Examples with InboundResponseFromIdp uk.gov.ida.saml.hub.domain.InboundResponseFromIdp used on opensource projects

Search in sources :

Example 1 with InboundResponseFromIdp

use of uk.gov.ida.saml.hub.domain.InboundResponseFromIdp in project verify-hub by alphagov.

the class IdaResponseFromIdpUnmarshallerTest method transform_shouldTransformTheSamlResponseToIdaResponseByIdp.

@Test
public void transform_shouldTransformTheSamlResponseToIdaResponseByIdp() {
    Assertion mdsAssertion = anAssertion().addAttributeStatement(anAttributeStatement().build()).buildUnencrypted();
    Assertion authnStatementAssertion = anAssertion().addAuthnStatement(anAuthnStatement().build()).buildUnencrypted();
    when(response.getAssertions()).thenReturn(List.of(mdsAssertion, authnStatementAssertion));
    PassthroughAssertion passthroughMdsAssertion = aPassthroughAssertion().buildMatchingDatasetAssertion();
    when(passthroughAssertionUnmarshaller.fromAssertion(mdsAssertion)).thenReturn(passthroughMdsAssertion);
    PassthroughAssertion passthroughAuthnAssertion = aPassthroughAssertion().buildAuthnStatementAssertion();
    when(passthroughAssertionUnmarshaller.fromAssertion(authnStatementAssertion)).thenReturn(passthroughAuthnAssertion);
    InboundResponseFromIdp inboundResponseFromIdp = unmarshaller.fromSaml(new ValidatedResponse(response), new ValidatedAssertions(response.getAssertions()));
    assertThat(inboundResponseFromIdp.getSignature().isPresent()).isEqualTo(true);
    assertThat(inboundResponseFromIdp.getMatchingDatasetAssertion().isPresent()).isEqualTo(true);
    assertThat(inboundResponseFromIdp.getAuthnStatementAssertion().isPresent()).isEqualTo(true);
    assertThat(inboundResponseFromIdp.getSignature().get()).isEqualTo(signature);
    assertThat(inboundResponseFromIdp.getAuthnStatementAssertion().get()).isEqualTo(passthroughAuthnAssertion);
    assertThat(inboundResponseFromIdp.getMatchingDatasetAssertion().get()).isEqualTo(passthroughMdsAssertion);
}
Also used : PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) PassthroughAssertionBuilder.aPassthroughAssertion(uk.gov.ida.saml.core.test.builders.PassthroughAssertionBuilder.aPassthroughAssertion) PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion) PassthroughAssertionBuilder.aPassthroughAssertion(uk.gov.ida.saml.core.test.builders.PassthroughAssertionBuilder.aPassthroughAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) Test(org.junit.jupiter.api.Test)

Example 2 with InboundResponseFromIdp

use of uk.gov.ida.saml.hub.domain.InboundResponseFromIdp in project verify-hub by alphagov.

the class UnknownMethodAlgorithmLoggerTest method shouldReportUnknownSignatureAlgorithmInIDPResponse.

@Test
public void shouldReportUnknownSignatureAlgorithmInIDPResponse() throws Exception {
    InboundResponseFromIdp inboundResponseFromIdp = new InboundResponseFromIdp(ID, IN_RESPONSE_TO, ISSUER_IDP, ISSUE_INSTANT, NOT_ON_OR_AFTER, STATUS, signatureWithUnknownSignatureAlgorithm, MATCHING_DATASET_ASSERTION, DESTINATION, AUTHN_STATEMENT_ASSERTION);
    UnknownMethodAlgorithmLogger.probeResponseForMethodAlgorithm(inboundResponseFromIdp);
    verifyLog(mockAppender, captorLoggingEvent, 1, String.format(UnknownMethodAlgorithmLogger.SIGNATURE_ALGORITHM_MESSAGE, IDP, SIGNATURE_RSA_SHA1_ID, Response.DEFAULT_ELEMENT_LOCAL_NAME));
}
Also used : InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) Test(org.junit.jupiter.api.Test)

Example 3 with InboundResponseFromIdp

use of uk.gov.ida.saml.hub.domain.InboundResponseFromIdp in project verify-hub by alphagov.

the class IdaResponseFromIdpUnmarshaller method fromSaml.

public InboundResponseFromIdp fromSaml(ValidatedResponse validatedResponse, ValidatedAssertions validatedAssertions) {
    Optional<PassthroughAssertion> matchingDatasetAssertion = validatedAssertions.getMatchingDatasetAssertion().map(passthroughAssertionUnmarshaller::fromAssertion);
    Optional<PassthroughAssertion> authnStatementAssertion = validatedAssertions.getAuthnStatementAssertion().map(passthroughAssertionUnmarshaller::fromAssertion);
    IdpIdaStatus transformedStatus = statusUnmarshaller.fromSaml(validatedResponse.getStatus());
    URI destination = URI.create(validatedResponse.getDestination());
    Optional<DateTime> notOnOrAfter = validatedAssertions.getMatchingDatasetAssertion().flatMap(a -> Optional.ofNullable(a.getSubject())).flatMap(s -> Optional.ofNullable(s.getSubjectConfirmations().get(0).getSubjectConfirmationData().getNotOnOrAfter()));
    return new InboundResponseFromIdp(validatedResponse.getID(), validatedResponse.getInResponseTo(), validatedResponse.getIssuer().getValue(), validatedResponse.getIssueInstant(), notOnOrAfter, transformedStatus, Optional.ofNullable(validatedResponse.getSignature()), matchingDatasetAssertion, destination, authnStatementAssertion);
}
Also used : PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions) InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) DateTime(org.joda.time.DateTime) Optional(java.util.Optional) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) URI(java.net.URI) IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus) PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus) InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) URI(java.net.URI) DateTime(org.joda.time.DateTime)

Example 4 with InboundResponseFromIdp

use of uk.gov.ida.saml.hub.domain.InboundResponseFromIdp in project verify-hub by alphagov.

the class IdpAuthnResponseTranslatorService method translate.

public InboundResponseFromIdpDto translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
    Response response = stringToOpenSamlResponseTransformer.apply(samlResponseDto.getSamlResponse());
    MdcHelper.addContextToMdc(response);
    try {
        InboundResponseFromIdp idaResponseFromIdp = samlResponseToIdaResponseIssuedByIdpTransformer.apply(response);
        UnknownMethodAlgorithmLogger.probeResponseForMethodAlgorithm(idaResponseFromIdp);
        if (idaResponseFromIdp.getAuthnStatementAssertion().isPresent()) {
            Assertion authnStatementAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getAuthnStatementAssertion().get().getUnderlyingAssertionBlob());
            logAnalytics(authnStatementAssertion, AUTHN_STATEMENT);
        }
        Assertion matchingDatasetAssertion = null;
        if (idaResponseFromIdp.getMatchingDatasetAssertion().isPresent()) {
            matchingDatasetAssertion = stringToAssertionTransformer.apply(idaResponseFromIdp.getMatchingDatasetAssertion().get().getUnderlyingAssertionBlob());
            logAnalytics(matchingDatasetAssertion, MATCHING_DATASET);
        }
        InboundResponseFromIdpData inboundResponseFromIdpData = inboundResponseFromIdpDataGenerator.generate(idaResponseFromIdp, samlResponseDto.getMatchingServiceEntityId());
        Optional<LevelOfAssurance> levelOfAssurance = Optional.empty();
        if (!Strings.isNullOrEmpty(inboundResponseFromIdpData.getLevelOfAssurance())) {
            levelOfAssurance = Optional.of(LevelOfAssurance.valueOf(inboundResponseFromIdpData.getLevelOfAssurance()));
        }
        logVerifiedAttributes(idaResponseFromIdp, matchingDatasetAssertion, levelOfAssurance);
        return new InboundResponseFromIdpDto(inboundResponseFromIdpData.getStatus(), inboundResponseFromIdpData.getStatusMessage(), inboundResponseFromIdpData.getIssuer(), inboundResponseFromIdpData.getEncryptedAuthnAssertion(), inboundResponseFromIdpData.getEncryptedMatchingDatasetAssertion(), inboundResponseFromIdpData.getPersistentId(), inboundResponseFromIdpData.getPrincipalIpAddressAsSeenByIdp(), levelOfAssurance, inboundResponseFromIdpData.getIdpFraudEventId(), inboundResponseFromIdpData.getFraudIndicator(), inboundResponseFromIdpData.getNotOnOrAfter());
    } catch (SamlTransformationErrorException e) {
        throw new SamlContextException(response.getID(), response.getIssuer().getValue(), e);
    }
}
Also used : Response(org.opensaml.saml.saml2.core.Response) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) SamlContextException(uk.gov.ida.hub.samlengine.exceptions.SamlContextException) InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) Assertion(org.opensaml.saml.saml2.core.Assertion) InboundResponseFromIdpData(uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)

Example 5 with InboundResponseFromIdp

use of uk.gov.ida.saml.hub.domain.InboundResponseFromIdp in project verify-hub by alphagov.

the class UnknownMethodAlgorithmLoggerTest method shouldReportUnknownDigestAlgorithmInIDPResponse.

@Test
public void shouldReportUnknownDigestAlgorithmInIDPResponse() throws Exception {
    InboundResponseFromIdp inboundResponseFromIdp = new InboundResponseFromIdp(ID, IN_RESPONSE_TO, ISSUER_IDP, ISSUE_INSTANT, NOT_ON_OR_AFTER, STATUS, signatureWithUnknownDigestAlgorithm, MATCHING_DATASET_ASSERTION, DESTINATION, AUTHN_STATEMENT_ASSERTION);
    UnknownMethodAlgorithmLogger.probeResponseForMethodAlgorithm(inboundResponseFromIdp);
    verifyLog(mockAppender, captorLoggingEvent, 1, String.format(UnknownMethodAlgorithmLogger.DIGEST_ALGORITHM_MESSAGE, IDP, DIGEST_SHA1_ID, Response.DEFAULT_ELEMENT_LOCAL_NAME));
}
Also used : InboundResponseFromIdp(uk.gov.ida.saml.hub.domain.InboundResponseFromIdp) Test(org.junit.jupiter.api.Test)

Aggregations

InboundResponseFromIdp (uk.gov.ida.saml.hub.domain.InboundResponseFromIdp)7 Test (org.junit.jupiter.api.Test)5 Assertion (org.opensaml.saml.saml2.core.Assertion)2 PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)2 ValidatedAssertions (uk.gov.ida.saml.security.validators.ValidatedAssertions)2 ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)2 URI (java.net.URI)1 Optional (java.util.Optional)1 DateTime (org.joda.time.DateTime)1 Response (org.opensaml.saml.saml2.core.Response)1 InboundResponseFromIdpDto (uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)1 LevelOfAssurance (uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)1 SamlContextException (uk.gov.ida.hub.samlengine.exceptions.SamlContextException)1 InboundResponseFromIdpData (uk.gov.ida.saml.core.domain.InboundResponseFromIdpData)1 AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)1 PassthroughAssertionBuilder.aPassthroughAssertion (uk.gov.ida.saml.core.test.builders.PassthroughAssertionBuilder.aPassthroughAssertion)1 SamlTransformationErrorException (uk.gov.ida.saml.core.validation.SamlTransformationErrorException)1 IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial