Search in sources :

Example 6 with InboundResponseFromIdpDto

use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorService method translate.

public InboundResponseFromIdpDto translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
    Response response = stringToOpenSamlResponseTransformer.apply(samlResponseDto.getSamlResponse());
    MdcHelper.addContextToMdc(response);
    try {
        InboundResponseFromIdp idaResponseFromIdp = samlResponseToIdaResponseIssuedByIdpTransformer.apply(response);
        UnknownMethodAlgorithmLogger.probeResponseForMethodAlgorithm(idaResponseFromIdp);
        if (idaResponseFromIdp.getAuthnStatementAssertion().isPresent()) {
            Assertion authnStatementAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getAuthnStatementAssertion().get().getUnderlyingAssertionBlob());
            logAnalytics(authnStatementAssertion, AUTHN_STATEMENT);
        }
        Assertion matchingDatasetAssertion = null;
        if (idaResponseFromIdp.getMatchingDatasetAssertion().isPresent()) {
            matchingDatasetAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getMatchingDatasetAssertion().get().getUnderlyingAssertionBlob());
            logAnalytics(matchingDatasetAssertion, MATCHING_DATASET);
        }
        InboundResponseFromIdpData inboundResponseFromIdpData = inboundResponseFromIdpDataGenerator.generate(idaResponseFromIdp, samlResponseDto.getMatchingServiceEntityId());
        Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
        if (!Strings.isNullOrEmpty(inboundResponseFromIdpData.getLevelOfAssurance())) {
            levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(inboundResponseFromIdpData.getLevelOfAssurance()));
        }
        logVerifiedAttributes(idaResponseFromIdp, matchingDatasetAssertion, levelOfAssurance);
        return new InboundResponseFromIdpDto(inboundResponseFromIdpData.getStatus(), inboundResponseFromIdpData.getStatusMessage(), inboundResponseFromIdpData.getIssuer(), inboundResponseFromIdpData.getAuthnStatementAssertionBlob(), inboundResponseFromIdpData.getEncryptedMatchingDatasetAssertion(), inboundResponseFromIdpData.getPersistentId(), inboundResponseFromIdpData.getPrincipalIpAddressAsSeenByIdp(), levelOfAssurance, inboundResponseFromIdpData.getIdpFraudEventId(), inboundResponseFromIdpData.getFraudIndicator());
    } catch (SamlTransformationErrorException e) {
        throw new SamlContextException(response.getID(), response.getIssuer().getValue(), e);
    }
}
Also used : Response(org.opensaml.saml.saml2.core.Response) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) SamlContextException(uk.gov.ida.hub.samlengine.exceptions.SamlContextException) InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) Assertion(org.opensaml.saml.saml2.core.Assertion) InboundResponseFromIdpData(uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)

Example 7 with InboundResponseFromIdpDto

use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorServiceTest method shouldExtractAuthnStatementAssertionDetails.

@Test
public void shouldExtractAuthnStatementAssertionDetails() {
    when(responseFromIdp.getAuthnStatementAssertion()).thenReturn(of(authStatementAssertion));
    InboundResponseFromIdpDto result = translateAndCheckCommonFields();
    checkAuthnStatementValues(result);
}
Also used : InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) Test(org.junit.Test)

Example 8 with InboundResponseFromIdpDto

use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorServiceTest method shouldExtractLevelOfAssurance.

@Test
public void shouldExtractLevelOfAssurance() {
    AuthnContext authnContext = AuthnContext.LEVEL_1;
    when(authStatementAssertion.getAuthnContext()).thenReturn(Optional.of(authnContext));
    when(responseFromIdp.getAuthnStatementAssertion()).thenReturn(of(authStatementAssertion));
    InboundResponseFromIdpDto result = translateAndCheckCommonFields();
    checkAuthnStatementValues(result);
    assertThat(result.getLevelOfAssurance().get().name()).isEqualTo(authnContext.name());
}
Also used : InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) Test(org.junit.Test)

Example 9 with InboundResponseFromIdpDto

use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorServiceTest method shouldExtractFraudDetails.

@Test
public void shouldExtractFraudDetails() {
    String fraudIndicator = "fraud indicator";
    String fraudEventId = "fraud event id";
    FraudDetectedDetails fraudDetectedDetails = Mockito.mock(FraudDetectedDetails.class);
    when(fraudDetectedDetails.getFraudIndicator()).thenReturn(fraudIndicator);
    when(fraudDetectedDetails.getIdpFraudEventId()).thenReturn(fraudEventId);
    when(authStatementAssertion.getFraudDetectedDetails()).thenReturn(Optional.of(fraudDetectedDetails));
    when(responseFromIdp.getAuthnStatementAssertion()).thenReturn(of(authStatementAssertion));
    InboundResponseFromIdpDto result = translateAndCheckCommonFields();
    checkAuthnStatementValues(result);
    assert (result.getFraudIndicator().get()).equals(fraudIndicator);
    assert (result.getIdpFraudEventId().get()).equals(fraudEventId);
}
Also used : InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) FraudDetectedDetails(uk.gov.ida.saml.core.domain.FraudDetectedDetails) Test(org.junit.Test)

Example 10 with InboundResponseFromIdpDto

use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorServiceTest method shouldHandleNoAssertions.

@Test
public void shouldHandleNoAssertions() {
    InboundResponseFromIdpDto result = translateAndCheckCommonFields();
    assertThat(result.getAuthnStatementAssertionBlob().isPresent()).isFalse();
    assertThat(result.getEncryptedMatchingDatasetAssertion().isPresent()).isFalse();
    assertThat(result.getLevelOfAssurance().isPresent()).isFalse();
    assertThat(result.getPersistentId().isPresent()).isFalse();
    assertThat(result.getFraudIndicator().isPresent()).isFalse();
    assertThat(result.getIdpFraudEventId().isPresent()).isFalse();
}
Also used : InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) Test(org.junit.Test)

Aggregations

InboundResponseFromIdpDto (uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)15 Test (org.junit.Test)13 Response (javax.ws.rs.core.Response)8 SamlAuthnResponseTranslatorDto (uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)8 SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto (uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)8 Assertion (org.opensaml.saml.saml2.core.Assertion)1 Response (org.opensaml.saml.saml2.core.Response)1 BasicCredential (org.opensaml.security.credential.BasicCredential)1 LevelOfAssurance (uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)1 SamlContextException (uk.gov.ida.hub.samlengine.exceptions.SamlContextException)1 AuthnContext (uk.gov.ida.saml.core.domain.AuthnContext)1 FraudDetectedDetails (uk.gov.ida.saml.core.domain.FraudDetectedDetails)1 InboundResponseFromIdpData (uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)1 PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)1 HardCodedKeyStore (uk.gov.ida.saml.core.test.HardCodedKeyStore)1 SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)1 InboundResponseFromIdp (uk.gov.ida.saml.hub.domain.InboundResponseFromIdp)1