use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorResourceTest method createAuthnResponseSignedByKeyPair.
private SamlAuthnResponseTranslatorDto createAuthnResponseSignedByKeyPair(String publicKey, String privateKey) throws Exception {
SessionId sessionId = SessionId.createNewSessionId();
String samlResponse = authnResponseFactory.aSamlResponseFromCountry("a-request", samlEngineAppRule.getCountryMetadataUri(), publicKey, privateKey, DESTINATION, SIGNATURE_ALGORITHM, DIGEST_ALGORITHM, EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM, EidasAuthnContext.EIDAS_LOA_SUBSTANTIAL, DESTINATION, samlEngineAppRule.getCountryMetadataUri());
return new SamlAuthnResponseTranslatorDto(samlResponse, sessionId, "127.0.0.1", matchingServiceEntityId);
}
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorResourceTest method shouldReturnSuccessResponse.
@Test
public void shouldReturnSuccessResponse() throws Exception {
SamlAuthnResponseTranslatorDto dto = createAuthnResponseSignedByKeyPair(TestCertificateStrings.STUB_IDP_PUBLIC_PRIMARY_CERT, TestCertificateStrings.STUB_IDP_PUBLIC_PRIMARY_PRIVATE_KEY);
org.opensaml.saml.saml2.core.Response originalAuthnResponse = new HubTransformersFactory().getStringToResponseTransformer().apply(dto.getSamlResponse());
Response response = postAuthnResponseToSamlEngine(dto);
assertThat(response.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromCountry inboundResponseFromCountry = response.readEntity(InboundResponseFromCountry.class);
assertThat(inboundResponseFromCountry.getStatus()).isEqualTo(Optional.of("Success"));
assertThat(inboundResponseFromCountry.getIssuer()).isEqualTo(samlEngineAppRule.getCountryMetadataUri());
assertThatDecryptedAssertionsAreTheSame(inboundResponseFromCountry, originalAuthnResponse);
}
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateAFraudResponseFromIdp.
@Test
public void shouldTranslateAFraudResponseFromIdp() throws Exception {
String persistentId = UUID.randomUUID().toString();
final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.aFraudResponseFromIdpBuilder(STUB_IDP_ONE, persistentId).withDestination(IDP_RESPONSE_ENDPOINT).build();
String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId(TEST_RP_MS).build();
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.Success);
assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
// TODO consider checking the values of the ones we've checked presence of below
assertThat(inboundResponseFromIdpDto.getEncryptedAuthnAssertion().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getEncryptedMatchingDatasetAssertion().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getPersistentId().get()).isEqualTo(persistentId);
assertThat(inboundResponseFromIdpDto.getLevelOfAssurance().get()).isEqualTo(LevelOfAssurance.LEVEL_X);
assertThat(inboundResponseFromIdpDto.getPrincipalIpAddressAsSeenByIdp().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getFraudIndicator().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getIdpFraudEventId().isPresent()).isTrue();
}
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method handleResponseFromIdp_shouldProcessSecondAssertionIfTwoAssertionsHaveTheSameIdButTheFirstAssertionHasExpired.
@Test
public void handleResponseFromIdp_shouldProcessSecondAssertionIfTwoAssertionsHaveTheSameIdButTheFirstAssertionHasExpired() throws Exception {
String authnStatementAssertionId = "authnStatementAssertionId" + UUID.randomUUID().toString();
String mdsStatementAssertionId = "mdsStatementAssertionId" + UUID.randomUUID().toString();
DateTimeFreezer.freezeTime(DateTime.now().minusMinutes(30));
SamlAuthnResponseTranslatorDto samlResponseDto_1 = getSuccessSamlAuthnResponseTranslatorDto(STUB_IDP_ONE, authnStatementAssertionId, mdsStatementAssertionId);
Response clientResponse = postToSamlEngine(samlResponseDto_1);
DateTimeFreezer.unfreezeTime();
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
SamlAuthnResponseTranslatorDto samlResponseDto_2 = getSuccessSamlAuthnResponseTranslatorDto(STUB_IDP_ONE, authnStatementAssertionId, mdsStatementAssertionId);
clientResponse = postToSamlEngine(samlResponseDto_2);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
}
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateAnAuthenticationFailedResponseFromIdp.
@Test
public void shouldTranslateAnAuthenticationFailedResponseFromIdp() throws Exception {
final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.anAuthnFailedResponseFromIdpBuilder(STUB_IDP_ONE).withDestination(IDP_RESPONSE_ENDPOINT).withStatus(AUTHN_FAILED_STATUS).build();
String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId("IGNOREME").build();
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.AuthenticationFailed);
assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
checkFieldsForUnsuccessfulResponseDTO(inboundResponseFromIdpDto);
}
Aggregations