Search in sources :

Example 31 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageReceiverApi method handleResponsePost.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.RESPONSE_POST_PATH)
@Timed
public Response handleResponsePost(SamlRequestDto samlRequestDto) {
    final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
    MDC.put("SessionId", sessionId);
    relayStateValidator.validate(samlRequestDto.getRelayState());
    org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());
    SamlValidationResponse signatureValidationResponse = authnResponseSignatureValidator.validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.INBOUND, signatureValidationResponse.isOK());
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
    final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(samlRequestDto.getSamlRequest(), sessionId, samlRequestDto.getPrincipalIpAsSeenByFrontend());
    return Response.ok(sessionProxy.receiveAuthnResponseFromIdp(authnResponseDto, sessionId)).build();
}
Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) SamlAuthnResponseContainerDto(uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto) SessionId(uk.gov.ida.common.SessionId) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed)

Example 32 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageReceiverApi method handleEidasResponsePost.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.EIDAS_RESPONSE_POST_PATH)
@Timed
public Response handleEidasResponsePost(SamlRequestDto samlRequestDto) {
    if (eidasAuthnResponseSignatureValidator.isPresent()) {
        final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
        MDC.put("SessionId", sessionId);
        relayStateValidator.validate(samlRequestDto.getRelayState());
        org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());
        SamlValidationResponse signatureValidationResponse = eidasAuthnResponseSignatureValidator.get().validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.INBOUND, signatureValidationResponse.isOK());
        if (!signatureValidationResponse.isOK()) {
            SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
            throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
        }
        final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(samlRequestDto.getSamlRequest(), sessionId, samlRequestDto.getPrincipalIpAsSeenByFrontend());
        return Response.ok(sessionProxy.receiveAuthnResponseFromCountry(authnResponseDto, sessionId)).build();
    }
    return Response.status(Response.Status.NOT_FOUND).build();
}
Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) SamlAuthnResponseContainerDto(uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto) SessionId(uk.gov.ida.common.SessionId) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed)

Example 33 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateAuthnRequestFromHub_shouldAddExternalCommunicationEvent.

@Test
public void generateAuthnRequestFromHub_shouldAddExternalCommunicationEvent() throws Exception {
    SessionId sessionId = SessionId.createNewSessionId();
    String expectedSamlMessageId = UUID.randomUUID().toString();
    when(sessionProxy.getAuthnRequestFromHub(any(SessionId.class))).thenReturn(new AuthnRequestFromHubContainerDto(samlRequest, postEndPoint, true));
    AuthnRequest authnRequest = anAuthnRequest().withId(expectedSamlMessageId).build();
    when(authnRequestTransformer.apply(samlRequest)).thenReturn(authnRequest);
    SamlMessage authnResponse = samlMessageSenderHandler.generateAuthnRequestFromHub(sessionId, principalIpAddressAsSeenByHub);
    assertThat(authnResponse.getSamlMessage()).isEqualTo(samlRequest);
    assertThat(authnResponse.getPostEndpoint()).isEqualTo(postEndPoint.toString());
    assertThat(authnResponse.getRegistration().isPresent()).isTrue();
    assertThat(authnResponse.getRegistration().get()).isTrue();
    assertThat(authnResponse.getSamlMessageType()).isEqualTo(SamlMessageType.SAML_REQUEST);
    assertThat(authnResponse.getRelayState().isPresent()).isTrue();
    assertThat(authnResponse.getRelayState().get()).isEqualTo(sessionId.getSessionId());
    verify(externalCommunicationEventLogger).logIdpAuthnRequest(expectedSamlMessageId, sessionId, postEndPoint, principalIpAddressAsSeenByHub);
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest) SamlMessage(uk.gov.ida.hub.samlproxy.controllogic.SamlMessageSenderHandler.SamlMessage) Matchers.anyString(org.mockito.Matchers.anyString) AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto) SessionId(uk.gov.ida.common.SessionId) Test(org.junit.Test)

Example 34 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateErrorResponseFromHub_shouldAddExternalCommunicationEvent.

