Examples with SamlRequestDto uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto used on opensource projects

Example 1 with SamlRequestDto

use of uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto in project verify-hub by alphagov.

the class CountryMetadataConsumerTest method shouldReturnErrorWhenValidatingEidasAuthnResponseContainingInvalidSignature.

@Test
public void shouldReturnErrorWhenValidatingEidasAuthnResponseContainingInvalidSignature() throws Exception {
    // Given
    SessionId sessionId = SessionId.createNewSessionId();
    String response = authnResponseFactory.aSamlResponseFromIdp("a-request", countryMetadata.getCountryMetadataUri(), anotherIdpSigningCert, anotherIdpSigningKey, "", SIGNATURE_ALGORITHM, DIGEST_ALGORITHM);
    // When
    Response responseFromSamlProxy = postSAML(new SamlRequestDto(response, sessionId.getSessionId(), "127.0.0.1"));
    // Then
    assertThat(responseFromSamlProxy.getStatus()).isEqualTo(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
}

Example 2 with SamlRequestDto

use of uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto in project verify-hub by alphagov.

the class DenialOfServiceAttacksIntegrationTests method requestPost_shouldRedirectToGenericErrorWhenEntityExpansionAttackOccurs.

@Test
public void requestPost_shouldRedirectToGenericErrorWhenEntityExpansionAttackOccurs() throws Exception {
    String xmlString = "<?xml version=\"1.0\"?>\n" + "<!DOCTYPE lolz [\n" + " <!ENTITY lol \"lol\">\n" + " <!ELEMENT lolz (#PCDATA)>\n" + " <!ENTITY lol1 \"&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\">\n" + " <!ENTITY lol2 \"&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;\">\n" + " <!ENTITY lol3 \"&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;\">\n" + " <!ENTITY lol4 \"&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;\">\n" + " <!ENTITY lol5 \"&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;\">\n" + " <!ENTITY lol6 \"&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;\">\n" + " <!ENTITY lol7 \"&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;\">\n" + " <!ENTITY lol8 \"&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;\">\n" + " <!ENTITY lol9 \"&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;\">\n" + "]>\n" + "<lolz>&lol9;</lolz>";
    for (int i = 0; i < 80; i++) {
        xmlString += "          ";
    }
    String samlAuthnRequest = StringEncoding.toBase64Encoded(xmlString);
    String relayState = "aRelayState";
    final URI ssoUri = samlProxyAppRule.getUri(Urls.SamlProxyUrls.SAML2_SSO_RECEIVER_API_ROOT);
    Response response = client.target(ssoUri).request(MediaType.APPLICATION_JSON_TYPE).post(Entity.json(new SamlRequestDto(samlAuthnRequest, relayState, "12.23.34.45")));
    assertThat(response.getStatus()).isEqualTo(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode());
}

Example 3 with SamlRequestDto

use of uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto in project verify-hub by alphagov.

the class MetadataConsumerTests method shouldReturnBadRequestWhenEntityIdCannotBeFoundInMetadata.

@Test
public void shouldReturnBadRequestWhenEntityIdCannotBeFoundInMetadata() throws Exception {
    SessionId sessionId = SessionId.createNewSessionId();
    policyStubRule.register(UriBuilder.fromPath(Urls.PolicyUrls.IDP_AUTHN_RESPONSE_RESOURCE).build(sessionId).getPath(), 200, ResponseActionDto.success(sessionId, true, LEVEL_2));
    String response = authnResponseFactory.aSamlResponseFromIdp("non-existent-entity-id", STUB_IDP_PUBLIC_PRIMARY_CERT, STUB_IDP_PUBLIC_PRIMARY_PRIVATE_KEY, "", SIGNATURE_ALGORITHM, DIGEST_ALGORITHM);
    SamlRequestDto samlRequestDto = new SamlRequestDto(response, sessionId.getSessionId(), "127.0.0.1");
    assertThat(postSAML(samlRequestDto).getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
}

Example 4 with SamlRequestDto

use of uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto in project verify-hub by alphagov.

the class SamlMessageReceiverApiResourceEidasEnabledTest method eidasResponsePost_shouldRespondWithSuccessWhenPolicyRespondsWithSuccess.

@Test
public void eidasResponsePost_shouldRespondWithSuccessWhenPolicyRespondsWithSuccess() throws Exception {
    String sessionId = UUID.randomUUID().toString();
    policyStubRule.receiveAuthnResponseFromCountry(sessionId, LevelOfAssurance.LEVEL_2);
    final String samlResponse = authnResponseFactory.aSamlResponseFromIdp("a-request", countryMetadata.getCountryMetadataUri(), idpSigningCert, idpSigningKey, "", SIGNATURE_ALGORITHM, DIGEST_ALGORITHM);
    SamlRequestDto authnResponse = new SamlRequestDto(samlResponse, sessionId, "127.0.0.1");
    final Response response = postSAML(authnResponse, Urls.SamlProxyUrls.EIDAS_SAML2_SSO_RECEIVER_API_RESOURCE);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_OK);
    // Check that policy has been called
    assertThat(policyStubRule.getLastRequest().getPath()).contains(sessionId);
}

Example 5 with SamlRequestDto

use of uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto in project verify-hub by alphagov.

the class SamlMessageReceiverApiResourceTest method shouldErrorWhenASamlStringIsNull.

@Test
public void shouldErrorWhenASamlStringIsNull() throws Exception {
    SamlRequestDto authnRequestWrapper = new SamlRequestDto(null, "relayState", "ipAddress");
    Response clientResponse = postSAML(authnRequestWrapper, Urls.SamlProxyUrls.SAML2_SSO_RECEIVER_API_ROOT);
    assertError(clientResponse, ExceptionType.INVALID_SAML);
}