├── .dockerignore ├── .github ├── dependabot.yml └── workflows │ └── pre-merge-checks.yml ├── .gitignore ├── .sdkmanrc ├── Dockerfile ├── LICENCE ├── README.md ├── build.gradle ├── configuration ├── config.yml ├── local │ ├── config.yml │ ├── policy.yml │ ├── saml-engine.yml │ ├── saml-proxy.yml │ ├── saml-soap-proxy.yml │ └── stub-event-sink.yml ├── policy.yml ├── saml-engine.yml ├── saml-proxy.yml └── saml-soap-proxy.yml ├── dependencies.sh ├── doc ├── adr │ ├── 0001-record-architecture-decisions.md │ ├── 0002-accept-eidas-assertions-in-verify.md │ └── 0003-simple-saml-profile.md ├── images │ ├── components.png │ └── message_flow.png └── overview.md ├── docker-run.sh ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── hub-saml-test-utils ├── build.gradle └── src │ └── main │ └── java │ └── uk │ └── gov │ └── ida │ └── saml │ ├── core │ └── test │ │ ├── AuthnRequestFactory.java │ │ ├── AuthnRequestIdGenerator.java │ │ ├── PrivateKeyStoreFactory.java │ │ ├── SamlTransformationErrorManagerTestHelper.java │ │ └── builders │ │ ├── ContactPersonDtoBuilder.java │ │ ├── NameIdPolicyBuilder.java │ │ ├── OrganisationDtoBuilder.java │ │ ├── PassthroughAssertionBuilder.java │ │ ├── SamlEndpointDtoBuilder.java │ │ ├── ScopingBuilder.java │ │ ├── SimpleStringAttributeValueBuilder.java │ │ ├── StatusMessageBuilder.java │ │ └── metadata │ │ ├── AssertionConsumerServiceEndpointDtoBuilder.java │ │ └── IdentityProviderMetadataDtoBuilder.java │ ├── hub │ └── test │ │ └── builders │ │ ├── HubAttributeQueryRequestBuilder.java │ │ └── IdaAuthnRequestBuilder.java │ └── msa │ └── test │ ├── api │ └── MsaTransformersFactory.java │ ├── domain │ ├── MatchingServiceAssertion.java │ └── UnknownUserCreationIdaStatus.java │ ├── outbound │ ├── HealthCheckResponseFromMatchingService.java │ └── transformers │ │ ├── HealthCheckResponseFromMatchingServiceTransformer.java │ │ ├── MatchingServiceAssertionToAssertionTransformer.java │ │ └── MatchingServiceAuthnStatementToAuthnStatementTransformer.java │ └── transformers │ └── ResponseToElementTransformer.java ├── hub-saml ├── Readme.md ├── build.gradle └── src │ ├── main │ └── java │ │ └── uk │ │ └── gov │ │ └── ida │ │ └── saml │ │ ├── core │ │ ├── InternalPublicKeyStore.java │ │ ├── domain │ │ │ └── InboundResponseFromIdpData.java │ │ ├── security │ │ │ ├── AssertionsDecrypters.java │ │ │ └── RelayStateValidator.java │ │ ├── transformers │ │ │ └── outbound │ │ │ │ └── decorators │ │ │ │ └── AssertionBlobEncrypter.java │ │ └── validators │ │ │ ├── DestinationValidator.java │ │ │ ├── SamlValidator.java │ │ │ └── assertion │ │ │ ├── AuthnStatementAssertionValidator.java │ │ │ ├── DuplicateAssertionValidator.java │ │ │ ├── DuplicateAssertionValidatorImpl.java │ │ │ ├── IPAddressValidator.java │ │ │ └── MatchingDatasetAssertionValidator.java │ │ ├── hub │ │ ├── HubConstants.java │ │ ├── api │ │ │ └── HubTransformersFactory.java │ │ ├── configuration │ │ │ ├── SamlAuthnRequestValidityDurationConfiguration.java │ │ │ └── SamlDuplicateRequestValidationConfiguration.java │ │ ├── domain │ │ │ ├── AuthenticationStatusFactory.java │ │ │ ├── AuthnRequestFromRelyingParty.java │ │ │ ├── AuthnRequestFromTransaction.java │ │ │ ├── BaseHubAttributeQueryRequest.java │ │ │ ├── Endpoints.java │ │ │ ├── HubAttributeQueryRequest.java │ │ │ ├── IdpIdaStatus.java │ │ │ ├── InboundHealthCheckResponseFromMatchingService.java │ │ │ ├── InboundResponseFromIdp.java │ │ │ ├── InboundResponseFromMatchingService.java │ │ │ ├── MatchingServiceHealthCheckRequest.java │ │ │ ├── UserAccountCreationAttribute.java │ │ │ ├── VerifyMessage.java │ │ │ └── VerifySamlMessage.java │ │ ├── exception │ │ │ ├── SamlDuplicateRequestIdException.java │ │ │ ├── SamlRequestTooOldException.java │ │ │ └── SamlValidationException.java │ │ ├── factories │ │ │ └── AttributeQueryAttributeFactory.java │ │ ├── transformers │ │ │ ├── inbound │ │ │ │ ├── AuthenticationStatusUnmarshallerBase.java │ │ │ │ ├── AuthnRequestFromRelyingPartyUnmarshaller.java │ │ │ │ ├── AuthnRequestToIdaRequestFromRelyingPartyTransformer.java │ │ │ │ ├── IdaResponseFromIdpUnmarshaller.java │ │ │ │ ├── IdaStatusUnmarshaller.java │ │ │ │ ├── IdpIdaStatusUnmarshaller.java │ │ │ │ ├── InboundHealthCheckResponseFromMatchingServiceUnmarshaller.java │ │ │ │ ├── InboundResponseFromIdpDataGenerator.java │ │ │ │ ├── InboundResponseFromMatchingServiceUnmarshaller.java │ │ │ │ ├── MatchingServiceIdaStatus.java │ │ │ │ ├── MatchingServiceIdaStatusUnmarshaller.java │ │ │ │ ├── PassthroughAssertionUnmarshaller.java │ │ │ │ ├── SamlStatusToAuthenticationStatusCodeMapper.java │ │ │ │ ├── SamlStatusToIdaStatusCodeMapper.java │ │ │ │ ├── SamlStatusToIdpIdaStatusMappingsFactory.java │ │ │ │ ├── TransactionIdaStatusUnmarshaller.java │ │ │ │ └── providers │ │ │ │ │ ├── DecoratedSamlResponseToIdaResponseIssuedByIdpTransformer.java │ │ │ │ │ ├── DecoratedSamlResponseToInboundHealthCheckResponseFromMatchingServiceTransformer.java │ │ │ │ │ └── DecoratedSamlResponseToInboundResponseFromMatchingServiceTransformer.java │ │ │ └── outbound │ │ │ │ ├── AssertionFromIdpToAssertionTransformer.java │ │ │ │ ├── EncryptedAssertionUnmarshaller.java │ │ │ │ ├── HubAssertionMarshaller.java │ │ │ │ ├── HubAttributeQueryRequestToSamlAttributeQueryTransformer.java │ │ │ │ ├── IdaAuthnRequestFromHubToAuthnRequestTransformer.java │ │ │ │ ├── IdaAuthnRequestToAuthnRequestTransformer.java │ │ │ │ ├── IdpIdaStatusMarshaller.java │ │ │ │ ├── MatchingServiceHealthCheckRequestToSamlAttributeQueryTransformer.java │ │ │ │ ├── MatchingServiceIdaStatusMarshaller.java │ │ │ │ ├── OutboundLegacyResponseFromHubToStringFunctionSHA256.java │ │ │ │ ├── OutboundResponseFromHubToSamlResponseTransformer.java │ │ │ │ ├── OutboundSamlProfileResponseFromHubToStringFunctionSHA256.java │ │ │ │ ├── RequestAbstractTypeToStringTransformer.java │ │ │ │ ├── SamlProfileTransactionIdaStatusMarshaller.java │ │ │ │ ├── SimpleProfileOutboundResponseFromHubToSamlResponseTransformer.java │ │ │ │ ├── SimpleProfileTransactionIdaStatusMarshaller.java │ │ │ │ ├── TransactionIdaStatusMarshaller.java │ │ │ │ ├── decorators │ │ │ │ └── NoOpSamlAttributeQueryAssertionEncrypter.java │ │ │ │ └── providers │ │ │ │ ├── ResponseToUnsignedStringTransformer.java │ │ │ │ └── SimpleProfileOutboundResponseFromHubToResponseTransformerProvider.java │ │ └── validators │ │ │ ├── authnrequest │ │ │ ├── AuthnRequestFromTransactionValidator.java │ │ │ ├── AuthnRequestIdKey.java │ │ │ ├── AuthnRequestIssueInstantValidator.java │ │ │ ├── ConcurrentMapIdExpirationCache.java │ │ │ ├── DuplicateAuthnRequestValidator.java │ │ │ └── IdExpirationCache.java │ │ │ └── response │ │ │ ├── common │ │ │ ├── AssertionSizeValidator.java │ │ │ ├── IssuerValidator.java │ │ │ ├── RequestIdValidator.java │ │ │ ├── ResponseMaxSizeValidator.java │ │ │ └── ResponseSizeValidator.java │ │ │ ├── idp │ │ │ ├── IdpResponseValidator.java │ │ │ └── components │ │ │ │ ├── EncryptedResponseFromIdpValidator.java │ │ │ │ └── ResponseAssertionsFromIdpValidator.java │ │ │ └── matchingservice │ │ │ ├── EncryptedResponseFromMatchingServiceValidator.java │ │ │ ├── HealthCheckResponseFromMatchingServiceValidator.java │ │ │ ├── MatchingServiceResponseValidator.java │ │ │ └── ResponseAssertionsFromMatchingServiceValidator.java │ │ └── metadata │ │ ├── HubMetadataPublicKeyStore.java │ │ ├── IdpMetadataPublicKeyStore.java │ │ ├── domain │ │ ├── AssertionConsumerServiceEndpointDto.java │ │ ├── ContactPersonDto.java │ │ ├── FetchedMetadata.java │ │ ├── HubIdentityProviderMetadataDto.java │ │ ├── MetadataDto.java │ │ ├── OrganisationDto.java │ │ └── SamlEndpointDto.java │ │ ├── exceptions │ │ ├── HubEntityMissingException.java │ │ └── NoKeyConfiguredForEntityException.java │ │ └── transformers │ │ ├── HubIdentityProviderMetadataDtoToEntityDescriptorTransformer.java │ │ ├── KeyDescriptorFinder.java │ │ └── decorators │ │ └── SamlEntityDescriptorValidator.java │ └── test │ ├── java │ └── uk │ │ └── gov │ │ └── ida │ │ └── saml │ │ ├── core │ │ ├── DateTimeFreezer.java │ │ ├── security │ │ │ └── RelayStateValidatorTest.java │ │ ├── transformers │ │ │ └── outbound │ │ │ │ └── EntitiesDescriptorToElementTransformerTest.java │ │ └── validators │ │ │ ├── DestinationValidatorTest.java │ │ │ └── assertion │ │ │ ├── AuthnStatementAssertionValidatorTest.java │ │ │ ├── DuplicateAssertionValidatorTest.java │ │ │ ├── IPAddressValidatorTest.java │ │ │ └── MatchingDatasetAssertionValidatorTest.java │ │ ├── hub │ │ ├── api │ │ │ └── HubTransformersFactoryTest.java │ │ ├── factories │ │ │ └── AttributeQueryAttributeFactoryTest.java │ │ ├── transformers │ │ │ ├── inbound │ │ │ │ ├── AuthnRequestFromRelyingPartyUnmarshallerTest.java │ │ │ │ ├── IdaResponseFromIdpUnmarshallerTest.java │ │ │ │ ├── IdpIdaStatusUnmarshallerTest.java │ │ │ │ ├── MatchingServiceIdaStatusUnmarshallerTest.java │ │ │ │ ├── PassthroughAssertionUnmarshallerTest.java │ │ │ │ └── TransactionIdaStatusUnmarshallerTest.java │ │ │ └── outbound │ │ │ │ ├── EncryptedAssertionUnmarshallerTest.java │ │ │ │ ├── HubAssertionMarshallerTest.java │ │ │ │ ├── HubAttributeQueryRequestToSamlAttributeQueryTransformerTest.java │ │ │ │ ├── IdaAuthnRequestFromHubToAuthnRequestTransformerTest.java │ │ │ │ ├── IdpIdaStatusMarshallerTest.java │ │ │ │ ├── MatchingServiceIdaStatusToSamlStatusMarshallerTest.java │ │ │ │ ├── OutboundResponseFromHubToSamlResponseTransformerTest.java │ │ │ │ ├── SamlProfileTransactionIdaStatusMarshallerTest.java │ │ │ │ ├── SimpleProfileTransactionIdaStatusMarshallerTest.java │ │ │ │ ├── TransactionIdaStatusMarshallerTest.java │ │ │ │ └── decorators │ │ │ │ └── StringEncoding.java │ │ └── validators │ │ │ ├── authnrequest │ │ │ ├── AuthnRequestFromTransactionValidatorTest.java │ │ │ ├── AuthnRequestIssueInstantValidatorTest.java │ │ │ └── DuplicateAuthnRequestValidatorTest.java │ │ │ └── response │ │ │ ├── helpers │ │ │ └── ResponseValidatorTestHelper.java │ │ │ ├── idp │ │ │ ├── IdpResponseValidatorTest.java │ │ │ └── components │ │ │ │ ├── EncryptedResponseFromIdpValidatorTest.java │ │ │ │ └── ResponseAssertionsFromIdpValidatorTest.java │ │ │ └── matchingservice │ │ │ ├── EncryptedResponseFromMatchingServiceValidatorTest.java │ │ │ ├── HealthCheckResponseFromMatchingServiceValidatorTest.java │ │ │ ├── MatchingServiceResponseValidatorTest.java │ │ │ └── ResponseAssertionsFromMatchingServiceValidatorTest.java │ │ └── metadata │ │ ├── HubMetadataPublicKeyStoreTest.java │ │ ├── IdpMetadataPublicKeyStoreTest.java │ │ └── transformers │ │ ├── HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest.java │ │ ├── KeyDescriptorFinderTest.java │ │ └── decorators │ │ └── SamlEntityDescriptorValidatorTest.java │ └── resources │ ├── mockito-extensions │ └── org.mockito.plugins.MockMaker │ ├── status-authnfailed-with-detail.xml │ ├── status-cancel.xml │ ├── status-noauthncontext-withotherdetail.xml │ ├── status-noauthncontext.xml │ ├── status-pending.xml │ ├── status-success-with-cancel.xml │ └── status-unknown.xml ├── hub ├── config │ ├── README.md │ ├── build.gradle │ └── src │ │ ├── integration-test │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── integrationtest │ │ │ └── hub │ │ │ └── config │ │ │ └── apprule │ │ │ ├── CertificatesResourceIntegrationTest.java │ │ │ ├── IdentityProviderResourceIntegrationTest.java │ │ │ ├── MatchingServiceResourceIntegrationTest.java │ │ │ ├── PrometheusMetricsIntegrationTest.java │ │ │ ├── SelfServiceCertificatesResourceIntegrationTest.java │ │ │ ├── TransactionsResourceIntegrationTest.java │ │ │ └── support │ │ │ ├── ConfigAppExtension.java │ │ │ ├── ConfigIntegrationApplication.java │ │ │ └── Message.java │ │ ├── main │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── hub │ │ │ └── config │ │ │ ├── ConfigApplication.java │ │ │ ├── ConfigConfiguration.java │ │ │ ├── ConfigModule.java │ │ │ ├── ConfigValidCommand.java │ │ │ ├── S3ConfigSourceModule.java │ │ │ ├── Urls.java │ │ │ ├── annotations │ │ │ └── CertificateConfigValidator.java │ │ │ ├── application │ │ │ ├── CertificateExpiryDateCheckService.java │ │ │ ├── CertificateService.java │ │ │ ├── OcspCertificateChainValidationService.java │ │ │ └── PrometheusClientService.java │ │ │ ├── configuration │ │ │ ├── PrometheusClientServiceConfiguration.java │ │ │ └── SelfServiceConfig.java │ │ │ ├── data │ │ │ ├── ConfigDataBootstrap.java │ │ │ ├── ConfigDataSource.java │ │ │ ├── ConfigRepository.java │ │ │ ├── ConnectedServiceConfigRepository.java │ │ │ ├── FileBackedConfigDataSource.java │ │ │ ├── FileBackedIdentityProviderConfigDataSource.java │ │ │ ├── FileBackedMatchingServiceConfigDataSource.java │ │ │ ├── FileBackedTransactionConfigDataSource.java │ │ │ ├── FileBackedTranslationsDataSource.java │ │ │ ├── LevelsOfAssuranceConfigValidator.java │ │ │ ├── LocalConfigRepository.java │ │ │ ├── ManagedEntityConfigRepository.java │ │ │ └── S3ConfigSource.java │ │ │ ├── domain │ │ │ ├── AssertionConsumerService.java │ │ │ ├── Certificate.java │ │ │ ├── CertificateChainConfigValidator.java │ │ │ ├── CertificateConfigurable.java │ │ │ ├── CertificateOrigin.java │ │ │ ├── CertificateUse.java │ │ │ ├── CertificateValidityChecker.java │ │ │ ├── Cycle3AttributeName.java │ │ │ ├── EntityIdentifiable.java │ │ │ ├── IdentityProviderConfig.java │ │ │ ├── LevelOfAssurance.java │ │ │ ├── MatchingProcess.java │ │ │ ├── MatchingServiceConfig.java │ │ │ ├── OCSPCertificateChainValidityChecker.java │ │ │ ├── TransactionConfig.java │ │ │ ├── TranslationData.java │ │ │ ├── UserAccountCreationAttribute.java │ │ │ ├── filters │ │ │ │ └── IdpPredicateFactory.java │ │ │ └── remoteconfig │ │ │ │ ├── RemoteCertificateConfig.java │ │ │ │ ├── RemoteComponentConfig.java │ │ │ │ ├── RemoteConfigCollection.java │ │ │ │ ├── RemoteConnectedServiceConfig.java │ │ │ │ ├── RemoteMatchingServiceConfig.java │ │ │ │ ├── RemoteServiceProviderConfig.java │ │ │ │ └── SelfServiceMetadata.java │ │ │ ├── dto │ │ │ ├── CertificateDto.java │ │ │ ├── CertificateExpiryStatus.java │ │ │ ├── CertificateHealthCheckDto.java │ │ │ ├── FederationEntityType.java │ │ │ ├── IdpConfigDto.java │ │ │ ├── IdpDto.java │ │ │ ├── InvalidCertificateDto.java │ │ │ ├── MatchingProcessDto.java │ │ │ ├── MatchingServiceConfigDto.java │ │ │ ├── ResourceLocationDto.java │ │ │ ├── TransactionDisplayData.java │ │ │ └── TransactionSingleIdpData.java │ │ │ ├── exceptions │ │ │ ├── CertificateDisabledException.java │ │ │ ├── ConfigValidationException.java │ │ │ ├── ExceptionFactory.java │ │ │ └── NoCertificateFoundException.java │ │ │ ├── filters │ │ │ └── SessionIdQueryParamLoggingFilter.java │ │ │ ├── healthcheck │ │ │ └── ConfigHealthCheck.java │ │ │ ├── resources │ │ │ ├── CertificatesResource.java │ │ │ ├── IdentityProviderResource.java │ │ │ ├── MatchingServiceResource.java │ │ │ └── TransactionsResource.java │ │ │ ├── truststore │ │ │ └── TrustStoreForCertificateProvider.java │ │ │ └── validators │ │ │ ├── DuplicateEntityIdConfigValidator.java │ │ │ ├── IdentityProviderConfigOnboardingTransactionValidator.java │ │ │ └── TransactionConfigMatchingServiceValidator.java │ │ └── test │ │ ├── java │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── hub │ │ │ ├── config │ │ │ ├── application │ │ │ │ ├── CertificateServiceTest.java │ │ │ │ └── OcspCertificateChainValidationServiceTest.java │ │ │ ├── data │ │ │ │ ├── ConfigDataBootstrapTest.java │ │ │ │ ├── LevelsOfAssuranceConfigValidatorTest.java │ │ │ │ ├── ManagedEntityConfigRepositoryTest.java │ │ │ │ └── S3ConfigSourceTest.java │ │ │ ├── domain │ │ │ │ ├── AssertionConsumerServiceTest.java │ │ │ │ ├── CertificateChainConfigValidatorTest.java │ │ │ │ ├── CertificateTest.java │ │ │ │ ├── CertificateValidityCheckerTest.java │ │ │ │ ├── IdentityProviderConfigTest.java │ │ │ │ ├── MatchingServiceConfigDataTest.java │ │ │ │ ├── MatchingServiceConfigDeserializationTest.java │ │ │ │ ├── TransactionConfigTest.java │ │ │ │ ├── builders │ │ │ │ │ ├── AssertionConsumerServiceBuilder.java │ │ │ │ │ ├── IdentityProviderConfigDataBuilder.java │ │ │ │ │ ├── KeyPairBuilder.java │ │ │ │ │ ├── MatchingProcessBuilder.java │ │ │ │ │ ├── MatchingServiceConfigBuilder.java │ │ │ │ │ ├── TransactionConfigBuilder.java │ │ │ │ │ └── TranslationDataBuilder.java │ │ │ │ └── filters │ │ │ │ │ ├── IdpPredicateFactoryPredicatesTest.java │ │ │ │ │ ├── OnboardingIdpPredicateTest.java │ │ │ │ │ └── PredicateTestHelper.java │ │ │ ├── dto │ │ │ │ └── CertificateHealthCheckDtoTest.java │ │ │ ├── exceptions │ │ │ │ └── ConfigValidationExceptionTest.java │ │ │ └── validators │ │ │ │ ├── DuplicateEntityIdConfigValidatorTest.java │ │ │ │ ├── IdentityProviderConfigOnboardingTransactionValidatorTest.java │ │ │ │ └── TransactionConfigMatchingServiceValidatorTest.java │ │ │ └── shared │ │ │ └── ValidationTestHelper.java │ │ └── resources │ │ ├── config-no-eidas-exit-timestamp.yml │ │ ├── config.yml │ │ ├── remote-test-config.json │ │ └── test-rp-ms.yml ├── policy │ ├── README.md │ ├── build.gradle │ ├── doc │ │ └── adr │ │ │ ├── 0001-record-architechture-decisions.md │ │ │ └── 0002-extend-policy-session-length.md │ └── src │ │ ├── integration-test │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── integrationtest │ │ │ └── hub │ │ │ └── policy │ │ │ ├── StateControllerFactoryTest.java │ │ │ ├── apprule │ │ │ ├── AuthnRequestFromTransactionResourceIntegrationTest.java │ │ │ ├── Cycle3DataResourceTest.java │ │ │ ├── MatchingServiceResourcesIntegrationTest.java │ │ │ ├── RpErrorResponseFromHubIntegrationTest.java │ │ │ ├── SessionResourceAuthnResponseFromIdpIntegrationTests.java │ │ │ ├── SessionResourceIntegrationTest.java │ │ │ ├── SessionResourceWithRedisIntegrationTest.java │ │ │ ├── SessionTimeoutIntegrationTests.java │ │ │ └── support │ │ │ │ ├── ConfigStubExtension.java │ │ │ │ ├── EventSinkStubExtension.java │ │ │ │ ├── PolicyAppExtension.java │ │ │ │ ├── PolicyIntegrationApplication.java │ │ │ │ ├── RedisTestExtension.java │ │ │ │ ├── SamlEngineStubExtension.java │ │ │ │ ├── SamlSoapProxyProxyStubExtension.java │ │ │ │ ├── TestSessionDto.java │ │ │ │ ├── TestSessionRepository.java │ │ │ │ ├── TestSessionResource.java │ │ │ │ └── TestSessionResourceHelper.java │ │ │ ├── builders │ │ │ ├── AuthnRequestFromHubContainerDtoBuilder.java │ │ │ ├── AuthnResponseFromHubContainerDtoBuilder.java │ │ │ ├── InboundResponseFromIdpDtoBuilder.java │ │ │ ├── PersistentIdBuilder.java │ │ │ ├── PolicyConfigurationBuilder.java │ │ │ ├── SamlAuthnResponseContainerDtoBuilder.java │ │ │ └── SamlResponseDtoBuilder.java │ │ │ └── rest │ │ │ └── Cycle3DTO.java │ │ ├── main │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── hub │ │ │ └── policy │ │ │ ├── PolicyApplication.java │ │ │ ├── PolicyModule.java │ │ │ ├── SessionStoreStartupTasks.java │ │ │ ├── Urls.java │ │ │ ├── annotations │ │ │ ├── Config.java │ │ │ ├── SamlEngine.java │ │ │ └── SamlSoapProxy.java │ │ │ ├── configuration │ │ │ ├── AssertionLifetimeConfiguration.java │ │ │ ├── EventEmitterConfiguration.java │ │ │ ├── PolicyConfiguration.java │ │ │ ├── RedisConfiguration.java │ │ │ └── SessionStoreConfiguration.java │ │ │ ├── contracts │ │ │ ├── AbstractAttributeQueryRequestDto.java │ │ │ ├── AttributeQueryContainerDto.java │ │ │ ├── AttributeQueryRequestDto.java │ │ │ ├── AuthnResponseFromHubContainerDto.java │ │ │ ├── InboundResponseFromMatchingServiceDto.java │ │ │ ├── MatchingServiceConfigEntityDataDto.java │ │ │ ├── RequestForErrorResponseFromHubDto.java │ │ │ ├── SamlAuthnResponseContainerDto.java │ │ │ ├── SamlAuthnResponseTranslatorDto.java │ │ │ ├── SamlMessageDto.java │ │ │ ├── SamlRequestDto.java │ │ │ ├── SamlRequestWithAuthnRequestInformationDto.java │ │ │ ├── SamlResponseContainerDto.java │ │ │ ├── SamlResponseDto.java │ │ │ └── SamlResponseWithAuthnRequestInformationDto.java │ │ │ ├── controllogic │ │ │ ├── AuthnRequestFromTransactionHandler.java │ │ │ └── ResponseFromIdpHandler.java │ │ │ ├── domain │ │ │ ├── AbstractState.java │ │ │ ├── AssertionRestrictionsFactory.java │ │ │ ├── AuthenticationErrorResponse.java │ │ │ ├── AuthnRequestFromHub.java │ │ │ ├── AuthnRequestFromHubContainerDto.java │ │ │ ├── AuthnRequestSignInDetailsDto.java │ │ │ ├── AuthnRequestSignInProcess.java │ │ │ ├── BaseHubMatchingServiceRequest.java │ │ │ ├── Cycle3AttributeRequestData.java │ │ │ ├── Cycle3Dataset.java │ │ │ ├── Cycle3UserInput.java │ │ │ ├── EventSinkHubEvent.java │ │ │ ├── FailureResponseDetails.java │ │ │ ├── FraudDetectedDetails.java │ │ │ ├── FraudFromIdp.java │ │ │ ├── IdaAuthnRequestFromHubDto.java │ │ │ ├── IdpConfigDto.java │ │ │ ├── IdpIdaStatus.java │ │ │ ├── IdpSelected.java │ │ │ ├── InboundResponseFromIdpDto.java │ │ │ ├── LevelOfAssurance.java │ │ │ ├── MatchFromMatchingService.java │ │ │ ├── MatchingProcess.java │ │ │ ├── MatchingServiceIdaStatus.java │ │ │ ├── NoMatchFromMatchingService.java │ │ │ ├── PersistentId.java │ │ │ ├── PolicyState.java │ │ │ ├── ReceivedAuthnRequest.java │ │ │ ├── RequesterErrorResponse.java │ │ │ ├── ResourceLocation.java │ │ │ ├── ResponseAction.java │ │ │ ├── ResponseFromHub.java │ │ │ ├── ResponseFromHubFactory.java │ │ │ ├── ResponseFromMatchingService.java │ │ │ ├── ResponseProcessingDetails.java │ │ │ ├── ResponseProcessingStatus.java │ │ │ ├── SamlAuthnRequestContainerDto.java │ │ │ ├── SessionId.java │ │ │ ├── SessionRepository.java │ │ │ ├── State.java │ │ │ ├── StateController.java │ │ │ ├── StateTransitionAction.java │ │ │ ├── SuccessFromIdp.java │ │ │ ├── TransactionIdaStatus.java │ │ │ ├── UserAccountCreatedFromMatchingService.java │ │ │ ├── UserAccountCreationAttribute.java │ │ │ ├── controller │ │ │ │ ├── AbstractAuthnFailedErrorStateController.java │ │ │ │ ├── AbstractAwaitingCycle3DataStateController.java │ │ │ │ ├── AbstractMatchRequestSentStateController.java │ │ │ │ ├── AbstractSuccessfulMatchStateController.java │ │ │ │ ├── AbstractUserAccountCreationFailedStateController.java │ │ │ │ ├── AuthnFailedErrorStateController.java │ │ │ │ ├── AuthnRequestCapableController.java │ │ │ │ ├── AwaitingCycle3DataStateController.java │ │ │ │ ├── Cycle0And1MatchRequestSentStateController.java │ │ │ │ ├── Cycle3DataInputCancelledStateController.java │ │ │ │ ├── Cycle3MatchRequestSentStateController.java │ │ │ │ ├── ErrorResponsePreparedStateController.java │ │ │ │ ├── FraudEventDetectedStateController.java │ │ │ │ ├── IdpSelectedStateController.java │ │ │ │ ├── IdpSelectingStateController.java │ │ │ │ ├── IdpSelector.java │ │ │ │ ├── MatchRequestSentStateController.java │ │ │ │ ├── MatchingServiceRequestErrorStateController.java │ │ │ │ ├── NoMatchStateController.java │ │ │ │ ├── NonMatchingJourneySuccessStateController.java │ │ │ │ ├── RequesterErrorStateController.java │ │ │ │ ├── ResponsePreparedStateController.java │ │ │ │ ├── ResponseProcessingStateController.java │ │ │ │ ├── RestartJourneyStateController.java │ │ │ │ ├── SessionStartedStateController.java │ │ │ │ ├── StateControllerFactory.java │ │ │ │ ├── SuccessfulMatchStateController.java │ │ │ │ ├── TimeoutStateController.java │ │ │ │ ├── UserAccountCreatedStateController.java │ │ │ │ ├── UserAccountCreationFailedStateController.java │ │ │ │ ├── UserAccountCreationRequestSentStateController.java │ │ │ │ └── WaitingForMatchingServiceResponseStateController.java │ │ │ ├── exception │ │ │ │ ├── SessionAlreadyExistingException.java │ │ │ │ ├── SessionAlreadyExistingExceptionMapper.java │ │ │ │ ├── SessionCreationFailureException.java │ │ │ │ ├── SessionCreationFailureExceptionMapper.java │ │ │ │ ├── SessionNotFoundException.java │ │ │ │ ├── SessionNotFoundExceptionMapper.java │ │ │ │ ├── StateProcessingValidationException.java │ │ │ │ └── StateProcessingValidationExceptionMapper.java │ │ │ └── state │ │ │ │ ├── AbstractAuthnFailedErrorState.java │ │ │ │ ├── AbstractAwaitingCycle3DataState.java │ │ │ │ ├── AbstractMatchRequestSentState.java │ │ │ │ ├── AbstractSuccessfulMatchState.java │ │ │ │ ├── AbstractUserAccountCreationFailedState.java │ │ │ │ ├── AuthnFailedErrorState.java │ │ │ │ ├── AwaitingCycle3DataState.java │ │ │ │ ├── Cycle0And1MatchRequestSentState.java │ │ │ │ ├── Cycle3DataInputCancelledState.java │ │ │ │ ├── Cycle3MatchRequestSentState.java │ │ │ │ ├── ErrorResponsePreparedState.java │ │ │ │ ├── FraudEventDetectedState.java │ │ │ │ ├── IdpSelectedState.java │ │ │ │ ├── IdpSelectingState.java │ │ │ │ ├── MatchRequestSentState.java │ │ │ │ ├── MatchingServiceRequestErrorState.java │ │ │ │ ├── NoMatchState.java │ │ │ │ ├── NonMatchingJourneySuccessState.java │ │ │ │ ├── PausedRegistrationState.java │ │ │ │ ├── RequesterErrorState.java │ │ │ │ ├── ResponsePreparedState.java │ │ │ │ ├── ResponseProcessingState.java │ │ │ │ ├── RestartJourneyState.java │ │ │ │ ├── SessionStartedState.java │ │ │ │ ├── SuccessfulMatchState.java │ │ │ │ ├── TimeoutState.java │ │ │ │ ├── UserAccountCreatedState.java │ │ │ │ ├── UserAccountCreationFailedState.java │ │ │ │ ├── UserAccountCreationRequestSentState.java │ │ │ │ └── WaitingForMatchingServiceResponseState.java │ │ │ ├── exception │ │ │ ├── IdaJsonProcessingExceptionMapper.java │ │ │ ├── IdaJsonProcessingExceptionMapperBundle.java │ │ │ ├── IdpDisabledException.java │ │ │ ├── IdpDisabledExceptionMapper.java │ │ │ ├── InvalidSessionStateException.java │ │ │ ├── InvalidSessionStateExceptionMapper.java │ │ │ ├── PolicyApplicationExceptionMapper.java │ │ │ ├── PolicyExceptionMapper.java │ │ │ ├── SessionTimeoutException.java │ │ │ └── SessionTimeoutExceptionMapper.java │ │ │ ├── facade │ │ │ └── EventSinkMessageSenderFacade.java │ │ │ ├── factories │ │ │ └── SamlAuthnResponseTranslatorDtoFactory.java │ │ │ ├── filters │ │ │ ├── SessionIdPathParamLoggingFilter.java │ │ │ └── SessionIdQueryParamLoggingFilter.java │ │ │ ├── logging │ │ │ └── HubEventLogger.java │ │ │ ├── proxy │ │ │ ├── AttributeQueryRequest.java │ │ │ ├── IdentityProvidersConfigProxy.java │ │ │ ├── MatchingServiceConfigProxy.java │ │ │ ├── SamlEngineProxy.java │ │ │ ├── SamlSoapProxyProxy.java │ │ │ └── TransactionsConfigProxy.java │ │ │ ├── redis │ │ │ ├── RedisSerializationException.java │ │ │ └── SessionStoreRedisCodec.java │ │ │ ├── resources │ │ │ ├── AuthnRequestFromTransactionResource.java │ │ │ ├── Cycle3DataResource.java │ │ │ ├── MatchingServiceFailureResponseResource.java │ │ │ ├── MatchingServiceResponseResource.java │ │ │ ├── ResponseFromIdpResource.java │ │ │ └── SessionResource.java │ │ │ ├── services │ │ │ ├── AttributeQueryService.java │ │ │ ├── AuthnResponseFromIdpService.java │ │ │ ├── Cycle3Service.java │ │ │ ├── MatchingServiceResponseService.java │ │ │ └── SessionService.java │ │ │ ├── session │ │ │ ├── RedisSessionStore.java │ │ │ └── SessionStore.java │ │ │ └── validators │ │ │ └── LevelOfAssuranceValidator.java │ │ └── test │ │ ├── java │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── hub │ │ │ └── policy │ │ │ ├── builder │ │ │ ├── AttributeQueryContainerDtoBuilder.java │ │ │ ├── AttributeQueryRequestBuilder.java │ │ │ ├── AuthnResponseFromHubContainerDtoBuilder.java │ │ │ ├── MatchingServiceConfigEntityDataDtoBuilder.java │ │ │ ├── SamlAuthnRequestContainerDtoBuilder.java │ │ │ ├── SamlAuthnResponseContainerDtoBuilder.java │ │ │ ├── SamlAuthnResponseTranslatorDtoBuilder.java │ │ │ ├── SamlResponseDtoBuilder.java │ │ │ ├── domain │ │ │ │ ├── AuthenticationErrorResponseBuilder.java │ │ │ │ ├── AuthnRequestFromHubBuilder.java │ │ │ │ ├── Cycle3AttributeRequestDataBuilder.java │ │ │ │ ├── Cycle3DatasetBuilder.java │ │ │ │ ├── FraudDetectedDetailsBuilder.java │ │ │ │ ├── FraudFromIdpBuilder.java │ │ │ │ ├── IdpConfigDtoBuilder.java │ │ │ │ ├── InboundResponseFromIdpDtoBuilder.java │ │ │ │ ├── MatchFromMatchingServiceBuilder.java │ │ │ │ ├── PersistentIdBuilder.java │ │ │ │ ├── ReceivedAuthnRequestBuilder.java │ │ │ │ ├── RequesterErrorResponseBuilder.java │ │ │ │ ├── ResponseFromHubBuilder.java │ │ │ │ ├── SessionIdBuilder.java │ │ │ │ └── SuccessFromIdpBuilder.java │ │ │ └── state │ │ │ │ ├── AuthnFailedErrorStateBuilder.java │ │ │ │ ├── AwaitingCycle3DataStateBuilder.java │ │ │ │ ├── Cycle0And1MatchRequestSentStateBuilder.java │ │ │ │ ├── Cycle3DataInputCancelledStateBuilder.java │ │ │ │ ├── Cycle3MatchRequestSentStateBuilder.java │ │ │ │ ├── FraudEventDetectedStateBuilder.java │ │ │ │ ├── IdpSelectedStateBuilder.java │ │ │ │ ├── MatchingServiceRequestErrorStateBuilder.java │ │ │ │ ├── NoMatchStateBuilder.java │ │ │ │ ├── NoMatchStateBuilderTest.java │ │ │ │ ├── NonMatchingJourneySuccessStateBuilder.java │ │ │ │ ├── PausedRegistrationStateBuilder.java │ │ │ │ ├── RequesterErrorStateBuilder.java │ │ │ │ ├── SessionStartedStateBuilder.java │ │ │ │ ├── SuccessfulMatchStateBuilder.java │ │ │ │ ├── TimeoutStateBuilder.java │ │ │ │ ├── UserAccountCreatedStateBuilder.java │ │ │ │ ├── UserAccountCreationFailedStateBuilder.java │ │ │ │ └── UserAccountCreationRequestSentStateBuilder.java │ │ │ ├── configuration │ │ │ └── PolicyApplicationTest.java │ │ │ ├── contracts │ │ │ └── AttributeQueryRequestDtoTest.java │ │ │ ├── controllogic │ │ │ └── AuthnRequestFromTransactionHandlerTest.java │ │ │ ├── domain │ │ │ ├── Cycle3AttributeRequestDataTest.java │ │ │ ├── Cycle3DatasetTest.java │ │ │ ├── LevelOfAssuranceTest.java │ │ │ ├── MatchingProcessDto.java │ │ │ ├── PersistentIdTest.java │ │ │ ├── ResponseFromHubTest.java │ │ │ ├── ResponseProcessingDetailsTest.java │ │ │ ├── SessionRepositoryTest.java │ │ │ ├── controller │ │ │ │ ├── AuthnFailedErrorStateControllerTest.java │ │ │ │ ├── AwaitingCycle3DataStateControllerTest.java │ │ │ │ ├── Cycle0And1MatchRequestSentStateControllerTest.java │ │ │ │ ├── Cycle3MatchRequestSentStateControllerTest.java │ │ │ │ ├── ErrorStateControllerTests.java │ │ │ │ ├── IdpSelectedStateControllerTest.java │ │ │ │ ├── IdpSelectorTest.java │ │ │ │ ├── SessionStartedStateControllerTest.java │ │ │ │ ├── StateControllerFactoryTest.java │ │ │ │ ├── SuccessfulMatchStateControllerTest.java │ │ │ │ └── UserAccountCreationRequestSentStateControllerTest.java │ │ │ ├── exception │ │ │ │ ├── SessionAlreadyExistingExceptionMapperTest.java │ │ │ │ ├── SessionCreationFailureExceptionMapperTest.java │ │ │ │ ├── SessionNotFoundExceptionMapperTest.java │ │ │ │ └── StateProcessingValidationExceptionMapperTest.java │ │ │ └── serialization │ │ │ │ └── StateJsonSerializationTest.java │ │ │ ├── exception │ │ │ ├── IdaJsonProcessingExceptionMapperTest.java │ │ │ ├── IdpDisabledExceptionMapperTest.java │ │ │ ├── PolicyApplicationExceptionMapperTest.java │ │ │ ├── PolicyExceptionMapperTest.java │ │ │ └── SessionTimeoutExceptionMapperTest.java │ │ │ ├── logging │ │ │ └── HubEventLoggerTest.java │ │ │ ├── matchers │ │ │ ├── HasDetail.java │ │ │ ├── HasSessionId.java │ │ │ └── IsEventType.java │ │ │ ├── proxy │ │ │ ├── SamlResponseWithAuthnRequestInformationDtoBuilder.java │ │ │ └── TransactionsConfigProxyTest.java │ │ │ ├── services │ │ │ ├── AttributeQueryServiceTest.java │ │ │ ├── AuthnResponseFromIdpServiceTest.java │ │ │ ├── Cycle3ServiceTest.java │ │ │ ├── MatchingServiceResponseServiceTest.java │ │ │ └── SessionServiceTest.java │ │ │ ├── session │ │ │ └── RedisSessionStoreTest.java │ │ │ └── validators │ │ │ └── LevelOfAssuranceValidatorTest.java │ │ └── resources │ │ └── policy.yml ├── saml-engine │ ├── README.md │ ├── build.gradle │ └── src │ │ ├── integration-test │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── integrationtest │ │ │ └── hub │ │ │ └── samlengine │ │ │ ├── MetadataRefreshTaskIntegrationTest.java │ │ │ ├── apprule │ │ │ ├── HealthCheckTest.java │ │ │ ├── IdpAuthnRequestGeneratorResourceTest.java │ │ │ ├── IdpAuthnResponseTranslatorResourceTest.java │ │ │ ├── IdpAuthnResponseTranslatorResourceWithRedisTest.java │ │ │ ├── MatchingServiceHealthcheckRequestGeneratorResourceTest.java │ │ │ ├── MatchingServiceHealthcheckResponseTranslatorResourceTest.java │ │ │ ├── MatchingServiceRequestGeneratorResourceTest.java │ │ │ ├── MatchingServiceResponseTranslatorResourceTest.java │ │ │ ├── RpAuthnRequestTranslatorResourceTest.java │ │ │ ├── RpAuthnResponseGeneratorResourceTest.java │ │ │ ├── RpErrorResponseGeneratorResourceTest.java │ │ │ └── support │ │ │ │ ├── ConfigStubExtension.java │ │ │ │ ├── RedisTestRule.java │ │ │ │ └── SamlEngineAppExtension.java │ │ │ ├── builders │ │ │ ├── AttributeQueryRequestBuilder.java │ │ │ ├── AuthnResponseFactory.java │ │ │ ├── AuthnResponseFromHubContainerDtoBuilder.java │ │ │ ├── RequestForErrorResponseFromHubDtoBuilder.java │ │ │ ├── ResponseFromHubDtoBuilder.java │ │ │ └── SamlAuthnResponseTranslatorDtoBuilder.java │ │ │ └── support │ │ │ └── AssertionDecrypter.java │ │ ├── main │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ ├── hub │ │ │ └── samlengine │ │ │ │ ├── CryptoModule.java │ │ │ │ ├── ReplayCacheStartupTasks.java │ │ │ │ ├── SamlEngineApplication.java │ │ │ │ ├── SamlEngineConfiguration.java │ │ │ │ ├── SamlEngineModule.java │ │ │ │ ├── Urls.java │ │ │ │ ├── annotations │ │ │ │ └── Config.java │ │ │ │ ├── attributequery │ │ │ │ ├── AttributeQueryGenerator.java │ │ │ │ └── HubAttributeQueryRequestBuilder.java │ │ │ │ ├── config │ │ │ │ ├── CertificatesConfigProxy.java │ │ │ │ ├── ConfigServiceKeyStore.java │ │ │ │ ├── RedisConfiguration.java │ │ │ │ ├── SamlConfiguration.java │ │ │ │ └── TrustStoreForCertificateProvider.java │ │ │ │ ├── contracts │ │ │ │ ├── AttributeQueryContainerDto.java │ │ │ │ ├── AuthnResponseFromHubContainerDto.java │ │ │ │ ├── IdaAuthnRequestFromHubDto.java │ │ │ │ ├── InboundResponseFromMatchingServiceDto.java │ │ │ │ ├── MatchingServiceHealthCheckerRequestDto.java │ │ │ │ ├── MatchingServiceHealthCheckerResponseDto.java │ │ │ │ ├── RequestForErrorResponseFromHubDto.java │ │ │ │ ├── ResponseFromHubDto.java │ │ │ │ ├── SamlAuthnResponseTranslatorDto.java │ │ │ │ ├── SamlRequestWithAuthnRequestInformationDto.java │ │ │ │ └── TranslatedAuthnRequestDto.java │ │ │ │ ├── domain │ │ │ │ ├── AttributeQueryContainerDto.java │ │ │ │ ├── AttributeQueryRequestDto.java │ │ │ │ ├── CertificateDto.java │ │ │ │ ├── Cycle3Dataset.java │ │ │ │ ├── FederationEntityType.java │ │ │ │ ├── InboundResponseFromIdpDto.java │ │ │ │ ├── LevelOfAssurance.java │ │ │ │ ├── PersistentId.java │ │ │ │ ├── ResourceLocation.java │ │ │ │ ├── SamlMessageDto.java │ │ │ │ ├── SamlRequestDto.java │ │ │ │ └── SamlResponseContainerDto.java │ │ │ │ ├── exceptions │ │ │ │ ├── IdaJsonProcessingExceptionMapper.java │ │ │ │ ├── InvalidConfigurationException.java │ │ │ │ ├── KeyLoadingException.java │ │ │ │ ├── SamlContextException.java │ │ │ │ ├── SamlEngineExceptionMapper.java │ │ │ │ ├── SigningKeyExtractionException.java │ │ │ │ └── UnableToGenerateSamlException.java │ │ │ │ ├── factories │ │ │ │ └── OutboundResponseFromHubToResponseTransformerFactory.java │ │ │ │ ├── filters │ │ │ │ └── SessionIdQueryParamLoggingFilter.java │ │ │ │ ├── locators │ │ │ │ └── AssignableEntityToEncryptForLocator.java │ │ │ │ ├── logging │ │ │ │ ├── IdpAssertionMetricsCollector.java │ │ │ │ ├── MdcHelper.java │ │ │ │ ├── MethodAlgorithm.java │ │ │ │ ├── NotOnOrAfterLogger.java │ │ │ │ ├── Role.java │ │ │ │ ├── UnknownMethodAlgorithmLogger.java │ │ │ │ ├── VerifiedAttributesLogger.java │ │ │ │ └── data │ │ │ │ │ ├── AttributeStatementLogData.java │ │ │ │ │ └── VerifiedAttributeLogData.java │ │ │ │ ├── metadata │ │ │ │ ├── MetadataCredentialResolverInitializer.java │ │ │ │ └── SigningCertFromMetadataExtractor.java │ │ │ │ ├── proxy │ │ │ │ ├── IdpSingleSignOnServiceHelper.java │ │ │ │ └── TransactionsConfigProxy.java │ │ │ │ ├── redis │ │ │ │ ├── AssertionExpirationCacheRedisCodec.java │ │ │ │ ├── AuthnRequestExpirationCacheRedisCodec.java │ │ │ │ ├── ExpirationCacheRedisCodec.java │ │ │ │ └── RedisSerializationException.java │ │ │ │ ├── resources │ │ │ │ └── translators │ │ │ │ │ ├── IdpAuthnRequestGeneratorResource.java │ │ │ │ │ ├── IdpAuthnResponseTranslatorResource.java │ │ │ │ │ ├── MatchingServiceHealthcheckRequestGeneratorResource.java │ │ │ │ │ ├── MatchingServiceHealthcheckResponseTranslatorResource.java │ │ │ │ │ ├── MatchingServiceRequestGeneratorResource.java │ │ │ │ │ ├── MatchingServiceResponseTranslatorResource.java │ │ │ │ │ ├── RpAuthnRequestTranslatorResource.java │ │ │ │ │ ├── RpAuthnResponseGeneratorResource.java │ │ │ │ │ └── RpErrorResponseGeneratorResource.java │ │ │ │ ├── security │ │ │ │ ├── AuthnRequestKeyStore.java │ │ │ │ ├── HubEncryptionKeyStore.java │ │ │ │ ├── RedisIdExpirationCache.java │ │ │ │ └── SamlResponseFromMatchingServiceKeyStore.java │ │ │ │ └── services │ │ │ │ ├── IdaAuthnRequestTranslator.java │ │ │ │ ├── IdpAuthnRequestGeneratorService.java │ │ │ │ ├── IdpAuthnResponseTranslatorService.java │ │ │ │ ├── MatchingServiceHealthcheckRequestGeneratorService.java │ │ │ │ ├── MatchingServiceHealthcheckResponseTranslatorService.java │ │ │ │ ├── MatchingServiceRequestGeneratorService.java │ │ │ │ ├── MatchingServiceResponseTranslatorService.java │ │ │ │ ├── RpAuthnRequestTranslatorService.java │ │ │ │ ├── RpAuthnResponseGeneratorService.java │ │ │ │ └── RpErrorResponseGeneratorService.java │ │ │ └── saml │ │ │ └── hub │ │ │ └── validators │ │ │ └── authnrequest │ │ │ └── AuthnRequestIdKeyForInitilization.java │ │ └── test │ │ ├── java │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── hub │ │ │ └── samlengine │ │ │ ├── CheckJCEInstalledTest.java │ │ │ ├── SamlEngineModuleTest.java │ │ │ ├── attributequery │ │ │ └── AttributeQueryGeneratorTest.java │ │ │ ├── builders │ │ │ ├── AuthnRequestFromRelyingPartyBuilder.java │ │ │ ├── BuilderHelper.java │ │ │ ├── CertificateDtoBuilder.java │ │ │ ├── HubMatchingServiceRequestDtoBuilder.java │ │ │ ├── InboundResponseFromMatchingServiceBuilder.java │ │ │ ├── PersistentIdBuilder.java │ │ │ ├── ResponseBuilder.java │ │ │ ├── SamlAuthnRequestDtoBuilder.java │ │ │ ├── SamlTransformationFailureExceptionBuilder.java │ │ │ └── TranslatedAuthnRequestDtoBuilder.java │ │ │ ├── config │ │ │ └── ConfigServiceKeyStoreTest.java │ │ │ ├── domain │ │ │ └── SamlAuthnRequestContainerDto.java │ │ │ ├── exceptions │ │ │ ├── IdaJsonProcessingExceptionMapperTest.java │ │ │ └── SamlEngineExceptionMapperTest.java │ │ │ ├── factories │ │ │ └── OutboundResponseFromHubToResponseTransformerFactoryTest.java │ │ │ ├── locators │ │ │ └── AssignableEntityToEncryptForLocatorTest.java │ │ │ ├── logging │ │ │ ├── IdpAssertionMetricsCollectorTest.java │ │ │ ├── NotOnOrAfterLoggerTest.java │ │ │ ├── UnknownMethodAlgorithmLoggerTest.java │ │ │ └── VerifiedAttributesLoggerTest.java │ │ │ ├── metadata │ │ │ └── SigningCertFromMetadataExtractorTest.java │ │ │ ├── proxy │ │ │ └── IdpSingleSignOnServiceHelperTest.java │ │ │ ├── security │ │ │ └── HubEncryptionKeyStoreTest.java │ │ │ └── services │ │ │ ├── IdaAuthnRequestTranslatorTest.java │ │ │ ├── IdpAuthnRequestGeneratorServiceTest.java │ │ │ ├── IdpAuthnResponseTranslatorServiceTest.java │ │ │ ├── MatchingServiceResponseTranslatorServiceTest.java │ │ │ └── RpAuthnRequestTranslatorServiceTest.java │ │ └── resources │ │ └── saml-engine.yml ├── saml-proxy │ ├── README.md │ ├── build.gradle │ └── src │ │ ├── integration-test │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── integrationtest │ │ │ └── hub │ │ │ └── samlproxy │ │ │ ├── HubMetadataIntegrationTests.java │ │ │ ├── MetadataRefreshTaskIntegrationTest.java │ │ │ ├── apprule │ │ │ ├── DenialOfServiceAttacksIntegrationTests.java │ │ │ ├── HealthCheckTest.java │ │ │ ├── IdpHardCodedEntityToEncryptForLocator.java │ │ │ ├── MetadataConsumerTests.java │ │ │ ├── ResourceNotFound404IntegrationTests.java │ │ │ ├── SamlMessageReceiverApiResourceTest.java │ │ │ ├── SamlMessageSenderApiResourceTest.java │ │ │ └── support │ │ │ │ ├── ConfigStubExtension.java │ │ │ │ ├── PolicyStubExtension.java │ │ │ │ └── SamlProxyAppExtension.java │ │ │ └── support │ │ │ └── TestSamlRequestFactory.java │ │ ├── main │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── hub │ │ │ └── samlproxy │ │ │ ├── EventEmitterConfiguration.java │ │ │ ├── SamlProxyApplication.java │ │ │ ├── SamlProxyConfiguration.java │ │ │ ├── SamlProxyModule.java │ │ │ ├── Urls.java │ │ │ ├── annotations │ │ │ ├── Config.java │ │ │ └── Policy.java │ │ │ ├── config │ │ │ ├── CertificatesConfigProxy.java │ │ │ ├── ConfigServiceKeyStore.java │ │ │ ├── SamlConfiguration.java │ │ │ └── TrustStoreForCertificateProvider.java │ │ │ ├── contracts │ │ │ ├── AuthnResponseFromHubContainerDto.java │ │ │ └── SamlRequestDto.java │ │ │ ├── controllogic │ │ │ ├── SamlMessageSenderHandler.java │ │ │ └── SamlMessageType.java │ │ │ ├── domain │ │ │ ├── AuthnRequestFromHubContainerDto.java │ │ │ ├── CertificateDto.java │ │ │ ├── FederationEntityType.java │ │ │ ├── HubServiceProviderMetadataDto.java │ │ │ ├── IdpResult.java │ │ │ ├── LevelOfAssurance.java │ │ │ ├── ResponseActionDto.java │ │ │ ├── SamlAuthnRequestContainerDto.java │ │ │ ├── SamlAuthnResponseContainerDto.java │ │ │ └── SamlDto.java │ │ │ ├── exceptions │ │ │ ├── AbstractContextExceptionMapper.java │ │ │ ├── ExceptionAuditor.java │ │ │ ├── HubEntityNotFoundException.java │ │ │ ├── NoKeyConfiguredForEntityExceptionMapper.java │ │ │ ├── SamlProxyApplicationExceptionMapper.java │ │ │ ├── SamlProxyDuplicateRequestExceptionMapper.java │ │ │ ├── SamlProxyExceptionMapper.java │ │ │ └── SamlProxySamlTransformationErrorExceptionMapper.java │ │ │ ├── filters │ │ │ └── SessionIdQueryParamLoggingFilter.java │ │ │ ├── handlers │ │ │ ├── HubAsIdpMetadataHandler.java │ │ │ └── HubAsSpMetadataHandler.java │ │ │ ├── health │ │ │ └── BadStartupSateException.java │ │ │ ├── logging │ │ │ ├── ExternalCommunicationEventLogger.java │ │ │ ├── ProtectiveMonitoringLogFormatter.java │ │ │ └── ProtectiveMonitoringLogger.java │ │ │ ├── proxy │ │ │ └── SessionProxy.java │ │ │ ├── repositories │ │ │ ├── Direction.java │ │ │ └── SignatureStatus.java │ │ │ ├── resources │ │ │ ├── HubMetadataResourceApi.java │ │ │ ├── SamlMessageReceiverApi.java │ │ │ └── SamlMessageSenderApi.java │ │ │ └── security │ │ │ ├── AuthnRequestKeyStore.java │ │ │ ├── AuthnResponseKeyStore.java │ │ │ └── HubSigningKeyStore.java │ │ └── test │ │ ├── java │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── hub │ │ │ └── samlproxy │ │ │ ├── SamlProxyModuleTest.java │ │ │ ├── builders │ │ │ └── CertificateDtoBuilder.java │ │ │ ├── config │ │ │ └── ConfigServiceKeyStoreTest.java │ │ │ ├── controllogic │ │ │ └── SamlMessageSenderHandlerTest.java │ │ │ ├── exceptions │ │ │ ├── AbstractContextExceptionMapperTest.java │ │ │ ├── ExceptionAuditorTest.java │ │ │ ├── NoKeyConfiguredForEntityExceptionMapperTest.java │ │ │ ├── SamlProxyApplicationExceptionMapperTest.java │ │ │ ├── SamlProxyDuplicateRequestExceptionMapperTest.java │ │ │ ├── SamlProxyExceptionMapperTest.java │ │ │ └── SamlProxySamlTransformationErrorExceptionMapperTest.java │ │ │ ├── handlers │ │ │ └── HubAsIdpMetadataHandlerTest.java │ │ │ ├── logging │ │ │ ├── ExternalCommunicationEventLoggerTest.java │ │ │ ├── ProtectiveMonitoringLogFormatterTest.java │ │ │ └── ProtectiveMonitoringLoggerTest.java │ │ │ ├── resources │ │ │ └── SamlMessageReceiverApiTest.java │ │ │ └── support │ │ │ └── ResourceHelpers.java │ │ └── resources │ │ ├── saml-proxy.yml │ │ └── status-cancel.xml ├── saml-soap-proxy │ ├── README.md │ ├── build.gradle │ └── src │ │ ├── integration-test │ │ └── java │ │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── integrationtest │ │ │ └── hub │ │ │ └── samlsoapproxy │ │ │ └── apprule │ │ │ ├── MatchingServiceHealthCheckIntegrationTests.java │ │ │ ├── MatchingServiceRequestSenderTest.java │ │ │ ├── MetadataRefreshTaskIntegrationTest.java │ │ │ ├── PrometheusMetricsIntegrationTest.java │ │ │ ├── dto │ │ │ ├── AggregatedMatchingServicesHealthCheckResultDto.java │ │ │ ├── MatchingServiceHealthCheckDetailsDto.java │ │ │ └── MatchingServiceHealthCheckResultDto.java │ │ │ └── support │ │ │ ├── ConfigStubExtension.java │ │ │ ├── EventSinkStubExtension.java │ │ │ ├── MatchingServiceDetails.java │ │ │ ├── MsaStubExtension.java │ │ │ ├── PolicyStubExtension.java │ │ │ ├── SamlEngineStubExtension.java │ │ │ ├── SamlSoapProxyAppExtension.java │ │ │ └── SleepyHttpStub.java │ │ ├── main │ │ ├── java │ │ │ └── uk │ │ │ │ └── gov │ │ │ │ └── ida │ │ │ │ └── hub │ │ │ │ └── samlsoapproxy │ │ │ │ ├── EventEmitterConfiguration.java │ │ │ │ ├── ExecutorConfiguration.java │ │ │ │ ├── SamlSoapProxyApplication.java │ │ │ │ ├── SamlSoapProxyConfiguration.java │ │ │ │ ├── SamlSoapProxyModule.java │ │ │ │ ├── Urls.java │ │ │ │ ├── annotations │ │ │ │ ├── Config.java │ │ │ │ ├── MatchingServiceRequestExecutorBacklog.java │ │ │ │ ├── Policy.java │ │ │ │ └── SamlEngine.java │ │ │ │ ├── client │ │ │ │ ├── AttributeQueryRequestClient.java │ │ │ │ ├── HealthCheckSoapRequestClient.java │ │ │ │ ├── MatchingServiceHealthCheckClient.java │ │ │ │ ├── PrometheusClient.java │ │ │ │ ├── SOAPRequestError.java │ │ │ │ └── SoapRequestClient.java │ │ │ │ ├── config │ │ │ │ ├── CertificatesConfigProxy.java │ │ │ │ ├── ConfigServiceKeyStore.java │ │ │ │ ├── PrometheusClientServiceConfiguration.java │ │ │ │ ├── SamlConfiguration.java │ │ │ │ └── TrustStoreForCertificateProvider.java │ │ │ │ ├── contract │ │ │ │ ├── MatchingServiceConfigEntityDataDto.java │ │ │ │ ├── MatchingServiceHealthCheckerRequestDto.java │ │ │ │ ├── MatchingServiceHealthCheckerResponseDto.java │ │ │ │ └── SamlMessageDto.java │ │ │ │ ├── domain │ │ │ │ ├── AttributeQueryContainerDto.java │ │ │ │ ├── CertificateDto.java │ │ │ │ ├── FederationEntityType.java │ │ │ │ ├── MatchingServiceHealthCheckResponseDto.java │ │ │ │ ├── SamlResponseDto.java │ │ │ │ └── TimeoutEvaluator.java │ │ │ │ ├── exceptions │ │ │ │ ├── AttributeQueryTimeoutException.java │ │ │ │ ├── IdaJsonProcessingExceptionMapper.java │ │ │ │ ├── InvalidSamlRequestInAttributeQueryException.java │ │ │ │ ├── MatchingServiceRequestExceptionErrorMessageMapper.java │ │ │ │ ├── MissingMetadataException.java │ │ │ │ └── SupportedMsaVersionsFileAccessException.java │ │ │ │ ├── filters │ │ │ │ └── SessionIdQueryParamLoggingFilter.java │ │ │ │ ├── healthcheck │ │ │ │ ├── AggregatedMatchingServicesHealthCheckResult.java │ │ │ │ ├── HealthCheckData.java │ │ │ │ ├── MatchingServiceHealthCheckDetails.java │ │ │ │ ├── MatchingServiceHealthCheckHandler.java │ │ │ │ ├── MatchingServiceHealthCheckResult.java │ │ │ │ ├── MatchingServiceHealthChecker.java │ │ │ │ ├── SupportedMsaVersions.java │ │ │ │ ├── SupportedMsaVersionsBootstrap.java │ │ │ │ ├── SupportedMsaVersionsLoader.java │ │ │ │ └── SupportedMsaVersionsRepository.java │ │ │ │ ├── logging │ │ │ │ ├── ExternalCommunicationEventLogger.java │ │ │ │ ├── HealthCheckEventLogger.java │ │ │ │ └── ProtectiveMonitoringLogger.java │ │ │ │ ├── proxy │ │ │ │ ├── HubMatchingServiceResponseReceiverProxy.java │ │ │ │ ├── MatchingServiceConfigProxy.java │ │ │ │ └── SamlEngineProxy.java │ │ │ │ ├── resources │ │ │ │ ├── AttributeQueryRequestSenderResource.java │ │ │ │ ├── MatchingServiceHealthCheckResource.java │ │ │ │ └── MatchingServiceVersionCheckResource.java │ │ │ │ ├── rest │ │ │ │ └── HealthCheckResponse.java │ │ │ │ ├── runnabletasks │ │ │ │ ├── AttributeQueryRequestRunnable.java │ │ │ │ ├── AttributeQueryRequestRunnableFactory.java │ │ │ │ └── ExecuteAttributeQueryRequest.java │ │ │ │ ├── security │ │ │ │ └── MatchingResponseSigningKeyStore.java │ │ │ │ ├── service │ │ │ │ ├── MatchingServiceHealthCheckService.java │ │ │ │ ├── MatchingServiceHealthCheckTask.java │ │ │ │ └── MatchingServiceInfoMetric.java │ │ │ │ └── soap │ │ │ │ ├── SoapMessageManager.java │ │ │ │ └── SoapResponse.java │ │ └── resources │ │ │ └── supported-msa-versions.yml │ │ └── test │ │ ├── java │ │ └── uk │ │ │ └── gov │ │ │ └── ida │ │ │ └── hub │ │ │ └── samlsoapproxy │ │ │ ├── builders │ │ │ ├── AttributeQueryContainerDtoBuilder.java │ │ │ ├── CertificateDtoBuilder.java │ │ │ ├── HealthCheckResponseBuilder.java │ │ │ ├── MatchingServiceConfigEntityDataDtoBuilder.java │ │ │ ├── MatchingServiceHealthCheckDetailsBuilder.java │ │ │ └── MatchingServiceHealthCheckerResponseDtoBuilder.java │ │ │ ├── client │ │ │ ├── AttributeQueryRequestClientTest.java │ │ │ ├── HealthCheckSoapRequestClientTest.java │ │ │ ├── MatchingServiceHealthCheckClientTest.java │ │ │ ├── SoapRequestClientTest.java │ │ │ ├── TestResponse.java │ │ │ └── TestResponseTest.java │ │ │ ├── config │ │ │ └── ConfigServiceKeyStoreTest.java │ │ │ ├── domain │ │ │ └── TimeoutEvaluatorTest.java │ │ │ ├── exceptions │ │ │ └── IdaJsonProcessingExceptionMapperTest.java │ │ │ ├── healthcheck │ │ │ ├── AggregatedMatchingServicesHealthCheckResultTest.java │ │ │ ├── HealthCheckDataTest.java │ │ │ ├── MatchingServiceHealthCheckHandlerTest.java │ │ │ └── MatchingServiceHealthCheckerTest.java │ │ │ ├── logging │ │ │ ├── ExternalCommunicationEventLoggerTest.java │ │ │ └── HealthCheckEventLoggerTest.java │ │ │ ├── resources │ │ │ └── MatchingServiceHealthCheckResourceTest.java │ │ │ ├── runnabletasks │ │ │ ├── AttributeQueryRequestRunnableTest.java │ │ │ └── ExecuteAttributeQueryRequestTest.java │ │ │ └── soap │ │ │ └── SoapMessageManagerTest.java │ │ └── resources │ │ └── saml-soap-proxy.yml ├── shared │ ├── build.gradle │ └── src │ │ └── main │ │ └── java │ │ └── uk │ │ └── gov │ │ └── ida │ │ └── hub │ │ └── shared │ │ ├── eventsink │ │ ├── EventDetails.java │ │ ├── EventSink.java │ │ ├── EventSinkHttpProxy.java │ │ ├── EventSinkHubEvent.java │ │ ├── EventSinkHubEventConstants.java │ │ ├── EventSinkMessageSender.java │ │ └── EventSinkProxy.java │ │ └── guice │ │ ├── DropwizardServiceBinder.java │ │ ├── GuiceBridgeFeature.java │ │ └── GuiceBundle.java └── stub-event-sink │ ├── README.md │ ├── build.gradle │ └── src │ └── main │ └── java │ └── uk │ └── gov │ └── ida │ └── stub │ └── event │ └── sink │ ├── StubEventSinkApplication.java │ ├── StubEventSinkConfiguration.java │ ├── StubEventSinkModule.java │ ├── StubEventSinkUrls.java │ ├── Urls.java │ ├── healthcheck │ └── StubEventSinkHealthCheck.java │ ├── repositories │ └── InMemoryEventSinkHubEventStore.java │ └── resources │ ├── EventSinkHubEventResource.java │ └── EventSinkHubEventTestResource.java ├── idea.gradle ├── inttest.gradle ├── pre-commit.sh ├── publish.gradle ├── run.Dockerfile ├── settings.gradle ├── shutdown.sh └── startup.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | apps-home 2 | artefacts 3 | vendor 4 | .gradle 5 | hub/*/build 6 | hub-saml/build 7 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "gradle" # See documentation for possible values 9 | directory: "/" # Location of package manifests 10 | schedule: 11 | interval: "daily" 12 | open-pull-requests-limit: 100 13 | -------------------------------------------------------------------------------- /.github/workflows/pre-merge-checks.yml: -------------------------------------------------------------------------------- 1 | name: Pre-merge checks 2 | on: 3 | pull_request: 4 | types: 5 | - opened 6 | - reopened 7 | - ready_for_review 8 | - synchronize 9 | 10 | jobs: 11 | build: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Check out repository code 15 | uses: actions/checkout@v2 16 | - name: Set up JDK 11 17 | uses: actions/setup-java@v2 18 | with: 19 | java-version: '11.0.16' 20 | distribution: 'adopt' 21 | - name: Run Build 22 | run: ./gradlew --parallel build -x test -x inttest 23 | 24 | run-tests: 25 | runs-on: ubuntu-latest 26 | steps: 27 | - name: Check out repository code 28 | uses: actions/checkout@v2 29 | - name: Set up JDK 11 30 | uses: actions/setup-java@v2 31 | with: 32 | java-version: '11.0.16' 33 | distribution: 'adopt' 34 | - name: Run Tests 35 | env: 36 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 37 | run: ./gradlew --parallel check -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .bundle/ 2 | *.class 3 | build 4 | .DS_Store 5 | .gradle 6 | .idea 7 | *.iml 8 | *.ipr 9 | .sass-cache 10 | *.iws 11 | out/** 12 | out/ 13 | # Package Files # 14 | *.log 15 | apps-home 16 | apps-local-data 17 | *.swp 18 | *~ 19 | *# 20 | local.env 21 | artefacts 22 | /vendor 23 | target 24 | -------------------------------------------------------------------------------- /.sdkmanrc: -------------------------------------------------------------------------------- 1 | # Enable auto-env through the sdkman_auto_env config 2 | # Add key=value pairs of SDKs to use below 3 | java=11.0.2-open 4 | -------------------------------------------------------------------------------- /LICENCE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017 Crown Copyright (Government Digital Service) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /configuration/local/config.yml: -------------------------------------------------------------------------------- 1 | server: 2 | applicationConnectors: 3 | - type: http 4 | port: ${CONFIG_PORT} 5 | adminConnectors: 6 | - type: http 7 | port: 50241 8 | requestLog: 9 | appenders: 10 | - type: console 11 | 12 | 13 | logging: 14 | level: ${LOG_LEVEL:-INFO} 15 | appenders: 16 | - type: console 17 | 18 | serviceInfo: 19 | name: config 20 | 21 | userHubSessionDuration: 90m 22 | 23 | rootDataDirectory: ${FED_CONFIG_PATH:-/data/stub-fed-config} 24 | 25 | translationsDirectory: ../display-locales/transactions 26 | 27 | clientTrustStoreConfiguration: 28 | path: /data/pki/hub.ts 29 | password: marshmallow 30 | 31 | rpTrustStoreConfiguration: 32 | path: ${RP_TRUST_STORE_PATH:-/data/pki/relying_parties.ts} 33 | password: marshmallow 34 | -------------------------------------------------------------------------------- /configuration/local/stub-event-sink.yml: -------------------------------------------------------------------------------- 1 | server: 2 | applicationConnectors: 3 | - type: http 4 | port: ${EVENT_SINK_PORT} 5 | adminConnectors: 6 | - type: http 7 | port: 50101 8 | requestLog: 9 | appenders: 10 | - type: console 11 | 12 | logging: 13 | level: ${LOG_LEVEL:-INFO} 14 | appenders: 15 | - type: console 16 | 17 | serviceInfo: 18 | name: stub-event-sink 19 | 20 | 21 | -------------------------------------------------------------------------------- /dependencies.