Search in sources :

Example 1 with SamlResponseContainerDto

use of uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto in project verify-hub by alphagov.

the class MatchingServiceResponseTranslatorService method translate.

public InboundResponseFromMatchingServiceDto translate(SamlResponseContainerDto samlResponseContainerDto) {
    final Response response = responseUnmarshaller.apply(samlResponseContainerDto.getSamlResponse());
    MdcHelper.addContextToMdc(response);
    final InboundResponseFromMatchingService responseFromMatchingService = responseToInboundResponseFromMatchingServiceTransformer.transform(response);
    Optional<String> assertionBlob = Optional.empty();
    Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
    // FIXME?: transformer can return null
    if (responseFromMatchingService.getMatchingServiceAssertion() != null && responseFromMatchingService.getMatchingServiceAssertion().isPresent()) {
        assertionBlob = Optional.ofNullable(responseFromMatchingService.getMatchingServiceAssertion().get().getUnderlyingAssertionBlob());
        final Optional<AuthnContext> authnContext = responseFromMatchingService.getMatchingServiceAssertion().get().getAuthnContext();
        if (authnContext.isPresent()) {
            levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(authnContext.get().name()));
        }
    }
    final InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = new InboundResponseFromMatchingServiceDto(responseFromMatchingService.getStatus(), responseFromMatchingService.getInResponseTo(), responseFromMatchingService.getIssuer(), assertionBlob.map(ab -> assertionBlobEncrypter.encryptAssertionBlob(samlResponseContainerDto.getAuthnRequestIssuerId(), ab)), levelOfAssurance);
    return inboundResponseFromMatchingServiceDto;
}
Also used : Response(org.opensaml.saml.saml2.core.Response) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) SamlResponseContainerDto(uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) Inject(com.google.inject.Inject) StringToOpenSamlObjectTransformer(uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer) AssertionBlobEncrypter(uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter) DecoratedSamlResponseToInboundResponseFromMatchingServiceTransformer(uk.gov.ida.saml.hub.transformers.inbound.providers.DecoratedSamlResponseToInboundResponseFromMatchingServiceTransformer) InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto) Optional(java.util.Optional) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) MdcHelper(uk.gov.ida.hub.samlengine.logging.MdcHelper) InboundResponseFromMatchingService(uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService) Response(org.opensaml.saml.saml2.core.Response) InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto) InboundResponseFromMatchingService(uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Example 2 with SamlResponseContainerDto

use of uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto in project verify-hub by alphagov.

the class MatchingServiceResponseTranslatorResourceTest method shouldReturnADtoWhenResponseIs_TooOld.

@Test
public void shouldReturnADtoWhenResponseIs_TooOld() throws Exception {
    final String requestId = "requestId";
    final String msaStatusCode = SamlStatusCode.MATCH;
    final Status status = aStatus().withStatusCode(aStatusCode().withSubStatusCode(aStatusCode().withValue(msaStatusCode).build()).withValue(SUCCESS).build()).build();
    final SamlResponseContainerDto samlResponseContainerDto = new SamlResponseContainerDto(Base64.getEncoder().encodeToString(aValidMatchResponseFromMatchingService(requestId, status, DateTime.now().minusDays(1)).getBytes()), TEST_RP);
    Response clientResponse = postToSamlEngine(samlResponseContainerDto);
    assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
    ErrorStatusDto errorStatusDto = clientResponse.readEntity(ErrorStatusDto.class);
    assertThat(errorStatusDto.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
}
Also used : Status(org.opensaml.saml.saml2.core.Status) MatchingServiceIdaStatus(uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus) StatusBuilder.aStatus(uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus) Response(javax.ws.rs.core.Response) ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto) SamlResponseContainerDto(uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto) Test(org.junit.jupiter.api.Test)

Example 3 with SamlResponseContainerDto

use of uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto in project verify-hub by alphagov.

the class MatchingServiceResponseTranslatorResourceTest method shouldReturnADtoWhenResponseIs_NoMatch.

@Test
public void shouldReturnADtoWhenResponseIs_NoMatch() throws Exception {
    final String requestId = "requestId";
    final String msaStatusCode = SamlStatusCode.NO_MATCH;
    final Status status = aStatus().withStatusCode(aStatusCode().withSubStatusCode(aStatusCode().withValue(msaStatusCode).build()).withValue(RESPONDER).build()).build();
    final SamlResponseContainerDto samlResponseContainerDto = new SamlResponseContainerDto(Base64.getEncoder().encodeToString(aValidNoMatchResponseFromMatchingService(requestId, status, TEST_RP_MS).getBytes()), TEST_RP);
    Response clientResponse = postToSamlEngine(samlResponseContainerDto);
    assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
    InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = clientResponse.readEntity(InboundResponseFromMatchingServiceDto.class);
    assertThat(inboundResponseFromMatchingServiceDto.getIssuer()).isEqualTo(TEST_RP_MS);
    assertThat(inboundResponseFromMatchingServiceDto.getInResponseTo()).isEqualTo(requestId);
    assertThat(inboundResponseFromMatchingServiceDto.getStatus().name()).isEqualTo(MatchingServiceIdaStatus.NoMatchingServiceMatchFromMatchingService.name());
    assertThat(inboundResponseFromMatchingServiceDto.getLevelOfAssurance()).isNotPresent();
    assertThat(inboundResponseFromMatchingServiceDto.getEncryptedMatchingServiceAssertion()).isNotPresent();
}
Also used : Status(org.opensaml.saml.saml2.core.Status) MatchingServiceIdaStatus(uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus) StatusBuilder.aStatus(uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus) Response(javax.ws.rs.core.Response) ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) SamlResponseContainerDto(uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto) InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto) Test(org.junit.jupiter.api.Test)

Example 4 with SamlResponseContainerDto

use of uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto in project verify-hub by alphagov.

the class MatchingServiceResponseTranslatorResourceTest method shouldNotReturnADtoResponse_WhenBadlySigned_NoMatch.

