Search in sources :

Example 11 with SamlTransformationErrorException

use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.

the class SamlEngineExceptionMapperTest method shouldHandleSamlContextExceptionCorrectly.

@Test
public void shouldHandleSamlContextExceptionCorrectly() throws Exception {
    final SamlContextException exception = new SamlContextException(UUID.randomUUID().toString(), "entityId", new SamlTransformationErrorException("error", Level.ERROR));
    Response response = samlEngineExceptionMapper.toResponse(exception);
    ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
    assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
    assertThat(responseEntity.isAudited()).isFalse();
    assertThat(responseEntity.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
    checkLogLevel(exception.getLogLevel());
}
Also used : Response(javax.ws.rs.core.Response) ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) Test(org.junit.Test)

Example 12 with SamlTransformationErrorException

use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.

the class SamlEngineExceptionMapperTest method toResponse_shouldCreateResponseWithUnauditedErrorStatus.

@Test
public void toResponse_shouldCreateResponseWithUnauditedErrorStatus() throws Exception {
    SamlTransformationErrorException exception = aSamlTransformationFailureException().build();
    Response response = samlEngineExceptionMapper.toResponse(exception);
    assertThat(response.getEntity()).isNotNull();
    final ErrorStatusDto errorStatusDto = (ErrorStatusDto) response.getEntity();
    assertThat(errorStatusDto.isAudited()).isEqualTo(false);
    assertThat(errorStatusDto.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
    checkLogLevel(exception.getLogLevel());
}
Also used : Response(javax.ws.rs.core.Response) ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) Test(org.junit.Test)

Example 13 with SamlTransformationErrorException

use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorService method translate.

public InboundResponseFromIdpDto translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
    Response response = stringToOpenSamlResponseTransformer.apply(samlResponseDto.getSamlResponse());
    MdcHelper.addContextToMdc(response);
    try {
        InboundResponseFromIdp idaResponseFromIdp = samlResponseToIdaResponseIssuedByIdpTransformer.apply(response);
        UnknownMethodAlgorithmLogger.probeResponseForMethodAlgorithm(idaResponseFromIdp);
        if (idaResponseFromIdp.getAuthnStatementAssertion().isPresent()) {
            Assertion authnStatementAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getAuthnStatementAssertion().get().getUnderlyingAssertionBlob());
            logAnalytics(authnStatementAssertion, AUTHN_STATEMENT);
        }
        Assertion matchingDatasetAssertion = null;
        if (idaResponseFromIdp.getMatchingDatasetAssertion().isPresent()) {
            matchingDatasetAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getMatchingDatasetAssertion().get().getUnderlyingAssertionBlob());
            logAnalytics(matchingDatasetAssertion, MATCHING_DATASET);
        }
        InboundResponseFromIdpData inboundResponseFromIdpData = inboundResponseFromIdpDataGenerator.generate(idaResponseFromIdp, samlResponseDto.getMatchingServiceEntityId());
        Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
        if (!Strings.isNullOrEmpty(inboundResponseFromIdpData.getLevelOfAssurance())) {
            levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(inboundResponseFromIdpData.getLevelOfAssurance()));
        }
        logVerifiedAttributes(idaResponseFromIdp, matchingDatasetAssertion, levelOfAssurance);
        return new InboundResponseFromIdpDto(inboundResponseFromIdpData.getStatus(), inboundResponseFromIdpData.getStatusMessage(), inboundResponseFromIdpData.getIssuer(), inboundResponseFromIdpData.getAuthnStatementAssertionBlob(), inboundResponseFromIdpData.getEncryptedMatchingDatasetAssertion(), inboundResponseFromIdpData.getPersistentId(), inboundResponseFromIdpData.getPrincipalIpAddressAsSeenByIdp(), levelOfAssurance, inboundResponseFromIdpData.getIdpFraudEventId(), inboundResponseFromIdpData.getFraudIndicator());
    } catch (SamlTransformationErrorException e) {
        throw new SamlContextException(response.getID(), response.getIssuer().getValue(), e);
    }
}
Also used : Response(org.opensaml.saml.saml2.core.Response) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) SamlContextException(uk.gov.ida.hub.samlengine.exceptions.SamlContextException) InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) Assertion(org.opensaml.saml.saml2.core.Assertion) InboundResponseFromIdpData(uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)

