Example 6 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class ExecuteAttributeQueryRequest method validateRequestSignature.
private void validateRequestSignature(Element matchingServiceRequest, URI matchingServiceUri) {
AttributeQuery attributeQuery = elementToAttributeQueryTransformer.apply(matchingServiceRequest);
SamlValidationResponse signatureValidationResponse = matchingRequestSignatureValidator.validate(attributeQuery, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
protectiveMonitoringLogger.logAttributeQuery(attributeQuery.getID(), matchingServiceUri.toASCIIString(), attributeQuery.getIssuer().getValue(), signatureValidationResponse.isOK());
if (!signatureValidationResponse.isOK()) {
SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
}
}
Also used :
SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse)
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Example 7 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class AttributeQueryRequestRunnableTest method run_shouldNotifySamlEngineAndLogErrorWhenMatchingServiceResponseIsNotProperlySigned.
@Test
public void run_shouldNotifySamlEngineAndLogErrorWhenMatchingServiceResponseIsNotProperlySigned() {
when(executeAttributeQueryRequest.execute(sessionId, attributeQueryContainerDto)).thenThrow(new SamlTransformationErrorException("Signature was not valid", Level.ERROR));
attributeQueryRequestRunnable.run();
final ArgumentCaptor<EventSinkHubEvent> loggedHubEvent = ArgumentCaptor.forClass(EventSinkHubEvent.class);
final ArgumentCaptor<EventSinkHubEvent> emitterLoggedHubEvent = ArgumentCaptor.forClass(EventSinkHubEvent.class);
verify(eventSinkProxy).logHubEvent(loggedHubEvent.capture());
verify(eventEmitter).record(emitterLoggedHubEvent.capture());
assertThat(loggedHubEvent.getValue().getSessionId()).isEqualTo(sessionId.toString());
assertThat(emitterLoggedHubEvent.getValue().getSessionId()).isEqualTo(sessionId.toString());
verify(hubMatchingServiceResponseReceiverProxy).notifyHubOfMatchingServiceRequestFailure(sessionId);
verify(timeoutEvaluator, times(2)).hasAttributeQueryTimedOut(attributeQueryContainerDto);
assertThat(loggedHubEvent.getValue().getDetails().get(message)).doesNotContain("Incorrect message provided by caller");
assertThat(emitterLoggedHubEvent.getValue().getDetails().get(message)).doesNotContain("Incorrect message provided by caller");
}
Also used :
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
EventSinkHubEvent(uk.gov.ida.eventsink.EventSinkHubEvent)
Test(org.junit.Test)
Example 8 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class ResponseAssertionsFromCountryValidator method validate.
public void validate(ValidatedResponse validatedResponse, Assertion validatedIdentityAssertion) {
assertionValidator.validate(validatedIdentityAssertion, validatedResponse.getInResponseTo(), expectedRecipientId);
if (validatedResponse.isSuccess()) {
if (validatedIdentityAssertion.getAuthnStatements().size() > 1) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.multipleAuthnStatements();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
authnStatementAssertionValidator.validate(validatedIdentityAssertion);
eidasAttributeStatementAssertionValidator.validate(validatedIdentityAssertion);
authnResponseIssuerValidator.validate(validatedResponse, validatedIdentityAssertion);
}
}
Also used :
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Example 9 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapperTest method shouldCreateUnauditedErrorResponse.
@Test
public void shouldCreateUnauditedErrorResponse() throws Exception {
final SamlTransformationErrorException exception = new SamlTransformationErrorException("error", new RuntimeException(), Level.DEBUG);
Response response = samlEngineExceptionMapper.toResponse(exception);
ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
assertThat(responseEntity.isAudited()).isFalse();
checkLogLevel(exception.getLogLevel());
}
Also used :
Response(javax.ws.rs.core.Response)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Test(org.junit.Test)
Example 10 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapperTest method shouldHandleSamlFailedToDecryptErrorExceptionCorrectly.
@Test
public void shouldHandleSamlFailedToDecryptErrorExceptionCorrectly() throws Exception {
SamlTransformationErrorException exception = new SamlFailedToDecryptException("error", new RuntimeException(), Level.DEBUG);
final Response response = samlEngineExceptionMapper.toResponse(exception);
ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
assertThat(responseEntity.isAudited()).isFalse();
assertThat(responseEntity.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML_FAILED_TO_DECRYPT);
checkLogLevel(exception.getLogLevel());
}
Also used :
Response(javax.ws.rs.core.Response)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
SamlFailedToDecryptException(uk.gov.ida.saml.security.exception.SamlFailedToDecryptException)
Test(org.junit.Test)
Aggregations
SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)22
SamlValidationSpecificationFailure (uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)10
Test (org.junit.Test)9
Response (javax.ws.rs.core.Response)8
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)8
ErrorStatusDto (uk.gov.ida.common.ErrorStatusDto)7
Timed (com.codahale.metrics.annotation.Timed)3
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
Produces (javax.ws.rs.Produces)3
SessionId (uk.gov.ida.common.SessionId)3
Path (javax.ws.rs.Path)2
AttributeQuery (org.opensaml.saml.saml2.core.AttributeQuery)2
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2
Response (org.opensaml.saml.saml2.core.Response)2
SamlAuthnResponseContainerDto (uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto)2
SamlDuplicateRequestIdException (uk.gov.ida.saml.hub.exception.SamlDuplicateRequestIdException)2
SamlRequestTooOldException (uk.gov.ida.saml.hub.exception.SamlRequestTooOldException)2
SamlFailedToDecryptException (uk.gov.ida.saml.security.exception.SamlFailedToDecryptException)2
IOException (java.io.IOException)1
