Search in sources :

Example 1 with LevelOfAssurance

use of uk.gov.ida.hub.samlengine.domain.LevelOfAssurance in project verify-hub by alphagov.

the class MatchingServiceResponseTranslatorService method translate.

public InboundResponseFromMatchingServiceDto translate(SamlResponseDto samlResponseDto) {
    final Response response = responseUnmarshaller.apply(samlResponseDto.getSamlResponse());
    MdcHelper.addContextToMdc(response);
    final InboundResponseFromMatchingService responseFromMatchingService = responseToInboundResponseFromMatchingServiceTransformer.transform(response);
    Optional<String> assertionBlob = Optional.empty();
    Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
    // FIXME?: transformer can return null
    if (responseFromMatchingService.getMatchingServiceAssertion() != null && responseFromMatchingService.getMatchingServiceAssertion().isPresent()) {
        assertionBlob = Optional.ofNullable(responseFromMatchingService.getMatchingServiceAssertion().get().getUnderlyingAssertionBlob());
        final Optional<AuthnContext> authnContext = responseFromMatchingService.getMatchingServiceAssertion().get().getAuthnContext();
        if (authnContext.isPresent()) {
            levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(authnContext.get().name()));
        }
    }
    final InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = new InboundResponseFromMatchingServiceDto(responseFromMatchingService.getStatus(), responseFromMatchingService.getInResponseTo(), responseFromMatchingService.getIssuer(), assertionBlob, levelOfAssurance);
    return inboundResponseFromMatchingServiceDto;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto) InboundResponseFromMatchingService(uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Example 2 with LevelOfAssurance

use of uk.gov.ida.hub.samlengine.domain.LevelOfAssurance in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorService method toModel.

private InboundResponseFromCountry toModel(ValidatedResponse response, Optional<Assertion> validatedIdentityAssertionOptional, String matchingServiceEntityId) {
    Optional<PassthroughAssertion> passthroughAssertion = validatedIdentityAssertionOptional.map(validatedIdentityAssertion -> passthroughAssertionUnmarshaller.fromAssertion(validatedIdentityAssertion, true));
    Optional<LevelOfAssurance> levelOfAssurance = passthroughAssertion.flatMap(assertion -> assertion.getAuthnContext()).map(AuthnContext::name).filter(string -> !isNullOrEmpty(string)).map(LevelOfAssurance::valueOf);
    IdpIdaStatus status = statusUnmarshaller.fromSaml(response.getStatus());
    return new InboundResponseFromCountry(response.getIssuer().getValue(), validatedIdentityAssertionOptional.map(Assertion::getSubject).map(Subject::getNameID).map(NameID::getValue), Optional.ofNullable(status).map(IdpIdaStatus::getStatusCode).map(IdpIdaStatus.Status::name), status.getMessage(), passthroughAssertion.map(assertion -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, assertion.getUnderlyingAssertionBlob())), levelOfAssurance);
}
Also used : LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) StringToOpenSamlObjectTransformer(uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) Subject(org.opensaml.saml.saml2.core.Subject) IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) MdcHelper(uk.gov.ida.hub.samlengine.logging.MdcHelper) ResponseFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseFromCountryValidator) SamlResponseSignatureValidator(uk.gov.ida.saml.security.validators.signature.SamlResponseSignatureValidator) Inject(javax.inject.Inject) Assertion(org.opensaml.saml.saml2.core.Assertion) AssertionBlobEncrypter(uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) ResponseAssertionsFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseAssertionsFromCountryValidator) Response(org.opensaml.saml.saml2.core.Response) PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller) AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter) SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto) InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry) List(java.util.List) PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) DestinationValidator(uk.gov.ida.saml.core.validators.DestinationValidator) Optional(java.util.Optional) IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus) NameID(org.opensaml.saml.saml2.core.NameID) SamlAssertionsSignatureValidator(uk.gov.ida.saml.security.SamlAssertionsSignatureValidator) InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry) PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus) Subject(org.opensaml.saml.saml2.core.Subject) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Example 3 with LevelOfAssurance

use of uk.gov.ida.hub.samlengine.domain.LevelOfAssurance in project verify-hub by alphagov.

the class MatchingServiceResponseTranslatorService method translate.

