Example 1 with ValidatedResponse
use of uk.gov.ida.saml.security.validators.ValidatedResponse in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorServiceTest method setup.
@Before
public void setup() throws Exception {
IdaSamlBootstrap.bootstrap();
service = new CountryAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, responseFromCountryValidator, new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()), responseAssertionsFromCountryValidator, validateSamlResponseIssuedByIdpDestination, assertionDecrypter, assertionBlobEncrypter, samlResponseSignatureValidator, samlAssertionsSignatureValidator, new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));
Response eidasSAMLResponse = (Response) buildResponseFromFile();
ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();
when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}
Also used :
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
Assertion(org.opensaml.saml.saml2.core.Assertion)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Response(org.opensaml.saml.saml2.core.Response)
PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller)
IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller)
ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions)
AuthnContextFactory(uk.gov.ida.saml.core.transformers.AuthnContextFactory)
SamlStatusToIdpIdaStatusMappingsFactory(uk.gov.ida.saml.hub.transformers.inbound.SamlStatusToIdpIdaStatusMappingsFactory)
Before(org.junit.Before)
Example 2 with ValidatedResponse
use of uk.gov.ida.saml.security.validators.ValidatedResponse in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorService method toModel.
private InboundResponseFromCountry toModel(ValidatedResponse response, Optional<Assertion> validatedIdentityAssertionOptional, String matchingServiceEntityId) {
Optional<PassthroughAssertion> passthroughAssertion = validatedIdentityAssertionOptional.map(validatedIdentityAssertion -> passthroughAssertionUnmarshaller.fromAssertion(validatedIdentityAssertion, true));
Optional<LevelOfAssurance> levelOfAssurance = passthroughAssertion.flatMap(assertion -> assertion.getAuthnContext()).map(AuthnContext::name).filter(string -> !isNullOrEmpty(string)).map(LevelOfAssurance::valueOf);
IdpIdaStatus status = statusUnmarshaller.fromSaml(response.getStatus());
return new InboundResponseFromCountry(response.getIssuer().getValue(), validatedIdentityAssertionOptional.map(Assertion::getSubject).map(Subject::getNameID).map(NameID::getValue), Optional.ofNullable(status).map(IdpIdaStatus::getStatusCode).map(IdpIdaStatus.Status::name), status.getMessage(), passthroughAssertion.map(assertion -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, assertion.getUnderlyingAssertionBlob())), levelOfAssurance);
}
Also used :
LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)
StringToOpenSamlObjectTransformer(uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer)
Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty)
Subject(org.opensaml.saml.saml2.core.Subject)
IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
MdcHelper(uk.gov.ida.hub.samlengine.logging.MdcHelper)
ResponseFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseFromCountryValidator)
SamlResponseSignatureValidator(uk.gov.ida.saml.security.validators.signature.SamlResponseSignatureValidator)
Inject(javax.inject.Inject)
Assertion(org.opensaml.saml.saml2.core.Assertion)
AssertionBlobEncrypter(uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)
ResponseAssertionsFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseAssertionsFromCountryValidator)
Response(org.opensaml.saml.saml2.core.Response)
PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller)
AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)
List(java.util.List)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)
DestinationValidator(uk.gov.ida.saml.core.validators.DestinationValidator)
Optional(java.util.Optional)
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
NameID(org.opensaml.saml.saml2.core.NameID)
SamlAssertionsSignatureValidator(uk.gov.ida.saml.security.SamlAssertionsSignatureValidator)
InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus)
Subject(org.opensaml.saml.saml2.core.Subject)
AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)
Example 3 with ValidatedResponse
use of uk.gov.ida.saml.security.validators.ValidatedResponse in project verify-hub by alphagov.
the class AssertionDecrypter method decryptAssertions.
public List<Assertion> decryptAssertions(Response response) {
KeyPair encryptionKeyPair = new KeyPair(publicKey, privateKey);
KeyPair signingKeyPair = new KeyPair(publicKey, privateKey);
IdaKeyStore keyStore = new IdaKeyStore(signingKeyPair, Collections.singletonList(encryptionKeyPair));
IdaKeyStoreCredentialRetriever idaKeyStoreCredentialRetriever = new IdaKeyStoreCredentialRetriever(keyStore);
Decrypter decrypter = new DecrypterFactory().createDecrypter(idaKeyStoreCredentialRetriever.getDecryptingCredentials());
uk.gov.ida.saml.security.AssertionDecrypter assertionDecrypter = new uk.gov.ida.saml.security.AssertionDecrypter(new EncryptionAlgorithmValidator(ImmutableSet.of(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM)), decrypter);
return assertionDecrypter.decryptAssertions(new ValidatedResponse(response));
}
Also used :
KeyPair(java.security.KeyPair)
EncryptionAlgorithmValidator(uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator)
Decrypter(org.opensaml.saml.saml2.encryption.Decrypter)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
IdaKeyStore(uk.gov.ida.saml.security.IdaKeyStore)
IdaKeyStoreCredentialRetriever(uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever)
DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory)
Example 4 with ValidatedResponse
use of uk.gov.ida.saml.security.validators.ValidatedResponse in project verify-hub by alphagov.
the class CountryAuthnResponseTranslatorService method translate.
public InboundResponseFromCountry translate(SamlAuthnResponseTranslatorDto samlResponseDto) {
Response response = unmarshall(samlResponseDto);
ValidatedResponse validatedResponse = validateResponse(response);
List<Assertion> assertions = assertionDecrypter.decryptAssertions(validatedResponse);
Optional<Assertion> validatedIdentityAssertion = validateAssertion(validatedResponse, assertions);
return toModel(validatedResponse, validatedIdentityAssertion, samlResponseDto.getMatchingServiceEntityId());
}
Also used :
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Response(org.opensaml.saml.saml2.core.Response)
Assertion(org.opensaml.saml.saml2.core.Assertion)
PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion)
ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse)
Aggregations
ValidatedResponse (uk.gov.ida.saml.security.validators.ValidatedResponse)4
Assertion (org.opensaml.saml.saml2.core.Assertion)3
Response (org.opensaml.saml.saml2.core.Response)3
PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)2
IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)2
IdpIdaStatusUnmarshaller (uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller)2
PassthroughAssertionUnmarshaller (uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller)2
Strings.isNullOrEmpty (com.google.common.base.Strings.isNullOrEmpty)1
KeyPair (java.security.KeyPair)1
List (java.util.List)1
Optional (java.util.Optional)1
Inject (javax.inject.Inject)1
Before (org.junit.Before)1
NameID (org.opensaml.saml.saml2.core.NameID)1
Subject (org.opensaml.saml.saml2.core.Subject)1
Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)1
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)1
SamlAuthnResponseTranslatorDto (uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)1
InboundResponseFromCountry (uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)1
LevelOfAssurance (uk.gov.ida.hub.samlengine.domain.LevelOfAssurance)1
