Java源码示例:org.opensaml.saml.saml2.core.Status
示例1
@Test
public void matchingResponseServiceShouldHandleSuccessMatchSaml() throws Exception {
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status successStatus = aStatus().
withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);
TranslatedResponseBody result = matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
assertThat(result).isEqualTo(new TranslatedMatchingResponseBody(
SUCCESS_MATCH,
"some-pid",
LevelOfAssurance.LEVEL_2,
null
));
}
示例2
@Test
public void matchingResponseServiceShouldHandleAccountCreationSaml() throws Exception {
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status successStatus = aStatus().
withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
.build();
Response response = signResponse(createAttributeResponseBuilder(successStatus), testRpSigningCredential);
TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
assertThat(result.getScenario()).isEqualTo(ACCOUNT_CREATION);
assertThat(result.getAttributes()).isNotNull();
}
示例3
@Test
public void shouldHandleNoMatchSaml() throws Exception {
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status noMatchStatus = aStatus().
withStatusCode(
aStatusCode()
.withValue(StatusCode.RESPONDER)
.withSubStatusCode(aStatusCode().withValue(SamlStatusCode.NO_MATCH).build())
.build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);
TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
assertThat(result.getScenario()).isEqualTo(NO_MATCH);
}
示例4
@Test
public void shouldHandleRequestErrorSaml() throws Exception {
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status noMatchStatus = aStatus().
withStatusCode(
aStatusCode()
.withValue(StatusCode.RESPONDER)
.withSubStatusCode(aStatusCode().withValue(StatusCode.REQUESTER).build())
.build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);
TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
assertThat(result.getScenario()).isEqualTo(REQUEST_ERROR);
}
示例5
@Test
public void shouldHandleNoAuthnContextSaml() throws Exception {
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status noMatchStatus = aStatus().
withStatusCode(
aStatusCode()
.withValue(StatusCode.RESPONDER)
.withSubStatusCode(aStatusCode().withValue(StatusCode.NO_AUTHN_CONTEXT).build())
.build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);
TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
assertThat(result.getScenario()).isEqualTo(CANCELLATION);
}
示例6
@Test
public void shouldHandleAuthenticationFailedSaml() throws Exception {
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status noMatchStatus = aStatus().
withStatusCode(
aStatusCode()
.withValue(StatusCode.RESPONDER)
.withSubStatusCode(aStatusCode().withValue(StatusCode.AUTHN_FAILED).build())
.build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);
TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
assertThat(result.getScenario()).isEqualTo(AUTHENTICATION_FAILED);
}
示例7
@Test
public void shouldFailWhenUnrecognizedStatus() throws Exception {
expectedException.expect(SamlResponseValidationException.class);
expectedException.expectMessage("Unknown SAML status: UNKNOWN");
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status noMatchStatus = aStatus().
withStatusCode(
aStatusCode()
.withValue("UNKNOWN")
.build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);
matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
}
示例8
@Test
public void shouldFailWhenUnrecognizedSubStatus() throws Exception {
expectedException.expect(SamlResponseValidationException.class);
expectedException.expectMessage("Unknown SAML sub-status: UNKNOWN");
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status noMatchStatus = aStatus().
withStatusCode(
aStatusCode()
.withValue(StatusCode.RESPONDER)
.withSubStatusCode(aStatusCode().withValue("UNKNOWN").build())
.build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);
matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
}
示例9
@Test
public void shouldFailValidationWhenHubMetadataDoesNotContainCorrectCertificate() throws Exception {
expectedException.expect(SamlTransformationErrorException.class);
expectedException.expectMessage("SAML Validation Specification: Signature was not valid.");
Status successStatus = aStatus().
withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_PUBLIC_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
}
示例10
@Test
public void shouldFailValidationWhenHubResponseIsNotSigned() throws Exception {
expectedException.expect(SamlTransformationErrorException.class);
expectedException.expectMessage("SAML Validation Specification: Message signature is not signed");
Status successStatus = aStatus().
withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
.build();
Response response = createNoAttributeResponseBuilder(successStatus).withoutSigning().build();
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
response.getInResponseTo(),
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
}
示例11
@Test
public void shouldFailWhenInResponseToDoesNotMatchRequestId() throws Exception {
expectedException.expect(SamlResponseValidationException.class);
expectedException.expectMessage(String.format("Expected InResponseTo to be some-incorrect-request-id, but was %s", DEFAULT_REQUEST_ID));
EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));
Status successStatus = aStatus().
withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
.build();
Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);
matchingResponseService.convertTranslatedResponseBody(
responseToBase64StringTransformer.apply(response),
"some-incorrect-request-id",
LevelOfAssurance.LEVEL_2,
VERIFY_SERVICE_PROVIDER_ENTITY_ID
);
}
示例12
private ResponseBuilder createAttributeResponseBuilder(Status samlStatus) {
return aResponse()
.withStatus(samlStatus)
.withNoDefaultAssertion()
.addEncryptedAssertion(aDefaultAssertion()
.addAttributeStatement(
anAttributeStatement()
.addAttribute(new SimpleStringAttributeBuilder()
.withName("FIRST_NAME")
.withSimpleStringValue("Bob")
.build())
.addAttribute(createVerifiedAttribute("FIRST_NAME_VERIFIED", true))
.build())
.buildWithEncrypterCredential(encryptionCredentialFactory.getEncryptingCredential())
);
}
示例13
private LogoutResponse createLogoutResponse(LogoutRequest logoutRequest,
String statusCode) {
final StatusCode success = build(StatusCode.DEFAULT_ELEMENT_NAME);
success.setValue(statusCode);
final Status status = build(Status.DEFAULT_ELEMENT_NAME);
status.setStatusCode(success);
final Issuer me = build(Issuer.DEFAULT_ELEMENT_NAME);
me.setValue(entityId);
final LogoutResponse logoutResponse = build(LogoutResponse.DEFAULT_ELEMENT_NAME);
logoutResponse.setIssuer(me);
logoutResponse.setID(requestIdManager.newId());
logoutResponse.setIssueInstant(DateTime.now());
logoutResponse.setStatus(status);
logoutResponse.setInResponseTo(logoutRequest.getID());
return logoutResponse;
}
示例14
public static Status createStatus(final String statusCodeValue, final String statusMessage) {
if (statusBuilder == null) {
statusBuilder = new StatusBuilder();
}
if (statusCodeBuilder == null) {
statusCodeBuilder = new StatusCodeBuilder();
}
if (statusMessageBuilder == null) {
statusMessageBuilder = new StatusMessageBuilder();
}
Status status = statusBuilder.buildObject();
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
if (statusMessage != null) {
StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
statusMessageObject.setMessage(statusMessage);
status.setStatusMessage(statusMessageObject);
}
return status;
}
示例15
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
String inResponseTo,
String issuer,
Status status
) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>)
builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
示例16
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
String inResponseTo,
String issuer,
Status status
) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>)
builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID("_" + UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
示例17
protected Element createLogoutResponse(Idp idp, String statusValue,
String destination, String requestID) throws Exception {
Document doc = DOMUtils.newDocument();
Status status =
SAML2PResponseComponentBuilder.createStatus(statusValue, null);
String issuer = useRealmForIssuer ? idp.getRealm() : idp.getIdpUrl().toString();
LogoutResponse response =
SAML2PResponseComponentBuilder.createSAMLLogoutResponse(requestID, issuer, status, destination);
// Sign the LogoutResponse
signResponse(response, idp);
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
return policyElement;
}
示例18
protected Element createResponse(Idp idp, String requestID, Assertion assertion) throws Exception {
Document doc = DOMUtils.newDocument();
Status status =
SAML2PResponseComponentBuilder.createStatus(
"urn:oasis:names:tc:SAML:2.0:status:Success", null
);
String issuer = isUseRealmForIssuer() ? idp.getRealm() : idp.getIdpUrl().toString();
Response response =
SAML2PResponseComponentBuilder.createSAMLResponse(requestID, issuer, status);
response.getAssertions().add(assertion);
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
return policyElement;
}
示例19
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
String inResponseTo,
String issuer,
Status status
) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>)
builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID("_" + UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
示例20
public static LogoutResponse createSAMLLogoutResponse(
String inResponseTo,
String issuer,
Status status,
String destination
) {
if (logoutResponseBuilder == null) {
logoutResponseBuilder = (SAMLObjectBuilder<LogoutResponse>)
builderFactory.getBuilder(LogoutResponse.DEFAULT_ELEMENT_NAME);
}
LogoutResponse response = logoutResponseBuilder.buildObject();
response.setID("_" + UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
response.setDestination(destination);
return response;
}
示例21
private Element createLogoutResponse(String statusValue, String destination,
boolean sign, String requestID) throws Exception {
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
Status status =
SAML2PResponseComponentBuilder.createStatus(statusValue, null);
LogoutResponse response =
SAML2PResponseComponentBuilder.createSAMLLogoutResponse(requestID, TEST_IDP_ISSUER, status, destination);
// Sign the LogoutResponse
if (sign) {
signResponse(response, "mystskey");
}
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