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | gradle --daemon --recompile-scripts clean \ 3 | configuration:dependencies \ 4 | hub:config:dependencies \ 5 | hub:policy:dependencies \ 6 | hub:saml-engine:dependencies \ 7 | hub:saml-proxy:dependencies \ 8 | hub:saml-soap-proxy:dependencies \ 9 | stub-event-sink:dependencies \ 10 | > out/dependencies.txt 11 | -------------------------------------------------------------------------------- /doc/adr/0001-record-architecture-decisions.md: -------------------------------------------------------------------------------- 1 | # 1. Record architecture decisions 2 | 3 | Date: 2017-10-03 4 | 5 | ## Status 6 | 7 | Accepted 8 | 9 | ## Context 10 | 11 | We need to record the architectural decisions made on this project. 12 | 13 | ## Decision 14 | 15 | We will use Architecture Decision Records, as described by Michael Nygard in this article: http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions 16 | 17 | ## Consequences 18 | 19 | See Michael Nygard's article, linked above. 20 | -------------------------------------------------------------------------------- /doc/images/components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alphagov/verify-hub/a245c54d9cea9e8ebe3002cb3c7b7e8f1b97dcc0/doc/images/components.png -------------------------------------------------------------------------------- /doc/images/message_flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alphagov/verify-hub/a245c54d9cea9e8ebe3002cb3c7b7e8f1b97dcc0/doc/images/message_flow.png -------------------------------------------------------------------------------- /docker-run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | cd $(dirname "${BASH_SOURCE[0]}") 4 | 5 | app="$1" 6 | 7 | ./gradlew :hub:$app:clean 8 | ./gradlew :hub:$app:distZip -Pversion=local 9 | docker build -t $app:latest --build-arg config_location=configuration/local/$app.yml --build-arg app_name=$app -f run.Dockerfile . 10 | echo "$app:latest" 11 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alphagov/verify-hub/a245c54d9cea9e8ebe3002cb3c7b7e8f1b97dcc0/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Thu Dec 05 17:01:35 GMT 2019 2 | distributionUrl=https\://services.gradle.org/distributions/gradle-6.0.1-all.zip 3 | distributionBase=GRADLE_USER_HOME 4 | distributionPath=wrapper/dists 5 | zipStorePath=wrapper/dists 6 | zipStoreBase=GRADLE_USER_HOME 7 | -------------------------------------------------------------------------------- /hub-saml-test-utils/build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'java-library' 3 | } 4 | 5 | dependencies { 6 | implementation configurations.common, 7 | configurations.saml_lib, 8 | project(':hub-saml') 9 | 10 | api configurations.test_utils, 11 | configurations.saml_test 12 | } 13 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/AuthnRequestIdGenerator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test; 2 | 3 | import java.util.UUID; 4 | 5 | public final class AuthnRequestIdGenerator { 6 | private AuthnRequestIdGenerator() {} 7 | 8 | public static String generateRequestId() { 9 | return "_" + UUID.randomUUID().toString(); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/PrivateKeyStoreFactory.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test; 2 | 3 | import org.apache.commons.codec.binary.Base64; 4 | import uk.gov.ida.common.shared.security.PrivateKeyFactory; 5 | import uk.gov.ida.common.shared.security.PrivateKeyStore; 6 | 7 | import java.security.PrivateKey; 8 | import java.util.List; 9 | 10 | import static java.util.stream.Collectors.toList; 11 | 12 | public class PrivateKeyStoreFactory { 13 | public PrivateKeyStore create(String entityId) { 14 | PrivateKey privateSigningKey = new PrivateKeyFactory().createPrivateKey(Base64.decodeBase64(TestCertificateStrings.PRIVATE_SIGNING_KEYS.get(entityId))); 15 | List encryptionKeyStrings = TestCertificateStrings.PRIVATE_ENCRYPTION_KEYS.get(entityId); 16 | List privateEncryptionKeys = encryptionKeyStrings.stream() 17 | .map(input -> new PrivateKeyFactory().createPrivateKey(Base64.decodeBase64(input))) 18 | .collect(toList()); 19 | return new PrivateKeyStore(privateSigningKey, privateEncryptionKeys); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/SamlTransformationErrorManagerTestHelper.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test; 2 | 3 | import uk.gov.ida.saml.core.validation.SamlTransformationErrorException; 4 | import uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure; 5 | 6 | import static org.assertj.core.api.Assertions.assertThat; 7 | import static org.assertj.core.api.Assertions.fail; 8 | 9 | public final class SamlTransformationErrorManagerTestHelper { 10 | 11 | private SamlTransformationErrorManagerTestHelper() { 12 | } 13 | 14 | public static void validateFail(Action action, SamlValidationSpecificationFailure failure) { 15 | try { 16 | action.execute(); 17 | fail("Expected action to throw"); 18 | } catch (SamlTransformationErrorException e) { 19 | assertThat(e.getMessage()).isEqualTo(failure.getErrorMessage()); 20 | assertThat(e.getLogLevel()).isEqualTo(failure.getLogLevel()); 21 | } 22 | } 23 | 24 | public interface Action { 25 | void execute(); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/builders/NameIdPolicyBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test.builders; 2 | 3 | import java.util.Optional; 4 | import org.opensaml.saml.saml2.core.NameIDPolicy; 5 | import org.opensaml.saml.saml2.core.NameIDType; 6 | import uk.gov.ida.saml.core.OpenSamlXmlObjectFactory; 7 | 8 | public class NameIdPolicyBuilder { 9 | 10 | private OpenSamlXmlObjectFactory openSamlXmlObjectFactory = new OpenSamlXmlObjectFactory(); 11 | private Optional format = Optional.ofNullable(NameIDType.PERSISTENT); 12 | 13 | public static NameIdPolicyBuilder aNameIdPolicy() { 14 | return new NameIdPolicyBuilder(); 15 | } 16 | 17 | public NameIDPolicy build() { 18 | 19 | NameIDPolicy nameIdPolicy = openSamlXmlObjectFactory.createNameIdPolicy(); 20 | 21 | format.ifPresent(nameIdPolicy::setFormat); 22 | 23 | return nameIdPolicy; 24 | } 25 | 26 | public NameIdPolicyBuilder withFormat(String format) { 27 | this.format = Optional.ofNullable(format); 28 | return this; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/builders/OrganisationDtoBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test.builders; 2 | 3 | 4 | import uk.gov.ida.saml.metadata.domain.OrganisationDto; 5 | 6 | public class OrganisationDtoBuilder { 7 | 8 | private String organisationDisplayName = "Display Name"; 9 | private String organisationName = "MegaCorp"; 10 | 11 | public static OrganisationDtoBuilder anOrganisationDto() { 12 | return new OrganisationDtoBuilder(); 13 | } 14 | 15 | public OrganisationDto build() { 16 | return new OrganisationDto( 17 | organisationDisplayName, 18 | organisationName, 19 | "https://hub.ida.gov.uk"); 20 | } 21 | 22 | public OrganisationDtoBuilder withDisplayName(String organisationDisplayName) { 23 | this.organisationDisplayName = organisationDisplayName; 24 | return this; 25 | } 26 | 27 | public OrganisationDtoBuilder withName(String organisationName) { 28 | this.organisationName = organisationName; 29 | return this; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/builders/SamlEndpointDtoBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test.builders; 2 | 3 | 4 | import uk.gov.ida.saml.metadata.domain.SamlEndpointDto; 5 | 6 | import java.net.URI; 7 | 8 | public class SamlEndpointDtoBuilder { 9 | 10 | private SamlEndpointDto.Binding binding = SamlEndpointDto.Binding.POST; 11 | private URI location = URI.create("https://hub.ida.gov.uk/blah"); 12 | 13 | public static SamlEndpointDtoBuilder aSamlEndpointDto(){ 14 | return new SamlEndpointDtoBuilder(); 15 | } 16 | 17 | public SamlEndpointDto build() { 18 | return new SamlEndpointDto( 19 | binding, 20 | location); 21 | } 22 | 23 | public SamlEndpointDtoBuilder withBinding(SamlEndpointDto.Binding binding) { 24 | this.binding = binding; 25 | return this; 26 | } 27 | 28 | public SamlEndpointDtoBuilder withLocation(URI location) { 29 | this.location = location; 30 | return this; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/builders/ScopingBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test.builders; 2 | 3 | import org.opensaml.saml.saml2.core.Scoping; 4 | import uk.gov.ida.saml.core.OpenSamlXmlObjectFactory; 5 | 6 | public class ScopingBuilder { 7 | 8 | private OpenSamlXmlObjectFactory openSamlXmlObjectFactory = new OpenSamlXmlObjectFactory(); 9 | 10 | public static ScopingBuilder aScoping() { 11 | return new ScopingBuilder(); 12 | } 13 | 14 | public Scoping build() { 15 | return openSamlXmlObjectFactory.createScoping(); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/builders/SimpleStringAttributeValueBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test.builders; 2 | 3 | import org.opensaml.saml.saml2.core.AttributeValue; 4 | import uk.gov.ida.saml.core.OpenSamlXmlObjectFactory; 5 | 6 | public class SimpleStringAttributeValueBuilder { 7 | 8 | private OpenSamlXmlObjectFactory openSamlXmlObjectFactory = new OpenSamlXmlObjectFactory(); 9 | 10 | private String value; 11 | 12 | public static SimpleStringAttributeValueBuilder aSimpleStringValue() { 13 | return new SimpleStringAttributeValueBuilder(); 14 | } 15 | 16 | public AttributeValue build() { 17 | return openSamlXmlObjectFactory.createSimpleMdsAttributeValue(value); 18 | } 19 | 20 | public SimpleStringAttributeValueBuilder withValue(String value) { 21 | this.value = value; 22 | return this; 23 | } 24 | 25 | } 26 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/core/test/builders/StatusMessageBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.test.builders; 2 | 3 | import org.opensaml.saml.saml2.core.StatusMessage; 4 | import uk.gov.ida.saml.core.OpenSamlXmlObjectFactory; 5 | 6 | public class StatusMessageBuilder { 7 | 8 | private static OpenSamlXmlObjectFactory openSamlXmlObjectFactory = new OpenSamlXmlObjectFactory(); 9 | 10 | private String message = "default message"; 11 | 12 | public static StatusMessageBuilder aStatusMessage() { 13 | return new StatusMessageBuilder(); 14 | } 15 | 16 | public StatusMessage build() { 17 | StatusMessage statusCode = openSamlXmlObjectFactory.createStatusMessage(); 18 | 19 | statusCode.setMessage(message); 20 | 21 | return statusCode; 22 | } 23 | 24 | public StatusMessageBuilder withMessage(String message) { 25 | this.message = message; 26 | return this; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/msa/test/domain/UnknownUserCreationIdaStatus.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.msa.test.domain; 2 | 3 | import uk.gov.ida.saml.core.domain.IdaStatus; 4 | 5 | public enum UnknownUserCreationIdaStatus implements IdaStatus { 6 | Success, 7 | CreateFailure, 8 | NoAttributeFailure, 9 | } 10 | -------------------------------------------------------------------------------- /hub-saml-test-utils/src/main/java/uk/gov/ida/saml/msa/test/outbound/HealthCheckResponseFromMatchingService.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.msa.test.outbound; 2 | 3 | import org.joda.time.DateTime; 4 | import org.joda.time.DateTimeZone; 5 | import uk.gov.ida.saml.core.domain.IdaMatchingServiceResponse; 6 | 7 | public class HealthCheckResponseFromMatchingService extends IdaMatchingServiceResponse { 8 | public HealthCheckResponseFromMatchingService(String entityId, String healthCheckReqeustId) { 9 | super("healthcheck-response-id", healthCheckReqeustId, entityId, DateTime.now()); 10 | } 11 | 12 | public HealthCheckResponseFromMatchingService(final String responseId, 13 | final String entityId, 14 | final String healthCheckReqeustId) { 15 | super(responseId, healthCheckReqeustId, entityId, DateTime.now(DateTimeZone.UTC)); 16 | } 17 | } 18 | 19 | -------------------------------------------------------------------------------- /hub-saml/build.gradle: -------------------------------------------------------------------------------- 1 | plugins { 2 | id 'java-library' 3 | } 4 | 5 | dependencies { 6 | implementation configurations.common, 7 | configurations.ida_utils 8 | 9 | api configurations.saml_lib 10 | 11 | testImplementation configurations.test_deps_compile, 12 | configurations.dev_pki, 13 | project(':hub-saml-test-utils') 14 | } 15 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/core/InternalPublicKeyStore.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core; 2 | 3 | import java.security.PublicKey; 4 | import java.util.List; 5 | 6 | public interface InternalPublicKeyStore { 7 | List getVerifyingKeysForEntity(); 8 | } 9 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/core/validators/SamlValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.validators; 2 | 3 | 4 | import org.opensaml.saml.common.SAMLObject; 5 | 6 | public interface SamlValidator { 7 | void validate(T itemToValidate); 8 | } 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/core/validators/assertion/DuplicateAssertionValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core.validators.assertion; 2 | 3 | import org.opensaml.saml.saml2.core.Assertion; 4 | 5 | public interface DuplicateAssertionValidator { 6 | void validateAuthnStatementAssertion(Assertion assertion); 7 | 8 | void validateMatchingDataSetAssertion(Assertion assertion, String responseIssuerId); 9 | } 10 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/HubConstants.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub; 2 | 3 | public interface HubConstants { 4 | String SP_NAME_QUALIFIER = "https://hub.gov.uk"; 5 | String VERIFY_FEDERATION = "VERIFY-FEDERATION"; 6 | } 7 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/configuration/SamlAuthnRequestValidityDurationConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.configuration; 2 | 3 | import io.dropwizard.util.Duration; 4 | 5 | public interface SamlAuthnRequestValidityDurationConfiguration { 6 | Duration getAuthnRequestValidityDuration(); 7 | } 8 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/configuration/SamlDuplicateRequestValidationConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.configuration; 2 | 3 | import io.dropwizard.util.Duration; 4 | 5 | public interface SamlDuplicateRequestValidationConfiguration { 6 | Duration getAuthnRequestIdExpirationDuration(); 7 | } 8 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/domain/AuthenticationStatusFactory.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.domain; 2 | 3 | import uk.gov.ida.saml.core.domain.IdaStatus; 4 | 5 | public interface AuthenticationStatusFactory { 6 | U create(T status, String message); 7 | } 8 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/domain/Endpoints.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.domain; 2 | 3 | public class Endpoints { 4 | private Endpoints() {} 5 | public static final String SSO_RESPONSE_ENDPOINT = "/SAML2/SSO/Response/POST"; 6 | public static final String SSO_REQUEST_ENDPOINT = "/SAML2/SSO"; 7 | } 8 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/domain/InboundHealthCheckResponseFromMatchingService.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.domain; 2 | 3 | import org.joda.time.DateTime; 4 | import uk.gov.ida.saml.core.domain.IdaMatchingServiceResponse; 5 | import uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus; 6 | 7 | public class InboundHealthCheckResponseFromMatchingService extends IdaMatchingServiceResponse { 8 | private MatchingServiceIdaStatus status; 9 | 10 | @SuppressWarnings("unused") // needed for JAXB 11 | private InboundHealthCheckResponseFromMatchingService() { 12 | } 13 | 14 | public InboundHealthCheckResponseFromMatchingService( 15 | final String responseId, 16 | final String inResponseTo, 17 | final String issuer, 18 | final DateTime issueInstant, 19 | final MatchingServiceIdaStatus status) { 20 | 21 | super(responseId, inResponseTo, issuer, issueInstant); 22 | 23 | this.status = status; 24 | } 25 | 26 | public MatchingServiceIdaStatus getStatus() { 27 | return status; 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/domain/MatchingServiceHealthCheckRequest.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.domain; 2 | 3 | import org.joda.time.DateTime; 4 | import uk.gov.ida.saml.core.domain.PersistentId; 5 | 6 | import java.net.URI; 7 | 8 | public class MatchingServiceHealthCheckRequest extends BaseHubAttributeQueryRequest { 9 | 10 | public MatchingServiceHealthCheckRequest(String id, DateTime issueInstant, PersistentId persistentId, URI assertionConsumerServiceUrl, String authnRequestIssuerEntityId, String hubEntityId) { 11 | super(id, hubEntityId, issueInstant, null, persistentId, assertionConsumerServiceUrl, authnRequestIssuerEntityId); 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/domain/VerifyMessage.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.domain; 2 | 3 | import org.joda.time.DateTime; 4 | 5 | public abstract class VerifyMessage { 6 | 7 | private String id; 8 | private String issuer; 9 | private DateTime issueInstant; 10 | 11 | protected VerifyMessage() { 12 | } 13 | 14 | public VerifyMessage(String id, String issuer, DateTime issueInstant) { 15 | this.id = id; 16 | this.issuer = issuer; 17 | this.issueInstant = issueInstant; 18 | } 19 | 20 | public String getId() { 21 | return id; 22 | } 23 | 24 | public String getIssuer() { 25 | return issuer; 26 | } 27 | 28 | public DateTime getIssueInstant() { 29 | return issueInstant; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/domain/VerifySamlMessage.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.domain; 2 | 3 | import org.joda.time.DateTime; 4 | 5 | import java.net.URI; 6 | 7 | public abstract class VerifySamlMessage extends VerifyMessage { 8 | 9 | private URI destination; 10 | 11 | protected VerifySamlMessage() { 12 | } 13 | 14 | public VerifySamlMessage(String id, String issuer, DateTime issueInstant, URI destination) { 15 | super(id, issuer, issueInstant); 16 | this.destination = destination; 17 | } 18 | 19 | public URI getDestination() { 20 | return destination; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/exception/SamlDuplicateRequestIdException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.exception; 2 | 3 | import org.slf4j.event.Level; 4 | import uk.gov.ida.saml.core.validation.SamlTransformationErrorException; 5 | 6 | public class SamlDuplicateRequestIdException extends SamlTransformationErrorException { 7 | public SamlDuplicateRequestIdException(String errorMessage, Exception cause, Level logLevel) { 8 | super(errorMessage, cause, logLevel); 9 | } 10 | 11 | public SamlDuplicateRequestIdException(String errorMessage, Level logLevel) { 12 | super(errorMessage, logLevel); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/exception/SamlRequestTooOldException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.exception; 2 | 3 | import org.slf4j.event.Level; 4 | import uk.gov.ida.saml.core.validation.SamlTransformationErrorException; 5 | 6 | public class SamlRequestTooOldException extends SamlTransformationErrorException { 7 | public SamlRequestTooOldException(String errorMessage, Exception cause, Level logLevel) { 8 | super(errorMessage, cause, logLevel); 9 | } 10 | 11 | public SamlRequestTooOldException(String errorMessage, Level logLevel) { 12 | super(errorMessage, logLevel); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/exception/SamlValidationException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.exception; 2 | 3 | import uk.gov.ida.saml.core.validation.SamlTransformationErrorException; 4 | import uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure; 5 | 6 | public class SamlValidationException extends SamlTransformationErrorException { 7 | public SamlValidationException(SamlValidationSpecificationFailure failure) { 8 | super(failure.getErrorMessage(), failure.getLogLevel()); 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/factories/AttributeQueryAttributeFactory.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.factories; 2 | 3 | import com.google.inject.Inject; 4 | import org.opensaml.saml.saml2.core.Attribute; 5 | import uk.gov.ida.saml.core.OpenSamlXmlObjectFactory; 6 | import uk.gov.ida.saml.hub.domain.UserAccountCreationAttribute; 7 | 8 | public class AttributeQueryAttributeFactory { 9 | 10 | private final OpenSamlXmlObjectFactory openSamlXmlObjectFactory; 11 | 12 | @Inject 13 | public AttributeQueryAttributeFactory(OpenSamlXmlObjectFactory openSamlXmlObjectFactory) { 14 | this.openSamlXmlObjectFactory = openSamlXmlObjectFactory; 15 | } 16 | 17 | public Attribute createAttribute(final UserAccountCreationAttribute userAccountCreationAttribute) { 18 | final Attribute attribute = openSamlXmlObjectFactory.createAttribute(); 19 | attribute.setName(userAccountCreationAttribute.getAttributeName()); 20 | attribute.setNameFormat(Attribute.UNSPECIFIED); 21 | return attribute; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/inbound/IdpIdaStatusUnmarshaller.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.inbound; 2 | 3 | import uk.gov.ida.saml.hub.domain.IdpIdaStatus; 4 | 5 | public class IdpIdaStatusUnmarshaller extends AuthenticationStatusUnmarshallerBase { 6 | public IdpIdaStatusUnmarshaller() { 7 | super(new SamlStatusToIdaStatusCodeMapper(), new IdpIdaStatus.IdpIdaStatusFactory()); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/inbound/InboundHealthCheckResponseFromMatchingServiceUnmarshaller.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.inbound; 2 | 3 | import org.opensaml.saml.saml2.core.Response; 4 | import uk.gov.ida.saml.hub.domain.InboundHealthCheckResponseFromMatchingService; 5 | 6 | public class InboundHealthCheckResponseFromMatchingServiceUnmarshaller { 7 | private MatchingServiceIdaStatusUnmarshaller statusUnmarshaller; 8 | 9 | public InboundHealthCheckResponseFromMatchingServiceUnmarshaller( 10 | MatchingServiceIdaStatusUnmarshaller statusUnmarshaller) { 11 | 12 | this.statusUnmarshaller = statusUnmarshaller; 13 | } 14 | 15 | public InboundHealthCheckResponseFromMatchingService fromSaml(Response response) { 16 | MatchingServiceIdaStatus transformedStatus = statusUnmarshaller.fromSaml(response.getStatus()); 17 | 18 | return new InboundHealthCheckResponseFromMatchingService( 19 | response.getID(), 20 | response.getInResponseTo(), 21 | response.getIssuer().getValue(), 22 | response.getIssueInstant(), 23 | transformedStatus); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/inbound/MatchingServiceIdaStatus.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.inbound; 2 | 3 | import uk.gov.ida.saml.core.domain.IdaStatus; 4 | 5 | public enum MatchingServiceIdaStatus implements IdaStatus { 6 | NoMatchingServiceMatchFromMatchingService, 7 | RequesterError, 8 | MatchingServiceMatch, 9 | UserAccountCreated, 10 | UserAccountCreationFailed, 11 | Healthy 12 | } 13 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/inbound/MatchingServiceIdaStatusUnmarshaller.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.inbound; 2 | 3 | import java.util.Map; 4 | 5 | public class MatchingServiceIdaStatusUnmarshaller extends IdaStatusUnmarshaller { 6 | 7 | private static final Map SAML_TO_REST_CODES = Map.of( 8 | IdaStatusMapperStatus.RequesterError, MatchingServiceIdaStatus.RequesterError, 9 | IdaStatusMapperStatus.NoMatchingServiceMatchFromMatchingService, MatchingServiceIdaStatus.NoMatchingServiceMatchFromMatchingService, 10 | IdaStatusMapperStatus.MatchingServiceMatch, MatchingServiceIdaStatus.MatchingServiceMatch, 11 | IdaStatusMapperStatus.Healthy, MatchingServiceIdaStatus.Healthy, 12 | IdaStatusMapperStatus.Created, MatchingServiceIdaStatus.UserAccountCreated, 13 | IdaStatusMapperStatus.CreateFailed, MatchingServiceIdaStatus.UserAccountCreationFailed); 14 | 15 | public MatchingServiceIdaStatusUnmarshaller() { 16 | super(SAML_TO_REST_CODES); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/inbound/SamlStatusToAuthenticationStatusCodeMapper.