.getAssertions().add(assertion); response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), decrypting(verifying(registration())));
RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token); Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal(); Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
assertThat(principal.getAttribute("name")).containsExactly("value"); assertThat(principal.getAttribute("name")).containsExactly("value");
@ -349,9 +328,7 @@ public class OpenSaml4AuthenticationProviderTests {
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(), EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(),
TestSaml2X509Credentials.assertingPartyEncryptingCredential()); TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion); response.getEncryptedAssertions().add(encryptedAssertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> this.provider.authenticate(token)) .isThrownBy(() -> this.provider.authenticate(token))
.satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData")); .satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
@ -363,9 +340,7 @@ public class OpenSaml4AuthenticationProviderTests {
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(), EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(),
TestSaml2X509Credentials.assertingPartyEncryptingCredential()); TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion); response.getEncryptedAssertions().add(encryptedAssertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), registration()
RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, registration()
.decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential()))); .decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())));
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> this.provider.authenticate(token)) .isThrownBy(() -> this.provider.authenticate(token))
@ -378,9 +353,7 @@ public class OpenSaml4AuthenticationProviderTests {
Assertion assertion = assertion(); Assertion assertion = assertion();
assertion.getSubject().getSubjectConfirmations() assertion.getSubject().getSubjectConfirmations()
.forEach((sc) -> sc.getSubjectConfirmationData().setAddress("10.10.10.10")); .forEach((sc) -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), response.getAssertions().add(signed(assertion));
RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
token.setDetails("some-details"); token.setDetails("some-details");
Authentication authentication = this.provider.authenticate(token); Authentication authentication = this.provider.authenticate(token);
@ -395,9 +368,7 @@ public class OpenSaml4AuthenticationProviderTests {
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion, EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion,
TestSaml2X509Credentials.assertingPartyEncryptingCredential()); TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion); response.getEncryptedAssertions().add(encryptedAssertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), decrypting(verifying(registration())));
RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token); Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
// the following code will throw an exception if authentication isn't serializable // the following code will throw an exception if authentication isn't serializable
ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024); ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
@ -432,9 +403,7 @@ public class OpenSaml4AuthenticationProviderTests {
OneTimeUse oneTimeUse = build(OneTimeUse.DEFAULT_ELEMENT_NAME); OneTimeUse oneTimeUse = build(OneTimeUse.DEFAULT_ELEMENT_NAME);
assertion.getConditions().getConditions().add(oneTimeUse); assertion.getConditions().getConditions().add(oneTimeUse);
response.getAssertions().add(assertion); response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
ASSERTING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
// @formatter:off // @formatter:off
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class) .isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class)
@ -456,9 +425,7 @@ public class OpenSaml4AuthenticationProviderTests {
Response response = response(); Response response = response();
Assertion assertion = assertion(); Assertion assertion = assertion();
response.getAssertions().add(assertion); response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
ASSERTING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
given(validator.convert(any(OpenSaml4AuthenticationProvider.AssertionToken.class))) given(validator.convert(any(OpenSaml4AuthenticationProvider.AssertionToken.class)))
.willReturn(Saml2ResponseValidatorResult.success()); .willReturn(Saml2ResponseValidatorResult.success());
provider.authenticate(token); provider.authenticate(token);
@ -475,9 +442,7 @@ public class OpenSaml4AuthenticationProviderTests {
RELYING_PARTY_ENTITY_ID); // broken RELYING_PARTY_ENTITY_ID); // broken
// signature // signature
response.getAssertions().add(assertion); response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
ASSERTING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
// @formatter:off // @formatter:off