public InboundResponseFromMatchingServiceDto translate(SamlResponseContainerDto samlResponseContainerDto) {
    final Response response = responseUnmarshaller.apply(samlResponseContainerDto.getSamlResponse());
    MdcHelper.addContextToMdc(response);
    final InboundResponseFromMatchingService responseFromMatchingService = responseToInboundResponseFromMatchingServiceTransformer.transform(response);
    Optional<String> assertionBlob = Optional.empty();
    Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
    // FIXME?: transformer can return null
    if (responseFromMatchingService.getMatchingServiceAssertion() != null && responseFromMatchingService.getMatchingServiceAssertion().isPresent()) {
        assertionBlob = Optional.ofNullable(responseFromMatchingService.getMatchingServiceAssertion().get().getUnderlyingAssertionBlob());
        final Optional<AuthnContext> authnContext = responseFromMatchingService.getMatchingServiceAssertion().get().getAuthnContext();
        if (authnContext.isPresent()) {
            levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(authnContext.get().name()));
        }
    }
    final InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = new InboundResponseFromMatchingServiceDto(responseFromMatchingService.getStatus(), responseFromMatchingService.getInResponseTo(), responseFromMatchingService.getIssuer(), assertionBlob.map(ab -> assertionBlobEncrypter.encryptAssertionBlob(samlResponseContainerDto.getAuthnRequestIssuerId(), ab)), levelOfAssurance);
    return inboundResponseFromMatchingServiceDto;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) SamlResponseContainerDto(uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) Inject(com.google.inject.Inject) StringToOpenSamlObjectTransformer(uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer) AssertionBlobEncrypter(uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter) DecoratedSamlResponseToInboundResponseFromMatchingServiceTransformer(uk.gov.ida.saml.hub.transformers.inbound.providers.DecoratedSamlResponseToInboundResponseFromMatchingServiceTransformer) InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto) Optional(java.util.Optional) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) MdcHelper(uk.gov.ida.hub.samlengine.logging.MdcHelper) InboundResponseFromMatchingService(uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService) Response(org.opensaml.saml.saml2.core.Response) InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto) InboundResponseFromMatchingService(uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Example 4 with LevelOfAssurance

use of uk.gov.ida.hub.samlengine.domain.LevelOfAssurance in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorService method translate.

public InboundResponseFromIdpDto translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
    Response response = stringToOpenSamlResponseTransformer.apply(samlResponseDto.getSamlResponse());
    MdcHelper.addContextToMdc(response);
    try {
        InboundResponseFromIdp idaResponseFromIdp = samlResponseToIdaResponseIssuedByIdpTransformer.apply(response);
        UnknownMethodAlgorithmLogger.probeResponseForMethodAlgorithm(idaResponseFromIdp);
        if (idaResponseFromIdp.getAuthnStatementAssertion().isPresent()) {
            Assertion authnStatementAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getAuthnStatementAssertion().get().getUnderlyingAssertionBlob());
            logAnalytics(authnStatementAssertion, AUTHN_STATEMENT);
        }
        Assertion matchingDatasetAssertion = null;
        if (idaResponseFromIdp.getMatchingDatasetAssertion().isPresent()) {
            matchingDatasetAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getMatchingDatasetAssertion().get().getUnderlyingAssertionBlob());
            logAnalytics(matchingDatasetAssertion, MATCHING_DATASET);
        }
        InboundResponseFromIdpData inboundResponseFromIdpData = inboundResponseFromIdpDataGenerator.generate(idaResponseFromIdp, samlResponseDto.getMatchingServiceEntityId());
        Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
        if (!Strings.isNullOrEmpty(inboundResponseFromIdpData.getLevelOfAssurance())) {
            levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(inboundResponseFromIdpData.getLevelOfAssurance()));
        }
        logVerifiedAttributes(idaResponseFromIdp, matchingDatasetAssertion, levelOfAssurance);
        return new InboundResponseFromIdpDto(inboundResponseFromIdpData.getStatus(), inboundResponseFromIdpData.getStatusMessage(), inboundResponseFromIdpData.getIssuer(), inboundResponseFromIdpData.getEncryptedAuthnAssertion(), inboundResponseFromIdpData.getEncryptedMatchingDatasetAssertion(), inboundResponseFromIdpData.getPersistentId(), inboundResponseFromIdpData.getPrincipalIpAddressAsSeenByIdp(), levelOfAssurance, inboundResponseFromIdpData.getIdpFraudEventId(), inboundResponseFromIdpData.getFraudIndicator(), inboundResponseFromIdpData.getNotOnOrAfter());
    } catch (SamlTransformationErrorException e) {
        throw new SamlContextException(response.getID(), response.getIssuer().getValue(), e);
    }
}
Also used : Response(org.opensaml.saml.saml2.core.Response) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) SamlContextException(uk.gov.ida.hub.samlengine.exceptions.SamlContextException) InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) Assertion(org.opensaml.saml.saml2.core.Assertion) InboundResponseFromIdpData(uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)

Aggregations

Response (org.opensaml.saml.saml2.core.Response)4 LevelOfAssurance (uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)4 AuthnContext (uk.gov.ida.saml.core.domain.AuthnContext)3 Optional (java.util.Optional)2 Assertion (org.opensaml.saml.saml2.core.Assertion)2 InboundResponseFromMatchingServiceDto (uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto)2 MdcHelper (uk.gov.ida.hub.samlengine.logging.MdcHelper)2 AssertionBlobEncrypter (uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter)2 StringToOpenSamlObjectTransformer (uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer)2 InboundResponseFromMatchingService (uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService)2 Strings.isNullOrEmpty (com.google.common.base.Strings.isNullOrEmpty)1 Inject (com.google.inject.Inject)1 List (java.util.List)1 Inject (javax.inject.Inject)1 NameID (org.opensaml.saml.saml2.core.NameID)1 Subject (org.opensaml.saml.saml2.core.Subject)1 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)1 SamlAuthnResponseTranslatorDto (uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)1 InboundResponseFromCountry (uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)1 InboundResponseFromIdpDto (uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)1