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.inbound; 2 | 3 | import org.opensaml.saml.saml2.core.Status; 4 | 5 | import java.util.Optional; 6 | 7 | public abstract class SamlStatusToAuthenticationStatusCodeMapper { 8 | 9 | public abstract Optional map(Status samlStatus); 10 | 11 | protected String getStatusCodeValue(final Status status) { 12 | return status.getStatusCode().getValue(); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/outbound/AssertionFromIdpToAssertionTransformer.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.outbound; 2 | 3 | import org.opensaml.saml.saml2.core.Assertion; 4 | import uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer; 5 | 6 | public class AssertionFromIdpToAssertionTransformer { 7 | 8 | private final StringToOpenSamlObjectTransformer stringAssertionTransformer; 9 | 10 | public AssertionFromIdpToAssertionTransformer(StringToOpenSamlObjectTransformer stringAssertionTransformer) { 11 | this.stringAssertionTransformer = stringAssertionTransformer; 12 | } 13 | 14 | public Assertion transform(String assertionString) { 15 | Assertion assertion = stringAssertionTransformer.apply(assertionString); 16 | assertion.detach(); 17 | return assertion; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/outbound/EncryptedAssertionUnmarshaller.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.outbound; 2 | 3 | 4 | import org.opensaml.saml.saml2.core.EncryptedAssertion; 5 | import uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer; 6 | 7 | public class EncryptedAssertionUnmarshaller { 8 | private final StringToOpenSamlObjectTransformer stringAssertionTransformer; 9 | 10 | public EncryptedAssertionUnmarshaller(StringToOpenSamlObjectTransformer stringAssertionTransformer) { 11 | this.stringAssertionTransformer = stringAssertionTransformer; 12 | } 13 | 14 | public EncryptedAssertion transform(String assertionString) { 15 | EncryptedAssertion assertion = stringAssertionTransformer.apply(assertionString); 16 | assertion.detach(); 17 | return assertion; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/outbound/OutboundLegacyResponseFromHubToStringFunctionSHA256.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.outbound; 2 | 3 | import uk.gov.ida.saml.core.domain.OutboundResponseFromHub; 4 | 5 | import java.util.function.Function; 6 | 7 | public class OutboundLegacyResponseFromHubToStringFunctionSHA256 implements Function { 8 | private Function transformer; 9 | 10 | public OutboundLegacyResponseFromHubToStringFunctionSHA256(Function transformer) { 11 | this.transformer = transformer; 12 | } 13 | 14 | @Override 15 | public String apply(OutboundResponseFromHub outboundResponseFromHub) { 16 | return transformer.apply(outboundResponseFromHub); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/outbound/OutboundSamlProfileResponseFromHubToStringFunctionSHA256.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.outbound; 2 | 3 | import uk.gov.ida.saml.core.domain.OutboundResponseFromHub; 4 | 5 | import java.util.function.Function; 6 | 7 | public class OutboundSamlProfileResponseFromHubToStringFunctionSHA256 implements Function { 8 | private Function transformer; 9 | 10 | public OutboundSamlProfileResponseFromHubToStringFunctionSHA256(Function transformer) { 11 | this.transformer = transformer; 12 | } 13 | 14 | @Override 15 | public String apply(OutboundResponseFromHub outboundResponseFromHub) { 16 | return transformer.apply(outboundResponseFromHub); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/transformers/outbound/decorators/NoOpSamlAttributeQueryAssertionEncrypter.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.outbound.decorators; 2 | 3 | import org.opensaml.saml.saml2.core.AttributeQuery; 4 | import uk.gov.ida.saml.core.domain.SamlAttributeQueryAssertionEncrypter; 5 | 6 | public class NoOpSamlAttributeQueryAssertionEncrypter extends SamlAttributeQueryAssertionEncrypter { 7 | public NoOpSamlAttributeQueryAssertionEncrypter() { 8 | super(null, null, null); 9 | } 10 | 11 | @Override 12 | public AttributeQuery encryptAssertions(AttributeQuery attributeQuery) { 13 | return attributeQuery; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/validators/authnrequest/AuthnRequestIdKey.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.authnrequest; 2 | 3 | import java.io.Serializable; 4 | import java.util.Objects; 5 | 6 | public class AuthnRequestIdKey implements Serializable { 7 | private final String requestId; 8 | 9 | public AuthnRequestIdKey(String requestId) { 10 | this.requestId = requestId; 11 | } 12 | 13 | public String getRequestId() { 14 | return requestId; 15 | } 16 | 17 | @Override 18 | public boolean equals(Object o) { 19 | if (this == o) return true; 20 | if (o == null || getClass() != o.getClass()) return false; 21 | 22 | AuthnRequestIdKey that = (AuthnRequestIdKey) o; 23 | 24 | return Objects.equals(requestId, that.requestId); 25 | } 26 | 27 | @Override 28 | public int hashCode() { 29 | return requestId != null ? requestId.hashCode() : 0; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/validators/authnrequest/AuthnRequestIssueInstantValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.authnrequest; 2 | 3 | import com.google.inject.Inject; 4 | import io.dropwizard.util.Duration; 5 | import org.joda.time.DateTime; 6 | import uk.gov.ida.saml.hub.configuration.SamlAuthnRequestValidityDurationConfiguration; 7 | 8 | public class AuthnRequestIssueInstantValidator { 9 | private final SamlAuthnRequestValidityDurationConfiguration samlAuthnRequestValidityDurationConfiguration; 10 | 11 | @Inject 12 | public AuthnRequestIssueInstantValidator(SamlAuthnRequestValidityDurationConfiguration samlAuthnRequestValidityDurationConfiguration) { 13 | 14 | this.samlAuthnRequestValidityDurationConfiguration = samlAuthnRequestValidityDurationConfiguration; 15 | } 16 | 17 | public boolean isValid(DateTime issueInstant) { 18 | final Duration authnRequestValidityDuration = samlAuthnRequestValidityDurationConfiguration.getAuthnRequestValidityDuration(); 19 | return !issueInstant.isBefore(DateTime.now().minus(authnRequestValidityDuration.toMilliseconds())); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/validators/authnrequest/ConcurrentMapIdExpirationCache.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.authnrequest; 2 | 3 | import org.joda.time.DateTime; 4 | 5 | import java.util.concurrent.ConcurrentMap; 6 | 7 | public class ConcurrentMapIdExpirationCache implements IdExpirationCache { 8 | private final ConcurrentMap map; 9 | 10 | public ConcurrentMapIdExpirationCache(ConcurrentMap map) { 11 | this.map = map; 12 | } 13 | 14 | @Override 15 | public boolean contains(T key) { 16 | return map.containsKey(key); 17 | } 18 | 19 | @Override 20 | public DateTime getExpiration(T key) { 21 | return map.get(key); 22 | } 23 | 24 | @Override 25 | public void setExpiration(T key, DateTime expirationTime) { 26 | map.put(key, expirationTime); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/validators/authnrequest/IdExpirationCache.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.authnrequest; 2 | 3 | import org.joda.time.DateTime; 4 | 5 | public interface IdExpirationCache { 6 | boolean contains(T key); 7 | 8 | DateTime getExpiration(T key); 9 | 10 | void setExpiration(T key, DateTime dateTime); 11 | } 12 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/validators/response/common/AssertionSizeValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.response.common; 2 | 3 | import uk.gov.ida.saml.deserializers.validators.SizeValidator; 4 | 5 | public class AssertionSizeValidator implements SizeValidator { 6 | 7 | @Override 8 | public void validate(String input) { 9 | // do nothing 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/validators/response/common/RequestIdValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.response.common; 2 | 3 | import org.opensaml.saml.saml2.core.Response; 4 | import uk.gov.ida.saml.hub.exception.SamlValidationException; 5 | 6 | import static uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyInResponseTo; 7 | import static uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.missingInResponseTo; 8 | 9 | public class RequestIdValidator { 10 | 11 | public static void validate(Response response) { 12 | String requestId = response.getInResponseTo(); 13 | if (requestId == null) throw new SamlValidationException(missingInResponseTo()); 14 | if (requestId.isEmpty()) throw new SamlValidationException(emptyInResponseTo()); 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/validators/response/common/ResponseMaxSizeValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.response.common; 2 | 3 | import javax.inject.Inject; 4 | import uk.gov.ida.saml.hub.validators.StringSizeValidator; 5 | 6 | public class ResponseMaxSizeValidator extends ResponseSizeValidator { 7 | private static final int LOWER_BOUND = 0; 8 | 9 | @Inject 10 | public ResponseMaxSizeValidator(StringSizeValidator validator) { 11 | super(validator); 12 | } 13 | 14 | @Override 15 | protected int getLowerBound() { 16 | return LOWER_BOUND; 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/hub/validators/response/common/ResponseSizeValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.response.common; 2 | 3 | import com.google.inject.Inject; 4 | import uk.gov.ida.saml.deserializers.validators.SizeValidator; 5 | import uk.gov.ida.saml.hub.validators.StringSizeValidator; 6 | 7 | 8 | public class ResponseSizeValidator implements SizeValidator { 9 | // Ensures someone doing nasty things cannot get loads of data out of core hub in a single response 10 | 11 | private static final int LOWER_BOUND = 1400; 12 | private static final int UPPER_BOUND = 50000; 13 | 14 | private final StringSizeValidator validator; 15 | 16 | @Inject 17 | public ResponseSizeValidator(StringSizeValidator validator) { 18 | this.validator = validator; 19 | } 20 | 21 | @Override 22 | public void validate(String input) { 23 | validator.validate(input, getLowerBound(), getUpperBound()); 24 | } 25 | 26 | private int getUpperBound() { 27 | return UPPER_BOUND; 28 | } 29 | 30 | protected int getLowerBound() { 31 | return LOWER_BOUND; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/metadata/domain/AssertionConsumerServiceEndpointDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.metadata.domain; 2 | 3 | 4 | import java.net.URI; 5 | 6 | public class AssertionConsumerServiceEndpointDto extends SamlEndpointDto { 7 | 8 | private boolean isDefault; 9 | private int index; 10 | 11 | @SuppressWarnings("unused") // needed for JAXB 12 | private AssertionConsumerServiceEndpointDto() { 13 | } 14 | 15 | public AssertionConsumerServiceEndpointDto(URI location, boolean isDefault, int index) { 16 | super(SamlEndpointDto.Binding.POST, location); // Assertion Consumer Services must always be post 17 | this.isDefault = isDefault; 18 | this.index = index; 19 | } 20 | 21 | public boolean getIsDefault() { 22 | return isDefault; 23 | } 24 | 25 | public int getIndex() { 26 | return index; 27 | } 28 | 29 | public static AssertionConsumerServiceEndpointDto createAssertionConsumerService(URI location, boolean isDefault, int index) { 30 | return new AssertionConsumerServiceEndpointDto(location, isDefault, index); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/metadata/domain/OrganisationDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.metadata.domain; 2 | 3 | public class OrganisationDto { 4 | private String displayName; 5 | private String name; 6 | private String url; 7 | 8 | @SuppressWarnings("unused")//Needed by JAXB 9 | private OrganisationDto() {} 10 | 11 | public OrganisationDto(String displayName, String name, String url) { 12 | this.displayName = displayName; 13 | this.name = name; 14 | this.url = url; 15 | } 16 | 17 | public String getDisplayName() { 18 | return displayName; 19 | } 20 | 21 | public String getName() { 22 | return name; 23 | } 24 | 25 | public String getUrl() { 26 | return url; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/metadata/domain/SamlEndpointDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.metadata.domain; 2 | 3 | import java.net.URI; 4 | 5 | public class SamlEndpointDto { 6 | 7 | private Binding binding; 8 | private URI location; 9 | 10 | SamlEndpointDto() {} 11 | 12 | public SamlEndpointDto(Binding binding, URI location) { 13 | this.binding = binding; 14 | this.location = location; 15 | } 16 | 17 | public enum Binding { 18 | POST, 19 | SOAP 20 | } 21 | 22 | public static SamlEndpointDto createPostBinding(URI location){ 23 | return new SamlEndpointDto(Binding.POST, location); 24 | } 25 | 26 | public static SamlEndpointDto createSoapBinding(URI location) { 27 | return new SamlEndpointDto(Binding.SOAP, location); 28 | } 29 | 30 | public Binding getBinding() { 31 | return binding; 32 | } 33 | 34 | public URI getLocation() { 35 | return location; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/metadata/exceptions/HubEntityMissingException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.metadata.exceptions; 2 | 3 | public class HubEntityMissingException extends RuntimeException { 4 | public HubEntityMissingException(String msg) { 5 | super(msg); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub-saml/src/main/java/uk/gov/ida/saml/metadata/exceptions/NoKeyConfiguredForEntityException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.metadata.exceptions; 2 | 3 | import static java.text.MessageFormat.format; 4 | 5 | public class NoKeyConfiguredForEntityException extends RuntimeException { 6 | public NoKeyConfiguredForEntityException(String entityId) { 7 | super(format("KeyStore contains no keys for Entity: {0}", entityId)); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /hub-saml/src/test/java/uk/gov/ida/saml/core/DateTimeFreezer.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.core; 2 | 3 | import org.joda.time.DateTime; 4 | import org.joda.time.DateTimeUtils; 5 | 6 | public abstract class DateTimeFreezer { 7 | 8 | public static void freezeTime (DateTime dateTime) { 9 | DateTimeUtils.setCurrentMillisFixed(dateTime.getMillis()); 10 | } 11 | 12 | public static void freezeTime() { 13 | unfreezeTime(); 14 | DateTimeUtils.setCurrentMillisFixed(DateTime.now().getMillis()); 15 | } 16 | 17 | public static void unfreezeTime() { 18 | DateTimeUtils.setCurrentMillisSystem(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /hub-saml/src/test/java/uk/gov/ida/saml/hub/transformers/outbound/decorators/StringEncoding.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.transformers.outbound.decorators; 2 | 3 | import org.apache.commons.codec.binary.Base64; 4 | 5 | import static org.apache.commons.codec.binary.StringUtils.newStringUtf8; 6 | 7 | public abstract class StringEncoding { 8 | 9 | public static String toBase64Encoded(byte[] bytes) { 10 | return newStringUtf8(Base64.encodeBase64(bytes)); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /hub-saml/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker: -------------------------------------------------------------------------------- 1 | mock-maker-inline -------------------------------------------------------------------------------- /hub-saml/src/test/resources/status-authnfailed-with-detail.xml: -------------------------------------------------------------------------------- 1 | 8 | http://stub-idp 9 | 10 | 11 | 12 | 13 | 14 | authn-cancel 15 | 16 | 17 | -------------------------------------------------------------------------------- /hub-saml/src/test/resources/status-cancel.xml: -------------------------------------------------------------------------------- 1 | 8 | http://stub-idp 9 | 10 | 11 | 12 | 13 | 14 | authn-cancel 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /hub-saml/src/test/resources/status-noauthncontext-withotherdetail.xml: -------------------------------------------------------------------------------- 1 | 8 | http://stub-idp 9 | 10 | 11 | 12 | 13 | 14 | other-detail-value 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /hub-saml/src/test/resources/status-noauthncontext.xml: -------------------------------------------------------------------------------- 1 | 8 | http://stub-idp 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /hub-saml/src/test/resources/status-pending.xml: -------------------------------------------------------------------------------- 1 | 8 | http://stub-idp 9 | 10 | 11 | 12 | 13 | 14 | loa-pending 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /hub-saml/src/test/resources/status-success-with-cancel.xml: -------------------------------------------------------------------------------- 1 | 8 | http://stub-idp 9 | 10 | 11 | 12 | authn-cancel 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /hub-saml/src/test/resources/status-unknown.xml: -------------------------------------------------------------------------------- 1 | 8 | http://stub-idp 9 | 10 | 11 | 12 | 13 | 14 | unknown-detail 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /hub/config/build.gradle: -------------------------------------------------------------------------------- 1 | dependencies { 2 | testImplementation configurations.test_deps_compile, 3 | configurations.test_utils, 4 | configurations.dev_pki, 5 | configurations.snakeYaml, 6 | configurations.s3mock 7 | 8 | implementation configurations.ida_utils, 9 | configurations.config, 10 | configurations.dropwizard, 11 | configurations.common, 12 | configurations.prometheus, 13 | configurations.awssdk, 14 | project(':hub:shared') 15 | } 16 | 17 | apply plugin: 'application' 18 | ext.mainclass = 'uk.gov.ida.hub.config.ConfigApplication' 19 | mainClassName = ext.mainclass 20 | 21 | task jarTest(type: Jar) { 22 | from sourceSets.test.output 23 | classifier = 'test' 24 | } 25 | 26 | configurations { 27 | configTest 28 | } 29 | 30 | artifacts { 31 | configTest jarTest 32 | } 33 | 34 | apply from: "${rootDir}/inttest.gradle" 35 | 36 | tasks.check.dependsOn(intTest) 37 | -------------------------------------------------------------------------------- /hub/config/src/integration-test/java/uk/gov/ida/integrationtest/hub/config/apprule/support/Message.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.config.apprule.support; 2 | 3 | public class Message { 4 | private final String message; 5 | private final boolean present; 6 | 7 | private Message(final String message, final boolean present) { 8 | this.message = message; 9 | this.present = present; 10 | } 11 | 12 | public static Message messageShouldBePresent(final String message) { 13 | return new Message(message, true); 14 | } 15 | 16 | public static Message messageShouldNotBePresent(final String message) { 17 | return new Message(message, false); 18 | } 19 | 20 | public String getMessage() { 21 | return message; 22 | } 23 | 24 | public boolean isPresent() { 25 | return present; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/S3ConfigSourceModule.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config; 2 | 3 | import com.amazonaws.services.s3.AmazonS3ClientBuilder; 4 | import com.fasterxml.jackson.databind.ObjectMapper; 5 | import com.google.inject.AbstractModule; 6 | import com.google.inject.Provides; 7 | import uk.gov.ida.hub.config.configuration.SelfServiceConfig; 8 | import uk.gov.ida.hub.config.data.S3ConfigSource; 9 | 10 | import javax.inject.Singleton; 11 | 12 | public class S3ConfigSourceModule extends AbstractModule { 13 | 14 | @Override 15 | protected void configure() { 16 | } 17 | 18 | @Provides 19 | @Singleton 20 | @SuppressWarnings("unused") 21 | private S3ConfigSource getS3ConfigSource(ConfigConfiguration configConfiguration, ObjectMapper objectMapper) { 22 | SelfServiceConfig selfServiceConfig = configConfiguration.getSelfService(); 23 | if (selfServiceConfig.isEnabled()) { 24 | return new S3ConfigSource( 25 | selfServiceConfig, 26 | AmazonS3ClientBuilder.standard().withRegion("eu-west-2").build(), 27 | objectMapper); 28 | } 29 | return new S3ConfigSource(); 30 | } 31 | } 32 | 33 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/annotations/CertificateConfigValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | import static java.lang.annotation.ElementType.FIELD; 8 | import static java.lang.annotation.ElementType.METHOD; 9 | import static java.lang.annotation.ElementType.PARAMETER; 10 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 11 | 12 | @BindingAnnotation 13 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 14 | public @interface CertificateConfigValidator { } 15 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/configuration/PrometheusClientServiceConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.configuration; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | import io.dropwizard.util.Duration; 5 | 6 | import javax.validation.Valid; 7 | import javax.validation.constraints.NotNull; 8 | 9 | public class PrometheusClientServiceConfiguration { 10 | @NotNull 11 | @Valid 12 | @JsonProperty 13 | private Boolean enable = false; 14 | 15 | @NotNull 16 | @Valid 17 | @JsonProperty 18 | private Duration initialDelay = Duration.seconds(10); 19 | 20 | @NotNull 21 | @Valid 22 | @JsonProperty 23 | private Duration delay = Duration.minutes(15); 24 | 25 | public PrometheusClientServiceConfiguration() { } 26 | 27 | public Boolean getEnable() { 28 | return enable; 29 | } 30 | 31 | public Duration getInitialDelay() { 32 | return initialDelay; 33 | } 34 | 35 | public Duration getDelay() { 36 | return delay; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/data/ConfigDataSource.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.data; 2 | 3 | import java.util.Collection; 4 | 5 | public interface ConfigDataSource { 6 | Collection loadConfig(); 7 | } 8 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/data/ConfigRepository.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.data; 2 | 3 | import java.util.Collection; 4 | import java.util.Optional; 5 | 6 | public interface ConfigRepository { 7 | 8 | Optional get(String id); 9 | Collection getAll(); 10 | boolean has(String id); 11 | 12 | } -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/data/ConnectedServiceConfigRepository.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.data; 2 | 3 | import uk.gov.ida.hub.config.domain.remoteconfig.RemoteConfigCollection; 4 | import uk.gov.ida.hub.config.domain.remoteconfig.RemoteConnectedServiceConfig; 5 | 6 | public class ConnectedServiceConfigRepository { 7 | private S3ConfigSource s3ConfigSource; 8 | 9 | public ConnectedServiceConfigRepository(S3ConfigSource s3ConfigSource) { 10 | this.s3ConfigSource = s3ConfigSource; 11 | } 12 | 13 | public RemoteConnectedServiceConfig get(String entityId) { 14 | RemoteConfigCollection remoteConfigCollection = s3ConfigSource.getRemoteConfig(); 15 | return remoteConfigCollection.getConnectedServices().get(entityId); 16 | } 17 | } -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/CertificateConfigurable.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain; 2 | 3 | import uk.gov.ida.hub.config.dto.FederationEntityType; 4 | 5 | import java.util.ArrayList; 6 | import java.util.Collection; 7 | import java.util.List; 8 | 9 | public interface CertificateConfigurable extends EntityIdentifiable { 10 | 11 | boolean isSelfService(); 12 | Certificate getEncryptionCertificate(); 13 | Collection getSignatureVerificationCertificates(); 14 | 15 | default boolean isEnabled() { 16 | return true; 17 | } 18 | 19 | T override(List signatureVerificationCertificateList, String encryptionCertificate, CertificateOrigin certificateOrigin); 20 | 21 | FederationEntityType getEntityType(); 22 | 23 | default Collection getAllCertificates(){ 24 | List certs = new ArrayList(); 25 | certs.add(getEncryptionCertificate()); 26 | certs.addAll(getSignatureVerificationCertificates()); 27 | return certs; 28 | } 29 | } -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/CertificateOrigin.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain; 2 | 3 | public enum CertificateOrigin { 4 | SELFSERVICE (false), 5 | FEDERATION (true); 6 | 7 | 8 | private final boolean shouldCheckTrustChain; 9 | 10 | CertificateOrigin(boolean shouldcheckTrustChain) { 11 | this.shouldCheckTrustChain = shouldcheckTrustChain; 12 | } 13 | 14 | 15 | public boolean shouldCheckTrustChain() { 16 | return shouldCheckTrustChain; 17 | } 18 | } -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/CertificateUse.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain; 2 | 3 | public enum CertificateUse { 4 | ENCRYPTION, 5 | SIGNING 6 | } 7 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/Cycle3AttributeName.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain; 2 | 3 | /** 4 | * This enum is *only* used when loading the attribute names from config files, to ensure that we are 5 | * using an expected attribute. Config will fail to start if the cycle3 attribute name is not in this 6 | * enum. 7 | */ 8 | public enum Cycle3AttributeName { 9 | DrivingLicenceNumber, 10 | NationalInsuranceNumber, 11 | SaUniqueTaxpayerReference, 12 | sbiPiVendorNo, 13 | LandRegistryBorrowerReference, 14 | CICAEmailAddress 15 | } 16 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/EntityIdentifiable.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain; 2 | 3 | public interface EntityIdentifiable { 4 | String getEntityId(); 5 | } 6 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/LevelOfAssurance.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain; 2 | 3 | // Do not change the ordering of this enum 4 | public enum LevelOfAssurance { 5 | LEVEL_X, 6 | LEVEL_1, 7 | LEVEL_2, 8 | LEVEL_3, 9 | LEVEL_4 10 | } 11 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/MatchingProcess.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | import javax.validation.Valid; 6 | import javax.validation.constraints.NotNull; 7 | 8 | public class MatchingProcess { 9 | 10 | @Valid 11 | @NotNull 12 | @JsonProperty 13 | private Cycle3AttributeName cycle3AttributeName; 14 | 15 | @SuppressWarnings("unused") // needed by jaxb 16 | private MatchingProcess() {} 17 | 18 | public MatchingProcess(String cycle3AttributeName) { 19 | this.cycle3AttributeName = Cycle3AttributeName.valueOf(cycle3AttributeName); 20 | } 21 | 22 | public String getCycle3AttributeName() { 23 | return cycle3AttributeName.name(); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/remoteconfig/RemoteCertificateConfig.