本文整理汇总了Java中org.opensaml.saml.saml2.core.Assertion类的典型用法代码示例。如果您正苦于以下问题:Java Assertion类的具体用法?Java Assertion怎么用?Java Assertion使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
Assertion类属于org.opensaml.saml.saml2.core包,在下文中一共展示了Assertion类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: build
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
@Override
public Assertion build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response,
final org.jasig.cas.client.validation.Assertion casAssertion, final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final String binding) throws SamlException {
final List<Statement> statements = new ArrayList<>();
statements.add(this.samlProfileSamlAuthNStatementBuilder.build(authnRequest, request, response,
casAssertion, service, adaptor, binding));
statements.add(this.samlProfileSamlAttributeStatementBuilder.build(authnRequest, request,
response, casAssertion, service, adaptor, binding));
final String id = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
final Assertion assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(),
ZonedDateTime.now(ZoneOffset.UTC), id);
assertion.setSubject(this.samlProfileSamlSubjectBuilder.build(authnRequest, request, response,
casAssertion, service, adaptor, binding));
assertion.setConditions(this.samlProfileSamlConditionsBuilder.build(authnRequest,
request, response, casAssertion, service, adaptor, binding));
signAssertion(assertion, request, response, service, adaptor, binding);
return assertion;
}
示例2: signAssertion
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
/**
* Sign assertion.
*
* @param assertion the assertion
* @param request the request
* @param response the response
* @param service the service
* @param adaptor the adaptor
* @param binding the binding
* @throws SamlException the saml exception
*/
protected void signAssertion(final Assertion assertion,
final HttpServletRequest request, final HttpServletResponse response,
final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final String binding) throws SamlException {
try {
if (service.isSignAssertions()) {
LOGGER.debug("SAML registered service [{}] requires assertions to be signed", adaptor.getEntityId());
this.samlObjectSigner.encode(assertion, service, adaptor,
response, request, binding);
} else {
LOGGER.debug("SAML registered service [{}] does not require assertions to be signed", adaptor.getEntityId());
}
} catch (final Exception e) {
throw new SamlException("Unable to marshall assertion for signing", e);
}
}
示例3: shouldReturnErrorWhenAnEncryptedAssertionValidationFails
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
@Test
public void shouldReturnErrorWhenAnEncryptedAssertionValidationFails() throws ResolverException {
final EncryptedAssertion encryptedAssertion = anAssertion().withIssuer(anIssuer().withIssuerId("").build()).build();
final Assertion assertion = anAssertion().addAuthnStatement(anAuthnStatement().build()).withIssuer(anIssuer().withIssuerId("").build()).buildUnencrypted();
final String requestId = "request-id";
final AttributeQuery attributeQuery = anAttributeQuery()
.withIssuer(anIssuer().withIssuerId(HUB_ENTITY_ID).build())
.withSignature(
aSignature()
.withSigningCredential(
new TestCredentialFactory(
HUB_TEST_PUBLIC_SIGNING_CERT,
HUB_TEST_PRIVATE_SIGNING_KEY
).getSigningCredential()
).build()
)
.withId(requestId)
.withSubject(aSubjectWithEncryptedAssertion(encryptedAssertion, requestId, HUB_ENTITY_ID))
.build();
when(assertionDecrypter.decryptAssertions(any())).thenReturn(Arrays.asList(assertion));
Messages messages = validator.validate(attributeQuery, messages());
assertThat(messages.hasErrorLike(generateEmptyIssuerMessage(IDENTITY_ASSERTION))).isTrue();
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:27,代码来源:EidasAttributeQueryValidatorTest.java
示例4: encryptAssertion
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
/**
* Encrypt assertion.
