Example 16 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapperTest method shouldHandleSamlDuplicateRequestIdExceptionCorrectly.
@Test
public void shouldHandleSamlDuplicateRequestIdExceptionCorrectly() throws Exception {
SamlTransformationErrorException exception = new SamlDuplicateRequestIdException("error", new RuntimeException(), Level.DEBUG);
final Response response = samlEngineExceptionMapper.toResponse(exception);
ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
assertThat(responseEntity.isAudited()).isFalse();
assertThat(responseEntity.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML_DUPLICATE_REQUEST_ID);
checkLogLevel(exception.getLogLevel());
}
Also used :
Response(javax.ws.rs.core.Response)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
SamlDuplicateRequestIdException(uk.gov.ida.saml.hub.exception.SamlDuplicateRequestIdException)
Test(org.junit.Test)
Example 17 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapperTest method shouldHandleSamlTransformationErrorExceptionCorrectly.
@Test
public void shouldHandleSamlTransformationErrorExceptionCorrectly() throws Exception {
SamlTransformationErrorException exception = new SamlTransformationErrorException("error", new RuntimeException(), Level.DEBUG);
final Response response = samlEngineExceptionMapper.toResponse(exception);
ErrorStatusDto responseEntity = (ErrorStatusDto) response.getEntity();
assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
assertThat(responseEntity.isAudited()).isFalse();
assertThat(responseEntity.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
checkLogLevel(exception.getLogLevel());
}
Also used :
Response(javax.ws.rs.core.Response)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Test(org.junit.Test)
Example 18 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class MatchingServiceResponseTranslatorServiceTest method handle_shouldNotifyPolicyWhenSamlStringCannotBeConvertedToAnElement.
@Test(expected = SamlTransformationErrorException.class)
public void handle_shouldNotifyPolicyWhenSamlStringCannotBeConvertedToAnElement() throws Exception {
final SamlResponseDto samlResponse = new SamlResponseDto("Woooo!");
when(responseUnmarshaller.apply(samlResponse.getSamlResponse())).thenThrow(new SamlTransformationErrorException("not xml", Level.ERROR));
matchingServiceResponseTranslatorService.translate(samlResponse);
// event sink logging is tested in SamlTransformationErrorExceptionMapperTest
}
Also used :
SamlResponseDto(uk.gov.ida.hub.samlengine.domain.SamlResponseDto)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
Test(org.junit.Test)
Example 19 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlEngineExceptionMapper method toResponse.
@Override
public Response toResponse(Exception exception) {
final UUID errorId = UUID.randomUUID();
Response.ResponseBuilder response = Response.status(Response.Status.BAD_REQUEST);
if (exception instanceof ApplicationException) {
ApplicationException applicationException = (ApplicationException) exception;
response.entity(logAndGetErrorStatusDto(applicationException.getExceptionType().getLevel(), applicationException.getExceptionType(), applicationException, applicationException.getErrorId(), applicationException.isAudited()));
} else if (exception instanceof SamlContextException) {
SamlContextException contextException = (SamlContextException) exception;
response.entity(logAndGetErrorStatusDto(contextException.getLogLevel(), contextException.getExceptionType(), exception, errorId, HAS_NOT_BEEN_AUDITED_YET));
} else if (exception instanceof SamlFailedToDecryptException) {
response.entity(logAndGetErrorStatusDto(((SamlFailedToDecryptException) exception).getLogLevel(), ExceptionType.INVALID_SAML_FAILED_TO_DECRYPT, exception, errorId, HAS_NOT_BEEN_AUDITED_YET));
} else if (exception instanceof SamlDuplicateRequestIdException) {
response.entity(logAndGetErrorStatusDto(((SamlDuplicateRequestIdException) exception).getLogLevel(), ExceptionType.INVALID_SAML_DUPLICATE_REQUEST_ID, exception, errorId, HAS_NOT_BEEN_AUDITED_YET));
} else if (exception instanceof SamlRequestTooOldException) {