return policyElement;
}
示例22
private Element createLogoutResponse(String statusValue, String destination,
boolean sign, String requestID) throws Exception {
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
Status status =
SAML2PResponseComponentBuilder.createStatus(statusValue, null);
LogoutResponse response =
SAML2PResponseComponentBuilder.createSAMLLogoutResponse(requestID, TEST_IDP_ISSUER, status, destination);
// Sign the LogoutResponse
if (sign) {
signResponse(response, "mystskey");
}
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
return policyElement;
}
示例23
@SuppressWarnings("unchecked")
public static Response createSAMLResponse(
String inResponseTo,
Issuer issuer,
Status status
) {
if (responseBuilder == null) {
responseBuilder = (SAMLObjectBuilder<Response>)
builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME);
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(issuer);
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
示例24
public static LogoutResponse createSAMLLogoutResponse(
String inResponseTo,
String issuer,
Status status,
String destination
) {
if (logoutResponseBuilder == null) {
logoutResponseBuilder = (SAMLObjectBuilder<LogoutResponse>)
builderFactory.getBuilder(LogoutResponse.DEFAULT_ELEMENT_NAME);
}
LogoutResponse response = logoutResponseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
response.setDestination(destination);
return response;
}
示例25
private Status createStatus(String statusCodeValue) {
Status status = createSamlElement(Status.class);
StatusCode statusCode = createSamlElement(StatusCode.class);
statusCode.setValue(statusCodeValue);
status.setStatusCode(statusCode);
return status;
}
示例26
@Override
public final QName getSamlObjectQName(final Class objectType) throws RuntimeException {
try {
final Field f = objectType.getField(DEFAULT_ELEMENT_LOCAL_NAME_FIELD);
final String name = f.get(null).toString();
if (objectType.equals(Response.class) || objectType.equals(Status.class)
|| objectType.equals(StatusCode.class)) {
return new QName(SAMLConstants.SAML20P_NS, name, "samlp");
}
return new QName(SAMLConstants.SAML20_NS, name, XMLConstants.DEFAULT_NS_PREFIX);
} catch (final Exception e){
throw new IllegalStateException("Cannot access field " + objectType.getName() + '.' + DEFAULT_ELEMENT_LOCAL_NAME_FIELD);
}
}
示例27
/**
* Create a new SAML status object.
*
* @param codeValue the code value
* @param statusMessage the status message
* @return the status
*/
public Status newStatus(final String codeValue, final String statusMessage) {
final Status status = newSamlObject(Status.class);
final StatusCode code = newSamlObject(StatusCode.class);
code.setValue(codeValue);
status.setStatusCode(code);
if (StringUtils.isNotBlank(statusMessage)) {
final StatusMessage message = newSamlObject(StatusMessage.class);
message.setMessage(statusMessage);
status.setStatusMessage(message);
}
return status;
}
示例28
private ResponseBuilder createNoAttributeResponseBuilder(Status samlStatus) {
return aResponse()
.withStatus(samlStatus)
.withNoDefaultAssertion()
.addEncryptedAssertion(aDefaultAssertion()
.buildWithEncrypterCredential(encryptionCredentialFactory.getEncryptingCredential())
);
}
示例29
/**
* Gets saml logout response.
*
* @param status the status code @See StatusCode.java
* @param statMsg the status message
* @return saml logout response
* @throws SamlException the saml exception
*/
public String getSamlLogoutResponse(final String status, final String statMsg)
throws SamlException {
LogoutResponse response = (LogoutResponse) buildSamlObject(LogoutResponse.DEFAULT_ELEMENT_NAME);
response.setID("z" + UUID.randomUUID().toString()); // ADFS needs IDs to start with a letter
response.setVersion(SAMLVersion.VERSION_20);
response.setIssueInstant(DateTime.now());
Issuer issuer = (Issuer) buildSamlObject(Issuer.DEFAULT_ELEMENT_NAME);
issuer.setValue(relyingPartyIdentifier);
response.setIssuer(issuer);
//Status
Status stat = (Status) buildSamlObject(Status.DEFAULT_ELEMENT_NAME);
StatusCode statCode = new StatusCodeBuilder().buildObject();
statCode.setValue(status);
stat.setStatusCode(statCode);
if (statMsg != null) {
StatusMessage statMessage = new StatusMessageBuilder().buildObject();
statMessage.setMessage(statMsg);
stat.setStatusMessage(statMessage);
}
response.setStatus(stat);
//Add a signature into the response
signSAMLObject(response);
StringWriter stringWriter;
try {
stringWriter = marshallXmlObject(response);
} catch (MarshallingException ex) {
throw new SamlException("Error while marshalling SAML request to XML", ex);
}
logger.trace("Issuing SAML Logout request: " + stringWriter.toString());
return Base64.encodeBase64String(stringWriter.toString().getBytes(StandardCharsets.UTF_8));
}
示例30
public static Response createSAMLResponse(final String inResponseTo, final String issuer, final Status status) {
if (responseBuilder == null) {
responseBuilder = new ResponseBuilder();
}
Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setIssueInstant(new DateTime());
response.setInResponseTo(inResponseTo);
response.setIssuer(createIssuer(issuer));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_20);
return response;
}