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain.remoteconfig; 2 | 3 | import com.fasterxml.jackson.annotation.JsonIgnoreProperties; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | 6 | @JsonIgnoreProperties(ignoreUnknown = true) 7 | public class RemoteCertificateConfig { 8 | 9 | @JsonProperty 10 | protected String id; 11 | 12 | @JsonProperty 13 | protected String name; 14 | 15 | @JsonProperty 16 | protected String value; 17 | 18 | @SuppressWarnings("unused") 19 | public RemoteCertificateConfig() { 20 | } 21 | 22 | public String getName() { 23 | return name; 24 | } 25 | 26 | public String getValue() { 27 | return value; 28 | } 29 | 30 | public String getId() { 31 | return id; 32 | } 33 | 34 | public void setId(String id) { 35 | this.id = id; 36 | } 37 | 38 | public void setName(String name) { 39 | this.name = name; 40 | } 41 | 42 | public void setValue(String value) { 43 | this.value = value; 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/domain/remoteconfig/RemoteComponentConfig.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain.remoteconfig; 2 | 3 | import java.util.List; 4 | import java.util.Optional; 5 | import java.util.stream.Collectors; 6 | 7 | public interface RemoteComponentConfig { 8 | 9 | RemoteCertificateConfig getEncryptionCertificateConfig(); 10 | List getSigningCertificatesConfig(); 11 | 12 | default List getSignatureVerificationCertificates() { 13 | return getSigningCertificatesConfig().stream() 14 | .map(RemoteCertificateConfig::getValue) 15 | .collect(Collectors.toList()); 16 | } 17 | 18 | default String getEncryptionCertificate() { 19 | return Optional.of(getEncryptionCertificateConfig()) 20 | .map(RemoteCertificateConfig::getValue) 21 | .get(); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/dto/CertificateExpiryStatus.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.dto; 2 | 3 | public enum CertificateExpiryStatus { 4 | OK, 5 | CRITICAL, 6 | WARNING 7 | } 8 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/dto/FederationEntityType.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.dto; 2 | 3 | public enum FederationEntityType { 4 | IDP, 5 | RP, 6 | MS, 7 | HUB 8 | } 9 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/dto/MatchingProcessDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.dto; 2 | 3 | import java.util.Optional; 4 | 5 | public class MatchingProcessDto { 6 | 7 | private String attributeName; 8 | 9 | @SuppressWarnings("unused") // needed by jaxb 10 | private MatchingProcessDto() {} 11 | 12 | public MatchingProcessDto(String attributeName) { 13 | this.attributeName = attributeName; 14 | } 15 | 16 | public Optional getAttributeName() { 17 | return Optional.ofNullable(attributeName); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/dto/ResourceLocationDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.dto; 2 | 3 | import java.net.URI; 4 | 5 | public class ResourceLocationDto { 6 | private URI target; 7 | 8 | @SuppressWarnings("unused") // NEEDED BY JAXB 9 | protected ResourceLocationDto() { 10 | } 11 | 12 | public ResourceLocationDto(URI target) { 13 | this.target = target; 14 | } 15 | 16 | public URI getTarget() { 17 | return target; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/exceptions/CertificateDisabledException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.exceptions; 2 | 3 | public class CertificateDisabledException extends RuntimeException { 4 | } 5 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/exceptions/NoCertificateFoundException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.exceptions; 2 | 3 | public class NoCertificateFoundException extends RuntimeException { 4 | public NoCertificateFoundException(){} 5 | public NoCertificateFoundException(String message) { super(message); } 6 | } 7 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/filters/SessionIdQueryParamLoggingFilter.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.filters; 2 | 3 | import org.jboss.logging.MDC; 4 | 5 | import javax.servlet.Filter; 6 | import javax.servlet.FilterChain; 7 | import javax.servlet.FilterConfig; 8 | import javax.servlet.ServletException; 9 | import javax.servlet.ServletRequest; 10 | import javax.servlet.ServletResponse; 11 | import java.io.IOException; 12 | 13 | public class SessionIdQueryParamLoggingFilter implements Filter { 14 | 15 | @Override 16 | public void init(final FilterConfig filterConfig) { 17 | // this method intentionally left blank 18 | } 19 | 20 | @Override 21 | public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { 22 | String sessionId = servletRequest.getParameter("sessionId"); 23 | if (sessionId != null) { 24 | MDC.put("SessionId", sessionId); 25 | } 26 | filterChain.doFilter(servletRequest, servletResponse); 27 | } 28 | 29 | @Override 30 | public void destroy() { 31 | // this method intentionally left blank 32 | } 33 | } -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/healthcheck/ConfigHealthCheck.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.healthcheck; 2 | 3 | import com.codahale.metrics.health.HealthCheck; 4 | 5 | import javax.inject.Inject; 6 | 7 | public class ConfigHealthCheck extends HealthCheck { 8 | 9 | @Inject 10 | public ConfigHealthCheck() { 11 | } 12 | 13 | public String getName() { 14 | return "Config Health Check"; 15 | } 16 | 17 | @Override 18 | protected Result check() { 19 | return Result.healthy(); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub/config/src/main/java/uk/gov/ida/hub/config/validators/DuplicateEntityIdConfigValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.validators; 2 | 3 | import uk.gov.ida.hub.config.domain.EntityIdentifiable; 4 | import uk.gov.ida.hub.config.exceptions.ConfigValidationException; 5 | 6 | import java.util.Collection; 7 | import java.util.HashSet; 8 | import java.util.Set; 9 | 10 | public class DuplicateEntityIdConfigValidator { 11 | 12 | public void validate(Collection configDataCollection) { 13 | Set knownEntityIds = new HashSet<>(configDataCollection.size()); 14 | 15 | for (EntityIdentifiable datum : configDataCollection) { 16 | String entityId = datum.getEntityId(); 17 | if (knownEntityIds.contains(entityId)) { 18 | throw ConfigValidationException.createDuplicateEntityIdException(entityId); 19 | } 20 | knownEntityIds.add(entityId); 21 | } 22 | 23 | } 24 | 25 | } 26 | -------------------------------------------------------------------------------- /hub/config/src/test/java/uk/gov/ida/hub/config/domain/builders/KeyPairBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain.builders; 2 | 3 | import java.security.KeyPair; 4 | import java.security.KeyPairGenerator; 5 | import java.security.NoSuchAlgorithmException; 6 | 7 | public class KeyPairBuilder { 8 | public KeyPair build() { 9 | KeyPair keyPair = null; 10 | 11 | try { 12 | KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); 13 | keyGen.initialize(1024); 14 | keyPair = keyGen.generateKeyPair(); 15 | } catch(NoSuchAlgorithmException e) { 16 | throw new RuntimeException(e); 17 | } 18 | 19 | return keyPair; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub/config/src/test/java/uk/gov/ida/hub/config/domain/builders/MatchingProcessBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.config.domain.builders; 2 | 3 | import uk.gov.ida.hub.config.domain.MatchingProcess; 4 | 5 | public class MatchingProcessBuilder { 6 | 7 | private String cycle3AttributeName; 8 | 9 | public static MatchingProcessBuilder aMatchingProcess() { 10 | return new MatchingProcessBuilder(); 11 | } 12 | 13 | public MatchingProcess build() { 14 | return new MatchingProcess(cycle3AttributeName); 15 | } 16 | 17 | public MatchingProcessBuilder withCycle3AttributeName(String attributeName) { 18 | this.cycle3AttributeName = attributeName; 19 | return this; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub/config/src/test/java/uk/gov/ida/hub/shared/ValidationTestHelper.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.shared; 2 | 3 | import javax.validation.ConstraintViolation; 4 | import javax.validation.Validation; 5 | import javax.validation.Validator; 6 | import javax.validation.ValidatorFactory; 7 | import java.util.Set; 8 | 9 | public class ValidationTestHelper { 10 | 11 | public static Set> runValidations(T data) { 12 | ValidatorFactory factory = Validation.buildDefaultValidatorFactory(); 13 | Validator validator = factory.getValidator(); 14 | return validator.validate(data); 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /hub/policy/build.gradle: -------------------------------------------------------------------------------- 1 | dependencies { 2 | testImplementation configurations.test_deps_compile, 3 | configurations.test_utils, 4 | configurations.saml, 5 | configurations.redis_test, 6 | configurations.dev_pki, 7 | 'nl.jqno.equalsverifier:equalsverifier:3.11' 8 | 9 | implementation configurations.ida_utils, 10 | configurations.verify_event_emitter, 11 | configurations.common, 12 | configurations.dropwizard, 13 | configurations.prometheus, 14 | configurations.redis, 15 | configurations.saml, 16 | project(':hub:shared') 17 | } 18 | 19 | apply plugin: 'application' 20 | ext.mainclass = 'uk.gov.ida.hub.policy.PolicyApplication' 21 | mainClassName = ext.mainclass 22 | 23 | apply from: "${rootDir}/inttest.gradle" 24 | 25 | tasks.check.dependsOn(intTest) 26 | -------------------------------------------------------------------------------- /hub/policy/doc/adr/0001-record-architechture-decisions.md: -------------------------------------------------------------------------------- 1 | # 1. Record architecture decisions 2 | 3 | Date: 15/05/2017 4 | 5 | ## Status 6 | 7 | Accepted 8 | 9 | ## Context 10 | 11 | We need to record the architectural decisions made on this project. 12 | 13 | ## Decision 14 | 15 | We will use Architecture Decision Records, as described by Michael Nygard in this article: http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions 16 | 17 | ## Consequences 18 | 19 | See Michael Nygard's article, linked above. 20 | -------------------------------------------------------------------------------- /hub/policy/doc/adr/0002-extend-policy-session-length.md: -------------------------------------------------------------------------------- 1 | # 1. Record architecture decisions 2 | 3 | Date: 15/05/2017 4 | 5 | ## Status 6 | 7 | Accepted 8 | 9 | ## Context 10 | 11 | At present approximately 20% of users take >1 hour to verify at an IDP. In order to improve completion rate in the hub we are proposing to increase this time to 1.5 hours. 12 | This will mean that almost all users should verify before the session times out in Policy. 13 | 14 | ## Decision 15 | 16 | The policy session timeout value is set via application config (authn_session_validity_period) managed by ida-webops. 17 | 18 | ## Consequences 19 | 20 | There should be no negative impact on the hub journey. However if the RP's timeout is <1.5h the user will see a failure when they reach the RP 21 | There is also a the at 2 hours (infinispan_expiration). This value (also managed by ida-webops)will also be increased to 2.5 hours. 22 | -------------------------------------------------------------------------------- /hub/policy/src/integration-test/java/uk/gov/ida/integrationtest/hub/policy/apprule/support/EventSinkStubExtension.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.policy.apprule.support; 2 | 3 | import httpstub.HttpStubExtension; 4 | import uk.gov.ida.hub.policy.Urls; 5 | 6 | import javax.ws.rs.core.Response; 7 | 8 | public class EventSinkStubExtension extends HttpStubExtension { 9 | public void setupStubForLogging() { 10 | register(Urls.HubSupportUrls.HUB_SUPPORT_EVENT_SINK_RESOURCE, Response.Status.OK.getStatusCode()); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /hub/policy/src/integration-test/java/uk/gov/ida/integrationtest/hub/policy/apprule/support/PolicyIntegrationApplication.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.policy.apprule.support; 2 | 3 | import io.dropwizard.setup.Environment; 4 | import uk.gov.ida.hub.policy.PolicyApplication; 5 | import uk.gov.ida.hub.policy.PolicyModule; 6 | import uk.gov.ida.hub.policy.configuration.PolicyConfiguration; 7 | 8 | public class PolicyIntegrationApplication extends PolicyApplication { 9 | 10 | @Override 11 | protected void registerResources(PolicyConfiguration configuration, Environment environment) { 12 | super.registerResources(configuration, environment); 13 | environment.jersey().register(TestSessionResource.class); 14 | } 15 | 16 | @Override 17 | protected PolicyModule getPolicyModule() { 18 | return new PolicyModuleForIntegrationTests(); 19 | } 20 | 21 | private static class PolicyModuleForIntegrationTests extends PolicyModule { 22 | @Override 23 | protected void configure() { 24 | bind(TestSessionRepository.class); 25 | super.configure(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub/policy/src/integration-test/java/uk/gov/ida/integrationtest/hub/policy/apprule/support/RedisTestExtension.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.policy.apprule.support; 2 | 3 | import org.junit.jupiter.api.extension.AfterAllCallback; 4 | import org.junit.jupiter.api.extension.BeforeAllCallback; 5 | import org.junit.jupiter.api.extension.ExtensionContext; 6 | import org.junit.rules.ExternalResource; 7 | import redis.embedded.Redis; 8 | import redis.embedded.RedisServer; 9 | 10 | import java.io.IOException; 11 | 12 | public class RedisTestExtension implements BeforeAllCallback, AfterAllCallback { 13 | private Redis redis; 14 | 15 | public RedisTestExtension(int port) { 16 | redis = RedisServer.builder().setting("bind 127.0.0.1").port(port).build(); 17 | } 18 | 19 | @Override 20 | public void afterAll(ExtensionContext context) throws Exception { 21 | redis.stop(); 22 | } 23 | 24 | @Override 25 | public void beforeAll(ExtensionContext context) throws Exception { 26 | redis.start(); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub/policy/src/integration-test/java/uk/gov/ida/integrationtest/hub/policy/apprule/support/SamlSoapProxyProxyStubExtension.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.policy.apprule.support; 2 | 3 | import com.fasterxml.jackson.core.JsonProcessingException; 4 | import httpstub.HttpStubExtension; 5 | import uk.gov.ida.hub.policy.Urls; 6 | import uk.gov.ida.hub.policy.domain.SessionId; 7 | 8 | import javax.ws.rs.core.Response; 9 | import javax.ws.rs.core.UriBuilder; 10 | import java.net.URI; 11 | 12 | public class SamlSoapProxyProxyStubExtension extends HttpStubExtension { 13 | public void setUpStubForSendHubMatchingServiceRequest(SessionId sessionId) throws JsonProcessingException { 14 | URI uri = UriBuilder 15 | .fromPath(Urls.SamlSoapProxyUrls.MATCHING_SERVICE_REQUEST_SENDER_RESOURCE) 16 | .queryParam(Urls.SharedUrls.SESSION_ID_PARAM, sessionId) 17 | .build(); 18 | Response response = Response.status(Response.Status.ACCEPTED).build(); 19 | register(uri.getPath(), Response.Status.ACCEPTED.getStatusCode(), response); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub/policy/src/integration-test/java/uk/gov/ida/integrationtest/hub/policy/apprule/support/TestSessionRepository.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.policy.apprule.support; 2 | 3 | import uk.gov.ida.hub.policy.domain.SessionId; 4 | import uk.gov.ida.hub.policy.domain.State; 5 | import uk.gov.ida.hub.policy.session.SessionStore; 6 | 7 | import javax.inject.Inject; 8 | 9 | public class TestSessionRepository { 10 | 11 | private final SessionStore dataStore; 12 | 13 | @Inject 14 | public TestSessionRepository(SessionStore dataStore) { 15 | this.dataStore = dataStore; 16 | } 17 | 18 | public void createSession(SessionId sessionId, State state) { 19 | dataStore.insert(sessionId, state); 20 | } 21 | 22 | public State getSession(SessionId sessionId) { 23 | return dataStore.get(sessionId); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /hub/policy/src/integration-test/java/uk/gov/ida/integrationtest/hub/policy/builders/PersistentIdBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.policy.builders; 2 | 3 | import uk.gov.ida.hub.policy.domain.PersistentId; 4 | 5 | public class PersistentIdBuilder { 6 | 7 | private String nameId = "default-name-id"; 8 | 9 | public static PersistentIdBuilder aPersistentId() { 10 | return new PersistentIdBuilder(); 11 | } 12 | 13 | public PersistentId build() { 14 | return new PersistentId(nameId); 15 | } 16 | 17 | public PersistentIdBuilder withNameId(String persistentId) { 18 | this.nameId = persistentId; 19 | return this; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub/policy/src/integration-test/java/uk/gov/ida/integrationtest/hub/policy/builders/SamlResponseDtoBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.policy.builders; 2 | 3 | import uk.gov.ida.hub.policy.contracts.SamlResponseDto; 4 | 5 | import java.util.UUID; 6 | 7 | public class SamlResponseDtoBuilder { 8 | 9 | private String samlMessage = UUID.randomUUID().toString(); 10 | 11 | public static SamlResponseDtoBuilder anAttributeQueryResponse() { 12 | return new SamlResponseDtoBuilder(); 13 | } 14 | 15 | public SamlResponseDto build() { 16 | return new SamlResponseDto(samlMessage); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/SessionStoreStartupTasks.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy; 2 | 3 | import io.dropwizard.lifecycle.Managed; 4 | import uk.gov.ida.hub.policy.domain.SessionId; 5 | import uk.gov.ida.hub.policy.session.SessionStore; 6 | 7 | import javax.inject.Inject; 8 | 9 | public class SessionStoreStartupTasks implements Managed { 10 | 11 | private final SessionStore sessionStore; 12 | 13 | @Inject 14 | public SessionStoreStartupTasks(SessionStore sessionStore) { 15 | this.sessionStore = sessionStore; 16 | } 17 | 18 | @Override 19 | public void start() { 20 | SessionId newSessionId = SessionId.createNewSessionId(); 21 | sessionStore.get(newSessionId); 22 | } 23 | 24 | @Override 25 | public void stop() { 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/annotations/Config.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface Config {} 16 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/annotations/SamlEngine.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface SamlEngine {} 16 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/annotations/SamlSoapProxy.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface SamlSoapProxy {} 16 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/configuration/AssertionLifetimeConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.configuration; 2 | 3 | import io.dropwizard.util.Duration; 4 | 5 | //TODO move into a shared library 6 | public interface AssertionLifetimeConfiguration { 7 | Duration getAssertionLifetime(); 8 | } 9 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/configuration/RedisConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.configuration; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | import io.lettuce.core.RedisURI; 5 | 6 | import javax.validation.Valid; 7 | import java.net.URI; 8 | import java.time.Duration; 9 | 10 | import static java.time.temporal.ChronoUnit.MINUTES; 11 | import static java.time.temporal.ChronoUnit.SECONDS; 12 | 13 | public class RedisConfiguration { 14 | 15 | @Valid 16 | @JsonProperty 17 | private Duration recordTTL = Duration.of(150, MINUTES); 18 | 19 | @Valid 20 | @JsonProperty 21 | private URI uri; 22 | 23 | @Valid 24 | @JsonProperty 25 | private Duration timeout = Duration.of(20L, SECONDS); 26 | 27 | public Long getRecordTTL() { 28 | return recordTTL.getSeconds(); 29 | } 30 | 31 | public RedisURI getUri() { 32 | return RedisURI.create(uri); 33 | } 34 | 35 | public Duration getTimeout() { 36 | return timeout; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/configuration/SessionStoreConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.configuration; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | public class SessionStoreConfiguration { 6 | 7 | @JsonProperty 8 | private RedisConfiguration redis; 9 | 10 | public RedisConfiguration getRedisConfiguration() { 11 | return redis; 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/contracts/SamlMessageDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.contracts; 2 | 3 | public class SamlMessageDto { 4 | private String samlMessage; 5 | 6 | public SamlMessageDto(String samlMessage) { 7 | this.samlMessage = samlMessage; 8 | } 9 | 10 | protected SamlMessageDto() { 11 | 12 | } 13 | 14 | public String getSamlMessage() { 15 | return samlMessage; 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/contracts/SamlRequestDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.contracts; 2 | 3 | import java.net.URI; 4 | 5 | public class SamlRequestDto { 6 | private String samlRequest; 7 | private URI ssoUri; 8 | 9 | @SuppressWarnings("unused") // needed for JAXB 10 | private SamlRequestDto() {} 11 | 12 | public SamlRequestDto(String samlRequest, URI ssoUri) { 13 | this.samlRequest = samlRequest; 14 | this.ssoUri = ssoUri; 15 | } 16 | 17 | public String getSamlRequest() { 18 | return samlRequest; 19 | } 20 | 21 | public URI getSsoUri() { 22 | return ssoUri; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/contracts/SamlRequestWithAuthnRequestInformationDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.contracts; 2 | 3 | public class SamlRequestWithAuthnRequestInformationDto { 4 | private final String samlMessage; 5 | 6 | public SamlRequestWithAuthnRequestInformationDto(String samlMessage) { 7 | this.samlMessage = samlMessage; 8 | } 9 | 10 | public String getSamlMessage() { 11 | return samlMessage; 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/contracts/SamlResponseContainerDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.contracts; 2 | 3 | public class SamlResponseContainerDto { 4 | private String samlResponse; 5 | private String authnRequestIssuerId; 6 | 7 | private SamlResponseContainerDto() { 8 | } 9 | 10 | public SamlResponseContainerDto(String samlResponse, String authnRequestIssuerId) { 11 | this.samlResponse = samlResponse; 12 | this.authnRequestIssuerId = authnRequestIssuerId; 13 | } 14 | 15 | public String getSamlResponse() { 16 | return samlResponse; 17 | } 18 | 19 | public String getAuthnRequestIssuerId() { 20 | return authnRequestIssuerId; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/contracts/SamlResponseDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.contracts; 2 | 3 | public class SamlResponseDto { 4 | private String samlResponse; 5 | 6 | private SamlResponseDto() { 7 | } 8 | 9 | public SamlResponseDto(String samlResponse) { 10 | this.samlResponse = samlResponse; 11 | } 12 | 13 | public String getSamlResponse() { 14 | return samlResponse; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/AssertionRestrictionsFactory.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import io.dropwizard.util.Duration; 4 | import org.joda.time.DateTime; 5 | import uk.gov.ida.hub.policy.configuration.AssertionLifetimeConfiguration; 6 | 7 | import javax.inject.Inject; 8 | 9 | public class AssertionRestrictionsFactory { 10 | 11 | private final Duration assertionLifetime; 12 | 13 | @Inject 14 | public AssertionRestrictionsFactory(AssertionLifetimeConfiguration assertionTimeoutConfig) { 15 | assertionLifetime = assertionTimeoutConfig.getAssertionLifetime(); 16 | } 17 | 18 | public DateTime getAssertionExpiry() { 19 | return DateTime.now().plus(assertionLifetime.toMilliseconds()); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/AuthenticationErrorResponse.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public class AuthenticationErrorResponse { 4 | 5 | private String issuer; 6 | private String principalIpAddressAsSeenByHub; 7 | private String analyticsSessionId; 8 | private String journeyType; 9 | 10 | @SuppressWarnings("unused")//Needed by JAXB 11 | private AuthenticationErrorResponse() { 12 | } 13 | 14 | public AuthenticationErrorResponse(String issuer, String principalIpAddressAsSeenByHub, String analyticsSessionId, String journeyType) { 15 | this.issuer = issuer; 16 | this.principalIpAddressAsSeenByHub = principalIpAddressAsSeenByHub; 17 | this.analyticsSessionId = analyticsSessionId; 18 | this.journeyType = journeyType; 19 | } 20 | 21 | public String getIssuer() { 22 | return issuer; 23 | } 24 | 25 | public String getPrincipalIpAddressAsSeenByHub() { 26 | return principalIpAddressAsSeenByHub; 27 | } 28 | 29 | public String getAnalyticsSessionId() { 30 | return analyticsSessionId; 31 | } 32 | 33 | public String getJourneyType() { 34 | return journeyType; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/AuthnRequestFromHubContainerDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import java.net.URI; 4 | 5 | public class AuthnRequestFromHubContainerDto { 6 | 7 | private String samlRequest; 8 | private URI postEndpoint; 9 | private boolean registering; 10 | 11 | @SuppressWarnings("unused") //Needed for JAXB 12 | private AuthnRequestFromHubContainerDto() { 13 | } 14 | 15 | public AuthnRequestFromHubContainerDto(String samlRequest, URI postEndpoint, boolean registering) { 16 | this.samlRequest = samlRequest; 17 | this.postEndpoint = postEndpoint; 18 | this.registering = registering; 19 | } 20 | 21 | public String getSamlRequest() { 22 | return samlRequest; 23 | } 24 | 25 | public URI getPostEndpoint() { 26 | return postEndpoint; 27 | } 28 | 29 | public boolean getRegistering() { 30 | return registering; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/AuthnRequestSignInDetailsDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public class AuthnRequestSignInDetailsDto { 4 | 5 | private String requestIssuerId; 6 | 7 | @SuppressWarnings("unused")//Needed by JAXB 8 | private AuthnRequestSignInDetailsDto() { } 9 | 10 | public AuthnRequestSignInDetailsDto( 11 | String requestIssuerId) { 12 | 13 | this.requestIssuerId = requestIssuerId; 14 | } 15 | 16 | public String getRequestIssuerId() { 17 | return requestIssuerId; 18 | } 19 | 20 | } 21 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/AuthnRequestSignInProcess.