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
.isThrownBy(() -> provider.authenticate(token)) .isThrownBy(() -> provider.authenticate(token))
@ -496,9 +461,7 @@ public class OpenSaml4AuthenticationProviderTests {
OpenSaml4AuthenticationProvider.createDefaultAssertionValidator((assertionToken) -> context)); OpenSaml4AuthenticationProvider.createDefaultAssertionValidator((assertionToken) -> context));
Response response = response(); Response response = response();
Assertion assertion = assertion(); Assertion assertion = assertion();
response.getAssertions().add(assertion); response.getAssertions().add(signed(assertion));
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
ASSERTING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
// @formatter:off // @formatter:off
assertThatExceptionOfType(Saml2AuthenticationException.class) assertThatExceptionOfType(Saml2AuthenticationException.class)
@ -570,13 +533,12 @@ public class OpenSaml4AuthenticationProviderTests {
public void authenticateWhenCustomResponseElementsDecrypterThenDecryptsResponse() { public void authenticateWhenCustomResponseElementsDecrypterThenDecryptsResponse() {
Response response = response(); Response response = response();
Assertion assertion = assertion(); Assertion assertion = assertion();
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
RELYING_PARTY_ENTITY_ID);
response.getEncryptedAssertions().add(new EncryptedAssertionBuilder().buildObject()); response.getEncryptedAssertions().add(new EncryptedAssertionBuilder().buildObject());
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
RELYING_PARTY_ENTITY_ID); RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
this.provider.setResponseElementsDecrypter((tuple) -> tuple.getResponse().getAssertions().add(assertion)); this.provider
.setResponseElementsDecrypter((tuple) -> tuple.getResponse().getAssertions().add(signed(assertion)));
Authentication authentication = this.provider.authenticate(token); Authentication authentication = this.provider.authenticate(token);
assertThat(authentication.getName()).isEqualTo("test@saml.user"); assertThat(authentication.getName()).isEqualTo("test@saml.user");
} }
@ -588,9 +550,7 @@ public class OpenSaml4AuthenticationProviderTests {
EncryptedID id = new EncryptedIDBuilder().buildObject(); EncryptedID id = new EncryptedIDBuilder().buildObject();
id.setEncryptedData(new EncryptedDataBuilder().buildObject()); id.setEncryptedData(new EncryptedDataBuilder().buildObject());
assertion.getSubject().setEncryptedID(id); assertion.getSubject().setEncryptedID(id);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), response.getAssertions().add(signed(assertion));
RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration())); Saml2AuthenticationToken token = token(response, verifying(registration()));
this.provider.setAssertionElementsDecrypter((tuple) -> { this.provider.setAssertionElementsDecrypter((tuple) -> {
NameID name = new NameIDBuilder().buildObject(); NameID name = new NameIDBuilder().buildObject();
@ -639,9 +599,7 @@ public class OpenSaml4AuthenticationProviderTests {
Response response = response(); Response response = response();
Assertion assertion = assertion(); Assertion assertion = assertion();
response.getAssertions().add(assertion); response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
ASSERTING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
given(validator.convert(any(OpenSaml4AuthenticationProvider.ResponseToken.class))) given(validator.convert(any(OpenSaml4AuthenticationProvider.ResponseToken.class)))
.willReturn(Saml2ResponseValidatorResult.success()); .willReturn(Saml2ResponseValidatorResult.success());
provider.authenticate(token); provider.authenticate(token);
@ -655,9 +613,7 @@ public class OpenSaml4AuthenticationProviderTests {
Assertion assertion = assertion(); Assertion assertion = assertion();
assertion.setIssuer(TestOpenSamlObjects.issuer("https://invalid.idp.test/saml2/idp")); assertion.setIssuer(TestOpenSamlObjects.issuer("https://invalid.idp.test/saml2/idp"));
response.getAssertions().add(assertion); response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
ASSERTING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> provider.authenticate(token)) assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> provider.authenticate(token))
.withMessageContaining("did not match any valid issuers"); .withMessageContaining("did not match any valid issuers");
} }
@ -716,6 +672,12 @@ public class OpenSaml4AuthenticationProviderTests {
return assertion; return assertion;
} }
private <T extends SignableSAMLObject> T signed(T toSign) {
TestOpenSamlObjects.signed(toSign, TestSaml2X509Credentials.assertingPartySigningCredential(),
RELYING_PARTY_ENTITY_ID);
return toSign;
}
private List<AttributeStatement> attributeStatements() { private List<AttributeStatement> attributeStatements() {
List<AttributeStatement> attributeStatements = TestOpenSamlObjects.attributeStatements(); List<AttributeStatement> attributeStatements = TestOpenSamlObjects.attributeStatements();
AttributeBuilder attributeBuilder = new AttributeBuilder(); AttributeBuilder attributeBuilder = new AttributeBuilder();