Search in sources :

Example 1 with SamlAuthnResponseTranslatorDto

use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorResourceTest method createAuthnResponseSignedByKeyPair.

private SamlAuthnResponseTranslatorDto createAuthnResponseSignedByKeyPair(String publicKey, String privateKey) throws Exception {
    SessionId sessionId = SessionId.createNewSessionId();
    String samlResponse = authnResponseFactory.aSamlResponseFromCountry("a-request", samlEngineAppRule.getCountryMetadataUri(), publicKey, privateKey, DESTINATION, SIGNATURE_ALGORITHM, DIGEST_ALGORITHM, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM, EidasAuthnContext.EIDAS_LOA_SUBSTANTIAL, DESTINATION, samlEngineAppRule.getCountryMetadataUri());
    return new SamlAuthnResponseTranslatorDto(samlResponse, sessionId, "127.0.0.1", matchingServiceEntityId);
}
Also used : SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto) SessionId(uk.gov.ida.common.SessionId)

Example 2 with SamlAuthnResponseTranslatorDto

use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorResourceTest method shouldReturnSuccessResponse.

@Test
public void shouldReturnSuccessResponse() throws Exception {
    SamlAuthnResponseTranslatorDto dto = createAuthnResponseSignedByKeyPair(TestCertificateStrings.STUB_IDP_PUBLIC_PRIMARY_CERT, TestCertificateStrings.STUB_IDP_PUBLIC_PRIMARY_PRIVATE_KEY);
    org.opensaml.saml.saml2.core.Response originalAuthnResponse = new HubTransformersFactory().getStringToResponseTransformer().apply(dto.getSamlResponse());
    Response response = postAuthnResponseToSamlEngine(dto);
    assertThat(response.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
    InboundResponseFromCountry inboundResponseFromCountry = response.readEntity(InboundResponseFromCountry.class);
    assertThat(inboundResponseFromCountry.getStatus()).isEqualTo(Optional.of("Success"));
    assertThat(inboundResponseFromCountry.getIssuer()).isEqualTo(samlEngineAppRule.getCountryMetadataUri());
    assertThatDecryptedAssertionsAreTheSame(inboundResponseFromCountry, originalAuthnResponse);
}
Also used : Response(javax.ws.rs.core.Response) HubTransformersFactory(uk.gov.ida.saml.hub.api.HubTransformersFactory) InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry) SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto) Test(org.junit.Test)

Example 3 with SamlAuthnResponseTranslatorDto

use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateAFraudResponseFromIdp.

@Test
public void shouldTranslateAFraudResponseFromIdp() throws Exception {
    String persistentId = UUID.randomUUID().toString();
    final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.aFraudResponseFromIdpBuilder(STUB_IDP_ONE, persistentId).withDestination(IDP_RESPONSE_ENDPOINT).build();
    String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
    SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId(TEST_RP_MS).build();
    Response clientResponse = postToSamlEngine(samlResponseDto);
    assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
    InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
    assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.Success);
    assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
    // TODO consider checking the values of the ones we've checked presence of below
    assertThat(inboundResponseFromIdpDto.getEncryptedAuthnAssertion().isPresent()).isTrue();
    assertThat(inboundResponseFromIdpDto.getEncryptedMatchingDatasetAssertion().isPresent()).isTrue();
    assertThat(inboundResponseFromIdpDto.getPersistentId().get()).isEqualTo(persistentId);
    assertThat(inboundResponseFromIdpDto.getLevelOfAssurance().get()).isEqualTo(LevelOfAssurance.LEVEL_X);
    assertThat(inboundResponseFromIdpDto.getPrincipalIpAddressAsSeenByIdp().isPresent()).isTrue();
    assertThat(inboundResponseFromIdpDto.getFraudIndicator().isPresent()).isTrue();
    assertThat(inboundResponseFromIdpDto.getIdpFraudEventId().isPresent()).isTrue();
}
Also used : Response(javax.ws.rs.core.Response) InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto) SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto) Test(org.junit.jupiter.api.Test)

Example 4 with SamlAuthnResponseTranslatorDto

use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorResourceTest method handleResponseFromIdp_shouldProcessSecondAssertionIfTwoAssertionsHaveTheSameIdButTheFirstAssertionHasExpired.

@Test
public void handleResponseFromIdp_shouldProcessSecondAssertionIfTwoAssertionsHaveTheSameIdButTheFirstAssertionHasExpired() throws Exception {
    String authnStatementAssertionId = "authnStatementAssertionId" + UUID.randomUUID().toString();
    String mdsStatementAssertionId = "mdsStatementAssertionId" + UUID.randomUUID().toString();
    DateTimeFreezer.freezeTime(DateTime.now().minusMinutes(30));
    SamlAuthnResponseTranslatorDto samlResponseDto_1 = getSuccessSamlAuthnResponseTranslatorDto(STUB_IDP_ONE, authnStatementAssertionId, mdsStatementAssertionId);
    Response clientResponse = postToSamlEngine(samlResponseDto_1);
    DateTimeFreezer.unfreezeTime();
    assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
    SamlAuthnResponseTranslatorDto samlResponseDto_2 = getSuccessSamlAuthnResponseTranslatorDto(STUB_IDP_ONE, authnStatementAssertionId, mdsStatementAssertionId);
    clientResponse = postToSamlEngine(samlResponseDto_2);
    assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
}
Also used : Response(javax.ws.rs.core.Response) SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto) SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto) Test(org.junit.jupiter.api.Test)

Example 5 with SamlAuthnResponseTranslatorDto

use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateAnAuthenticationFailedResponseFromIdp.

@Test
public void shouldTranslateAnAuthenticationFailedResponseFromIdp() throws Exception {
    final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.anAuthnFailedResponseFromIdpBuilder(STUB_IDP_ONE).withDestination(IDP_RESPONSE_ENDPOINT).withStatus(AUTHN_FAILED_STATUS).build();
    String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
    SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId("IGNOREME").build();
    Response clientResponse = postToSamlEngine(samlResponseDto);
    assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
    InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
    assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.AuthenticationFailed);
    assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
    checkFieldsForUnsuccessfulResponseDTO(inboundResponseFromIdpDto);
}
Also used : Response(javax.ws.rs.core.Response) InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto) SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto) Test(org.junit.jupiter.api.Test)

Aggregations

SamlAuthnResponseTranslatorDto (uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)34 Response (javax.ws.rs.core.Response)33 Test (org.junit.jupiter.api.Test)31 SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto (uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)31 ErrorStatusDto (uk.gov.ida.common.ErrorStatusDto)17 InboundResponseFromIdpDto (uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)8 BasicCredential (org.opensaml.security.credential.BasicCredential)4 HardCodedKeyStore (uk.gov.ida.saml.core.test.HardCodedKeyStore)4 Test (org.junit.Test)2 SessionId (uk.gov.ida.common.SessionId)2 InboundResponseFromCountry (uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)1 HubTransformersFactory (uk.gov.ida.saml.hub.api.HubTransformersFactory)1