|
42 | 42 | import java.security.cert.Certificate;
|
43 | 43 | import java.security.cert.CertificateFactory;
|
44 | 44 | import java.security.cert.X509Certificate;
|
| 45 | +import java.security.spec.RSAPrivateKeySpec; |
45 | 46 | import java.security.spec.RSAPublicKeySpec;
|
46 | 47 | import java.security.spec.X509EncodedKeySpec;
|
47 | 48 | import java.time.ZoneOffset;
|
|
111 | 112 | @SuppressWarnings({"unchecked"})
|
112 | 113 | @Test(groups = "unit")
|
113 | 114 | public class DefaultSAMLv2ServiceTest {
|
| 115 | + @Test |
| 116 | + public void assertionDecryptionDefaults() throws Exception { |
| 117 | + // If RSA-OAEP Digest and Mask Generation Function are not specified by XML, decryption should fall back to the defaults |
| 118 | + |
| 119 | + // Build a known key pair. |
| 120 | + KeyFactory factory = KeyFactory.getInstance("RSA"); |
| 121 | + // The public key is not required for this test, but it may be useful to modify or expand this test in the future |
| 122 | + // PublicKey publicKey = factory.generatePublic(new RSAPublicKeySpec(new BigInteger("21734648244307152755738902242704624429675455693104061482953980655823499524284217582577935962219675181839097134429878676848067944269649003417313253763145613039845156858929146350893510281417425701635390227843218753386852942958087790126591910892081707753005524949329857277363222746280909051526362184081185954039703446436022345307092346517413518280909483768946131477611274390374625720745000173012484689181319542884541163003470909355448313533318136237678943263133529991715284549440616270148923866161198748312992261382455526114770464413102345807150728423473869759031086596301998397561122681012070445972165920288084712186321"), new BigInteger("65537"))); |
| 123 | + PrivateKey privateKey = factory.generatePrivate( |
| 124 | + new RSAPrivateKeySpec( |
| 125 | + new BigInteger("21734648244307152755738902242704624429675455693104061482953980655823499524284217582577935962219675181839097134429878676848067944269649003417313253763145613039845156858929146350893510281417425701635390227843218753386852942958087790126591910892081707753005524949329857277363222746280909051526362184081185954039703446436022345307092346517413518280909483768946131477611274390374625720745000173012484689181319542884541163003470909355448313533318136237678943263133529991715284549440616270148923866161198748312992261382455526114770464413102345807150728423473869759031086596301998397561122681012070445972165920288084712186321"), |
| 126 | + new BigInteger("2627246950446332058699110175423135552922607992443510918533979809198372876869242896214083780043399404771798030104421912476774863886112568550161826087731198353627009668377202151330979270479101063648863411278727725778272563805391938498601722966981572071033305898173415465329072899217806147766785803779409419532480730005663347830294097525463269173509836986107754922630483079886942638729284878709865541937468056706189367357847138095922090696226255189351459450052835991176393120796259048519702721129794393046985282164398590601866202429118551867608688177161937729422431790107723304390299253182892873596285122556471119338537") |
| 127 | + ) |
| 128 | + ); |
| 129 | + |
| 130 | + // Load an unsigned sample response encrypted using the associated public certificate from above |
| 131 | + byte[] ba = Files.readAllBytes(Paths.get("src/test/xml/encodedResponse-assertionDecryptionDefaults.txt")); |
| 132 | + String encodedXML = new String(ba, StandardCharsets.UTF_8); |
| 133 | + |
| 134 | + // Parse the encrypted sample response |
| 135 | + DefaultSAMLv2Service service = new DefaultSAMLv2Service(); |
| 136 | + AuthenticationResponse parsedResponse = service.parseResponse( |
| 137 | + encodedXML, |
| 138 | + false, null, |
| 139 | + true, privateKey |
| 140 | + ); |
| 141 | + |
| 142 | + // Load a known encoded sample response from file and parse it |
