Example 1 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class ResponseAssertionsFromCountryValidator method validate.
public void validate(ValidatedResponse validatedResponse, Assertion validatedIdentityAssertion) {
assertionValidator.validate(validatedIdentityAssertion, validatedResponse.getInResponseTo(), expectedRecipientId);
if (validatedResponse.isSuccess()) {
if (validatedIdentityAssertion.getAuthnStatements().size() > 1) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.multipleAuthnStatements();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
authnStatementAssertionValidator.validate(validatedIdentityAssertion);
eidasAttributeStatementAssertionValidator.validate(validatedIdentityAssertion);
authnResponseIssuerValidator.validate(validatedResponse, validatedIdentityAssertion);
}
}
Also used :
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Example 2 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class ExecuteAttributeQueryRequest method convertToElementAndValidate.
private Element convertToElementAndValidate(AttributeQueryContainerDto attributeQueryContainerDto) {
try {
Element matchingServiceRequest;
matchingServiceRequest = XmlUtils.convertToElement(attributeQueryContainerDto.getSamlRequest());
validateRequestSignature(matchingServiceRequest, attributeQueryContainerDto.getMatchingServiceUri());
return matchingServiceRequest;
} catch (ParserConfigurationException | SAXException | IOException e) {
throw new InvalidSamlRequestInAttributeQueryException("Attribute Query had invalid XML.", e);
} catch (SamlTransformationErrorException e) {
throw new InvalidSamlRequestInAttributeQueryException("Attribute Query had invalid Saml", e);
}
}
Also used :
InvalidSamlRequestInAttributeQueryException(uk.gov.ida.hub.samlsoapproxy.exceptions.InvalidSamlRequestInAttributeQueryException)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Element(org.w3c.dom.Element)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
IOException(java.io.IOException)
SAXException(org.xml.sax.SAXException)
Example 3 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class ExecuteAttributeQueryRequest method validateRequestSignature.
private void validateRequestSignature(Element matchingServiceRequest, URI matchingServiceUri) {
AttributeQuery attributeQuery = elementToAttributeQueryTransformer.apply(matchingServiceRequest);
SamlValidationResponse signatureValidationResponse = matchingRequestSignatureValidator.validate(attributeQuery, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
protectiveMonitoringLogger.logAttributeQuery(attributeQuery.getID(), matchingServiceUri.toASCIIString(), attributeQuery.getIssuer().getValue(), signatureValidationResponse.isOK());
if (!signatureValidationResponse.isOK()) {
SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
}
}
Also used :
SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse)
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Example 4 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class ExecuteAttributeQueryRequest method validateResponseSignature.
private void validateResponseSignature(Element responseFromMatchingService) {
Response response = elementToSamlResponseTransformer.apply(responseFromMatchingService);
SamlValidationResponse signatureValidationResponse = matchingResponseSignatureValidator.validate(response, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
String message = hasStatusMessage(response.getStatus()) ? response.getStatus().getStatusMessage().getMessage() : "";
protectiveMonitoringLogger.logAttributeQueryResponse(response.getID(), response.getInResponseTo(), response.getIssuer().getValue(), signatureValidationResponse.isOK(), response.getStatus().getStatusCode().getValue(), message);
if (!signatureValidationResponse.isOK()) {
SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
}
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse)
SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse)
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Example 5 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapperTest method shouldCreateUnauditedErrorResponse.
@Test
public void shouldCreateUnauditedErrorResponse() throws Exception {
final SamlTransformationErrorException exception = new SamlTransformationErrorException("error", new RuntimeException(), Level.DEBUG);
Response response = samlEngineExceptionMapper.toResponse(exception);
ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
assertThat(responseEntity.isAudited()).isFalse();
checkLogLevel(exception.getLogLevel());
}
Also used :
Response(javax.ws.rs.core.Response)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Test(org.junit.jupiter.api.Test)
Aggregations
SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)27
SamlValidationSpecificationFailure (uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)13
Test (org.junit.jupiter.api.Test)10
Response (javax.ws.rs.core.Response)8
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)8
ErrorStatusDto (uk.gov.ida.common.ErrorStatusDto)7
Timed (com.codahale.metrics.annotation.Timed)3
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
Produces (javax.ws.rs.Produces)3
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)3
SessionId (uk.gov.ida.common.SessionId)3
SamlRequestTooOldException (uk.gov.ida.saml.hub.exception.SamlRequestTooOldException)3
ResponseMetered (com.codahale.metrics.annotation.ResponseMetered)2
IOException (java.io.IOException)2
Path (javax.ws.rs.Path)2
QName (javax.xml.namespace.QName)2
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)2
Attribute (org.opensaml.saml.saml2.core.Attribute)2
AttributeQuery (org.opensaml.saml.saml2.core.AttributeQuery)2
