Examples with SamlValidationResponse - uk.gov.ida.saml.core.validation.SamlValidationResponse

Example 1 with SamlValidationResponse

use of uk.gov.ida.saml.core.validation.SamlValidationResponse in project verify-hub by alphagov.

the class SamlMessageSenderHandler method generateAuthnRequestFromHub.

public SamlMessage generateAuthnRequestFromHub(SessionId sessionId, String principalIpAddress) {
    AuthnRequestFromHubContainerDto authnRequestFromHub = sessionProxy.getAuthnRequestFromHub(sessionId);
    AuthnRequest request = authnRequestTransformer.apply(authnRequestFromHub.getSamlRequest());
    SamlValidationResponse samlSignatureValidationResponse = samlMessageSignatureValidator.validate(request, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAuthnRequest(request, Direction.OUTBOUND, samlSignatureValidationResponse.isOK());
    if (!samlSignatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = samlSignatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), samlSignatureValidationResponse.getCause(), Level.ERROR);
    }
    SamlMessage samlMessage = new SamlMessage(authnRequestFromHub.getSamlRequest(), SamlMessageType.SAML_REQUEST, Optional.fromNullable(sessionId.toString()), authnRequestFromHub.getPostEndpoint().toString(), Optional.of(authnRequestFromHub.getRegistering()));
    externalCommunicationEventLogger.logIdpAuthnRequest(request.getID(), sessionId, authnRequestFromHub.getPostEndpoint(), principalIpAddress);
    return samlMessage;
}

Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto)

Example 2 with SamlValidationResponse

use of uk.gov.ida.saml.core.validation.SamlValidationResponse in project verify-hub by alphagov.

the class SamlMessageSenderHandler method validateAndLogSamlResponseSignature.

private void validateAndLogSamlResponseSignature(Response samlResponse) {
    boolean isSigned = samlResponse.getIssuer() != null;
    if (isSigned) {
        SamlValidationResponse signatureValidationResponse = samlMessageSignatureValidator.validate(samlResponse, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.OUTBOUND, signatureValidationResponse.isOK());
        if (!signatureValidationResponse.isOK()) {
            SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
            throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
        }
    } else {
        protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.OUTBOUND, null);
    }
}

Example 3 with SamlValidationResponse

use of uk.gov.ida.saml.core.validation.SamlValidationResponse in project verify-hub by alphagov.

the class SamlMessageReceiverApi method handleRequestPost.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Timed
public Response handleRequestPost(SamlRequestDto samlRequestDto) {
    relayStateValidator.validate(samlRequestDto.getRelayState());
    AuthnRequest authnRequest = stringSamlAuthnRequestTransformer.apply(samlRequestDto.getSamlRequest());
    SamlValidationResponse signatureValidationResponse = authnRequestSignatureValidator.validate(authnRequest, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAuthnRequest(authnRequest, Direction.INBOUND, signatureValidationResponse.isOK());
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
    SamlAuthnRequestContainerDto samlAuthnRequestContainerDto = new SamlAuthnRequestContainerDto(samlRequestDto.getSamlRequest(), Optional.ofNullable(samlRequestDto.getRelayState()), samlRequestDto.getPrincipalIpAsSeenByFrontend());
    SessionId sessionId = sessionProxy.createSession(samlAuthnRequestContainerDto);
    return Response.ok(sessionId).build();
}

Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlAuthnRequestContainerDto(uk.gov.ida.hub.samlproxy.domain.SamlAuthnRequestContainerDto) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) SessionId(uk.gov.ida.common.SessionId) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed)

Example 4 with SamlValidationResponse

use of uk.gov.ida.saml.core.validation.SamlValidationResponse in project verify-hub by alphagov.

the class ExecuteAttributeQueryRequest method validateResponseSignature.

private void validateResponseSignature(Element responseFromMatchingService) {
    Response response = elementToSamlResponseTransformer.apply(responseFromMatchingService);
    SamlValidationResponse signatureValidationResponse = matchingResponseSignatureValidator.validate(response, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
    String message = hasStatusMessage(response.getStatus()) ? response.getStatus().getStatusMessage().getMessage() : "";
    protectiveMonitoringLogger.logAttributeQueryResponse(response.getID(), response.getInResponseTo(), response.getIssuer().getValue(), signatureValidationResponse.isOK(), response.getStatus().getStatusCode().getValue(), message);
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
}

Also used : Response(org.opensaml.saml.saml2.core.Response) SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)

Example 5 with SamlValidationResponse

use of uk.gov.ida.saml.core.validation.SamlValidationResponse in project verify-hub by alphagov.

the class ExecuteAttributeQueryRequest method validateRequestSignature.

private void validateRequestSignature(Element matchingServiceRequest, URI matchingServiceUri) {
    AttributeQuery attributeQuery = elementToAttributeQueryTransformer.apply(matchingServiceRequest);
    SamlValidationResponse signatureValidationResponse = matchingRequestSignatureValidator.validate(attributeQuery, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAttributeQuery(attributeQuery.getID(), matchingServiceUri.toASCIIString(), attributeQuery.getIssuer().getValue(), signatureValidationResponse.isOK());
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
}

Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)

Aggregations

SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)8 SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)8 SamlValidationSpecificationFailure (uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)8 Timed (com.codahale.metrics.annotation.Timed)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Produces (javax.ws.rs.Produces)3 SessionId (uk.gov.ida.common.SessionId)3 Path (javax.ws.rs.Path)2 AttributeQuery (org.opensaml.saml.saml2.core.AttributeQuery)2 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2 SamlAuthnResponseContainerDto (uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto)2 Response (org.opensaml.saml.saml2.core.Response)1 AuthnRequestFromHubContainerDto (uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto)1 SamlAuthnRequestContainerDto (uk.gov.ida.hub.samlproxy.domain.SamlAuthnRequestContainerDto)1