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public class AuthnRequestSignInProcess { 4 | 5 | private String requestIssuerId; 6 | 7 | @SuppressWarnings("unused")//Needed by JAXB 8 | private AuthnRequestSignInProcess() { 9 | } 10 | 11 | public AuthnRequestSignInProcess(String requestIssuerId) { 12 | this.requestIssuerId = requestIssuerId; 13 | } 14 | 15 | public String getRequestIssuerId() { 16 | return requestIssuerId; 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/Cycle3UserInput.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public class Cycle3UserInput { 4 | private String cycle3Input; 5 | private String principalIpAddress; 6 | 7 | @SuppressWarnings("unused")//Needed by JAXB 8 | private Cycle3UserInput() { 9 | } 10 | 11 | public Cycle3UserInput(String cycle3Input, String principalIpAddress) { 12 | this.cycle3Input = cycle3Input; 13 | this.principalIpAddress = principalIpAddress; 14 | } 15 | 16 | public String getCycle3Input() { 17 | return cycle3Input; 18 | } 19 | 20 | public String getPrincipalIpAddress() { 21 | return principalIpAddress; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/FailureResponseDetails.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | @SuppressWarnings("unused") 4 | public class FailureResponseDetails { 5 | private String idpEntityId; 6 | 7 | private String rpEntityId; 8 | 9 | private FailureResponseDetails(){} 10 | 11 | public FailureResponseDetails(String idpEntityId, String rpEntityId) { 12 | this.idpEntityId = idpEntityId; 13 | this.rpEntityId = rpEntityId; 14 | } 15 | 16 | public String getRpEntityId() { return rpEntityId; } 17 | 18 | public String getIdpEntityId() { 19 | return idpEntityId; 20 | } 21 | 22 | } 23 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/FraudDetectedDetails.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public class FraudDetectedDetails { 4 | private String idpFraudEventId; 5 | private String fraudIndicator; 6 | 7 | @SuppressWarnings("unused") //Needed for JAXB 8 | private FraudDetectedDetails(){} 9 | 10 | public FraudDetectedDetails(String idpFraudEventId, String fraudIndicator) { 11 | this.idpFraudEventId = idpFraudEventId; 12 | this.fraudIndicator = fraudIndicator; 13 | } 14 | 15 | public String getIdpFraudEventId() { 16 | return idpFraudEventId; 17 | } 18 | 19 | public String getFraudIndicator() { 20 | return fraudIndicator; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/LevelOfAssurance.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | // do not reorder this enum - the ordinals are used for comparison 4 | public enum LevelOfAssurance implements Comparable { 5 | LEVEL_X, 6 | LEVEL_1, 7 | LEVEL_2, 8 | LEVEL_3, 9 | LEVEL_4; 10 | } -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/MatchFromMatchingService.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import java.util.Optional; 4 | 5 | public class MatchFromMatchingService extends ResponseFromMatchingService { 6 | 7 | private String matchingServiceAssertion; 8 | private Optional levelOfAssurance; 9 | 10 | @SuppressWarnings("unused")//Needed by JAXB 11 | private MatchFromMatchingService() { 12 | } 13 | 14 | public MatchFromMatchingService(String issuer, String inResponseTo, String matchingServiceAssertion, Optional levelOfAssurance) { 15 | super(issuer, inResponseTo); 16 | 17 | this.matchingServiceAssertion = matchingServiceAssertion; 18 | this.levelOfAssurance = levelOfAssurance; 19 | } 20 | 21 | public String getMatchingServiceAssertion() { 22 | return matchingServiceAssertion; 23 | } 24 | 25 | public Optional getLevelOfAssurance() { 26 | return levelOfAssurance; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/MatchingProcess.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import java.util.Optional; 4 | 5 | public class MatchingProcess { 6 | 7 | private Optional attributeName; 8 | 9 | @SuppressWarnings("unused")//Needed by JAXB 10 | private MatchingProcess() { 11 | } 12 | 13 | public MatchingProcess(Optional attributeName) { 14 | this.attributeName = attributeName; 15 | } 16 | 17 | public Optional getAttributeName() { 18 | return attributeName; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/MatchingServiceIdaStatus.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public enum MatchingServiceIdaStatus { 4 | NoMatchingServiceMatchFromMatchingService, 5 | RequesterError, 6 | MatchingServiceMatch, 7 | UserAccountCreated, 8 | UserAccountCreationFailed, 9 | Healthy 10 | } -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/NoMatchFromMatchingService.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public class NoMatchFromMatchingService extends ResponseFromMatchingService { 4 | 5 | @SuppressWarnings("unused")//Needed by JAXB 6 | private NoMatchFromMatchingService() { 7 | } 8 | 9 | public NoMatchFromMatchingService(String issuer, String inResponseTo) { 10 | super(issuer, inResponseTo); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/ResourceLocation.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import java.net.URI; 4 | 5 | public class ResourceLocation { 6 | private URI target; 7 | 8 | @SuppressWarnings("unused") // NEEDED BY JAXB 9 | protected ResourceLocation() { 10 | } 11 | 12 | public ResourceLocation(URI target) { 13 | this.target = target; 14 | } 15 | 16 | public URI getTarget() { 17 | return target; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/ResponseFromMatchingService.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public abstract class ResponseFromMatchingService { 4 | 5 | private String issuer; 6 | private String inResponseTo; 7 | 8 | @SuppressWarnings("unused")//Needed by JAXB 9 | protected ResponseFromMatchingService() { 10 | } 11 | 12 | protected ResponseFromMatchingService(String issuer, String inResponseTo) { 13 | this.issuer = issuer; 14 | this.inResponseTo = inResponseTo; 15 | } 16 | 17 | public String getIssuer() { 18 | return issuer; 19 | } 20 | 21 | public String getInResponseTo() { 22 | return inResponseTo; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/ResponseProcessingStatus.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public enum ResponseProcessingStatus { 4 | GOTO_HUB_LANDING_PAGE, 5 | WAIT, 6 | GET_C3_DATA, 7 | SEND_NO_MATCH_RESPONSE_TO_TRANSACTION, 8 | SEND_SUCCESSFUL_MATCH_RESPONSE_TO_TRANSACTION, 9 | SHOW_MATCHING_ERROR_PAGE, 10 | SEND_USER_ACCOUNT_CREATED_RESPONSE_TO_TRANSACTION, 11 | USER_ACCOUNT_CREATION_FAILED, 12 | } 13 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/SamlAuthnRequestContainerDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import java.util.Optional; 4 | 5 | public class SamlAuthnRequestContainerDto { 6 | 7 | private String samlRequest; 8 | private String relayState; 9 | private String principalIPAddressAsSeenByHub; 10 | 11 | 12 | @SuppressWarnings("unused") //Needed for JAXB 13 | private SamlAuthnRequestContainerDto() { 14 | } 15 | 16 | public SamlAuthnRequestContainerDto(String samlRequest, String relayState, String principalIPAddressAsSeenByHub) { 17 | this.samlRequest = samlRequest; 18 | this.relayState = relayState; 19 | this.principalIPAddressAsSeenByHub = principalIPAddressAsSeenByHub; 20 | } 21 | 22 | public String getSamlRequest() { 23 | return samlRequest; 24 | } 25 | 26 | public Optional getRelayState() { 27 | return Optional.ofNullable(relayState); 28 | } 29 | 30 | public String getPrincipalIPAddressAsSeenByHub() {return principalIPAddressAsSeenByHub; } 31 | } 32 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/State.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import com.fasterxml.jackson.annotation.JsonTypeInfo; 4 | import org.joda.time.DateTime; 5 | 6 | import java.net.URI; 7 | import java.util.Optional; 8 | 9 | @JsonTypeInfo(use=JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.EXTERNAL_PROPERTY, property="@class") 10 | public interface State { 11 | String getRequestId(); 12 | 13 | SessionId getSessionId(); 14 | 15 | @SuppressWarnings("unused") // marker method 16 | void doNotDirectlyImplementThisInterface(); 17 | 18 | String getRequestIssuerEntityId(); 19 | 20 | DateTime getSessionExpiryTimestamp(); 21 | 22 | URI getAssertionConsumerServiceUri(); 23 | 24 | Optional getForceAuthentication(); 25 | } 26 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/StateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public interface StateController { 4 | } 5 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/StateTransitionAction.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public interface StateTransitionAction { 4 | void transitionTo(State state); 5 | } 6 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/TransactionIdaStatus.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | public enum TransactionIdaStatus { 4 | Success, 5 | RequesterError, 6 | NoAuthenticationContext, 7 | NoMatchingServiceMatchFromHub, 8 | AuthenticationFailed 9 | } -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/UserAccountCreatedFromMatchingService.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import java.util.Optional; 4 | 5 | public class UserAccountCreatedFromMatchingService extends ResponseFromMatchingService { 6 | private String matchingServiceAssertion; 7 | private Optional levelOfAssurance; 8 | 9 | @SuppressWarnings("unused")//Needed by JAXB 10 | private UserAccountCreatedFromMatchingService() { 11 | } 12 | 13 | public UserAccountCreatedFromMatchingService(final String issuer, final String inResponseTo, final String matchingServiceAssertion, Optional levelOfAssurance) { 14 | super(issuer, inResponseTo); 15 | this.matchingServiceAssertion = matchingServiceAssertion; 16 | this.levelOfAssurance = levelOfAssurance; 17 | } 18 | 19 | public String getMatchingServiceAssertion() { 20 | return matchingServiceAssertion; 21 | } 22 | 23 | public Optional getLevelOfAssurance() { 24 | return levelOfAssurance; 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/AuthnRequestCapableController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.AuthnRequestFromHub; 4 | 5 | public interface AuthnRequestCapableController { 6 | AuthnRequestFromHub getRequestFromHub(); 7 | } 8 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/ErrorResponsePreparedStateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.ResponseFromHub; 4 | import uk.gov.ida.hub.policy.domain.StateController; 5 | 6 | public interface ErrorResponsePreparedStateController extends StateController { 7 | ResponseFromHub getErrorResponse(); 8 | } 9 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/IdpSelectingStateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.AuthnRequestSignInProcess; 4 | import uk.gov.ida.hub.policy.domain.LevelOfAssurance; 5 | 6 | public interface IdpSelectingStateController { 7 | void handleIdpSelected(final String idpEntityId, final String principalIpAddress, boolean registering, LevelOfAssurance requestedLoa, final String analyticsSessionId, final String journeyType, final String abTestVariant); 8 | 9 | String getRequestIssuerId(); 10 | 11 | AuthnRequestSignInProcess getSignInProcessDetails(); 12 | } 13 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/ResponsePreparedStateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.ResponseFromHub; 4 | import uk.gov.ida.hub.policy.domain.StateController; 5 | 6 | public interface ResponsePreparedStateController extends StateController { 7 | ResponseFromHub getPreparedResponse(); 8 | } 9 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/ResponseProcessingStateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.ResponseProcessingDetails; 4 | import uk.gov.ida.hub.policy.domain.StateController; 5 | 6 | public interface ResponseProcessingStateController extends StateController { 7 | ResponseProcessingDetails getResponseProcessingDetails(); 8 | } 9 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/RestartJourneyStateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.StateController; 4 | 5 | public interface RestartJourneyStateController extends StateController { 6 | void transitionToSessionStartedState(); 7 | } 8 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/TimeoutStateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.ResponseFromHub; 4 | import uk.gov.ida.hub.policy.domain.ResponseFromHubFactory; 5 | import uk.gov.ida.hub.policy.domain.state.TimeoutState; 6 | 7 | public class TimeoutStateController implements ErrorResponsePreparedStateController { 8 | private TimeoutState state; 9 | private ResponseFromHubFactory responseFromHubFactory; 10 | 11 | public TimeoutStateController(TimeoutState state, ResponseFromHubFactory responseFromHubFactory) { 12 | this.state = state; 13 | this.responseFromHubFactory = responseFromHubFactory; 14 | } 15 | 16 | @Override 17 | public ResponseFromHub getErrorResponse() { 18 | return responseFromHubFactory.createNoAuthnContextResponseFromHub( 19 | state.getRequestId(), 20 | state.getRelayState(), 21 | state.getRequestIssuerEntityId(), 22 | state.getAssertionConsumerServiceUri() 23 | ); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/UserAccountCreationFailedStateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.ResponseFromHubFactory; 4 | import uk.gov.ida.hub.policy.domain.state.UserAccountCreationFailedState; 5 | 6 | public class UserAccountCreationFailedStateController extends AbstractUserAccountCreationFailedStateController { 7 | 8 | public UserAccountCreationFailedStateController( 9 | final UserAccountCreationFailedState state, 10 | final ResponseFromHubFactory responseFromHubFactory) { 11 | 12 | super(state, responseFromHubFactory); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/controller/WaitingForMatchingServiceResponseStateController.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.controller; 2 | 3 | import uk.gov.ida.hub.policy.domain.MatchFromMatchingService; 4 | import uk.gov.ida.hub.policy.domain.NoMatchFromMatchingService; 5 | import uk.gov.ida.hub.policy.domain.StateController; 6 | import uk.gov.ida.hub.policy.domain.UserAccountCreatedFromMatchingService; 7 | 8 | public interface WaitingForMatchingServiceResponseStateController extends StateController { 9 | void handleMatchResponseFromMatchingService(MatchFromMatchingService responseFromMatchingService); 10 | 11 | void handleNoMatchResponseFromMatchingService(NoMatchFromMatchingService noMatchResponseFromMatchingService); 12 | 13 | void handleRequestFailure(); 14 | 15 | void handleUserAccountCreatedResponseFromMatchingService(UserAccountCreatedFromMatchingService userAccountCreatedResponseFromMatchingService); 16 | 17 | void handleUserAccountCreationFailedResponseFromMatchingService(); 18 | } 19 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/exception/SessionAlreadyExistingException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.exception; 2 | 3 | import uk.gov.ida.hub.policy.domain.SessionId; 4 | 5 | public class SessionAlreadyExistingException extends RuntimeException { 6 | 7 | private final SessionId sessionId; 8 | 9 | public SessionAlreadyExistingException(String message, SessionId sessionId) { 10 | super(message); 11 | this.sessionId = sessionId; 12 | } 13 | 14 | public SessionId getSessionId() { 15 | return sessionId; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/exception/SessionNotFoundException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.exception; 2 | 3 | import uk.gov.ida.hub.policy.domain.SessionId; 4 | 5 | import java.text.MessageFormat; 6 | 7 | public class SessionNotFoundException extends RuntimeException { 8 | 9 | public SessionNotFoundException(SessionId sessionId) { 10 | super(MessageFormat.format("Session: {0} not found.", sessionId.getSessionId())); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/state/ErrorResponsePreparedState.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.state; 2 | 3 | import uk.gov.ida.hub.policy.domain.State; 4 | 5 | import java.util.Optional; 6 | 7 | public interface ErrorResponsePreparedState extends State { 8 | Optional getRelayState(); 9 | } 10 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/state/IdpSelectingState.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.state; 2 | 3 | import uk.gov.ida.hub.policy.domain.State; 4 | 5 | import java.util.Optional; 6 | 7 | public interface IdpSelectingState extends State { 8 | Optional getForceAuthentication(); 9 | Optional getRelayState(); 10 | } 11 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/state/ResponsePreparedState.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.state; 2 | 3 | import uk.gov.ida.hub.policy.domain.State; 4 | 5 | import java.util.Optional; 6 | 7 | public interface ResponsePreparedState extends State { 8 | Optional getRelayState(); 9 | } 10 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/state/ResponseProcessingState.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.state; 2 | 3 | import uk.gov.ida.hub.policy.domain.State; 4 | 5 | public interface ResponseProcessingState extends State { 6 | } 7 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/state/RestartJourneyState.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.state; 2 | 3 | import uk.gov.ida.hub.policy.domain.State; 4 | 5 | public interface RestartJourneyState extends State { 6 | } 7 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/domain/state/WaitingForMatchingServiceResponseState.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain.state; 2 | 3 | import uk.gov.ida.hub.policy.domain.State; 4 | 5 | public interface WaitingForMatchingServiceResponseState extends State { 6 | } 7 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/exception/IdaJsonProcessingExceptionMapperBundle.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.exception; 2 | 3 | import io.dropwizard.Bundle; 4 | import io.dropwizard.setup.Bootstrap; 5 | import io.dropwizard.setup.Environment; 6 | 7 | public class IdaJsonProcessingExceptionMapperBundle implements Bundle { 8 | 9 | @Override 10 | public void initialize(Bootstrap bootstrap) { 11 | // this method intentionally left blank 12 | } 13 | 14 | @Override 15 | public void run(Environment environment) { 16 | environment.jersey().register(IdaJsonProcessingExceptionMapper.class); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/exception/IdpDisabledException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.exception; 2 | 3 | import java.text.MessageFormat; 4 | 5 | public class IdpDisabledException extends RuntimeException { 6 | 7 | private final String entityId; 8 | 9 | public IdpDisabledException(String entityId) { 10 | super(getErrorMessage(entityId)); 11 | this.entityId = entityId; 12 | } 13 | 14 | public String getEntityId() { 15 | return entityId; 16 | } 17 | 18 | public static String getErrorMessage(String entityId){ 19 | return MessageFormat.format("{0} - Identity Provider is disabled.", entityId); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/facade/EventSinkMessageSenderFacade.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alphagov/verify-hub/a245c54d9cea9e8ebe3002cb3c7b7e8f1b97dcc0/hub/policy/src/main/java/uk/gov/ida/hub/policy/facade/EventSinkMessageSenderFacade.java -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/factories/SamlAuthnResponseTranslatorDtoFactory.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.factories; 2 | 3 | import uk.gov.ida.hub.policy.contracts.SamlAuthnResponseContainerDto; 4 | import uk.gov.ida.hub.policy.contracts.SamlAuthnResponseTranslatorDto; 5 | 6 | public class SamlAuthnResponseTranslatorDtoFactory { 7 | public SamlAuthnResponseTranslatorDto fromSamlAuthnResponseContainerDto(SamlAuthnResponseContainerDto samlAuthnResponseContainerDto, String matchingServiceEntityId) { 8 | return new SamlAuthnResponseTranslatorDto( 9 | samlAuthnResponseContainerDto.getSamlResponse(), 10 | samlAuthnResponseContainerDto.getSessionId(), 11 | samlAuthnResponseContainerDto.getPrincipalIPAddressAsSeenByHub(), 12 | matchingServiceEntityId); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/filters/SessionIdPathParamLoggingFilter.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.filters; 2 | 3 | import org.jboss.logging.MDC; 4 | 5 | import javax.ws.rs.container.ContainerRequestContext; 6 | import javax.ws.rs.container.ContainerRequestFilter; 7 | import javax.ws.rs.core.Context; 8 | import javax.ws.rs.core.UriInfo; 9 | import java.util.Optional; 10 | 11 | import static uk.gov.ida.common.CommonUrls.SESSION_ID_PARAM; 12 | 13 | public class SessionIdPathParamLoggingFilter implements ContainerRequestFilter { 14 | 15 | @Context 16 | UriInfo uriInfo; 17 | 18 | @Override 19 | public void filter(ContainerRequestContext requestContext) { 20 | Optional.ofNullable(uriInfo.getPathParameters().getFirst(SESSION_ID_PARAM)) 21 | .ifPresent(sessionId -> MDC.put("SessionId", sessionId)); 22 | } 23 | 24 | } 25 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/filters/SessionIdQueryParamLoggingFilter.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.filters; 2 | 3 | import org.jboss.logging.MDC; 4 | 5 | import javax.servlet.Filter; 6 | import javax.servlet.FilterChain; 7 | import javax.servlet.FilterConfig; 8 | import javax.servlet.ServletException; 9 | import javax.servlet.ServletRequest; 10 | import javax.servlet.ServletResponse; 11 | import java.io.IOException; 12 | 13 | public class SessionIdQueryParamLoggingFilter implements Filter { 14 | 15 | @Override 16 | public void init(final FilterConfig filterConfig) { 17 | // this method intentionally left blank 18 | } 19 | 20 | @Override 21 | public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { 22 | String sessionId = servletRequest.getParameter("sessionId"); 23 | if (sessionId != null) { 24 | MDC.put("SessionId", sessionId); 25 | } 26 | filterChain.doFilter(servletRequest, servletResponse); 27 | } 28 | 29 | @Override 30 | public void destroy() { 31 | // this method intentionally left blank 32 | } 33 | } -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/redis/RedisSerializationException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.redis; 2 | 3 | class RedisSerializationException extends RuntimeException { 4 | RedisSerializationException(String message, Throwable cause) { 5 | super(message, cause); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/session/SessionStore.