Example 11 with InboundResponseFromIdpDto
use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorServiceTest method shouldEncryptMatchingDatasetAssertion.
@Test
public void shouldEncryptMatchingDatasetAssertion() throws Exception {
PassthroughAssertion assertion = Mockito.mock(PassthroughAssertion.class);
when(assertion.getUnderlyingAssertionBlob()).thenReturn(matchingDatasetUnderlyingAssertionBlob);
when(responseFromIdp.getMatchingDatasetAssertion()).thenReturn(of(assertion));
String expectedEncryptedBlob = "some-value";
final String entityId = "entity-id";
when(responseContainer.getMatchingServiceEntityId()).thenReturn(entityId);
when(assertionBlobEncrypter.encryptAssertionBlob(entityId, matchingDatasetUnderlyingAssertionBlob)).thenReturn(expectedEncryptedBlob);
InboundResponseFromIdpDto result = translateAndCheckCommonFields();
assertThat(result.getEncryptedMatchingDatasetAssertion().get()).isEqualTo(expectedEncryptedBlob);
}
Also used :
InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
Test(org.junit.Test)
Example 12 with InboundResponseFromIdpDto
use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateASuccessfulIdpAuthnResponse.
@Test
public void shouldTranslateASuccessfulIdpAuthnResponse() throws Exception {
final String ipAddressAsSeenByIdp = "256.256.256.256";
final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.aResponseFromIdpBuilder(STUB_IDP_ONE, ipAddressAsSeenByIdp).withDestination(IDP_RESPONSE_ENDPOINT).build();
String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId(TEST_RP_MS).build();
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.Success);
assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
assertThat(inboundResponseFromIdpDto.getPrincipalIpAddressAsSeenByIdp().get()).isEqualTo(ipAddressAsSeenByIdp);
assertThat(inboundResponseFromIdpDto.getFraudIndicator().isPresent()).isFalse();
assertThat(inboundResponseFromIdpDto.getIdpFraudEventId().isPresent()).isFalse();
// TODO consider checking the actual values of the fields below, rather than just their presence
assertThat(inboundResponseFromIdpDto.getAuthnStatementAssertionBlob().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getEncryptedMatchingDatasetAssertion().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getPersistentId().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getLevelOfAssurance().isPresent()).isTrue();
}
Also used :
Response(javax.ws.rs.core.Response)
InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
Test(org.junit.Test)
Example 13 with InboundResponseFromIdpDto
use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateANoAuthnContextResponseFromIdp.
@Test
public void shouldTranslateANoAuthnContextResponseFromIdp() throws Exception {
final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.anAuthnFailedResponseFromIdpBuilder(STUB_IDP_ONE).withDestination(IDP_RESPONSE_ENDPOINT).withStatus(NO_AUTHN_CONTEXT_STATUS).build();
String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId(TEST_RP_MS).build();
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.NoAuthenticationContext);
assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
checkFieldsForUnsuccessfulResponseDTO(inboundResponseFromIdpDto);
}
Also used :
Response(javax.ws.rs.core.Response)
InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
Test(org.junit.Test)
Example 14 with InboundResponseFromIdpDto
use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateARequesterErrorDeniedResponseFromIdp.
@Test
public void shouldTranslateARequesterErrorDeniedResponseFromIdp() throws Exception {
final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.anAuthnFailedResponseFromIdpBuilder(STUB_IDP_ONE).withDestination(IDP_RESPONSE_ENDPOINT).withStatus(REQUESTER_ERROR_DENIED_STATUS).build();
String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId(TEST_RP_MS).build();
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.RequesterError);
assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
checkFieldsForUnsuccessfulResponseDTO(inboundResponseFromIdpDto);
}
Also used :
Response(javax.ws.rs.core.Response)
InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
Test(org.junit.Test)
Example 15 with InboundResponseFromIdpDto
use of uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldEncryptTheMatchingDatasetAssertionWhenGivenMatchingServiceEntityId.
@Test
public void shouldEncryptTheMatchingDatasetAssertionWhenGivenMatchingServiceEntityId() throws Exception {
BasicCredential primaryEncryptionKey = new BasicCredential(new HardCodedKeyStore(HUB_ENTITY_ID).getPrimaryEncryptionKeyForEntity(HUB_ENTITY_ID));
SamlAuthnResponseTranslatorDto samlResponseDto = getSuccessSamlAuthnResponseTranslatorDto(primaryEncryptionKey);
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
assertThat(inboundResponseFromIdpDto.getEncryptedMatchingDatasetAssertion().isPresent()).isTrue();
}
Also used :
Response(javax.ws.rs.core.Response)
HardCodedKeyStore(uk.gov.ida.saml.core.test.HardCodedKeyStore)
InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
BasicCredential(org.opensaml.security.credential.BasicCredential)
Test(org.junit.Test)
Aggregations
InboundResponseFromIdpDto (uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)15
Test (org.junit.Test)13
Response (javax.ws.rs.core.Response)8
SamlAuthnResponseTranslatorDto (uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)8
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto (uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)8
Assertion (org.opensaml.saml.saml2.core.Assertion)1
Response (org.opensaml.saml.saml2.core.Response)1
BasicCredential (org.opensaml.security.credential.BasicCredential)1
LevelOfAssurance (uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)1
SamlContextException (uk.gov.ida.hub.samlengine.exceptions.SamlContextException)1
AuthnContext (uk.gov.ida.saml.core.domain.AuthnContext)1
FraudDetectedDetails (uk.gov.ida.saml.core.domain.FraudDetectedDetails)1
InboundResponseFromIdpData (uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)1
PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)1
HardCodedKeyStore (uk.gov.ida.saml.core.test.HardCodedKeyStore)1
SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)1
InboundResponseFromIdp (uk.gov.ida.saml.hub.domain.InboundResponseFromIdp)1