| 143 | + ba = Files.readAllBytes(Paths.get("src/test/xml/encodedResponse.txt")); |
| 144 | + String encodedResponse = new String(ba, StandardCharsets.UTF_8); |
| 145 | + AuthenticationResponse response = service.parseResponse(encodedResponse, false, null); |
| 146 | + |
| 147 | + // Verify the parsed encrypted response matches the original pulled from file |
| 148 | + assertEquals(parsedResponse, response); |
| 149 | + } |
| 150 | + |
114 | 151 | @DataProvider(name = "assertionEncryption")
|
115 | 152 | public Object[][] assertionEncryption() {
|
116 | 153 | return new Object[][]{
|
@@ -547,8 +584,8 @@ public void parseLogout_Request_raw(Binding binding) throws Exception {
|
547 | 584 | String redirectSignature = Files.readString(Paths.get("src/test/xml/signature/logout-request.txt"));
|
548 | 585 | String x509encoded = "MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==";
|
549 | 586 | try (InputStream is = new ByteArrayInputStream(Base64.getMimeDecoder().decode(x509encoded))) {
|
550 |
| - CertificateFactory factor = CertificateFactory.getInstance("X.509"); |
551 |
| - certificate = (X509Certificate) factor.generateCertificate(is); |
| 587 | + CertificateFactory factory = CertificateFactory.getInstance("X.509"); |
| 588 | + certificate = (X509Certificate) factory.generateCertificate(is); |
552 | 589 | }
|
553 | 590 |
|
554 | 591 | assertNotNull(certificate);
|
@@ -1025,8 +1062,8 @@ public void parse_LogoutRequest(Binding binding) throws Exception {
|
1025 | 1062 | String redirectSignature = Files.readString(Paths.get("src/test/xml/signature/logout-request.txt"));
|
1026 | 1063 | String x509encoded = "MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==";
|
1027 | 1064 | try (InputStream is = new ByteArrayInputStream(Base64.getMimeDecoder().decode(x509encoded))) {
|
1028 |
| - CertificateFactory factor = CertificateFactory.getInstance("X.509"); |
1029 |
| - certificate = (X509Certificate) factor.generateCertificate(is); |
| 1065 | + CertificateFactory factory = CertificateFactory.getInstance("X.509"); |
| 1066 | + certificate = (X509Certificate) factory.generateCertificate(is); |
1030 | 1067 | }
|
1031 | 1068 |
|
1032 | 1069 | assertNotNull(certificate);
|
@@ -1069,8 +1106,8 @@ public void parse_LogoutResponse(Binding binding) throws Exception {
|
1069 | 1106 | String redirectSignature = Files.readString(Paths.get("src/test/xml/signature/logout-response.txt"));
|
1070 | 1107 | String x509encoded = "MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBSMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRcwFQYDVQQDDA5zcC5leGFtcGxlLmNvbTAeFw0xNDA3MTcxNDEyNTZaFw0xNTA3MTcxNDEyNTZaMFIxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxPbmVsb2dpbiBJbmMxFzAVBgNVBAMMDnNwLmV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZx+ON4IUoIWxgukTb1tOiX3bMYzYQiwWPUNMp+Fq82xoNogso2bykZG0yiJm5o8zv/sd6pGouayMgkx/2FSOdc36T0jGbCHuRSbtia0PEzNIRtmViMrt3AeoWBidRXmZsxCNLwgIV6dn2WpuE5Az0bHgpZnQxTKFek0BMKU/d8wIDAQABo1AwTjAdBgNVHQ4EFgQUGHxYqZYyX7cTxKVODVgZwSTdCnwwHwYDVR0jBBgwFoAUGHxYqZYyX7cTxKVODVgZwSTdCnwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQByFOl+hMFICbd3DJfnp2Rgd/dqttsZG/tyhILWvErbio/DEe98mXpowhTkC04ENprOyXi7ZbUqiicF89uAGyt1oqgTUCD1VsLahqIcmrzgumNyTwLGWo17WDAa1/usDhetWAMhgzF/Cnf5ek0nK00m0YZGyc4LzgD0CROMASTWNg==";
|
1071 | 1108 | try (InputStream is = new ByteArrayInputStream(Base64.getMimeDecoder().decode(x509encoded))) {
|
1072 |
| - CertificateFactory factor = CertificateFactory.getInstance("X.509"); |
1073 |
| - certificate = (X509Certificate) factor.generateCertificate(is); |
| 1109 | + CertificateFactory factory = CertificateFactory.getInstance("X.509"); |
| 1110 | + certificate = (X509Certificate) factory.generateCertificate(is); |
1074 | 1111 | }
|
1075 | 1112 |
|
1076 | 1113 | assertNotNull(certificate);
|
|
0 commit comments