use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.
the class SamlMessageReceiverApi method handleResponsePost.
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.RESPONSE_POST_PATH)
@Timed
public Response handleResponsePost(SamlRequestDto samlRequestDto) {
final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
MDC.put("SessionId", sessionId);
relayStateValidator.validate(samlRequestDto.getRelayState());
org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());
SamlValidationResponse signatureValidationResponse = authnResponseSignatureValidator.validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.INBOUND, signatureValidationResponse.isOK());
if (!signatureValidationResponse.isOK()) {
SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
}
final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(samlRequestDto.getSamlRequest(), sessionId, samlRequestDto.getPrincipalIpAsSeenByFrontend());
return Response.ok(sessionProxy.receiveAuthnResponseFromIdp(authnResponseDto, sessionId)).build();
}
use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.
the class SamlMessageReceiverApi method handleEidasResponsePost.
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.EIDAS_RESPONSE_POST_PATH)
@Timed
public Response handleEidasResponsePost(SamlRequestDto samlRequestDto) {
if (eidasAuthnResponseSignatureValidator.isPresent()) {
final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
MDC.put("SessionId", sessionId);
relayStateValidator.validate(samlRequestDto.getRelayState());
org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());
SamlValidationResponse signatureValidationResponse = eidasAuthnResponseSignatureValidator.get().validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.INBOUND, signatureValidationResponse.isOK());
if (!signatureValidationResponse.isOK()) {
SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
}
final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(samlRequestDto.getSamlRequest(), sessionId, samlRequestDto.getPrincipalIpAsSeenByFrontend());
return Response.ok(sessionProxy.receiveAuthnResponseFromCountry(authnResponseDto, sessionId)).build();
}
return Response.status(Response.Status.NOT_FOUND).build();
}
use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.
the class SamlMessageSenderHandlerTest method generateAuthnRequestFromHub_shouldAddExternalCommunicationEvent.
@Test
public void generateAuthnRequestFromHub_shouldAddExternalCommunicationEvent() throws Exception {
SessionId sessionId = SessionId.createNewSessionId();
String expectedSamlMessageId = UUID.randomUUID().toString();
when(sessionProxy.getAuthnRequestFromHub(any(SessionId.class))).thenReturn(new AuthnRequestFromHubContainerDto(samlRequest, postEndPoint, true));
AuthnRequest authnRequest = anAuthnRequest().withId(expectedSamlMessageId).build();
when(authnRequestTransformer.apply(samlRequest)).thenReturn(authnRequest);
SamlMessage authnResponse = samlMessageSenderHandler.generateAuthnRequestFromHub(sessionId, principalIpAddressAsSeenByHub);
assertThat(authnResponse.getSamlMessage()).isEqualTo(samlRequest);
assertThat(authnResponse.getPostEndpoint()).isEqualTo(postEndPoint.toString());
assertThat(authnResponse.getRegistration().isPresent()).isTrue();
assertThat(authnResponse.getRegistration().get()).isTrue();
assertThat(authnResponse.getSamlMessageType()).isEqualTo(SamlMessageType.SAML_REQUEST);
assertThat(authnResponse.getRelayState().isPresent()).isTrue();
assertThat(authnResponse.getRelayState().get()).isEqualTo(sessionId.getSessionId());
verify(externalCommunicationEventLogger).logIdpAuthnRequest(expectedSamlMessageId, sessionId, postEndPoint, principalIpAddressAsSeenByHub);
}
use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.
the class SamlMessageSenderHandlerTest method generateErrorResponseFromHub_shouldAddExternalCommunicationEvent.
@Test
public void generateErrorResponseFromHub_shouldAddExternalCommunicationEvent() throws MarshallingException, SignatureException {
SessionId sessionId = SessionId.createNewSessionId();
String responseId = UUID.randomUUID().toString();
when(sessionProxy.getErrorResponseFromHub(sessionId)).thenReturn(new AuthnResponseFromHubContainerDto(samlRequest, postEndPoint, relayState, responseId));
Response samlResponse = setUpErrorResponseFromHub(sessionId, responseId);
when(responseTransformer.apply(samlRequest)).thenReturn(samlResponse);
SamlMessage samlMessage = samlMessageSenderHandler.generateErrorResponseFromHub(sessionId, principalIpAddressAsSeenByHub);
assertThat(samlMessage.getSamlMessage()).isEqualTo(samlRequest);
assertThat(samlMessage.getPostEndpoint()).isEqualTo(postEndPoint.toString());
assertThat(samlMessage.getRegistration().isPresent()).isFalse();
assertThat(samlMessage.getSamlMessageType()).isEqualTo(SamlMessageType.SAML_RESPONSE);
assertThat(samlMessage.getRelayState().isPresent()).isTrue();
assertThat(samlMessage.getRelayState()).isEqualTo(relayState);
verify(externalCommunicationEventLogger).logResponseFromHub(responseId, sessionId, postEndPoint, principalIpAddressAsSeenByHub);
}
use of uk.gov.ida.common.SessionId in project verify-hub by alphagov.
the class MatchingServiceRequestSenderTest method sendHubMatchingServiceRequest_shouldAcceptAValidRequest.
@Test
public void sendHubMatchingServiceRequest_shouldAcceptAValidRequest() throws Exception {
Credential signingCredential = hubSigningCredential;
AttributeQueryContainerDto attributeQueryContainerDto = AttributeQueryContainerDtoBuilder.anAttributeQueryContainerDto(AttributeQueryBuilder.anAttributeQuery().withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(HUB_ENTITY_ID).build()).build()).withIssuerId(HUB_ENTITY_ID).withMatchingServiceUri(msaStubRule.getAttributeQueryRequestUri()).build();
SessionId sessionId = SessionId.createNewSessionId();
final URI uri = UriBuilder.fromUri(samlSoapProxyAppRule.getUri(Urls.SamlSoapProxyUrls.MATCHING_SERVICE_REQUEST_SENDER_RESOURCE)).queryParam(Urls.SharedUrls.SESSION_ID_PARAM, sessionId).build();
String path = UriBuilder.fromPath(ATTRIBUTE_QUERY_RESPONSE_RESOURCE).build(sessionId).getPath();
policyStubRule.register(path, 200);
Response response = post(attributeQueryContainerDto, uri);
assertThat(response.getStatus()).isEqualTo(Response.Status.ACCEPTED.getStatusCode());
andPolicyShouldReceiveASuccess(sessionId);
}
Aggregations