*
* @param assertion the assertion
* @param request the request
* @param response the response
* @param service the service
* @param adaptor the adaptor
* @return the saml object
* @throws SamlException the saml exception
*/
protected SAMLObject encryptAssertion(final Assertion assertion,
final HttpServletRequest request, final HttpServletResponse response,
final SamlRegisteredService service,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) throws SamlException {
try {
if (service.isEncryptAssertions()) {
LOGGER.info("SAML service [{}] requires assertions to be encrypted", adaptor.getEntityId());
final EncryptedAssertion encryptedAssertion =
this.samlObjectEncrypter.encode(assertion, service, adaptor, response, request);
return encryptedAssertion;
}
LOGGER.info("SAML registered service [{}] does not require assertions to be encrypted", adaptor.getEntityId());
return assertion;
} catch (final Exception e) {
throw new SamlException("Unable to marshall assertion for encryption", e);
}
}
示例5: validate
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
public void validate(ValidatedResponse validatedResponse, Assertion validatedIdentityAssertion) {
assertionValidator.validate(validatedIdentityAssertion, validatedResponse.getInResponseTo(), expectedRecipientId);
if (validatedResponse.isSuccess()) {
if (validatedIdentityAssertion.getAuthnStatements().size() > 1) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.multipleAuthnStatements();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
authnStatementAssertionValidator.validate(validatedIdentityAssertion);
eidasAttributeStatementAssertionValidator.validate(validatedIdentityAssertion);
authnResponseIssuerValidator.validate(validatedResponse, validatedIdentityAssertion);
}
}
示例6: setup
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
@Before
public void setup() {
unmarshaller = new InboundMatchingServiceRequestUnmarshaller(
hubAssertionUnmarshaller,
identityProviderAssertionUnmarshaller);
final IdentityProviderAssertion matchingDatasetAssertion = anIdentityProviderAssertion()
.withId(matchingDatasetAssertionId)
.withMatchingDataset(aMatchingDataset().build())
.build();
final IdentityProviderAssertion authnStatementAssertion = anIdentityProviderAssertion()
.withId(authnStatementAssertionId)
.withAuthnStatement(IdentityProviderAuthnStatementBuilder.anIdentityProviderAuthnStatement().build())
.build();
final HubAssertion cycle3DataMatchAssertion = aHubAssertion()
.withId(cycle3DataAssertionId)
.withCycle3Data(aCycle3Dataset().addCycle3Data("name", "value").build())
.build();
when(identityProviderAssertionUnmarshaller.fromAssertion(any(Assertion.class))).thenReturn(matchingDatasetAssertion, authnStatementAssertion);
when(hubAssertionUnmarshaller.toHubAssertion(any(Assertion.class))).thenReturn(cycle3DataMatchAssertion);
openSamlXmlObjectFactory = new OpenSamlXmlObjectFactory();
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:26,代码来源:InboundMatchingServiceRequestUnmarshallerTest.java
示例7: build
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
public AttributeQueryRequestDto build(String persistentIdName, String matchingDatasetAssertionId, String
authnStatementAssertionId, String requestId) {
XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
final PersistentId persistentId = aPersistentId().withNameId(persistentIdName).build();
Assertion authnStatementAssertion = AssertionBuilder.anAssertion().withId(authnStatementAssertionId).buildUnencrypted();
String authnStatementAssertionString = toBase64EncodedStringTransformer.apply(authnStatementAssertion);
EncryptedAssertion encryptedMdsAssertion = AssertionBuilder.anAssertion().withId(matchingDatasetAssertionId).build();
String encryptedMdsAssertionString = toBase64EncodedStringTransformer.apply(encryptedMdsAssertion);
return aHubMatchingServiceRequestDto()
.withId(requestId)
.withMatchingServiceEntityId(TestEntityIds.TEST_RP_MS)
.withPersistentId(persistentId)
.withEncryptedMatchingDatasetAssertion(encryptedMdsAssertionString)
.withAuthnStatementAssertion(authnStatementAssertionString)
.build();
}
示例8: anAssertionWithNotOnOrAfter
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
private Assertion anAssertionWithNotOnOrAfter(DateTime notOnOrAfter) {
return anAssertion()
.withIssuer(anIssuer().withIssuerId(ISSUER_IDP).build())
.withSubject(
aSubject()
.withSubjectConfirmation(
aSubjectConfirmation()
.withSubjectConfirmationData(
aSubjectConfirmationData()
.withNotOnOrAfter(notOnOrAfter)
.build())
.build()
)
.build()
)
.buildUnencrypted();
}
示例9: shouldThrowExceptionWithUnknownLevelOfAssurance
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
@Test
public void shouldThrowExceptionWithUnknownLevelOfAssurance() throws Exception {
expectedException.expect(SamlResponseValidationException.class);
expectedException.expectMessage("Level of assurance 'unknown' is not supported.");
Assertion assertion = aSignedAssertion()
.addAuthnStatement(anAuthnStatement()
.withAuthnContext(anAuthnContext()
.withAuthnContextClassRef(anAuthnContextClassRef()
.withAuthnContextClasRefValue("unknown")
.build())
.build())
.build())
.buildUnencrypted();
translator.translate(ImmutableList.of(assertion), IN_RESPONSE_TO, LEVEL_2, VERIFY_SERVICE_PROVIDER_ENTITY_ID);
}
示例10: validateAssertion
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
/**
* Validate the given assertion:
* - issueInstant
* - issuer
* - subject
* - conditions
* - authnStatements
* - signature
*
* @param assertion the assertion
* @param context the context
* @param engine the engine
* @param decrypter the decrypter
*/
protected final void validateAssertion(final Assertion assertion, final SAML2MessageContext context,
final SignatureTrustEngine engine, final Decrypter decrypter) {
if (!isIssueInstantValid(assertion.getIssueInstant())) {
throw new SAMLException("Assertion issue instant is too old or in the future");
}
validateIssuer(assertion.getIssuer(), context);
if (assertion.getSubject() != null) {
validateSubject(assertion.getSubject(), context, decrypter);
} else {
throw new SAMLException("Assertion subject cannot be null");
}
validateAssertionConditions(assertion.getConditions(), context);
validateAuthenticationStatements(assertion.getAuthnStatements(), context);
validateAssertionSignature(assertion.getSignature(), context, engine);
}
示例11: apply
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
public InboundMatchingServiceRequest apply(final AttributeQuery attributeQuery) {
samlAttributeQueryValidator.validate(attributeQuery);
ValidatedAttributeQuery validatedAttributeQuery = attributeQuerySignatureValidator.validate(attributeQuery);
List<Assertion> assertions = assertionDecrypter.decryptAssertions(validatedAttributeQuery);
Map<Boolean, List<Assertion>> map = assertions.stream().collect(Collectors.groupingBy(this::isHubAssertion));
List<Assertion> hubAssertions = map.getOrDefault(true, Collections.emptyList());
List<Assertion> idpAssertions = map.getOrDefault(false, Collections.emptyList());
samlAttributeQueryAssertionsValidator.validateHubAssertions(validatedAttributeQuery, hubAssertions);
samlAttributeQueryAssertionsValidator.validateIdpAssertions(validatedAttributeQuery, idpAssertions);
ValidatedAssertions validatedHubAssertions = samlAssertionsSignatureValidator.validate(hubAssertions, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
ValidatedAssertions validatedIdpAssertions = samlAssertionsSignatureValidator.validate(idpAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
return inboundMatchingServiceRequestUnmarshaller.fromSaml(validatedAttributeQuery, validatedHubAssertions, validatedIdpAssertions);
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:18,代码来源:VerifyAttributeQueryToInboundMatchingServiceRequestTransformer.java
示例12: shouldReturnErrorWhenAttributeQueryIssuerValidationFails
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
@Test
public void shouldReturnErrorWhenAttributeQueryIssuerValidationFails() throws ResolverException {
final EncryptedAssertion encryptedAssertion = anAssertion().build();
final Assertion assertion = anAssertion().addAuthnStatement(anAuthnStatement().build()).buildUnencrypted();
final String requestId = "request-id";
final AttributeQuery attributeQuery = anAttributeQuery()
.withIssuer(anIssuer().withIssuerId("").build())
.withSignature(
aSignature()
.withSigningCredential(
new TestCredentialFactory(
HUB_TEST_PUBLIC_SIGNING_CERT,
HUB_TEST_PRIVATE_SIGNING_KEY
).getSigningCredential()
).build()
)
.withId(requestId)
.withSubject(aSubjectWithEncryptedAssertion(encryptedAssertion, requestId, HUB_ENTITY_ID))
.build();
when(assertionDecrypter.decryptAssertions(any())).thenReturn(Arrays.asList(assertion));
Messages messages = validator.validate(attributeQuery, messages());
assertThat(messages.hasErrorLike(DEFAULT_ISSUER_EMPTY_MESSAGE)).isTrue();
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:26,代码来源:EidasAttributeQueryValidatorTest.java
示例13: newAssertion
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
/**
* Create a new SAML1 response object.