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.session; 2 | 3 | import uk.gov.ida.hub.policy.domain.SessionId; 4 | import uk.gov.ida.hub.policy.domain.State; 5 | 6 | public interface SessionStore { 7 | void insert(SessionId sessionId, State state); 8 | 9 | void replace(SessionId sessionId, State state); 10 | 11 | boolean hasSession(SessionId sessionId); 12 | 13 | State get(SessionId sessionId); 14 | } 15 | -------------------------------------------------------------------------------- /hub/policy/src/main/java/uk/gov/ida/hub/policy/validators/LevelOfAssuranceValidator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.validators; 2 | 3 | import uk.gov.ida.hub.policy.domain.LevelOfAssurance; 4 | 5 | import java.util.Optional; 6 | 7 | import static java.util.Collections.singletonList; 8 | import static uk.gov.ida.hub.policy.domain.exception.StateProcessingValidationException.noLevelOfAssurance; 9 | import static uk.gov.ida.hub.policy.domain.exception.StateProcessingValidationException.wrongLevelOfAssurance; 10 | 11 | public class LevelOfAssuranceValidator { 12 | 13 | public void validate(Optional responseLevelOfAssurance, LevelOfAssurance requiredLevelOfAssurance) { 14 | 15 | if (!responseLevelOfAssurance.isPresent()) { 16 | throw noLevelOfAssurance(); 17 | } 18 | 19 | if (!responseLevelOfAssurance.get().equals(requiredLevelOfAssurance)) { 20 | throw wrongLevelOfAssurance(java.util.Optional.of(responseLevelOfAssurance.get()), singletonList(requiredLevelOfAssurance)); 21 | } 22 | } 23 | 24 | } 25 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/AuthnResponseFromHubContainerDtoBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder; 2 | 3 | import uk.gov.ida.hub.policy.contracts.AuthnResponseFromHubContainerDto; 4 | 5 | import javax.ws.rs.core.UriBuilder; 6 | import java.net.URI; 7 | import java.util.Optional; 8 | import java.util.UUID; 9 | 10 | public class AuthnResponseFromHubContainerDtoBuilder { 11 | 12 | private String responseId = UUID.randomUUID().toString(); 13 | private String samlResponse = UUID.randomUUID().toString(); 14 | private URI postEndPoint = UriBuilder.fromPath(UUID.randomUUID().toString()).build(); 15 | private Optional relayState = Optional.empty(); 16 | 17 | public static AuthnResponseFromHubContainerDtoBuilder anAuthnResponseFromHubContainerDto() { 18 | return new AuthnResponseFromHubContainerDtoBuilder(); 19 | } 20 | 21 | public AuthnResponseFromHubContainerDto build() { 22 | return new AuthnResponseFromHubContainerDto(samlResponse, postEndPoint, relayState, responseId); 23 | } 24 | } 25 | 26 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/SamlResponseDtoBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder; 2 | 3 | 4 | import uk.gov.ida.hub.policy.contracts.SamlResponseDto; 5 | 6 | import java.util.UUID; 7 | 8 | public class SamlResponseDtoBuilder { 9 | 10 | private String samlMessage = UUID.randomUUID().toString(); 11 | 12 | public static SamlResponseDtoBuilder aSamlResponse() { 13 | return new SamlResponseDtoBuilder(); 14 | } 15 | 16 | public SamlResponseDto build() { 17 | return new SamlResponseDto(samlMessage); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/domain/Cycle3AttributeRequestDataBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder.domain; 2 | 3 | import uk.gov.ida.hub.policy.domain.Cycle3AttributeRequestData; 4 | 5 | public class Cycle3AttributeRequestDataBuilder { 6 | private String attributeName = "attributeName"; 7 | private String requestIssuerId = "default request issuer id"; 8 | 9 | public static Cycle3AttributeRequestDataBuilder aCycle3AttributeRequestData() { 10 | return new Cycle3AttributeRequestDataBuilder(); 11 | } 12 | 13 | public Cycle3AttributeRequestData build() { 14 | return new Cycle3AttributeRequestData( 15 | attributeName, 16 | requestIssuerId); 17 | } 18 | 19 | public Cycle3AttributeRequestDataBuilder withRequestIssuerId(String requestIssuerId) { 20 | this.requestIssuerId = requestIssuerId; 21 | return this; 22 | } 23 | 24 | public Cycle3AttributeRequestDataBuilder withAttributeName(String attributeName) { 25 | this.attributeName = attributeName; 26 | return this; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/domain/Cycle3DatasetBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder.domain; 2 | 3 | import uk.gov.ida.hub.policy.domain.Cycle3Dataset; 4 | 5 | import java.util.HashMap; 6 | import java.util.Map; 7 | 8 | public class Cycle3DatasetBuilder { 9 | 10 | private Map attributes = new HashMap<>(); 11 | 12 | public static Cycle3DatasetBuilder aCycle3Dataset() { 13 | return new Cycle3DatasetBuilder(); 14 | } 15 | 16 | public Cycle3Dataset build() { 17 | if (!attributes.isEmpty()) { 18 | attributes.put("test-name", "test-value"); 19 | } 20 | 21 | return new Cycle3Dataset(attributes); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/domain/FraudDetectedDetailsBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder.domain; 2 | 3 | import uk.gov.ida.hub.policy.domain.FraudDetectedDetails; 4 | 5 | public class FraudDetectedDetailsBuilder { 6 | 7 | private String eventId = "default-event-id"; 8 | private String fraudIndicator = "IT01"; 9 | 10 | public static FraudDetectedDetailsBuilder aFraudDetectedDetails() { 11 | return new FraudDetectedDetailsBuilder(); 12 | } 13 | 14 | public FraudDetectedDetails build() { 15 | return new FraudDetectedDetails(eventId, fraudIndicator); 16 | } 17 | 18 | public FraudDetectedDetailsBuilder withFraudIndicator(String fraudIndicator) { 19 | this.fraudIndicator = fraudIndicator; 20 | return this; 21 | } 22 | 23 | public FraudDetectedDetailsBuilder withFraudEventId(String eventId){ 24 | this.eventId = eventId; 25 | return this; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/domain/IdpConfigDtoBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder.domain; 2 | 3 | import uk.gov.ida.hub.policy.domain.IdpConfigDto; 4 | import uk.gov.ida.hub.policy.domain.LevelOfAssurance; 5 | 6 | import java.util.List; 7 | 8 | public class IdpConfigDtoBuilder { 9 | 10 | private String simpleId = "an-idp"; 11 | private Boolean enabled = true; 12 | private List supportedLevelsOfAssurance = List.of(LevelOfAssurance.LEVEL_1); 13 | 14 | public static IdpConfigDtoBuilder anIdpConfigDto() { 15 | return new IdpConfigDtoBuilder(); 16 | } 17 | 18 | public IdpConfigDtoBuilder withLevelsOfAssurance(List levelOfAssurances) { 19 | this.supportedLevelsOfAssurance = levelOfAssurances; 20 | return this; 21 | } 22 | 23 | public IdpConfigDtoBuilder withLevelsOfAssurance(LevelOfAssurance... levelsOfAssurance) { 24 | this.supportedLevelsOfAssurance = List.of(levelsOfAssurance); 25 | return this; 26 | } 27 | 28 | public IdpConfigDto build() { 29 | return new IdpConfigDto(simpleId, enabled, supportedLevelsOfAssurance); 30 | } 31 | 32 | } 33 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/domain/PersistentIdBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder.domain; 2 | 3 | import uk.gov.ida.hub.policy.domain.PersistentId; 4 | 5 | public class PersistentIdBuilder { 6 | 7 | private String nameId = "default-name-id"; 8 | 9 | public static PersistentIdBuilder aPersistentId() { 10 | return new PersistentIdBuilder(); 11 | } 12 | 13 | public PersistentId build() { 14 | return new PersistentId(nameId); 15 | } 16 | 17 | public PersistentIdBuilder withNameId(String persistentId) { 18 | this.nameId = persistentId; 19 | return this; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/domain/SessionIdBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder.domain; 2 | 3 | import uk.gov.ida.hub.policy.domain.SessionId; 4 | 5 | import java.util.UUID; 6 | 7 | public class SessionIdBuilder { 8 | private String sessionId = UUID.randomUUID().toString(); 9 | 10 | public static SessionIdBuilder aSessionId() { 11 | return new SessionIdBuilder(); 12 | } 13 | 14 | public SessionId build() { 15 | return new SessionId(sessionId); 16 | } 17 | 18 | public SessionIdBuilder with(final String sessionId) { 19 | this.sessionId = sessionId; 20 | return this; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/builder/state/TimeoutStateBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.builder.state; 2 | 3 | import org.joda.time.DateTime; 4 | import org.joda.time.DateTimeZone; 5 | import uk.gov.ida.hub.policy.domain.SessionId; 6 | import uk.gov.ida.hub.policy.domain.state.TimeoutState; 7 | 8 | import java.net.URI; 9 | 10 | public class TimeoutStateBuilder { 11 | private String requestId = "requestId"; 12 | private String requestIssuerId = "requestId"; 13 | private DateTime sessionExpiryTimestamp = DateTime.now(DateTimeZone.UTC).plusHours(1); 14 | private URI assertionConsumerServiceUri = URI.create("assertionConsumerServiceUri"); 15 | private SessionId sessionId = SessionId.createNewSessionId(); 16 | 17 | public static TimeoutStateBuilder aTimeoutState() { 18 | return new TimeoutStateBuilder(); 19 | } 20 | 21 | public TimeoutStateBuilder withSessionId(SessionId sessionId) { 22 | this.sessionId = sessionId; 23 | return this; 24 | } 25 | 26 | public TimeoutState build() { 27 | return new TimeoutState(requestId, requestIssuerId, sessionExpiryTimestamp, assertionConsumerServiceUri, sessionId); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/domain/LevelOfAssuranceTest.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import org.junit.jupiter.api.Test; 4 | 5 | import static org.assertj.core.api.Assertions.assertThat; 6 | 7 | public class LevelOfAssuranceTest { 8 | 9 | @Test 10 | public void testLevelOrdinalsHaveNotBeenChanged() { 11 | assertThat(LevelOfAssurance.LEVEL_X.ordinal()).isEqualTo(0); 12 | assertThat(LevelOfAssurance.LEVEL_1.ordinal()).isEqualTo(1); 13 | assertThat(LevelOfAssurance.LEVEL_2.ordinal()).isEqualTo(2); 14 | assertThat(LevelOfAssurance.LEVEL_3.ordinal()).isEqualTo(3); 15 | assertThat(LevelOfAssurance.LEVEL_4.ordinal()).isEqualTo(4); 16 | } 17 | 18 | } -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/domain/MatchingProcessDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.domain; 2 | 3 | import java.util.Optional; 4 | 5 | public class MatchingProcessDto { 6 | 7 | private Optional attributeName = Optional.empty(); 8 | 9 | @SuppressWarnings("unused") // needed by jaxb 10 | private MatchingProcessDto() {} 11 | 12 | public MatchingProcessDto(Optional attributeName) { 13 | this.attributeName = attributeName; 14 | } 15 | 16 | public Optional getAttributeName() { 17 | return attributeName; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/matchers/HasDetail.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.matchers; 2 | 3 | import org.assertj.core.api.Condition; 4 | import uk.gov.ida.eventemitter.EventDetailsKey; 5 | import uk.gov.ida.hub.policy.domain.EventSinkHubEvent; 6 | 7 | import java.util.Map; 8 | 9 | public class HasDetail extends Condition { 10 | 11 | private final EventDetailsKey eventDetailsKey; 12 | private String expectedDetail; 13 | 14 | public HasDetail(EventDetailsKey eventDetailsKey, String expectedDetail) { 15 | this.eventDetailsKey = eventDetailsKey; 16 | this.expectedDetail = expectedDetail; 17 | } 18 | 19 | public static HasDetail hasDetail(EventDetailsKey eventDetailsKey, String expectedDetail){ 20 | return new HasDetail(eventDetailsKey, expectedDetail); 21 | } 22 | 23 | @Override 24 | public boolean matches(EventSinkHubEvent value) { 25 | Map details = value.getDetails(); 26 | return details.containsKey(eventDetailsKey) && details.get(eventDetailsKey).equals(expectedDetail); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/matchers/HasSessionId.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.matchers; 2 | 3 | import org.assertj.core.api.Condition; 4 | import uk.gov.ida.hub.policy.domain.EventSinkHubEvent; 5 | import uk.gov.ida.hub.policy.domain.SessionId; 6 | 7 | public class HasSessionId extends Condition { 8 | private String sessionId; 9 | 10 | public HasSessionId(String sessionId) { 11 | this.sessionId = sessionId; 12 | } 13 | 14 | public static HasSessionId hasSessionId(SessionId sessionId){ 15 | return new HasSessionId(sessionId.getSessionId()); 16 | } 17 | 18 | @Override 19 | public boolean matches(EventSinkHubEvent value) { 20 | return (value.getSessionId().equals(sessionId)); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/policy/src/test/java/uk/gov/ida/hub/policy/matchers/IsEventType.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.policy.matchers; 2 | 3 | import org.assertj.core.api.Condition; 4 | import uk.gov.ida.hub.policy.domain.EventSinkHubEvent; 5 | 6 | public class IsEventType extends Condition { 7 | 8 | private String expectedEventType; 9 | 10 | public IsEventType(String expectedEventType) { 11 | this.expectedEventType = expectedEventType; 12 | } 13 | 14 | public static IsEventType isEventType(String expectedEventType){ 15 | return new IsEventType(expectedEventType); 16 | } 17 | 18 | @Override 19 | public boolean matches(EventSinkHubEvent value) { 20 | return expectedEventType.equals(value.getEventType()); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/saml-engine/build.gradle: -------------------------------------------------------------------------------- 1 | dependencies { 2 | testImplementation configurations.test_deps_compile, 3 | configurations.test_utils, 4 | configurations.redis_test, 5 | project(':hub-saml-test-utils') 6 | 7 | implementation configurations.dropwizard, 8 | configurations.saml, 9 | configurations.soap, 10 | configurations.common, 11 | configurations.ida_utils, 12 | configurations.redis, 13 | configurations.prometheus, 14 | project(':hub:shared') 15 | } 16 | 17 | apply plugin: 'application' 18 | ext.mainclass = 'uk.gov.ida.hub.samlengine.SamlEngineApplication' 19 | mainClassName = ext.mainclass 20 | 21 | apply from: "${rootDir}/inttest.gradle" 22 | 23 | tasks.check.dependsOn(intTest) 24 | -------------------------------------------------------------------------------- /hub/saml-engine/src/integration-test/java/uk/gov/ida/integrationtest/hub/samlengine/apprule/support/RedisTestRule.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.samlengine.apprule.support; 2 | 3 | import org.junit.rules.ExternalResource; 4 | import redis.embedded.Redis; 5 | import redis.embedded.RedisServer; 6 | 7 | import java.io.IOException; 8 | 9 | public class RedisTestRule extends ExternalResource { 10 | private Redis redis; 11 | 12 | public RedisTestRule(int port) { 13 | redis = RedisServer.builder().setting("bind 127.0.0.1").port(port).build(); 14 | } 15 | 16 | @Override 17 | protected void before() throws Throwable { 18 | redis.start(); 19 | super.before(); 20 | } 21 | 22 | @Override 23 | protected void after() { 24 | redis.stop(); 25 | super.after(); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/annotations/Config.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface Config {} 16 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/config/RedisConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.config; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | import io.lettuce.core.RedisURI; 5 | 6 | import javax.validation.Valid; 7 | import java.net.URI; 8 | import java.time.Duration; 9 | 10 | import static java.time.temporal.ChronoUnit.MINUTES; 11 | import static java.time.temporal.ChronoUnit.SECONDS; 12 | 13 | public class RedisConfiguration { 14 | 15 | @Valid 16 | @JsonProperty 17 | private Duration recordTTL = Duration.of(150, MINUTES); 18 | 19 | @Valid 20 | @JsonProperty 21 | private URI uri; 22 | 23 | @Valid 24 | @JsonProperty 25 | private Duration timeout = Duration.of(20L, SECONDS); 26 | 27 | public Long getRecordTTL() { 28 | return recordTTL.getSeconds(); 29 | } 30 | 31 | public RedisURI getUri() { 32 | return RedisURI.create(uri); 33 | } 34 | 35 | public Duration getTimeout() { 36 | return timeout; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/config/SamlConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.config; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | import javax.validation.Valid; 6 | import javax.validation.constraints.NotNull; 7 | import java.net.URI; 8 | 9 | //Unused fields can be removed once they are removed from the app config for all environments. 10 | public class SamlConfiguration { 11 | @Valid 12 | @NotNull 13 | @JsonProperty 14 | protected String entityId; 15 | 16 | @Valid 17 | @JsonProperty 18 | protected URI expectedDestination; 19 | 20 | public String getEntityId() { 21 | return entityId; 22 | } 23 | 24 | public URI getExpectedDestinationHost() { 25 | return expectedDestination; 26 | } 27 | 28 | } 29 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/contracts/MatchingServiceHealthCheckerRequestDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.contracts; 2 | 3 | public class MatchingServiceHealthCheckerRequestDto { 4 | 5 | private String transactionEntityId; 6 | private String matchingServiceEntityId; 7 | 8 | private MatchingServiceHealthCheckerRequestDto() {} 9 | 10 | public MatchingServiceHealthCheckerRequestDto(String transactionEntityId, String matchingServiceEntityId) { 11 | this.transactionEntityId = transactionEntityId; 12 | this.matchingServiceEntityId = matchingServiceEntityId; 13 | } 14 | 15 | public String getMatchingServiceEntityId() { 16 | return matchingServiceEntityId; 17 | } 18 | 19 | public String getTransactionEntityId() { 20 | return transactionEntityId; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/contracts/MatchingServiceHealthCheckerResponseDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.contracts; 2 | 3 | import uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus; 4 | 5 | public class MatchingServiceHealthCheckerResponseDto { 6 | private MatchingServiceIdaStatus status; 7 | private String inResponseTo; 8 | private String issuer; 9 | private String id; 10 | 11 | private MatchingServiceHealthCheckerResponseDto() {} 12 | 13 | public MatchingServiceHealthCheckerResponseDto(MatchingServiceIdaStatus status, String inResponseTo, String issuer, String id) { 14 | this.status = status; 15 | this.inResponseTo = inResponseTo; 16 | this.issuer = issuer; 17 | this.id = id; 18 | } 19 | 20 | public MatchingServiceIdaStatus getStatus() { 21 | return status; 22 | } 23 | 24 | public String getInResponseTo() { 25 | return inResponseTo; 26 | } 27 | 28 | public String getIssuer() { 29 | return issuer; 30 | } 31 | 32 | public String getId() { 33 | return id; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/contracts/SamlRequestWithAuthnRequestInformationDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.contracts; 2 | 3 | public class SamlRequestWithAuthnRequestInformationDto { 4 | private String samlMessage; 5 | 6 | @SuppressWarnings("unused") // needed for JAXB 7 | private SamlRequestWithAuthnRequestInformationDto(){} 8 | 9 | public SamlRequestWithAuthnRequestInformationDto(final String samlMessage) { 10 | this.samlMessage = samlMessage; 11 | } 12 | 13 | public String getSamlMessage() { 14 | return samlMessage; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/domain/Cycle3Dataset.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | import java.io.Serializable; 4 | import java.util.Map; 5 | 6 | public class Cycle3Dataset implements Serializable { 7 | private Map attributes; 8 | 9 | @SuppressWarnings("unused") // needed by JAXB 10 | private Cycle3Dataset() {} 11 | 12 | public Cycle3Dataset(Map attributes) { 13 | this.attributes = attributes; 14 | } 15 | 16 | public Map getAttributes() { 17 | return attributes; 18 | } 19 | 20 | } 21 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/domain/FederationEntityType.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | public enum FederationEntityType { 4 | IDP, 5 | RP, 6 | MS, 7 | HUB 8 | } 9 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/domain/LevelOfAssurance.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | // Do not change the ordering of this enum 4 | public enum LevelOfAssurance { 5 | LEVEL_X, 6 | LEVEL_1, 7 | LEVEL_2, 8 | LEVEL_3, 9 | LEVEL_4 10 | } 11 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/domain/PersistentId.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | import java.io.Serializable; 4 | 5 | public class PersistentId implements Serializable { 6 | 7 | private String nameId; 8 | 9 | @SuppressWarnings("unused") // needed for JAXB 10 | private PersistentId() {} 11 | 12 | public PersistentId(String nameId) { 13 | this.nameId = nameId; 14 | } 15 | 16 | public String getNameId() { 17 | return nameId; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/domain/ResourceLocation.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | import java.net.URI; 4 | 5 | public class ResourceLocation { 6 | private URI target; 7 | 8 | @SuppressWarnings("unused") // NEEDED BY JAXB 9 | protected ResourceLocation() { 10 | } 11 | 12 | public ResourceLocation(URI target) { 13 | this.target = target; 14 | } 15 | 16 | public URI getTarget() { 17 | return target; 18 | } 19 | } -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/domain/SamlMessageDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | public class SamlMessageDto { 4 | private String samlMessage; 5 | 6 | public SamlMessageDto(String samlMessage) { 7 | this.samlMessage = samlMessage; 8 | } 9 | 10 | protected SamlMessageDto() { 11 | 12 | } 13 | 14 | public String getSamlMessage() { 15 | return samlMessage; 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/domain/SamlRequestDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | import java.net.URI; 4 | 5 | public class SamlRequestDto { 6 | private String samlRequest; 7 | private URI ssoUri; 8 | 9 | @SuppressWarnings("unused") // needed for JAXB 10 | private SamlRequestDto() {} 11 | 12 | public SamlRequestDto(String samlRequest, URI ssoUri) { 13 | this.samlRequest = samlRequest; 14 | this.ssoUri = ssoUri; 15 | } 16 | 17 | public String getSamlRequest() { 18 | return samlRequest; 19 | } 20 | 21 | public URI getSsoUri() { 22 | return ssoUri; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/domain/SamlResponseContainerDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | public class SamlResponseContainerDto { 4 | private String samlResponse; 5 | private String authnRequestIssuerId; 6 | 7 | public SamlResponseContainerDto(String samlResponse, String authnRequestIssuerId) { 8 | this.samlResponse = samlResponse; 9 | this.authnRequestIssuerId = authnRequestIssuerId; 10 | } 11 | 12 | protected SamlResponseContainerDto() { 13 | } 14 | 15 | public String getSamlResponse() { 16 | return samlResponse; 17 | } 18 | 19 | public String getAuthnRequestIssuerId() { 20 | return authnRequestIssuerId; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/exceptions/InvalidConfigurationException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.exceptions; 2 | 3 | public class InvalidConfigurationException extends RuntimeException { 4 | 5 | public InvalidConfigurationException(String msg) { 6 | super(msg); 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/exceptions/KeyLoadingException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.exceptions; 2 | 3 | public class KeyLoadingException extends RuntimeException { 4 | public KeyLoadingException(Throwable t) { 5 | super(t); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/exceptions/SigningKeyExtractionException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.exceptions; 2 | 3 | public class SigningKeyExtractionException extends RuntimeException { 4 | 5 | public SigningKeyExtractionException() { 6 | } 7 | 8 | public SigningKeyExtractionException(String message) { 9 | super(message); 10 | } 11 | 12 | public SigningKeyExtractionException(String message, Throwable cause) { 13 | super(message, cause); 14 | } 15 | 16 | public SigningKeyExtractionException(Throwable cause) { 17 | super(cause); 18 | } 19 | 20 | public SigningKeyExtractionException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { 21 | super(message, cause, enableSuppression, writableStackTrace); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/exceptions/UnableToGenerateSamlException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.exceptions; 2 | 3 | import org.slf4j.event.Level; 4 | 5 | public class UnableToGenerateSamlException extends RuntimeException { 6 | private final Level logLevel; 7 | 8 | public UnableToGenerateSamlException(String message, Exception cause, Level logLevel) { 9 | super(message, cause); 10 | this.logLevel = logLevel; 11 | } 12 | 13 | public Level getLogLevel() { 14 | return logLevel; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/logging/MdcHelper.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.logging; 2 | 3 | import org.opensaml.saml.saml2.core.Response; 4 | import org.slf4j.MDC; 5 | 6 | public class MdcHelper { 7 | 8 | private MdcHelper() {} 9 | 10 | public static void addContextToMdc(final String id, final String issuer) { 11 | MDC.put("messageId", id); 12 | MDC.put("entityId", issuer); 13 | logPrefix("AuthnRequest", id, issuer); 14 | } 15 | 16 | public static void addContextToMdc(Response response) { 17 | MDC.put("messageId", response.getID()); 18 | MDC.put("entityId", response.getIssuer().getValue()); 19 | String messageType = "Response"; 20 | logPrefix(messageType, response.getID(), response.getIssuer().getValue()); 21 | } 22 | 23 | private static void logPrefix(String messageType, String messageId, String entityId) { 24 | MDC.put("logPrefix", "[" + messageType + " " + messageId + " from " + entityId + "] "); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/logging/Role.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.logging; 2 | 3 | /** 4 | * Role enum is used for identifying an entity's role. 5 | */ 6 | public enum Role { 7 | IDP, SP 8 | } 9 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/redis/RedisSerializationException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.redis; 2 | 3 | class RedisSerializationException extends RuntimeException { 4 | RedisSerializationException(String message, Throwable cause) { 5 | super(message, cause); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/hub/samlengine/security/RedisIdExpirationCache.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.security; 2 | 3 | import io.lettuce.core.api.sync.RedisCommands; 4 | import org.joda.time.DateTime; 5 | import uk.gov.ida.saml.hub.validators.authnrequest.IdExpirationCache; 6 | 7 | public class RedisIdExpirationCache implements IdExpirationCache { 8 | private final RedisCommands redis; 9 | private final Long recordTTL; 10 | 11 | public RedisIdExpirationCache(RedisCommands redis, 12 | Long recordTTL) { 13 | this.redis = redis; 14 | this.recordTTL = recordTTL; 15 | } 16 | 17 | @Override 18 | public boolean contains(T key) { 19 | return redis.exists(key) > 0; 20 | } 21 | 22 | @Override 23 | public DateTime getExpiration(T key) { 24 | return redis.get(key); 25 | } 26 | 27 | @Override 28 | public void setExpiration(T key, DateTime expirationTime) { 29 | redis.setex(key, recordTTL, expirationTime); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /hub/saml-engine/src/main/java/uk/gov/ida/saml/hub/validators/authnrequest/AuthnRequestIdKeyForInitilization.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.saml.hub.validators.authnrequest; 2 | 3 | public class AuthnRequestIdKeyForInitilization extends AuthnRequestIdKey { 4 | public AuthnRequestIdKeyForInitilization(String requestId) { 5 | super(requestId); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/saml-engine/src/test/java/uk/gov/ida/hub/samlengine/CheckJCEInstalledTest.