diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-17 17:03:28 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-17 17:03:28 +0100 |
commit | 7848c74de2cdafed8bee69d1d5b8e5efa7535bc6 (patch) | |
tree | 41fb7aeb440982fc3c25f8fa91cd2d7186471a1b /eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java | |
parent | 3b7eb43b0df868e492ccd7ad2daca5e4c0053bb2 (diff) | |
download | EAAF-Components-7848c74de2cdafed8bee69d1d5b8e5efa7535bc6.tar.gz EAAF-Components-7848c74de2cdafed8bee69d1d5b8e5efa7535bc6.tar.bz2 EAAF-Components-7848c74de2cdafed8bee69d1d5b8e5efa7535bc6.zip |
add jUnit tests for HSM Facade integration.
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java | 331 |
1 files changed, 42 insertions, 289 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java index 66e87537..bc0084f7 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java @@ -1,53 +1,33 @@ package at.gv.egiz.eaaf.modules.pvp2.test; -import java.util.ArrayList; -import java.util.List; - import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; import org.joda.time.DateTime; -import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.UnmarshallingException; import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.core.Assertion; import org.opensaml.saml.saml2.core.AuthnRequest; import org.opensaml.saml.saml2.core.EncryptedAssertion; -import org.opensaml.saml.saml2.core.Issuer; import org.opensaml.saml.saml2.core.Response; import org.opensaml.saml.saml2.core.StatusCode; -import org.opensaml.saml.saml2.encryption.Encrypter; -import org.opensaml.saml.saml2.encryption.Encrypter.KeyPlacement; -import org.opensaml.security.x509.X509Credential; -import org.opensaml.xmlsec.SecurityConfigurationSupport; -import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters; -import org.opensaml.xmlsec.encryption.support.EncryptionException; -import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters; -import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory; import org.opensaml.xmlsec.signature.support.SignatureConstants; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; @@ -62,11 +42,9 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", "/spring/test_eaaf_core_spring_config.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) -public class SamlVerificationEngineTest { +public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine { @Autowired - private PvpMetadataResolverFactory metadataResolverFactory; - @Autowired private SamlVerificationEngine verifyEngine; @Autowired private DummyCredentialProvider credentialProvider; @@ -74,103 +52,38 @@ public class SamlVerificationEngineTest { @Autowired DummyMetadataProvider metadataProvider; @Autowired IConfiguration authConfig; - /** - * JUnit class initializer. - * - * @throws Exception In case of an OpenSAML3 initialization error - */ - @BeforeClass - public static void classInitializer() throws Exception { - EaafOpenSaml3xInitializer.eaafInitialize(); + @Override + protected String getMetadataClassPathEntityPath() { + return "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; } - @Test - public void validateSamlRequestSuccess() throws SecurityException, Exception { - - final String authnReqPath = "/data/AuthRequest_without_sig_1.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; - final String spEntityId = metadataPath; - - final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = - initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, - credentialProvider.getMetaDataSigningCredential()); - - final PvpSProfileRequest msg = new PvpSProfileRequest( - inputMsg.getFirst(), - SAMLConstants.SAML2_POST_BINDING_URI); - msg.setEntityID(spEntityId); - - verifyEngine.verify(msg, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - + @Override + protected String getMetadataJunitJKeystore() { + return "classpath:/data/pvp_metadata_junit_keystore.xml"; } - @Test - public void validateSamlRequestWrongSignature() throws SecurityException, Exception { - - final String authnReqPath = "/data/AuthRequest_without_sig_1.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; - final String spEntityId = metadataPath; - - final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = - initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, - credentialProvider.getMetaDataSigningCredential()); - - metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond()); - - final PvpSProfileRequest msg = new PvpSProfileRequest( - inputMsg.getFirst(), - SAMLConstants.SAML2_POST_BINDING_URI); - msg.setEntityID(spEntityId); - - try { - verifyEngine.verify(msg, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - org.junit.Assert.fail("Wrong signature not detected"); - - } catch (final Exception e) { - Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); - org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId()); + @Override + protected String getAuthnRequestWithoutSigPath() { + return "/data/AuthRequest_without_sig_1.xml"; - } } - @Test - public void validateSamlInvalidRequest() throws SecurityException, Exception { - - final String authnReqPath = "/data/AuthRequest_without_sig_missing_id.