Search in sources :

Example 1 with AuthnRequestFromHubContainerDto

use of uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto in project verify-hub by alphagov.

the class SamlMessageSenderHandler method generateAuthnRequestFromHub.

public SamlMessage generateAuthnRequestFromHub(SessionId sessionId, String principalIpAddress) {
    AuthnRequestFromHubContainerDto authnRequestFromHub = sessionProxy.getAuthnRequestFromHub(sessionId);
    AuthnRequest request = authnRequestTransformer.apply(authnRequestFromHub.getSamlRequest());
    SamlValidationResponse samlSignatureValidationResponse = samlMessageSignatureValidator.validate(request, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAuthnRequest(request, Direction.OUTBOUND, samlSignatureValidationResponse.isOK());
    if (!samlSignatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = samlSignatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), samlSignatureValidationResponse.getCause(), Level.ERROR);
    }
    SamlMessage samlMessage = new SamlMessage(authnRequestFromHub.getSamlRequest(), SamlMessageType.SAML_REQUEST, Optional.fromNullable(sessionId.toString()), authnRequestFromHub.getPostEndpoint().toString(), Optional.of(authnRequestFromHub.getRegistering()));
    externalCommunicationEventLogger.logIdpAuthnRequest(request.getID(), sessionId, authnRequestFromHub.getPostEndpoint(), principalIpAddress);
    return samlMessage;
}
Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto)

Example 2 with AuthnRequestFromHubContainerDto

use of uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateAuthRequestFromHub_shouldThrowSamlTransformationException.

@Test(expected = SamlTransformationErrorException.class)
public void generateAuthRequestFromHub_shouldThrowSamlTransformationException() throws MarshallingException, SignatureException {
    SessionId sessionId = SessionId.createNewSessionId();
    String expectedSamlMessageId = UUID.randomUUID().toString();
    when(sessionProxy.getAuthnRequestFromHub(sessionId)).thenReturn(new AuthnRequestFromHubContainerDto(samlRequest, postEndPoint, true));
    AuthnRequest authnRequest = anAuthnRequest().withId(expectedSamlMessageId).build();
    when(authnRequestTransformer.apply(samlRequest)).thenReturn(authnRequest);
    when(samlMessageSignatureValidator.validate(authnRequest, SPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(SamlValidationResponse.anInvalidResponse(new SamlValidationSpecification("bad", true)));
    samlMessageSenderHandler.generateAuthnRequestFromHub(sessionId, principalIpAddressAsSeenByHub);
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest) Matchers.anyString(org.mockito.Matchers.anyString) AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto) SessionId(uk.gov.ida.common.SessionId) SamlValidationSpecification(uk.gov.ida.saml.core.validation.errors.SamlValidationSpecification) Test(org.junit.Test)

Example 3 with AuthnRequestFromHubContainerDto

use of uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto in project verify-hub by alphagov.

the class SamlMessageSenderApiResourceTest method sendJsonAuthnRequestFromHub_shouldRespondWithNextLocation.

@Test
public void sendJsonAuthnRequestFromHub_shouldRespondWithNextLocation() throws Exception {
    SessionId sessionId = SessionId.createNewSessionId();
    URI nextLocationUri = URI.create("http://blah");
    IdaAuthnRequestFromHub authnRequestFromHub = anIdaAuthnRequest().withIssuer(HUB_ENTITY_ID).buildFromHub();
    Function<IdaAuthnRequestFromHub, String> idaAuthnRequestFromHubToStringTransformer = new HubTransformersFactory().getIdaAuthnRequestFromHubToStringTransformer(getKeyStore(), SIGNATURE_ALGORITHM, DIGEST_ALGORITHM);
    String samlString = idaAuthnRequestFromHubToStringTransformer.apply(authnRequestFromHub);
    policyStubRule.aValidAuthnRequestFromHubToIdp(sessionId, new AuthnRequestFromHubContainerDto(samlString, nextLocationUri, false));
    Response response = getResponseFromSamlProxy(Urls.SamlProxyUrls.SEND_AUTHN_REQUEST_API_RESOURCE, sessionId);
    assertThat(response.readEntity(SamlMessageSenderHandler.SamlMessage.class).getPostEndpoint()).isEqualTo(nextLocationUri.toASCIIString());
}
Also used : ResponseForHubBuilder.anAuthnResponse(uk.gov.ida.saml.core.test.builders.ResponseForHubBuilder.anAuthnResponse) Response(javax.ws.rs.core.Response) IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub) HubTransformersFactory(uk.gov.ida.saml.hub.api.HubTransformersFactory) AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto) SessionId(uk.gov.ida.common.SessionId) URI(java.net.URI) Test(org.junit.Test)

Example 4 with AuthnRequestFromHubContainerDto

use of uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateAuthnRequestFromHub_shouldAddExternalCommunicationEvent.

@Test
public void generateAuthnRequestFromHub_shouldAddExternalCommunicationEvent() throws Exception {
    SessionId sessionId = SessionId.createNewSessionId();
    String expectedSamlMessageId = UUID.randomUUID().toString();
    when(sessionProxy.getAuthnRequestFromHub(any(SessionId.class))).thenReturn(new AuthnRequestFromHubContainerDto(samlRequest, postEndPoint, true));
    AuthnRequest authnRequest = anAuthnRequest().withId(expectedSamlMessageId).build();
    when(authnRequestTransformer.apply(samlRequest)).thenReturn(authnRequest);
    SamlMessage authnResponse = samlMessageSenderHandler.generateAuthnRequestFromHub(sessionId, principalIpAddressAsSeenByHub);
    assertThat(authnResponse.getSamlMessage()).isEqualTo(samlRequest);
    assertThat(authnResponse.getPostEndpoint()).isEqualTo(postEndPoint.toString());
    assertThat(authnResponse.getRegistration().isPresent()).isTrue();
    assertThat(authnResponse.getRegistration().get()).isTrue();
    assertThat(authnResponse.getSamlMessageType()).isEqualTo(SamlMessageType.SAML_REQUEST);
    assertThat(authnResponse.getRelayState().isPresent()).isTrue();
    assertThat(authnResponse.getRelayState().get()).isEqualTo(sessionId.getSessionId());
    verify(externalCommunicationEventLogger).logIdpAuthnRequest(expectedSamlMessageId, sessionId, postEndPoint, principalIpAddressAsSeenByHub);
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest) SamlMessage(uk.gov.ida.hub.samlproxy.controllogic.SamlMessageSenderHandler.SamlMessage) Matchers.anyString(org.mockito.Matchers.anyString) AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto) SessionId(uk.gov.ida.common.SessionId) Test(org.junit.Test)

Aggregations

AuthnRequestFromHubContainerDto (uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto)4 Test (org.junit.Test)3 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)3 SessionId (uk.gov.ida.common.SessionId)3 Matchers.anyString (org.mockito.Matchers.anyString)2 AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)2 URI (java.net.URI)1 Response (javax.ws.rs.core.Response)1 SamlMessage (uk.gov.ida.hub.samlproxy.controllogic.SamlMessageSenderHandler.SamlMessage)1 ResponseForHubBuilder.anAuthnResponse (uk.gov.ida.saml.core.test.builders.ResponseForHubBuilder.anAuthnResponse)1 SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)1 SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)1 SamlValidationSpecificationFailure (uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)1 SamlValidationSpecification (uk.gov.ida.saml.core.validation.errors.SamlValidationSpecification)1 HubTransformersFactory (uk.gov.ida.saml.hub.api.HubTransformersFactory)1 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)1