Search in sources :

Example 11 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class AuthnRequestFromTransactionValidator method validateIssueInstant.

private void validateIssueInstant(final AuthnRequest request) {
    final String requestId = request.getID();
    DateTime issueInstant = request.getIssueInstant();
    if (issueInstant == null) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingRequestIssueInstant(requestId);
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    if (!issueInstantValidator.isValid(issueInstant)) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.requestTooOld(request.getID(), issueInstant, DateTime.now());
        throw new SamlRequestTooOldException(failure.getErrorMessage(), failure.getLogLevel());
    }
}
Also used : SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) DateTime(org.joda.time.DateTime) SamlRequestTooOldException(uk.gov.ida.saml.hub.exception.SamlRequestTooOldException)

Example 12 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class EncryptedResponseFromIdpValidator method fail.

private void fail(Status status) {
    StatusCode statusCode = status.getStatusCode();
    StatusCode subStatusCode = statusCode.getStatusCode();
    if (subStatusCode == null)
        throw new SamlValidationException(invalidStatusCode(statusCode.getValue()));
    SamlValidationSpecificationFailure failure = invalidSubStatusCode(subStatusCode.getValue(), statusCode.getValue());
    throw new SamlValidationException(failure);
}
Also used : SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlValidationException(uk.gov.ida.saml.hub.exception.SamlValidationException) SamlTransformationErrorFactory.invalidSubStatusCode(uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.invalidSubStatusCode) SamlTransformationErrorFactory.invalidStatusCode(uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.invalidStatusCode) StatusCode(org.opensaml.saml.saml2.core.StatusCode)

Example 13 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class IPAddressValidator method validate.

public void validate(Assertion assertion) {
    for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
        for (Attribute attribute : attributeStatement.getAttributes()) {
            if (attribute.getName().equals(IdaConstants.Attributes_1_1.IPAddress.NAME)) {
                IPAddress ipAddressAttributeValue = (IPAddress) attribute.getAttributeValues().get(0);
                String addressValue = ipAddressAttributeValue.getValue();
                if (!Strings.isNullOrEmpty(addressValue)) {
                    return;
                }
                SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyIPAddress(assertion.getID());
                throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
            }
        }
    }
    SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingIPAddress(assertion.getID());
    throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
Also used : SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) IPAddress(uk.gov.ida.saml.core.extensions.IPAddress)

Example 14 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class MatchingServiceHealthCheckerTest method shouldNotSendHealthCheckIfSignatureFailsToValidate.

@Test
public void shouldNotSendHealthCheckIfSignatureFailsToValidate() {
    Assertions.assertThrows(SamlTransformationErrorException.class, () -> {
        SamlValidationSpecificationFailure mockFailure = mock(SamlValidationSpecificationFailure.class);
        when(matchingRequestSignatureValidator.validate(any(AttributeQuery.class), eq(HUB_ROLE))).thenReturn(SamlValidationResponse.anInvalidResponse(mockFailure));
        MatchingServiceConfigEntityDataDto matchingServiceConfigEntityDataDto = aMatchingServiceConfigEntityDataDto().build();
        prepareForHealthyResponse(matchingServiceConfigEntityDataDto);
        matchingServiceHealthChecker.performHealthCheck(aMatchingServiceConfigEntityDataDto().build());
    });
}
Also used : MatchingServiceConfigEntityDataDto(uk.gov.ida.hub.samlsoapproxy.contract.MatchingServiceConfigEntityDataDto) MatchingServiceConfigEntityDataDtoBuilder.aMatchingServiceConfigEntityDataDto(uk.gov.ida.hub.samlsoapproxy.builders.MatchingServiceConfigEntityDataDtoBuilder.aMatchingServiceConfigEntityDataDto) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) AttributeQuery(org.opensaml.saml.saml2.core.AttributeQuery) Test(org.junit.jupiter.api.Test)

Example 15 with SamlValidationSpecificationFailure

use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.

the class SamlMessageReceiverApi method handleResponsePost.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.RESPONSE_POST_PATH)
@Timed
@ResponseMetered
public Response handleResponsePost(SamlRequestDto samlRequestDto) {
    final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
    MDC.put("SessionId", sessionId);
    relayStateValidator.validate(samlRequestDto.getRelayState());
    org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());
    SamlValidationResponse signatureValidationResponse = authnResponseSignatureValidator.validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
    protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.INBOUND, SignatureStatus.fromValidationResponse(signatureValidationResponse));
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
    }
    final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(samlRequestDto.getSamlRequest(), sessionId, samlRequestDto.getPrincipalIpAsSeenByFrontend(), samlRequestDto.getAnalyticsSessionId(), samlRequestDto.getJourneyType());
    return Response.ok(sessionProxy.receiveAuthnResponseFromIdp(authnResponseDto, sessionId)).build();
}
Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) SamlAuthnResponseContainerDto(uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto) SessionId(uk.gov.ida.common.SessionId) Path(javax.ws.rs.Path) ResponseMetered(com.codahale.metrics.annotation.ResponseMetered) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed)

Aggregations

SamlValidationSpecificationFailure (uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)15 SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)13 SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)8 Timed (com.codahale.metrics.annotation.Timed)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Produces (javax.ws.rs.Produces)3 AttributeQuery (org.opensaml.saml.saml2.core.AttributeQuery)3 SessionId (uk.gov.ida.common.SessionId)3 ResponseMetered (com.codahale.metrics.annotation.ResponseMetered)2 Path (javax.ws.rs.Path)2 Attribute (org.opensaml.saml.saml2.core.Attribute)2 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)2 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2 SamlAuthnResponseContainerDto (uk.gov.ida.hub.samlproxy.domain.SamlAuthnResponseContainerDto)2 QName (javax.xml.namespace.QName)1 DateTime (org.joda.time.DateTime)1 Test (org.junit.jupiter.api.Test)1 Response (org.opensaml.saml.saml2.core.Response)1 StatusCode (org.opensaml.saml.saml2.core.StatusCode)1