Examples with SamlValidationSpecificationFailure uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure used on opensource projects

Search in sources :

Example 1 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class ResponseAssertionsFromCountryValidator method validate.

public void validate(ValidatedResponse validatedResponse, Assertion validatedIdentityAssertion) {
    assertionValidator.validate(validatedIdentityAssertion, validatedResponse.getInResponseTo(), expectedRecipientId);
    if (validatedResponse.isSuccess()) {
        if (validatedIdentityAssertion.getAuthnStatements().size() > 1) {
            SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.multipleAuthnStatements();
            throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
        }
        authnStatementAssertionValidator.validate(validatedIdentityAssertion);
        eidasAttributeStatementAssertionValidator.validate(validatedIdentityAssertion);
        authnResponseIssuerValidator.validate(validatedResponse, validatedIdentityAssertion);
    }
}
Also used : SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)

Example 2 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class ExecuteAttributeQueryRequest method validateRequestSignature.

private void validateRequestSignature(Element matchingServiceRequest, URI matchingServiceUri) {
    AttributeQuery attributeQuery = elementToAttributeQueryTransformer.apply(matchingServiceRequest);
    SamlValidationResponse signatureValidationResponse = matchingRequestSignatureValidator.validate(attributeQuery, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAttributeQuery(attributeQuery.getID(), matchingServiceUri.toASCIIString(), attributeQuery.getIssuer().getValue(), signatureValidationResponse.isOK());
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
}
Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)

Example 3 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class ExecuteAttributeQueryRequest method validateResponseSignature.

private void validateResponseSignature(Element responseFromMatchingService) {
    Response response = elementToSamlResponseTransformer.apply(responseFromMatchingService);
    SamlValidationResponse signatureValidationResponse = matchingResponseSignatureValidator.validate(response, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
    String message = hasStatusMessage(response.getStatus()) ? response.getStatus().getStatusMessage().getMessage() : "";
    protectiveMonitoringLogger.logAttributeQueryResponse(response.getID(), response.getInResponseTo(), response.getIssuer().getValue(), signatureValidationResponse.isOK(), response.getStatus().getStatusCode().getValue(), message);
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
}
Also used : Response(org.opensaml.saml.saml2.core.Response) SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)

Example 4 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class SamlMessageSenderHandler method validateAndLogSamlResponseSignature.

private void validateAndLogSamlResponseSignature(Response samlResponse) {
    boolean isSigned = samlResponse.getIssuer() != null;
    if (isSigned) {
        SamlValidationResponse signatureValidationResponse = samlMessageSignatureValidator.validate(samlResponse, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.OUTBOUND, SignatureStatus.fromValidationResponse(signatureValidationResponse));
        if (!signatureValidationResponse.isOK()) {
            SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
            throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
        }
    } else {
        protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.OUTBOUND, SignatureStatus.NO_SIGNATURE);
    }
}
Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)

Example 5 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class SamlMessageSenderHandler method generateAuthnRequestFromHub.

public SamlMessage generateAuthnRequestFromHub(SessionId sessionId, String principalIpAddress) {
    AuthnRequestFromHubContainerDto authnRequestFromHub = sessionProxy.getAuthnRequestFromHub(sessionId);
    AuthnRequest request = authnRequestTransformer.apply(authnRequestFromHub.getSamlRequest());
    SamlValidationResponse samlSignatureValidationResponse = samlMessageSignatureValidator.validate(request, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAuthnRequest(request, Direction.OUTBOUND, SignatureStatus.fromValidationResponse(samlSignatureValidationResponse));
    if (!samlSignatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = samlSignatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), samlSignatureValidationResponse.getCause(), Level.ERROR);
    }
    SamlMessage samlMessage = new SamlMessage(authnRequestFromHub.getSamlRequest(), SamlMessageType.SAML_REQUEST, Optional.ofNullable(sessionId.toString()), authnRequestFromHub.getPostEndpoint().toString(), Optional.of(authnRequestFromHub.getRegistering()));
    externalCommunicationEventLogger.logIdpAuthnRequest(request.getID(), sessionId, authnRequestFromHub.getPostEndpoint(), principalIpAddress);
    return samlMessage;
}
Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto)

Aggregations

SamlValidationSpecificationFailure (uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)15 SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)13 SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)8 Timed (com.codahale.metrics.annotation.Timed)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Produces (javax.ws.rs.Produces)3 AttributeQuery (org.opensaml.saml.saml2.core.AttributeQuery)3 SessionId (uk.gov.ida.common.SessionId)3 ResponseMetered (com.codahale.metrics.annotation.ResponseMetered)2 Path (javax.ws.rs.Path)2 Attribute (org.opensaml.saml.saml2.core.Attribute)2 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)2 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2 SamlAuthnResponseContainerDto (uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto)2 QName (javax.xml.namespace.QName)1 DateTime (org.joda.time.DateTime)1 Test (org.junit.jupiter.api.Test)1 Response (org.opensaml.saml.saml2.core.Response)1 StatusCode (org.opensaml.saml.saml2.core.StatusCode)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial