use of uk.gov.ida.saml.security.validators.ValidatedResponse in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorServiceTest method setup.
@Before
public void setup() throws Exception {
IdaSamlBootstrap.bootstrap();
service = new CountryAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, responseFromCountryValidator, new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()), responseAssertionsFromCountryValidator, validateSamlResponseIssuedByIdpDestination, assertionDecrypter, assertionBlobEncrypter, samlResponseSignatureValidator, samlAssertionsSignatureValidator, new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));
Response eidasSAMLResponse = (Response) buildResponseFromFile();
ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();
when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}
use of uk.gov.ida.saml.security.validators.ValidatedResponse in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorService method toModel.
private InboundResponseFromCountry toModel(ValidatedResponse response, Optional<Assertion> validatedIdentityAssertionOptional, String matchingServiceEntityId) {
Optional<PassthroughAssertion> passthroughAssertion = validatedIdentityAssertionOptional.map(validatedIdentityAssertion -> passthroughAssertionUnmarshaller.fromAssertion(validatedIdentityAssertion, true));
Optional<LevelOfAssurance> levelOfAssurance = passthroughAssertion.flatMap(assertion -> assertion.getAuthnContext()).map(AuthnContext::name).filter(string -> !isNullOrEmpty(string)).map(LevelOfAssurance::valueOf);
IdpIdaStatus status = statusUnmarshaller.fromSaml(response.getStatus());
return new InboundResponseFromCountry(response.getIssuer().getValue(), validatedIdentityAssertionOptional.map(Assertion::getSubject).map(Subject::getNameID).map(NameID::getValue), Optional.ofNullable(status).map(IdpIdaStatus::getStatusCode).map(IdpIdaStatus.Status::name), status.getMessage(), passthroughAssertion.map(assertion -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, assertion.getUnderlyingAssertionBlob())), levelOfAssurance);
}
use of uk.gov.ida.saml.security.validators.ValidatedResponse in project verify-hub by alphagov.
the class AssertionDecrypter method decryptAssertions.
public List<Assertion> decryptAssertions(Response response) {
KeyPair encryptionKeyPair = new KeyPair(publicKey, privateKey);
KeyPair signingKeyPair = new KeyPair(publicKey, privateKey);
IdaKeyStore keyStore = new IdaKeyStore(signingKeyPair, Collections.singletonList(encryptionKeyPair));
IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
uk.gov.ida.saml.security.AssertionDecrypter assertionDecrypter = new uk.gov.ida.saml.security.AssertionDecrypter(new EncryptionAlgorithmValidator(ImmutableSet.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM)), decrypter);
return assertionDecrypter.decryptAssertions(new ValidatedResponse(response));
}
use of uk.gov.ida.saml.security.validators.ValidatedResponse in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorService method translate.
public InboundResponseFromCountry translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
Response response = unmarshall(samlResponseDto);
ValidatedResponse validatedResponse = validateResponse(response);
List<Assertion> assertions = assertionDecrypter.decryptAssertions(validatedResponse);
Optional<Assertion> validatedIdentityAssertion = validateAssertion(validatedResponse, assertions);
return toModel(validatedResponse, validatedIdentityAssertion, samlResponseDto.getMatchingServiceEntityId());
}
Aggregations