Examples with SessionId uk.gov.ida.common.SessionId used on opensource projects

Example 6 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageReceiverApi method handleRequestPost.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Timed
public Response handleRequestPost(SamlRequestDto samlRequestDto) {
    relayStateValidator.validate(samlRequestDto.getRelayState());
    AuthnRequest authnRequest = stringSamlAuthnRequestTransformer.apply(samlRequestDto.getSamlRequest());
    SamlValidationResponse signatureValidationResponse = authnRequestSignatureValidator.validate(authnRequest, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAuthnRequest(authnRequest, Direction.INBOUND, signatureValidationResponse.isOK());
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
    SamlAuthnRequestContainerDto samlAuthnRequestContainerDto = new SamlAuthnRequestContainerDto(samlRequestDto.getSamlRequest(), Optional.ofNullable(samlRequestDto.getRelayState()), samlRequestDto.getPrincipalIpAsSeenByFrontend());
    SessionId sessionId = sessionProxy.createSession(samlAuthnRequestContainerDto);
    return Response.ok(sessionId).build();
}

Example 7 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateErrorResponseFromHub_shouldThrowSamlTransformationException.

@Test(expected = SamlTransformationErrorException.class)
public void generateErrorResponseFromHub_shouldThrowSamlTransformationException() throws MarshallingException, SignatureException {
    SessionId sessionId = SessionId.createNewSessionId();
    String expectedSamlMessageId = UUID.randomUUID().toString();
    Response openSamlResponse = setUpErrorResponseFromHub(sessionId, expectedSamlMessageId);
    when(samlMessageSignatureValidator.validate(openSamlResponse, SPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(SamlValidationResponse.anInvalidResponse(new SamlValidationSpecification("bad", true)));
    samlMessageSenderHandler.generateErrorResponseFromHub(sessionId, principalIpAddressAsSeenByHub);
}

Example 8 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateAuthRequestFromHub_shouldThrowSamlTransformationException.

@Test(expected = SamlTransformationErrorException.class)
public void generateAuthRequestFromHub_shouldThrowSamlTransformationException() throws MarshallingException, SignatureException {
    SessionId sessionId = SessionId.createNewSessionId();
    String expectedSamlMessageId = UUID.randomUUID().toString();
    when(sessionProxy.getAuthnRequestFromHub(sessionId)).thenReturn(new AuthnRequestFromHubContainerDto(samlRequest, postEndPoint, true));
    AuthnRequest authnRequest = anAuthnRequest().withId(expectedSamlMessageId).build();
    when(authnRequestTransformer.apply(samlRequest)).thenReturn(authnRequest);
    when(samlMessageSignatureValidator.validate(authnRequest, SPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(SamlValidationResponse.anInvalidResponse(new SamlValidationSpecification("bad", true)));
    samlMessageSenderHandler.generateAuthnRequestFromHub(sessionId, principalIpAddressAsSeenByHub);
}

Example 9 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateAuthnResponseFromHub_shouldAddExternalCommunicationEvent.

@Test
public void generateAuthnResponseFromHub_shouldAddExternalCommunicationEvent() throws Exception {
    SessionId sessionId = SessionId.createNewSessionId();
    String expectedSamlMessageId = UUID.randomUUID().toString();
    Response openSamlResponse = setUpAuthnResponseFromHub(sessionId, expectedSamlMessageId);
    SamlMessage authnResponse = samlMessageSenderHandler.generateAuthnResponseFromHub(sessionId, principalIpAddressAsSeenByHub);
    assertThat(authnResponse.getSamlMessage()).isEqualTo(samlRequest);
    assertThat(authnResponse.getPostEndpoint()).isEqualTo(postEndPoint.toString());
    assertThat(authnResponse.getRegistration().isPresent()).isFalse();
    assertThat(authnResponse.getRelayState().isPresent()).isTrue();
    assertThat(authnResponse.getRelayState().get()).isEqualTo(relayState.get());
    assertThat(authnResponse.getSamlMessageType()).isEqualTo(SamlMessageType.SAML_RESPONSE);
    verify(externalCommunicationEventLogger).logResponseFromHub(expectedSamlMessageId, sessionId, postEndPoint, principalIpAddressAsSeenByHub);
    verify(protectiveMonitoringLogger).logAuthnResponse(openSamlResponse, Direction.OUTBOUND, true);
}

Example 10 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateAuthResponseFromHub_shouldThrowSamlTransformationException.

@Test(expected = SamlTransformationErrorException.class)
public void generateAuthResponseFromHub_shouldThrowSamlTransformationException() throws MarshallingException, SignatureException {
    SessionId sessionId = SessionId.createNewSessionId();
    String expectedSamlMessageId = UUID.randomUUID().toString();
    Response openSamlResponse = setUpAuthnResponseFromHub(sessionId, expectedSamlMessageId);
    when(samlMessageSignatureValidator.validate(openSamlResponse, SPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(SamlValidationResponse.anInvalidResponse(new SamlValidationSpecification("bad", true)));
    samlMessageSenderHandler.generateAuthnResponseFromHub(sessionId, principalIpAddressAsSeenByHub);
}