*
* @param authnStatement the authn statement
* @param issuer the issuer
* @param issuedAt the issued at
* @param id the id
* @return the assertion
*/
public Assertion newAssertion(final AuthnStatement authnStatement, final String issuer,
final DateTime issuedAt, final String id) {
final Assertion assertion = newSamlObject(Assertion.class);
assertion.setID(id);
assertion.setIssueInstant(issuedAt);
assertion.setIssuer(newIssuer(issuer));
assertion.getAuthnStatements().add(authnStatement);
return assertion;
}
示例14: constructSamlResponse
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
/**
* Construct SAML response.
* <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
* @return the SAML response
*/
private String constructSamlResponse() {
final DateTime currentDateTime = DateTime.parse(new ISOStandardDateFormat().getCurrentDateAndTime());
final DateTime notBeforeIssueInstant = DateTime.parse("2003-04-17T00:46:02Z");
final RegisteredService svc = this.servicesManager.findServiceBy(this);
final String userId = svc.getUsernameAttributeProvider().resolveUsername(getPrincipal(), this);
final org.opensaml.saml.saml2.core.Response response = BUILDER.newResponse(
BUILDER.generateSecureRandomId(),
currentDateTime,
getId(), this);
response.setStatus(BUILDER.newStatus(StatusCode.SUCCESS, null));
final AuthnStatement authnStatement = BUILDER.newAuthnStatement(
AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime);
final Assertion assertion = BUILDER.newAssertion(authnStatement,
"https://www.opensaml.org/IDP",
notBeforeIssueInstant, BUILDER.generateSecureRandomId());
final Conditions conditions = BUILDER.newConditions(notBeforeIssueInstant,
currentDateTime, getId());
assertion.setConditions(conditions);
final Subject subject = BUILDER.newSubject(NameID.EMAIL, userId,
getId(), currentDateTime, this.requestId);
assertion.setSubject(subject);
response.getAssertions().add(assertion);
final StringWriter writer = new StringWriter();
BUILDER.marshalSamlXmlObject(response, writer);
final String result = writer.toString();
logger.debug("Generated Google SAML response: {}", result);
return result;
}
示例15: aCompleteMatchingDatasetAssertion
import org.opensaml.saml.saml2.core.Assertion; //导入依赖的package包/类
private Assertion aCompleteMatchingDatasetAssertion() {
return aMatchingDatasetAssertion(asList(
aPersonName_1_1().addValue(aPersonNameValue().withValue("OldSurname").withFrom(new DateTime(1990, 1, 30, 0, 0)).withTo(new DateTime(2000, 1, 29, 0, 0)).withVerified(true).build()).buildAsSurname(),
aPersonName_1_1().addValue(aPersonNameValue().withValue("CurrentSurname").withVerified(true).build()).buildAsSurname(),
aPersonName_1_1().addValue(aPersonNameValue().withValue("FirstName").withVerified(false).build()).buildAsFirstname(),
AddressAttributeBuilder_1_1.anAddressAttribute().addAddress(new AddressAttributeValueBuilder_1_1().addLines(ImmutableList.of("address line 1")).withVerified(false).build()).buildCurrentAddress(),
AddressAttributeBuilder_1_1.anAddressAttribute().addAddress(new AddressAttributeValueBuilder_1_1().addLines(ImmutableList.of("address line 2")).withVerified(true).build()).buildPreviousAddress(),
GenderAttributeBuilder_1_1.aGender_1_1().build(),
DateAttributeBuilder_1_1.aDate_1_1().buildAsDateOfBirth()));
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:11,代码来源:UserAccountCreationAppRuleTest.java