response.entity(logAndGetErrorStatusDto(((SamlTransformationErrorException) exception).getLogLevel(), ExceptionType.INVALID_SAML_REQUEST_TOO_OLD, exception, errorId, HAS_NOT_BEEN_AUDITED_YET));
} else if (exception instanceof SamlTransformationErrorException) {
response.entity(logAndGetErrorStatusDto(((SamlTransformationErrorException) exception).getLogLevel(), ExceptionType.INVALID_SAML, exception, errorId, HAS_NOT_BEEN_AUDITED_YET));
} else if (exception instanceof UnableToGenerateSamlException) {
response.entity(logAndGetErrorStatusDto(((UnableToGenerateSamlException) exception).getLogLevel(), ExceptionType.INVALID_INPUT, exception, errorId, HAS_NOT_BEEN_AUDITED_YET));
} else if (exception instanceof NoKeyConfiguredForEntityException) {
response.entity(logAndGetErrorStatusDto(ERROR, ExceptionType.NO_KEY_CONFIGURED_FOR_ENTITY, exception, errorId, HAS_NOT_BEEN_AUDITED_YET));
} else {
levelLogger.log(WARN, exception, errorId);
}
return response.build();
}
Also used :
Response(javax.ws.rs.core.Response)
ApplicationException(uk.gov.ida.exceptions.ApplicationException)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
NoKeyConfiguredForEntityException(uk.gov.ida.saml.metadata.exceptions.NoKeyConfiguredForEntityException)
UUID(java.util.UUID)
SamlDuplicateRequestIdException(uk.gov.ida.saml.hub.exception.SamlDuplicateRequestIdException)
SamlRequestTooOldException(uk.gov.ida.saml.hub.exception.SamlRequestTooOldException)
SamlFailedToDecryptException(uk.gov.ida.saml.security.exception.SamlFailedToDecryptException)
Example 20 with SamlTransformationErrorException
use of uk.gov.ida.saml.core.validation.SamlTransformationErrorException in project verify-hub by alphagov.
the class SamlMessageReceiverApi method handleResponsePost.
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.RESPONSE_POST_PATH)
@Timed
public Response handleResponsePost(SamlRequestDto samlRequestDto) {
final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
MDC.put("SessionId", sessionId);
relayStateValidator.validate(samlRequestDto.getRelayState());
org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());
SamlValidationResponse signatureValidationResponse = authnResponseSignatureValidator.validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.INBOUND, signatureValidationResponse.isOK());
if (!signatureValidationResponse.isOK()) {
SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
}
final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(samlRequestDto.getSamlRequest(), sessionId, samlRequestDto.getPrincipalIpAsSeenByFrontend());
return Response.ok(sessionProxy.receiveAuthnResponseFromIdp(authnResponseDto, sessionId)).build();
}
Also used :
SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse)
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
SamlAuthnResponseContainerDto(uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto)
SessionId(uk.gov.ida.common.SessionId)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
Aggregations
SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)22
SamlValidationSpecificationFailure (uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)10
Test (org.junit.Test)9
Response (javax.ws.rs.core.Response)8
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)8
ErrorStatusDto (uk.gov.ida.common.ErrorStatusDto)7
Timed (com.codahale.metrics.annotation.Timed)3
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
Produces (javax.ws.rs.Produces)3
SessionId (uk.gov.ida.common.SessionId)3
Path (javax.ws.rs.Path)2
AttributeQuery (org.opensaml.saml.saml2.core.AttributeQuery)2
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2
Response (org.opensaml.saml.saml2.core.Response)2
SamlAuthnResponseContainerDto (uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto)2
SamlDuplicateRequestIdException (uk.gov.ida.saml.hub.exception.SamlDuplicateRequestIdException)2
SamlRequestTooOldException (uk.gov.ida.saml.hub.exception.SamlRequestTooOldException)2
SamlFailedToDecryptException (uk.gov.ida.saml.security.exception.SamlFailedToDecryptException)2
IOException (java.io.IOException)1