@Test
public void generateErrorResponseFromHub_shouldAddExternalCommunicationEvent() throws MarshallingException, SignatureException {
    SessionId sessionId = SessionId.createNewSessionId();
    String responseId = UUID.randomUUID().toString();
    when(sessionProxy.getErrorResponseFromHub(sessionId)).thenReturn(new AuthnResponseFromHubContainerDto(samlRequest, postEndPoint, relayState, responseId));
    Response samlResponse = setUpErrorResponseFromHub(sessionId, responseId);
    when(responseTransformer.apply(samlRequest)).thenReturn(samlResponse);
    SamlMessage samlMessage = samlMessageSenderHandler.generateErrorResponseFromHub(sessionId, principalIpAddressAsSeenByHub);
    assertThat(samlMessage.getSamlMessage()).isEqualTo(samlRequest);
    assertThat(samlMessage.getPostEndpoint()).isEqualTo(postEndPoint.toString());
    assertThat(samlMessage.getRegistration().isPresent()).isFalse();
    assertThat(samlMessage.getSamlMessageType()).isEqualTo(SamlMessageType.SAML_RESPONSE);
    assertThat(samlMessage.getRelayState().isPresent()).isTrue();
    assertThat(samlMessage.getRelayState()).isEqualTo(relayState);
    verify(externalCommunicationEventLogger).logResponseFromHub(responseId, sessionId, postEndPoint, principalIpAddressAsSeenByHub);
}
Also used : Response(org.opensaml.saml.saml2.core.Response) ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) AuthnResponseFromHubContainerDto(uk.gov.ida.hub.samlproxy.contracts.AuthnResponseFromHubContainerDto) SamlMessage(uk.gov.ida.hub.samlproxy.controllogic.SamlMessageSenderHandler.SamlMessage) Matchers.anyString(org.mockito.Matchers.anyString) SessionId(uk.gov.ida.common.SessionId) Test(org.junit.Test)

Example 35 with SessionId

use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.

the class MatchingServiceRequestSenderTest method sendHubMatchingServiceRequest_shouldAcceptAValidRequest.

@Test
public void sendHubMatchingServiceRequest_shouldAcceptAValidRequest() throws Exception {
    Credential signingCredential = hubSigningCredential;
    AttributeQueryContainerDto attributeQueryContainerDto = AttributeQueryContainerDtoBuilder.anAttributeQueryContainerDto(AttributeQueryBuilder.anAttributeQuery().withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(HUB_ENTITY_ID).build()).build()).withIssuerId(HUB_ENTITY_ID).withMatchingServiceUri(msaStubRule.getAttributeQueryRequestUri()).build();
    SessionId sessionId = SessionId.createNewSessionId();
    final URI uri = UriBuilder.fromUri(samlSoapProxyAppRule.getUri(Urls.SamlSoapProxyUrls.MATCHING_SERVICE_REQUEST_SENDER_RESOURCE)).queryParam(Urls.SharedUrls.SESSION_ID_PARAM, sessionId).build();
    String path = UriBuilder.fromPath(ATTRIBUTE_QUERY_RESPONSE_RESOURCE).build(sessionId).getPath();
    policyStubRule.register(path, 200);
    Response response = post(attributeQueryContainerDto, uri);
    assertThat(response.getStatus()).isEqualTo(Response.Status.ACCEPTED.getStatusCode());
    andPolicyShouldReceiveASuccess(sessionId);
}
Also used : RequestAndResponse(httpstub.RequestAndResponse) Response(javax.ws.rs.core.Response) ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) AttributeQueryContainerDto(uk.gov.ida.hub.samlsoapproxy.domain.AttributeQueryContainerDto) Credential(org.opensaml.security.credential.Credential) SessionId(uk.gov.ida.common.SessionId) URI(java.net.URI) Test(org.junit.Test)

Aggregations

SessionId (uk.gov.ida.common.SessionId)39 Test (org.junit.Test)32 URI (java.net.URI)17 ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)15 SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)15 Response (javax.ws.rs.core.Response)12 Response (org.opensaml.saml.saml2.core.Response)12 Element (org.w3c.dom.Element)10 Matchers.anyString (org.mockito.Matchers.anyString)7 AuthnResponseFromHubContainerDto (uk.gov.ida.hub.samlproxy.contracts.AuthnResponseFromHubContainerDto)6 SamlRequestDto (uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto)5 OutboundResponseFromHub (uk.gov.ida.saml.core.domain.OutboundResponseFromHub)5 ResponseActionDto (uk.gov.ida.hub.samlproxy.domain.ResponseActionDto)4 HubTransformersFactory (uk.gov.ida.saml.hub.api.HubTransformersFactory)4 Timed (com.codahale.metrics.annotation.Timed)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Produces (javax.ws.rs.Produces)3 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)3 SamlMessage (uk.gov.ida.hub.samlproxy.controllogic.SamlMessageSenderHandler.SamlMessage)3