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; - final String spEntityId = metadataPath; - - final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = - initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, - credentialProvider.getMetaDataSigningCredential()); - - metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond()); - - final PvpSProfileRequest msg = new PvpSProfileRequest( - inputMsg.getFirst(), - SAMLConstants.SAML2_POST_BINDING_URI); - msg.setEntityID(spEntityId); - - try { - verifyEngine.verify(msg, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - org.junit.Assert.fail("invalid request not detected"); - - } catch (final Exception e) { - Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); - org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.03", ((EaafException) e).getErrorId()); + @Override + protected String getResponseWithSigPath() { + return "/data/Response_with_sig_1.xml"; + } - } + @Override + protected String getResponseWithoutSigPath() { + return "/data/Response_without_sig_1.xml"; } @Test public void validateSamlRequestWrongSignatureAlg() throws SecurityException, Exception { - final String authnReqPath = "/data/AuthRequest_without_sig_1.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String authnReqPath = getAuthnRequestWithoutSigPath(); + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = metadataPath; metadataProvider.runGarbageCollector(); @@ -199,79 +112,27 @@ public class SamlVerificationEngineTest { } @Test - public void verifyResponseSuccessTest() throws Pvp2InternalErrorException, SecurityException, Exception { - metadataProvider.runGarbageCollector(); - - final String authnReqPath = "/data/Response_without_sig_1.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; - final String spEntityId = metadataPath; - - final Pair<Response, IPvp2MetadataProvider> inputMsg = - initializeResponse(spEntityId, metadataPath, authnReqPath, - credentialProvider.getMetaDataSigningCredential()); - - final PvpSProfileResponse msg = new PvpSProfileResponse( - inputMsg.getFirst()); - msg.setEntityID(spEntityId); - - verifyEngine.verify(msg, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - - } - - @Test - public void verifyResponseSuccessSecondTest() - throws Pvp2InternalErrorException, SecurityException, Exception { - - final String authnReqPath = "/data/Response_without_sig_1.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; - final String spEntityId = metadataPath; - - final Pair<Response, IPvp2MetadataProvider> inputMsg = - initializeResponse(spEntityId, metadataPath, authnReqPath, - credentialProvider.getMetaDataSigningCredential()); - - verifyEngine.verifyIdpResponse(inputMsg.getFirst(), - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - - } - - @Test - public void verifySpResponse() - throws Pvp2InternalErrorException, SecurityException, Exception { + public void validateSamlInvalidRequest() throws SecurityException, Exception { - final String authnReqPath = "/data/Response_without_sig_1.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; + final String authnReqPath = "/data/AuthRequest_without_sig_missing_id.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = metadataPath; - final Pair<Response, IPvp2MetadataProvider> inputMsg = - initializeResponse(spEntityId, metadataPath, authnReqPath, + final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = + initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, credentialProvider.getMetaDataSigningCredential()); - verifyEngine.verifySloResponse(inputMsg.getFirst(), - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - - } - - @Test - public void verifyResponseWithoutId() throws Pvp2InternalErrorException, SecurityException, Exception { - - final String authnReqPath = "/data/Response_with_sig_1.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; - final String spEntityId = metadataPath; - - final Pair<Response, IPvp2MetadataProvider> inputMsg = - initializeResponse(spEntityId, metadataPath, authnReqPath, - credentialProvider.getMetaDataSigningCredential()); + metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond()); - final PvpSProfileResponse msg = new PvpSProfileResponse( - inputMsg.getFirst()); + final PvpSProfileRequest msg = new PvpSProfileRequest( + inputMsg.getFirst(), + SAMLConstants.SAML2_POST_BINDING_URI); msg.setEntityID(spEntityId); try { verifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - org.junit.Assert.fail("Wrong XML schema not detected"); + org.junit.Assert.fail("invalid request not detected"); } catch (final Exception e) { Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); @@ -281,37 +142,10 @@ public class SamlVerificationEngineTest { } @Test - public void verifyResponseWrongTrust() throws Pvp2InternalErrorException, SecurityException, Exception { - - final String authnReqPath = "/data/Response_without_sig_1.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; - final String spEntityId = metadataPath; - - final Pair<Response, IPvp2MetadataProvider> inputMsg = - initializeResponse(spEntityId, metadataPath, authnReqPath, - credentialProvider.getMetaDataSigningCredential()); - - final PvpSProfileResponse msg = new PvpSProfileResponse( - inputMsg.getFirst()); - msg.setEntityID(spEntityId); - - try { - verifyEngine.verify(msg, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - org.junit.Assert.fail("No TrustedCert not detected"); - - } catch (final Exception e) { - Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); - org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId()); - - } - } - - @Test public void verifyAssertionSucessNotEncrypted() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -328,7 +162,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionWrongAudiency() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -349,7 +183,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionWrongStatusCode() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -374,7 +208,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionWrongIssueInstant() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -399,7 +233,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionNoContitions() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -424,7 +258,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionWrongContitions() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -448,7 +282,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionWrongContitionsAudienceRestrictions() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -475,7 +309,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionWrongContitionsNotBefore() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -501,7 +335,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionWrongContitionsNotOnOrAfter() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -527,7 +361,7 @@ public class SamlVerificationEngineTest { public void verifyAssertionValidContitions() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -548,7 +382,7 @@ public class SamlVerificationEngineTest { public void verifyEncAssertionWrongKey() throws SamlSigningException, Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { final String authnReqPath = "/data/Asserion_enc_no_key.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://eid.a-sit.at/Shibboleth.sso/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -569,7 +403,7 @@ public class SamlVerificationEngineTest { @Test public void verifyEncAssertion() throws Exception { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -602,7 +436,7 @@ public class SamlVerificationEngineTest { @Test public void verifyEncAssertionWrongSchema() throws Exception { final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; - final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; + final String metadataPath = getMetadataJunitJKeystore(); final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -636,85 +470,4 @@ public class SamlVerificationEngineTest { } - private Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath, - String authnReqPath, EaafX509Credential credential) - throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException { - final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( - metadataPath, null, "jUnit metadata resolver", null); - - final Response authnReq = (Response) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - SamlVerificationEngineTest.class.getResourceAsStream(authnReqPath)); - authnReq.setIssueInstant(DateTime.now()); - final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); - issuer.setValue(spEntityId); - authnReq.setIssuer(issuer); - - return Pair.newInstance( - Saml2Utils.signSamlObject(authnReq, credential, true), - mdResolver); - } - - private Pair<AuthnRequest, IPvp2MetadataProvider> initializeAuthnRequest(String spEntityId, - String metadataPath, String authnReqPath, EaafX509Credential credential) - throws SamlSigningException, CredentialsNotAvailableException, - XMLParserException, UnmarshallingException, Pvp2InternalErrorException, Pvp2MetadataException { - - final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( - metadataPath, null, "jUnit metadata resolver", null); - - final AuthnRequest authnReq = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - SamlVerificationEngineTest.class.getResourceAsStream(authnReqPath)); - authnReq.setIssueInstant(DateTime.now()); - final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); - issuer.setValue(spEntityId); - authnReq.setIssuer(issuer); - - return Pair.newInstance( - Saml2Utils.signSamlObject(authnReq, credential, true), - mdResolver); - - } - - private static EncryptedAssertion doEncryption(Assertion assertion, - X509Credential encryptionCredentials, IConfiguration authConfig) - throws Exception { - try { - final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential( - encryptionCredentials, - authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, - PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA), - authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, - PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); - - final DataEncryptionParameters dataEncParams = new DataEncryptionParameters(); - dataEncParams.setAlgorithm(authConfig.getBasicConfiguration( - PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_DATA, PvpConstants.DEFAULT_SYM_ENCRYPTION_METHODE)); - - final List<KeyEncryptionParameters> keyEncParamList = new ArrayList<>(); - final KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); - keyEncParam.setEncryptionCredential(encryptionCredentials); - keyEncParam.setAlgorithm(keyEncAlg); - - final KeyInfoGeneratorFactory kigf = - SecurityConfigurationSupport.getGlobalEncryptionConfiguration() - .getKeyTransportKeyInfoGeneratorManager().getDefaultManager().getFactory(encryptionCredentials); - keyEncParam.setKeyInfoGenerator(kigf.newInstance()); - keyEncParamList.add(keyEncParam); - - final Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); - samlEncrypter.setKeyPlacement(KeyPlacement.PEER); - - return samlEncrypter.encrypt(assertion); - - } catch (final EncryptionException | SamlSigningException e1) { - throw new Exception(e1); - - } - - } - } |