use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapperTest method shouldHandleSamlContextExceptionCorrectly.
@Test
public void shouldHandleSamlContextExceptionCorrectly() throws Exception {
final SamlContextException exception = new SamlContextException(UUID.randomUUID().toString(), "entityId", new SamlTransformationErrorException("error", Level.ERROR));
Response response = samlEngineExceptionMapper.toResponse(exception);
ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
assertThat(responseEntity.isAudited()).isFalse();
assertThat(responseEntity.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
checkLogLevel(exception.getLogLevel());
}
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapperTest method toResponse_shouldCreateResponseWithUnauditedErrorStatus.
@Test
public void toResponse_shouldCreateResponseWithUnauditedErrorStatus() throws Exception {
SamlTransformationErrorException exception = aSamlTransformationFailureException().build();
Response response = samlEngineExceptionMapper.toResponse(exception);
assertThat(response.getEntity()).isNotNull();
final ErrorStatusDto errorStatusDto = (ErrorStatusDto) response.getEntity();
assertThat(errorStatusDto.isAudited()).isEqualTo(false);
assertThat(errorStatusDto.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
checkLogLevel(exception.getLogLevel());
}
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorService method translate.
public InboundResponseFromIdpDto translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
Response response = stringToOpenSamlResponseTransformer.apply(samlResponseDto.getSamlResponse());
MdcHelper.addContextToMdc(response);
try {
InboundResponseFromIdp idaResponseFromIdp = samlResponseToIdaResponseIssuedByIdpTransformer.apply(response);
UnknownMethodAlgorithmLogger.probeResponseForMethodAlgorithm(idaResponseFromIdp);
if (idaResponseFromIdp.getAuthnStatementAssertion().isPresent()) {
Assertion authnStatementAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getAuthnStatementAssertion().get().getUnderlyingAssertionBlob());
logAnalytics(authnStatementAssertion, AUTHN_STATEMENT);
}
Assertion matchingDatasetAssertion = null;
if (idaResponseFromIdp.getMatchingDatasetAssertion().isPresent()) {
matchingDatasetAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getMatchingDatasetAssertion().get().getUnderlyingAssertionBlob());
logAnalytics(matchingDatasetAssertion, MATCHING_DATASET);
}
InboundResponseFromIdpData inboundResponseFromIdpData = inboundResponseFromIdpDataGenerator.generate(idaResponseFromIdp, samlResponseDto.getMatchingServiceEntityId());
Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
if (!Strings.isNullOrEmpty(inboundResponseFromIdpData.getLevelOfAssurance())) {
levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(inboundResponseFromIdpData.getLevelOfAssurance()));
}
logVerifiedAttributes(idaResponseFromIdp, matchingDatasetAssertion, levelOfAssurance);
return new InboundResponseFromIdpDto(inboundResponseFromIdpData.getStatus(), inboundResponseFromIdpData.getStatusMessage(), inboundResponseFromIdpData.getIssuer(), inboundResponseFromIdpData.getAuthnStatementAssertionBlob(), inboundResponseFromIdpData.getEncryptedMatchingDatasetAssertion(), inboundResponseFromIdpData.getPersistentId(), inboundResponseFromIdpData.getPrincipalIpAddressAsSeenByIdp(), levelOfAssurance, inboundResponseFromIdpData.getIdpFraudEventId(), inboundResponseFromIdpData.getFraudIndicator());
} catch (SamlTransformationErrorException e) {
throw new SamlContextException(response.getID(), response.getIssuer().getValue(), e);
}
}
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class EidasAttributeStatementAssertionValidator method validateAttributes.
private void validateAttributes(Assertion assertion) {
final List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements.isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsStatementMissing();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (attributeStatements.size() > 1) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsMultipleStatements();
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
final List<Attribute> attributes = attributeStatements.get(0).getAttributes();
if (attributes.isEmpty()) {
SamlValidationSpecificationFailure failure = attributeStatementEmpty(assertion.getID());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
Set<String> attributeNames = attributes.stream().map(Attribute::getName).collect(Collectors.toSet());
if (!attributeNames.containsAll(MANDATORY_ATTRIBUTES.keySet())) {
throw new SamlTransformationErrorException(String.format("Mandatory attributes not provided. Expected %s but got %s", MANDATORY_ATTRIBUTES.values().stream().collect(Collectors.joining(",")), attributes.stream().map(Attribute::getFriendlyName).collect(Collectors.joining(","))), Level.ERROR);
}
for (Attribute attribute : attributes) {
final String attributeName = attribute.getName();
if (!VALID_EIDAS_ATTRIBUTE_NAMES.contains(attributeName)) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsAttributeNotRecognised(attributeName);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (attribute.getAttributeValues().isEmpty()) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyAttribute(attributeName);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!VALID_TYPE_FOR_ATTRIBUTE.get(attributeName).equals(attribute.getAttributeValues().get(0).getSchemaType())) {
final QName schemaType = attribute.getAttributeValues().get(0).getSchemaType();
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.attributeWithIncorrectType(attributeName, VALID_TYPE_FOR_ATTRIBUTE.get(attributeName), schemaType);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!VALID_ATTRIBUTE_NAME_FORMATS.contains(attribute.getNameFormat())) {
SamlTransformationErrorManager.warn(invalidAttributeNameFormat(attribute.getNameFormat()));
}
}
}
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapperTest method shouldHandleSamlRequestTooOldExceptionCorrectly.
@Test
public void shouldHandleSamlRequestTooOldExceptionCorrectly() throws Exception {
SamlTransformationErrorException exception = new SamlRequestTooOldException("error", new RuntimeException(), Level.DEBUG);
final Response response = samlEngineExceptionMapper.toResponse(exception);
ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
assertThat(responseEntity.isAudited()).isFalse();
assertThat(responseEntity.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML_REQUEST_TOO_OLD);
checkLogLevel(exception.getLogLevel());
}
Aggregations