@Test
public void shouldNotReturnADtoResponse_WhenBadlySigned_NoMatch() throws Exception {
    final String requestId = "requestId";
    final String msaStatusCode = SamlStatusCode.NO_MATCH;
    final Status status = aStatus().withStatusCode(aStatusCode().withSubStatusCode(aStatusCode().withValue(msaStatusCode).build()).withValue(RESPONDER).build()).build();
    final SamlResponseContainerDto samlResponseContainerDto = new SamlResponseContainerDto(Base64.getEncoder().encodeToString(aValidNoMatchResponseFromMatchingServiceisBadlySigned(requestId, status, TEST_RP_MS).getBytes()), TEST_RP);
    Response clientResponse = postToSamlEngine(samlResponseContainerDto);
    assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
    ErrorStatusDto errorStatusDto = clientResponse.readEntity(ErrorStatusDto.class);
    assertThat(errorStatusDto.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
}
Also used : Status(org.opensaml.saml.saml2.core.Status) MatchingServiceIdaStatus(uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus) StatusBuilder.aStatus(uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus) Response(javax.ws.rs.core.Response) ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse) ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto) SamlResponseContainerDto(uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto) Test(org.junit.jupiter.api.Test)

Example 5 with SamlResponseContainerDto

use of uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto in project verify-hub by alphagov.

the class MatchingServiceResponseTranslatorServiceTest method populateReturnDtoCorrectly_handleRequesterError.

@Test
public void populateReturnDtoCorrectly_handleRequesterError() {
    final String inResponseTo = "inResponseTo";
    final String issuer = "issuer";
    final Optional<AuthnContext> authnContext = Optional.empty();
    final Optional<FraudDetectedDetails> fraudDetectedDetails = Optional.empty();
    final String underlyingAssertionBlob = null;
    final MatchingServiceIdaStatus status = MatchingServiceIdaStatus.RequesterError;
    final SamlResponseContainerDto samlResponse = new SamlResponseContainerDto("saml", TEST_RP);
    setUpForTranslate(authnContext, fraudDetectedDetails, underlyingAssertionBlob, inResponseTo, issuer, samlResponse.getSamlResponse(), status);
    final InboundResponseFromMatchingServiceDto inboundResponseFromMatchingServiceDto = matchingServiceResponseTranslatorService.translate(samlResponse);
    assertThat(inboundResponseFromMatchingServiceDto.getInResponseTo()).isEqualTo(inResponseTo);
    assertThat(inboundResponseFromMatchingServiceDto.getEncryptedMatchingServiceAssertion()).isNotPresent();
    assertThat(inboundResponseFromMatchingServiceDto.getIssuer()).isEqualTo(issuer);
    assertThat(inboundResponseFromMatchingServiceDto.getLevelOfAssurance()).isNotPresent();
    assertThat(inboundResponseFromMatchingServiceDto.getStatus()).isEqualTo(status);
}
Also used : SamlResponseContainerDto(uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto) FraudDetectedDetails(uk.gov.ida.saml.core.domain.FraudDetectedDetails) InboundResponseFromMatchingServiceDto(uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) MatchingServiceIdaStatus(uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus) Test(org.junit.jupiter.api.Test)

Aggregations

SamlResponseContainerDto (uk.gov.ida.hub.samlengine.domain.SamlResponseContainerDto)15 Test (org.junit.jupiter.api.Test)14 MatchingServiceIdaStatus (uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus)11 Response (javax.ws.rs.core.Response)9 InboundResponseFromMatchingServiceDto (uk.gov.ida.hub.samlengine.contracts.InboundResponseFromMatchingServiceDto)9 ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)9 Status (org.opensaml.saml.saml2.core.Status)7 StatusBuilder.aStatus (uk.gov.ida.saml.core.test.builders.StatusBuilder.aStatus)7 ErrorStatusDto (uk.gov.ida.common.ErrorStatusDto)5 AuthnContext (uk.gov.ida.saml.core.domain.AuthnContext)5 FraudDetectedDetails (uk.gov.ida.saml.core.domain.FraudDetectedDetails)4 Inject (com.google.inject.Inject)1 Optional (java.util.Optional)1 Response (org.opensaml.saml.saml2.core.Response)1 LevelOfAssurance (uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)1 MdcHelper (uk.gov.ida.hub.samlengine.logging.MdcHelper)1 AssertionBlobEncrypter (uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter)1 SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)1 StringToOpenSamlObjectTransformer (uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer)1 InboundResponseFromMatchingService (uk.gov.ida.saml.hub.domain.InboundResponseFromMatchingService)1