Example 51 with Response
use of org.opensaml.saml.saml2.ecp.Response in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorServiceTest method setup.
@Before
public void setup() throws Exception {
IdaSamlBootstrap.bootstrap();
service = new CountryAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, responseFromCountryValidator, new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()), responseAssertionsFromCountryValidator, validateSamlResponseIssuedByIdpDestination, assertionDecrypter, assertionBlobEncrypter, samlResponseSignatureValidator, samlAssertionsSignatureValidator, new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));
Response eidasSAMLResponse = (Response) buildResponseFromFile();
ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();
when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}
Also used :
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
Assertion(org.opensaml.saml.saml2.core.Assertion)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Response(org.opensaml.saml.saml2.core.Response)
PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller)
IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller)
ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions)
AuthnContextFactory(uk.gov.ida.saml.core.transformers.AuthnContextFactory)
SamlStatusToIdpIdaStatusMappingsFactory(uk.gov.ida.saml.hub.transformers.inbound.SamlStatusToIdpIdaStatusMappingsFactory)
Before(org.junit.Before)
Example 52 with Response
use of org.opensaml.saml.saml2.ecp.Response in project verify-hub by alphagov.
the class SamlMessageReceiverApiResourceTest method shouldErrorWhenAuthnRequestIsNotSigned.
@Test
public void shouldErrorWhenAuthnRequestIsNotSigned() throws Exception {
AuthnRequest authnRequest = anAuthnRequest().withIssuer(anIssuer().withIssuerId(TEST_RP).build()).withDestination(Endpoints.SSO_REQUEST_ENDPOINT).withId(AuthnRequestIdGenerator.generateRequestId()).withoutSignatureElement().build();
SamlRequestDto authnRequestWrapper = new SamlRequestDto(authnRequestToStringTransformer.apply(authnRequest), "relayState", "ipAddress");
Response clientResponse = postSAML(authnRequestWrapper, Urls.SamlProxyUrls.SAML2_SSO_RECEIVER_API_ROOT);
assertError(clientResponse, ExceptionType.INVALID_SAML);
}
Also used :
Response(javax.ws.rs.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)
SamlRequestDto(uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto)
Test(org.junit.Test)
Example 53 with Response
use of org.opensaml.saml.saml2.ecp.Response in project verify-hub by alphagov.
the class MatchingServiceResponseTranslatorResourceTest method shouldReturnADtoWhenResponseIs_TooOld.
@Test
public void shouldReturnADtoWhenResponseIs_TooOld() throws Exception {
final String requestId = "requestId";
final String msaStatusCode = SamlStatusCode.MATCH;
final Status status = aStatus().withStatusCode(aStatusCode().withSubStatusCode(aStatusCode().withValue(msaStatusCode).build()).withValue(SUCCESS).build()).build();
final SamlResponseDto samlResponseDto = new SamlResponseDto(Base64.encodeAsString(aValidMatchResponseFromMatchingService(requestId, status, DateTime.now().minusDays(1))));
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
ErrorStatusDto errorStatusDto = clientResponse.readEntity(ErrorStatusDto.class);
assertThat(errorStatusDto.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
}
Also used :
Status(org.opensaml.saml.saml2.core.Status)
MatchingServiceIdaStatus(uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus)
StatusBuilder.aStatus(uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus)
SamlResponseDto(uk.gov.ida.hub.samlengine.domain.SamlResponseDto)
Response(javax.ws.rs.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
Test(org.junit.Test)
Example 54 with Response
use of org.opensaml.saml.saml2.ecp.Response in project verify-hub by alphagov.
the class MatchingServiceResponseTranslatorResourceTest method shouldReturnADtoWhenResponseIs_NoMatch.
@Test
public void shouldReturnADtoWhenResponseIs_NoMatch() throws Exception {
final String requestId = "requestId";
final String msaStatusCode = SamlStatusCode.NO_MATCH;
final Status status = aStatus().withStatusCode(aStatusCode().withSubStatusCode(aStatusCode().withValue(msaStatusCode).build()).withValue(RESPONDER).build()).build();
final SamlResponseDto samlResponseDto = new SamlResponseDto(Base64.encodeAsString(aValidNoMatchResponseFromMatchingService(requestId, status, TEST_RP_MS)));
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = clientResponse.readEntity(InboundResponseFromMatchingServiceDto.class);
assertThat(inboundResponseFromMatchingServiceDto.getIssuer()).isEqualTo(TEST_RP_MS);
assertThat(inboundResponseFromMatchingServiceDto.getInResponseTo()).isEqualTo(requestId);
assertThat(inboundResponseFromMatchingServiceDto.getStatus().name()).isEqualTo(MatchingServiceIdaStatus.NoMatchingServiceMatchFromMatchingService.name());
assertThat(inboundResponseFromMatchingServiceDto.getLevelOfAssurance().isPresent()).isFalse();
assertThat(inboundResponseFromMatchingServiceDto.getUnderlyingMatchingServiceAssertionBlob().isPresent()).isFalse();
}
Also used :
Status(org.opensaml.saml.saml2.core.Status)
MatchingServiceIdaStatus(uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus)
StatusBuilder.aStatus(uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus)
SamlResponseDto(uk.gov.ida.hub.samlengine.domain.SamlResponseDto)
Response(javax.ws.rs.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto)
Test(org.junit.Test)
Example 55 with Response
use of org.opensaml.saml.saml2.ecp.Response in project verify-hub by alphagov.
the class MatchingServiceResponseTranslatorResourceTest method shouldNotReturnADtoResponse_WhenBadlySigned_NoMatch.
@Test
public void shouldNotReturnADtoResponse_WhenBadlySigned_NoMatch() throws Exception {
final String requestId = "requestId";
final String msaStatusCode = SamlStatusCode.NO_MATCH;
final Status status = aStatus().withStatusCode(aStatusCode().withSubStatusCode(aStatusCode().withValue(msaStatusCode).build()).withValue(RESPONDER).build()).build();
final SamlResponseDto samlResponseDto = new SamlResponseDto(Base64.encodeAsString(aValidNoMatchResponseFromMatchingServiceisBadlySigned(requestId, status, TEST_RP_MS)));
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
ErrorStatusDto errorStatusDto = clientResponse.readEntity(ErrorStatusDto.class);
assertThat(errorStatusDto.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
}
Also used :
Status(org.opensaml.saml.saml2.core.Status)
MatchingServiceIdaStatus(uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus)
StatusBuilder.aStatus(uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus)
SamlResponseDto(uk.gov.ida.hub.samlengine.domain.SamlResponseDto)
Response(javax.ws.rs.core.Response)
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
Test(org.junit.Test)
Aggregations
Response (org.opensaml.saml.saml2.core.Response)82
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)41
Test (org.junit.Test)41
Element (org.w3c.dom.Element)35
Document (org.w3c.dom.Document)31
DateTime (org.joda.time.DateTime)30
Status (org.opensaml.saml.saml2.core.Status)30
Response (javax.ws.rs.core.Response)29
ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)27
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)25
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)23
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)21
Matchers.anyString (org.mockito.Matchers.anyString)20
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)18
SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)18
Assertion (org.opensaml.saml.saml2.core.Assertion)18
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)18
InputStream (java.io.InputStream)15
IOException (java.io.IOException)13
Crypto (org.apache.wss4j.common.crypto.Crypto)13
