use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.
the class AuthnRequestFromTransactionValidator method validateIssueInstant.
private void validateIssueInstant(final AuthnRequest request) {
final String requestId = request.getID();
DateTime issueInstant = request.getIssueInstant();
if (issueInstant == null) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingRequestIssueInstant(requestId);
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
if (!issueInstantValidator.isValid(issueInstant)) {
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.requestTooOld(request.getID(), issueInstant, DateTime.now());
throw new SamlRequestTooOldException(failure.getErrorMessage(), failure.getLogLevel());
}
}
use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.
the class EncryptedResponseFromIdpValidator method fail.
private void fail(Status status) {
StatusCode statusCode = status.getStatusCode();
StatusCode subStatusCode = statusCode.getStatusCode();
if (subStatusCode == null)
throw new SamlValidationException(invalidStatusCode(statusCode.getValue()));
SamlValidationSpecificationFailure failure = invalidSubStatusCode(subStatusCode.getValue(), statusCode.getValue());
throw new SamlValidationException(failure);
}
use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.
the class IPAddressValidator method validate.
public void validate(Assertion assertion) {
for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
for (Attribute attribute : attributeStatement.getAttributes()) {
if (attribute.getName().equals(IdaConstants.Attributes_1_1.IPAddress.NAME)) {
IPAddress ipAddressAttributeValue = (IPAddress) attribute.getAttributeValues().get(0);
String addressValue = ipAddressAttributeValue.getValue();
if (!Strings.isNullOrEmpty(addressValue)) {
return;
}
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyIPAddress(assertion.getID());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
}
}
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingIPAddress(assertion.getID());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
}
use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.
the class MatchingServiceHealthCheckerTest method shouldNotSendHealthCheckIfSignatureFailsToValidate.
@Test
public void shouldNotSendHealthCheckIfSignatureFailsToValidate() {
Assertions.assertThrows(SamlTransformationErrorException.class, () -> {
SamlValidationSpecificationFailure mockFailure = mock(SamlValidationSpecificationFailure.class);
when(matchingRequestSignatureValidator.validate(any(AttributeQuery.class), eq(HUB_ROLE))).thenReturn(SamlValidationResponse.anInvalidResponse(mockFailure));
MatchingServiceConfigEntityDataDto matchingServiceConfigEntityDataDto = aMatchingServiceConfigEntityDataDto().build();
prepareForHealthyResponse(matchingServiceConfigEntityDataDto);
matchingServiceHealthChecker.performHealthCheck(aMatchingServiceConfigEntityDataDto().build());
});
}
use of uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure in project verify-hub by alphagov.
the class SamlMessageReceiverApi method handleResponsePost.
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path(Urls.SamlProxyUrls.RESPONSE_POST_PATH)
@Timed
@ResponseMetered
public Response handleResponsePost(SamlRequestDto samlRequestDto) {
final SessionId sessionId = new SessionId(samlRequestDto.getRelayState());
MDC.put("SessionId", sessionId);
relayStateValidator.validate(samlRequestDto.getRelayState());
org.opensaml.saml.saml2.core.Response samlResponse = stringSamlResponseTransformer.apply(samlRequestDto.getSamlRequest());
SamlValidationResponse signatureValidationResponse = authnResponseSignatureValidator.validate(samlResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
protectiveMonitoringLogger.logAuthnResponse(samlResponse, Direction.INBOUND, SignatureStatus.fromValidationResponse(signatureValidationResponse));
if (!signatureValidationResponse.isOK()) {
SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
throw new SamlTransformationErrorException(failure.getErrorMessage(), signatureValidationResponse.getCause(), Level.ERROR);
}
final SamlAuthnResponseContainerDto authnResponseDto = new SamlAuthnResponseContainerDto(samlRequestDto.getSamlRequest(), sessionId, samlRequestDto.getPrincipalIpAsSeenByFrontend(), samlRequestDto.getAnalyticsSessionId(), samlRequestDto.getJourneyType());
return Response.ok(sessionProxy.receiveAuthnResponseFromIdp(authnResponseDto, sessionId)).build();
}
Aggregations