Example 1 with SessionValidationException
use of uk.gov.di.ipv.cri.address.library.exception.SessionValidationException in project di-ipv-cri-address-api by alphagov.
the class AddressSessionServiceTest method shouldThrowValidationExceptionWhenRequestClientIdIsInvalid.
@Test
void shouldThrowValidationExceptionWhenRequestClientIdIsInvalid() {
SessionRequestBuilder sessionRequestBuilder = new SessionRequestBuilder().withClientId("bad-client-id");
SessionRequestBuilder.SignedJWTBuilder signedJWTBuilder = new SessionRequestBuilder.SignedJWTBuilder();
SessionRequest sessionRequest = sessionRequestBuilder.build(signedJWTBuilder);
when(mockConfigurationService.getParametersForPath("/clients/bad-client-id/jwtAuthentication")).thenReturn(Map.of());
SessionValidationException exception = assertThrows(SessionValidationException.class, () -> {
addressSessionService.validateSessionRequest(marshallToJSON(sessionRequest));
});
assertThat(exception.getMessage(), containsString("no configuration for client id"));
verify(mockConfigurationService).getParametersForPath("/clients/bad-client-id/jwtAuthentication");
}
Also used :
SessionValidationException(uk.gov.di.ipv.cri.address.library.exception.SessionValidationException)
SessionRequest(uk.gov.di.ipv.cri.address.library.domain.SessionRequest)
Test(org.junit.jupiter.api.Test)
Example 2 with SessionValidationException
use of uk.gov.di.ipv.cri.address.library.exception.SessionValidationException in project di-ipv-cri-address-api by alphagov.
the class AddressSessionServiceTest method shouldThrowValidationExceptionWhenSessionRequestIsInvalid.
@Test
void shouldThrowValidationExceptionWhenSessionRequestIsInvalid() {
SessionValidationException exception = assertThrows(SessionValidationException.class, () -> {
addressSessionService.validateSessionRequest(marshallToJSON(Map.of("not", "a-session-request")));
});
assertThat(exception.getMessage(), containsString("could not parse request body"));
verifyNoInteractions(mockConfigurationService);
}
Also used :
SessionValidationException(uk.gov.di.ipv.cri.address.library.exception.SessionValidationException)
Test(org.junit.jupiter.api.Test)
Example 3 with SessionValidationException
use of uk.gov.di.ipv.cri.address.library.exception.SessionValidationException in project di-ipv-cri-address-api by alphagov.
the class AddressSessionServiceTest method shouldThrowValidationExceptionWhenJWTIsInvalid.
@Test
void shouldThrowValidationExceptionWhenJWTIsInvalid() {
SessionRequestBuilder sessionRequestBuilder = new SessionRequestBuilder();
SessionRequestBuilder.SignedJWTBuilder signedJWTBuilder = new SessionRequestBuilder.SignedJWTBuilder();
SessionRequest sessionRequest = sessionRequestBuilder.build(signedJWTBuilder);
sessionRequest.setRequestJWT(Base64.getEncoder().encodeToString("not a jwt".getBytes(StandardCharsets.UTF_8)));
when(mockConfigurationService.getParametersForPath("/clients/ipv-core/jwtAuthentication")).thenReturn(standardSSMConfigMap(signedJWTBuilder));
SessionValidationException exception = assertThrows(SessionValidationException.class, () -> {
addressSessionService.validateSessionRequest(marshallToJSON(sessionRequest));
});
assertThat(exception.getMessage(), containsString("Could not parse request JWT"));
}
Also used :
SessionValidationException(uk.gov.di.ipv.cri.address.library.exception.SessionValidationException)
SessionRequest(uk.gov.di.ipv.cri.address.library.domain.SessionRequest)
Test(org.junit.jupiter.api.Test)
Example 4 with SessionValidationException
use of uk.gov.di.ipv.cri.address.library.exception.SessionValidationException in project di-ipv-cri-address-api by alphagov.
the class AddressSessionService method verifyRequestUri.
private void verifyRequestUri(SessionRequest sessionRequest, Map<String, String> clientConfig) throws SessionValidationException {
URI configRedirectUri = URI.create(clientConfig.get("redirectUri"));
URI requestRedirectUri = sessionRequest.getRedirectUri();
if (requestRedirectUri == null || !requestRedirectUri.equals(configRedirectUri)) {
throw new SessionValidationException("redirect uri " + requestRedirectUri + " does not match configuration uri " + configRedirectUri);
}
}
Also used :
SessionValidationException(uk.gov.di.ipv.cri.address.library.exception.SessionValidationException)
URI(java.net.URI)
Example 5 with SessionValidationException
use of uk.gov.di.ipv.cri.address.library.exception.SessionValidationException in project di-ipv-cri-address-api by alphagov.
the class AddressSessionService method verifyJWTHeader.
private void verifyJWTHeader(Map<String, String> clientAuthenticationConfig, SignedJWT signedJWT) throws SessionValidationException {
JWSAlgorithm configuredAlgorithm = JWSAlgorithm.parse(clientAuthenticationConfig.get("authenticationAlg"));
JWSAlgorithm jwtAlgorithm = signedJWT.getHeader().getAlgorithm();
if (jwtAlgorithm != configuredAlgorithm) {
throw new SessionValidationException(String.format("jwt signing algorithm %s does not match signing algorithm configured for client: %s", jwtAlgorithm, configuredAlgorithm));
}
}
Also used :
SessionValidationException(uk.gov.di.ipv.cri.address.library.exception.SessionValidationException)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
Aggregations
SessionValidationException (uk.gov.di.ipv.cri.address.library.exception.SessionValidationException)11
Test (org.junit.jupiter.api.Test)8
SessionRequest (uk.gov.di.ipv.cri.address.library.domain.SessionRequest)7
APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
URI (java.net.URI)1
Map (java.util.Map)1
UUID (java.util.UUID)1
Logging (software.amazon.lambda.powertools.logging.Logging)1
Metrics (software.amazon.lambda.powertools.metrics.Metrics)1
ClientConfigurationException (uk.gov.di.ipv.cri.address.library.exception.ClientConfigurationException)1