Example 14 with SamlTransformationErrorException

use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.

the class EidasAttributeStatementAssertionValidator method validateAttributes.

private void validateAttributes(Assertion assertion) {
    final List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
    if (attributeStatements.isEmpty()) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsStatementMissing();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    if (attributeStatements.size() > 1) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsMultipleStatements();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    final List<Attribute> attributes = attributeStatements.get(0).getAttributes();
    if (attributes.isEmpty()) {
        SamlValidationSpecificationFailure failure = attributeStatementEmpty(assertion.getID());
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    Set<String> attributeNames = attributes.stream().map(Attribute::getName).collect(Collectors.toSet());
    if (!attributeNames.containsAll(MANDATORY_ATTRIBUTES.keySet())) {
        throw new SamlTransformationErrorException(String.format("Mandatory attributes not provided. Expected %s but got %s", MANDATORY_ATTRIBUTES.values().stream().collect(Collectors.joining(",")), attributes.stream().map(Attribute::getFriendlyName).collect(Collectors.joining(","))), Level.ERROR);
    }
    for (Attribute attribute : attributes) {
        final String attributeName = attribute.getName();
        if (!VALID_EIDAS_ATTRIBUTE_NAMES.contains(attributeName)) {
            SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.mdsAttributeNotRecognised(attributeName);
            throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
        }
        if (attribute.getAttributeValues().isEmpty()) {
            SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyAttribute(attributeName);
            throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
        }
        if (!VALID_TYPE_FOR_ATTRIBUTE.get(attributeName).equals(attribute.getAttributeValues().get(0).getSchemaType())) {
            final QName schemaType = attribute.getAttributeValues().get(0).getSchemaType();
            SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.attributeWithIncorrectType(attributeName, VALID_TYPE_FOR_ATTRIBUTE.get(attributeName), schemaType);
            throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
        }
        if (!VALID_ATTRIBUTE_NAME_FORMATS.contains(attribute.getNameFormat())) {
            SamlTransformationErrorManager.warn(invalidAttributeNameFormat(attribute.getNameFormat()));
        }
    }
}
Also used : SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) QName(javax.xml.namespace.QName)

Example 15 with SamlTransformationErrorException

use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.

the class SamlEngineExceptionMapperTest method shouldHandleSamlRequestTooOldExceptionCorrectly.

@Test
public void shouldHandleSamlRequestTooOldExceptionCorrectly() throws Exception {
    SamlTransformationErrorException exception = new SamlRequestTooOldException("error", new RuntimeException(), Level.DEBUG);
    final Response response = samlEngineExceptionMapper.toResponse(exception);
    ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
    assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
    assertThat(responseEntity.isAudited()).isFalse();
    assertThat(responseEntity.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML_REQUEST_TOO_OLD);
    checkLogLevel(exception.getLogLevel());
}
Also used : Response(javax.ws.rs.core.Response) ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) SamlRequestTooOldException(uk.gov.ida.saml.hub.exception.SamlRequestTooOldException) Test(org.junit.Test)

Aggregations

SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)22 SamlValidationSpecificationFailure (uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)10 Test (org.junit.Test)9 Response (javax.ws.rs.core.Response)8 SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)8 ErrorStatusDto (uk.gov.ida.common.ErrorStatusDto)7 Timed (com.codahale.metrics.annotation.Timed)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Produces (javax.ws.rs.Produces)3 SessionId (uk.gov.ida.common.SessionId)3 Path (javax.ws.rs.Path)2 AttributeQuery (org.opensaml.saml.saml2.core.AttributeQuery)2 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2 Response (org.opensaml.saml.saml2.core.Response)2 SamlAuthnResponseContainerDto (uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto)2 SamlDuplicateRequestIdException (uk.gov.ida.saml.hub.exception.SamlDuplicateRequestIdException)2 SamlRequestTooOldException (uk.gov.ida.saml.hub.exception.SamlRequestTooOldException)2 SamlFailedToDecryptException (uk.gov.ida.saml.security.exception.SamlFailedToDecryptException)2 IOException (java.io.IOException)1