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine; 2 | 3 | import org.assertj.core.description.TextDescription; 4 | import org.junit.jupiter.api.Test; 5 | 6 | import javax.crypto.Cipher; 7 | import java.security.NoSuchAlgorithmException; 8 | 9 | import static org.assertj.core.api.Assertions.assertThat; 10 | 11 | public class CheckJCEInstalledTest { 12 | 13 | @Test 14 | public void testJCEInstalled() throws NoSuchAlgorithmException { 15 | assertThat(Cipher.getMaxAllowedKeyLength("AES")) 16 | .describedAs(new TextDescription("You need to have the unlimited JCE installed")) 17 | .isGreaterThan(128); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub/saml-engine/src/test/java/uk/gov/ida/hub/samlengine/builders/PersistentIdBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.builders; 2 | 3 | import uk.gov.ida.hub.samlengine.domain.PersistentId; 4 | 5 | public class PersistentIdBuilder { 6 | 7 | private String nameId = "default-name-id"; 8 | 9 | public static PersistentIdBuilder aPersistentId() { 10 | return new PersistentIdBuilder(); 11 | } 12 | 13 | public PersistentId buildSamlEnginePersistentId() { 14 | return new PersistentId(nameId); 15 | } 16 | 17 | public uk.gov.ida.saml.core.domain.PersistentId buildSamlCorePersistentId() { 18 | return new uk.gov.ida.saml.core.domain.PersistentId(nameId); 19 | } 20 | 21 | public PersistentIdBuilder withNameId(String persistentId) { 22 | this.nameId = persistentId; 23 | return this; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /hub/saml-engine/src/test/java/uk/gov/ida/hub/samlengine/builders/SamlTransformationFailureExceptionBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.builders; 2 | 3 | import org.slf4j.event.Level; 4 | import uk.gov.ida.saml.core.validation.SamlTransformationErrorException; 5 | 6 | public class SamlTransformationFailureExceptionBuilder { 7 | 8 | private String errorMessage = "message"; 9 | private Exception cause = new RuntimeException("Boom!"); 10 | 11 | public static SamlTransformationFailureExceptionBuilder aSamlTransformationFailureException(){ 12 | return new SamlTransformationFailureExceptionBuilder(); 13 | } 14 | 15 | public SamlTransformationErrorException build(){ 16 | return new TestSamlTransformationErrorException(errorMessage, cause); 17 | } 18 | 19 | private static class TestSamlTransformationErrorException extends SamlTransformationErrorException { 20 | protected TestSamlTransformationErrorException(String errorMessage, Exception cause) { 21 | super(errorMessage, cause, Level.ERROR); 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /hub/saml-engine/src/test/java/uk/gov/ida/hub/samlengine/domain/SamlAuthnRequestContainerDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlengine.domain; 2 | 3 | import java.util.Optional; 4 | 5 | public class SamlAuthnRequestContainerDto { 6 | 7 | private String samlRequest; 8 | private Optional relayState = Optional.empty(); 9 | private String principalIPAddressAsSeenByHub; 10 | 11 | 12 | @SuppressWarnings("unused") //Needed for JAXB 13 | private SamlAuthnRequestContainerDto() { 14 | } 15 | 16 | public SamlAuthnRequestContainerDto(String samlRequest, Optional relayState, String principalIPAddressAsSeenByHub) { 17 | this.samlRequest = samlRequest; 18 | this.relayState = relayState; 19 | this.principalIPAddressAsSeenByHub = principalIPAddressAsSeenByHub; 20 | } 21 | 22 | public String getSamlRequest() { 23 | return samlRequest; 24 | } 25 | 26 | public Optional getRelayState() { 27 | return relayState; 28 | } 29 | 30 | public String getPrincipalIPAddressAsSeenByHub() {return principalIPAddressAsSeenByHub; } 31 | } 32 | -------------------------------------------------------------------------------- /hub/saml-proxy/build.gradle: -------------------------------------------------------------------------------- 1 | dependencies { 2 | testImplementation configurations.test_deps_compile, 3 | configurations.test_utils, 4 | project(':hub-saml-test-utils') 5 | 6 | implementation configurations.ida_utils, 7 | configurations.dropwizard, 8 | configurations.saml, 9 | configurations.common, 10 | configurations.verify_event_emitter, 11 | configurations.prometheus, 12 | project(':hub:shared') 13 | } 14 | 15 | apply plugin: 'application' 16 | ext.mainclass = 'uk.gov.ida.hub.samlproxy.SamlProxyApplication' 17 | mainClassName = ext.mainclass 18 | 19 | apply from: "${rootDir}/inttest.gradle" 20 | 21 | tasks.check.dependsOn(intTest) 22 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/integration-test/java/uk/gov/ida/integrationtest/hub/samlproxy/MetadataRefreshTaskIntegrationTest.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.samlproxy; 2 | 3 | import org.junit.jupiter.api.BeforeEach; 4 | import org.junit.jupiter.api.Test; 5 | import org.junit.jupiter.api.extension.RegisterExtension; 6 | import uk.gov.ida.integrationtest.hub.samlproxy.apprule.support.SamlProxyAppExtension; 7 | 8 | import javax.ws.rs.core.Response; 9 | 10 | import static org.assertj.core.api.Assertions.assertThat; 11 | 12 | public class MetadataRefreshTaskIntegrationTest { 13 | 14 | @RegisterExtension 15 | public static final SamlProxyAppExtension samlProxyApp = SamlProxyAppExtension.builder() 16 | .build(); 17 | 18 | private SamlProxyAppExtension.SamlProxyClient client; 19 | 20 | @BeforeEach 21 | public void beforeEach() { 22 | client = samlProxyApp.getClient(); 23 | } 24 | 25 | @Test 26 | public void verifyFederationMetadataRefreshTaskWorks() { 27 | final Response response = client.postTargetAdmin("/tasks/metadata-refresh", "refresh!"); 28 | assertThat(response.getStatus()).isEqualTo(Response.Status.OK.getStatusCode()); 29 | } 30 | 31 | } 32 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/integration-test/java/uk/gov/ida/integrationtest/hub/samlproxy/apprule/HealthCheckTest.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.samlproxy.apprule; 2 | 3 | import org.junit.jupiter.api.AfterAll; 4 | import org.junit.jupiter.api.Test; 5 | import org.junit.jupiter.api.extension.RegisterExtension; 6 | import uk.gov.ida.integrationtest.hub.samlproxy.apprule.support.SamlProxyAppExtension; 7 | 8 | import static org.assertj.core.api.Assertions.assertThat; 9 | import static uk.gov.ida.hub.samlproxy.SamlProxyModule.VERIFY_METADATA_HEALTH_CHECK; 10 | 11 | public class HealthCheckTest { 12 | @RegisterExtension 13 | public static final SamlProxyAppExtension samlProxyApp = SamlProxyAppExtension.builder() 14 | .build(); 15 | 16 | @AfterAll 17 | public static void tearDown() { 18 | samlProxyApp.tearDown(); 19 | } 20 | 21 | @Test 22 | public void shouldContainBothVerifyMetadataHealthChecks() { 23 | assertThat(samlProxyApp.getEnvironment().healthChecks().getNames().contains(VERIFY_METADATA_HEALTH_CHECK)).isTrue(); 24 | } 25 | } 26 | 27 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/integration-test/java/uk/gov/ida/integrationtest/hub/samlproxy/apprule/IdpHardCodedEntityToEncryptForLocator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.samlproxy.apprule; 2 | 3 | import uk.gov.ida.saml.security.EntityToEncryptForLocator; 4 | 5 | import static uk.gov.ida.saml.core.test.TestEntityIds.HUB_ENTITY_ID; 6 | 7 | public class IdpHardCodedEntityToEncryptForLocator implements EntityToEncryptForLocator { 8 | 9 | @Override 10 | public String fromRequestId(String requestId) { 11 | return HUB_ENTITY_ID; 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/annotations/Config.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface Config {} 16 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/annotations/Policy.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface Policy {} 16 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/config/SamlConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.config; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | import javax.validation.Valid; 6 | import javax.validation.constraints.NotNull; 7 | import java.net.URI; 8 | 9 | //Unused fields can be removed once they are removed from the app config for all environments. 10 | public class SamlConfiguration { 11 | @Valid 12 | @NotNull 13 | @JsonProperty 14 | protected String entityId; 15 | 16 | @Valid 17 | @JsonProperty 18 | protected URI expectedDestination; 19 | 20 | public String getEntityId() { 21 | return entityId; 22 | } 23 | 24 | public URI getExpectedDestinationHost() { 25 | return expectedDestination; 26 | } 27 | 28 | } 29 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/controllogic/SamlMessageType.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.controllogic; 2 | 3 | public enum SamlMessageType { 4 | SAML_REQUEST ("SAMLRequest"), 5 | SAML_RESPONSE ("SAMLResponse") ; 6 | 7 | SamlMessageType(String formName) { 8 | this.formName = formName; 9 | } 10 | 11 | private String formName; 12 | public String toString() { 13 | return formName; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/domain/AuthnRequestFromHubContainerDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.domain; 2 | 3 | import java.net.URI; 4 | 5 | public class AuthnRequestFromHubContainerDto { 6 | 7 | private String samlRequest; 8 | private URI postEndpoint; 9 | private boolean registering; 10 | 11 | @SuppressWarnings("unused") //Needed for JAXB 12 | private AuthnRequestFromHubContainerDto() { 13 | } 14 | 15 | public AuthnRequestFromHubContainerDto(String samlRequest, URI postEndpoint, boolean registering) { 16 | this.samlRequest = samlRequest; 17 | this.postEndpoint = postEndpoint; 18 | this.registering = registering; 19 | } 20 | 21 | public String getSamlRequest() { 22 | return samlRequest; 23 | } 24 | 25 | public URI getPostEndpoint() { 26 | return postEndpoint; 27 | } 28 | 29 | public boolean getRegistering() { 30 | return registering; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/domain/FederationEntityType.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.domain; 2 | 3 | public enum FederationEntityType { 4 | IDP, 5 | RP, 6 | MS, 7 | HUB 8 | } 9 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/domain/IdpResult.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.domain; 2 | 3 | public enum IdpResult { 4 | SUCCESS, MATCHING_JOURNEY_SUCCESS, NON_MATCHING_JOURNEY_SUCCESS, CANCEL, OTHER, FAILED_UPLIFT, PENDING 5 | } 6 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/domain/LevelOfAssurance.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.domain; 2 | 3 | // Do not change the ordering of this enum 4 | public enum LevelOfAssurance { 5 | LEVEL_X, 6 | LEVEL_1, 7 | LEVEL_2, 8 | LEVEL_3, 9 | LEVEL_4 10 | } 11 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/domain/SamlAuthnRequestContainerDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.domain; 2 | 3 | import java.util.Optional; 4 | 5 | public class SamlAuthnRequestContainerDto { 6 | 7 | private String samlRequest; 8 | private Optional relayState = Optional.empty(); 9 | private String principalIPAddressAsSeenByHub; 10 | 11 | 12 | @SuppressWarnings("unused") //Needed for JAXB 13 | private SamlAuthnRequestContainerDto() { 14 | } 15 | 16 | public SamlAuthnRequestContainerDto(String samlRequest, Optional relayState, String principalIPAddressAsSeenByHub) { 17 | this.samlRequest = samlRequest; 18 | this.relayState = relayState; 19 | this.principalIPAddressAsSeenByHub = principalIPAddressAsSeenByHub; 20 | } 21 | 22 | public String getSamlRequest() { 23 | return samlRequest; 24 | } 25 | 26 | public Optional getRelayState() { 27 | return relayState; 28 | } 29 | 30 | public String getPrincipalIPAddressAsSeenByHub() {return principalIPAddressAsSeenByHub; } 31 | } 32 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/domain/SamlDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.domain; 2 | 3 | import org.w3c.dom.Document; 4 | import uk.gov.ida.shared.utils.xml.XmlUtils; 5 | 6 | public class SamlDto { 7 | private String saml; 8 | 9 | @SuppressWarnings("unused") // used by jackson serializer 10 | public SamlDto() {} 11 | 12 | public SamlDto(String saml) { 13 | this.saml = saml; 14 | } 15 | 16 | public SamlDto(Document document) { 17 | this(XmlUtils.writeToString(document)); 18 | } 19 | 20 | public String getSaml() { 21 | return saml; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/exceptions/HubEntityNotFoundException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.exceptions; 2 | 3 | public class HubEntityNotFoundException extends RuntimeException { 4 | public HubEntityNotFoundException(String message) { 5 | super(message); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/filters/SessionIdQueryParamLoggingFilter.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.filters; 2 | 3 | import org.jboss.logging.MDC; 4 | 5 | import javax.servlet.Filter; 6 | import javax.servlet.FilterChain; 7 | import javax.servlet.FilterConfig; 8 | import javax.servlet.ServletException; 9 | import javax.servlet.ServletRequest; 10 | import javax.servlet.ServletResponse; 11 | import java.io.IOException; 12 | 13 | public class SessionIdQueryParamLoggingFilter implements Filter { 14 | 15 | @Override 16 | public void init(final FilterConfig filterConfig) { 17 | // this method intentionally left blank 18 | } 19 | 20 | @Override 21 | public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { 22 | String sessionId = servletRequest.getParameter("sessionId"); 23 | if (sessionId != null) { 24 | MDC.put("SessionId", sessionId); 25 | } 26 | filterChain.doFilter(servletRequest, servletResponse); 27 | } 28 | 29 | @Override 30 | public void destroy() { 31 | // this method intentionally left blank 32 | } 33 | } -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/health/BadStartupSateException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.health; 2 | 3 | class BadStartupSateException extends RuntimeException { 4 | public BadStartupSateException(String message, Throwable error) { 5 | super(message, error); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/repositories/Direction.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.repositories; 2 | 3 | public enum Direction { 4 | INBOUND, OUTBOUND 5 | } 6 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/repositories/SignatureStatus.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.repositories; 2 | 3 | import uk.gov.ida.saml.core.validation.SamlValidationResponse; 4 | 5 | public enum SignatureStatus { 6 | VALID_SIGNATURE, INVALID_SIGNATURE, NO_SIGNATURE; 7 | 8 | public static SignatureStatus fromValidationResponse(SamlValidationResponse samlValidationResponse) { 9 | return samlValidationResponse.isOK() ? VALID_SIGNATURE : INVALID_SIGNATURE; 10 | } 11 | 12 | public boolean valid() { 13 | return this == VALID_SIGNATURE; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/security/AuthnResponseKeyStore.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.security; 2 | 3 | import org.slf4j.Logger; 4 | import org.slf4j.LoggerFactory; 5 | import uk.gov.ida.saml.metadata.IdpMetadataPublicKeyStore; 6 | import uk.gov.ida.saml.security.SigningKeyStore; 7 | 8 | import javax.inject.Inject; 9 | import java.security.PublicKey; 10 | import java.util.List; 11 | 12 | public class AuthnResponseKeyStore implements SigningKeyStore { 13 | 14 | private static final Logger LOG = LoggerFactory.getLogger(AuthnResponseKeyStore.class); 15 | private final IdpMetadataPublicKeyStore idpMetadataPublicKeyStore; 16 | 17 | @Inject 18 | public AuthnResponseKeyStore(IdpMetadataPublicKeyStore idpMetadataPublicKeyStore) { 19 | this.idpMetadataPublicKeyStore = idpMetadataPublicKeyStore; 20 | } 21 | 22 | @Override 23 | public List getVerifyingKeysForEntity(String entityId) { 24 | LOG.info("Requesting signature verifying key for {} from federation", entityId); 25 | return idpMetadataPublicKeyStore.getVerifyingKeysForEntity(entityId); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/main/java/uk/gov/ida/hub/samlproxy/security/HubSigningKeyStore.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlproxy.security; 2 | 3 | import uk.gov.ida.saml.core.InternalPublicKeyStore; 4 | import uk.gov.ida.saml.metadata.exceptions.NoKeyConfiguredForEntityException; 5 | import uk.gov.ida.saml.security.SigningKeyStore; 6 | 7 | import java.security.PublicKey; 8 | import java.util.List; 9 | 10 | public class HubSigningKeyStore implements SigningKeyStore { 11 | 12 | private final InternalPublicKeyStore internalPublicKeyStore; 13 | 14 | public HubSigningKeyStore(InternalPublicKeyStore internalPublicKeyStore) { 15 | this.internalPublicKeyStore = internalPublicKeyStore; 16 | } 17 | 18 | @Override 19 | public List getVerifyingKeysForEntity(String entityId) { 20 | final List verifyingKeysForEntity = internalPublicKeyStore.getVerifyingKeysForEntity(); 21 | if (!verifyingKeysForEntity.isEmpty()) { 22 | return verifyingKeysForEntity; 23 | } 24 | throw new NoKeyConfiguredForEntityException(entityId); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /hub/saml-proxy/src/test/resources/status-cancel.xml: -------------------------------------------------------------------------------- 1 | 8 | http://stub-idp 9 | 10 | 11 | 12 | 13 | 14 | authn-cancel 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/build.gradle: -------------------------------------------------------------------------------- 1 | dependencies { 2 | testImplementation configurations.test_deps_compile, 3 | configurations.test_utils, 4 | configurations.dev_pki, 5 | project(':hub-saml-test-utils') 6 | 7 | implementation configurations.ida_utils, 8 | configurations.dropwizard, 9 | configurations.saml, 10 | configurations.common, 11 | configurations.soap, 12 | configurations.verify_event_emitter, 13 | configurations.prometheus, 14 | project(':hub:shared') 15 | } 16 | 17 | apply plugin: 'application' 18 | ext.mainclass = 'uk.gov.ida.hub.samlsoapproxy.SamlSoapProxyApplication' 19 | mainClassName = ext.mainclass 20 | 21 | apply from: "${rootDir}/inttest.gradle" 22 | 23 | tasks.check.dependsOn(intTest) 24 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/integration-test/java/uk/gov/ida/integrationtest/hub/samlsoapproxy/apprule/dto/AggregatedMatchingServicesHealthCheckResultDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.samlsoapproxy.apprule.dto; 2 | 3 | import java.util.List; 4 | 5 | public class AggregatedMatchingServicesHealthCheckResultDto { 6 | 7 | private List results; 8 | private boolean healthy; 9 | 10 | public AggregatedMatchingServicesHealthCheckResultDto() {} 11 | 12 | public AggregatedMatchingServicesHealthCheckResultDto(List results, boolean healthy) { 13 | this.results = results; 14 | 15 | this.healthy = healthy; 16 | } 17 | 18 | public boolean isHealthy() { 19 | return healthy; 20 | } 21 | 22 | public List getResults() { 23 | return results; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/integration-test/java/uk/gov/ida/integrationtest/hub/samlsoapproxy/apprule/dto/MatchingServiceHealthCheckResultDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.samlsoapproxy.apprule.dto; 2 | 3 | public final class MatchingServiceHealthCheckResultDto { 4 | 5 | private boolean healthy; 6 | private MatchingServiceHealthCheckDetailsDto details; 7 | 8 | public MatchingServiceHealthCheckResultDto() {} 9 | 10 | public MatchingServiceHealthCheckResultDto(boolean healthy, MatchingServiceHealthCheckDetailsDto message) { 11 | this.healthy = healthy; 12 | this.details = message; 13 | } 14 | 15 | public boolean isHealthy() { 16 | return healthy; 17 | } 18 | 19 | public MatchingServiceHealthCheckDetailsDto getDetails() { 20 | return details; 21 | } 22 | 23 | } 24 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/integration-test/java/uk/gov/ida/integrationtest/hub/samlsoapproxy/apprule/support/EventSinkStubExtension.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.integrationtest.hub.samlsoapproxy.apprule.support; 2 | 3 | import httpstub.HttpStubExtension; 4 | import uk.gov.ida.hub.samlsoapproxy.Urls; 5 | 6 | import javax.ws.rs.core.Response; 7 | 8 | public class EventSinkStubExtension extends HttpStubExtension { 9 | public void setupStubForLogging() { 10 | register(Urls.HubSupportUrls.HUB_SUPPORT_EVENT_SINK_RESOURCE, Response.Status.OK.getStatusCode()); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/ExecutorConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | import io.dropwizard.util.Duration; 5 | 6 | import javax.validation.Valid; 7 | import javax.validation.constraints.NotNull; 8 | 9 | public class ExecutorConfiguration { 10 | 11 | protected ExecutorConfiguration() { 12 | } 13 | 14 | @Valid 15 | @NotNull 16 | @JsonProperty 17 | protected Integer corePoolSize; 18 | 19 | @Valid 20 | @NotNull 21 | @JsonProperty 22 | protected Integer maxPoolSize; 23 | 24 | @Valid 25 | @NotNull 26 | @JsonProperty 27 | protected Duration keepAliveDuration; 28 | 29 | public Integer getCorePoolSize() { 30 | return corePoolSize; 31 | } 32 | 33 | public Integer getMaxPoolSize() { 34 | return maxPoolSize; 35 | } 36 | 37 | public Duration getKeepAliveDuration() { 38 | return keepAliveDuration; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/annotations/Config.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface Config {} 16 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/annotations/MatchingServiceRequestExecutorBacklog.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface MatchingServiceRequestExecutorBacklog {} 16 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/annotations/Policy.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface Policy {} 16 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/annotations/SamlEngine.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.annotations; 2 | 3 | import com.google.inject.BindingAnnotation; 4 | 5 | import java.lang.annotation.Retention; 6 | import java.lang.annotation.Target; 7 | 8 | import static java.lang.annotation.ElementType.FIELD; 9 | import static java.lang.annotation.ElementType.METHOD; 10 | import static java.lang.annotation.ElementType.PARAMETER; 11 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 12 | 13 | @BindingAnnotation 14 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 15 | public @interface SamlEngine {} 16 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/client/SOAPRequestError.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.client; 2 | 3 | import javax.ws.rs.BadRequestException; 4 | import javax.ws.rs.core.Response; 5 | import java.util.Optional; 6 | 7 | public class SOAPRequestError extends Exception { 8 | private final Optional entity; 9 | private final int status; 10 | 11 | public SOAPRequestError(Response response) { 12 | this(response, null); 13 | } 14 | 15 | public SOAPRequestError(Response response, BadRequestException e) { 16 | super(e); 17 | status = response.getStatus(); 18 | if (response.hasEntity()) { 19 | entity = Optional.of(response.readEntity(String.class)); 20 | } else { 21 | entity = Optional.empty(); 22 | } 23 | } 24 | 25 | public int getResponseStatus() { 26 | return status; 27 | } 28 | 29 | public Optional getEntity() { 30 | return entity; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/config/SamlConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.config; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | import javax.validation.Valid; 6 | import javax.validation.constraints.NotNull; 7 | import java.net.URI; 8 | 9 | //Unused fields can be removed once they are removed from the app config for all environments. 10 | public class SamlConfiguration { 11 | @Valid 12 | @NotNull 13 | @JsonProperty 14 | protected String entityId; 15 | 16 | @Valid 17 | @JsonProperty 18 | protected URI expectedDestination; 19 | 20 | public String getEntityId() { 21 | return entityId; 22 | } 23 | 24 | public URI getExpectedDestinationHost() { 25 | return expectedDestination; 26 | } 27 | 28 | } 29 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/contract/MatchingServiceHealthCheckerRequestDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.contract; 2 | 3 | public class MatchingServiceHealthCheckerRequestDto { 4 | 5 | private String transactionEntityId; 6 | private String matchingServiceEntityId; 7 | 8 | private MatchingServiceHealthCheckerRequestDto() {} 9 | 10 | public MatchingServiceHealthCheckerRequestDto(String transactionEntityId, String matchingServiceEntityId) { 11 | this.transactionEntityId = transactionEntityId; 12 | this.matchingServiceEntityId = matchingServiceEntityId; 13 | } 14 | 15 | public String getMatchingServiceEntityId() { 16 | return matchingServiceEntityId; 17 | } 18 | 19 | public String getTransactionEntityId() { 20 | return transactionEntityId; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/contract/MatchingServiceHealthCheckerResponseDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.contract; 2 | 3 | import uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatus; 4 | 5 | public class MatchingServiceHealthCheckerResponseDto { 6 | private MatchingServiceIdaStatus status; 7 | private String inResponseTo; 8 | private String issuer; 9 | private String id; 10 | 11 | private MatchingServiceHealthCheckerResponseDto() {} 12 | 13 | public MatchingServiceHealthCheckerResponseDto(MatchingServiceIdaStatus status, String inResponseTo, String issuer, String id) { 14 | this.status = status; 15 | this.inResponseTo = inResponseTo; 16 | this.issuer = issuer; 17 | this.id = id; 18 | } 19 | 20 | public MatchingServiceIdaStatus getStatus() { 21 | return status; 22 | } 23 | 24 | public String getInResponseTo() { 25 | return inResponseTo; 26 | } 27 | 28 | public String getIssuer() { 29 | return issuer; 30 | } 31 | 32 | public String getId() { 33 | return id; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/contract/SamlMessageDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.contract; 2 | 3 | public class SamlMessageDto { 4 | private String samlMessage; 5 | 6 | public SamlMessageDto(String samlMessage) { 7 | this.samlMessage = samlMessage; 8 | } 9 | 10 | protected SamlMessageDto() { 11 | 12 | } 13 | 14 | public String getSamlMessage() { 15 | return samlMessage; 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/domain/FederationEntityType.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.domain; 2 | 3 | public enum FederationEntityType { 4 | IDP, 5 | RP, 6 | MS, 7 | HUB 8 | } 9 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/domain/MatchingServiceHealthCheckResponseDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.domain; 2 | 3 | import java.util.Optional; 4 | 5 | public class MatchingServiceHealthCheckResponseDto { 6 | 7 | private Optional response; 8 | 9 | @SuppressWarnings("unused") //Needed for JAXB 10 | private MatchingServiceHealthCheckResponseDto() { 11 | } 12 | 13 | public MatchingServiceHealthCheckResponseDto(Optional response) { 14 | this.response = response; 15 | } 16 | 17 | public Optional getResponse() { 18 | return response; 19 | } 20 | 21 | } 22 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/domain/SamlResponseDto.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.domain; 2 | 3 | public class SamlResponseDto { 4 | private String samlResponse; 5 | 6 | public SamlResponseDto(String samlResponse) { 7 | this.samlResponse = samlResponse; 8 | } 9 | 10 | protected SamlResponseDto() { 11 | 12 | } 13 | 14 | public String getSamlResponse() { 15 | return samlResponse; 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/domain/TimeoutEvaluator.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.domain; 2 | 3 | import org.joda.time.DateTime; 4 | import org.joda.time.Duration; 5 | import uk.gov.ida.hub.samlsoapproxy.exceptions.AttributeQueryTimeoutException; 6 | 7 | import java.text.MessageFormat; 8 | 9 | public class TimeoutEvaluator { 10 | 11 | public void hasAttributeQueryTimedOut(AttributeQueryContainerDto queryContainerDto) { 12 | DateTime timeout = queryContainerDto.getAttributeQueryClientTimeOut(); 13 | DateTime timeOfCheck = DateTime.now(); 14 | if(timeout.isBefore(timeOfCheck)){ 15 | Duration duration = new Duration(timeout, timeOfCheck); 16 | throw new AttributeQueryTimeoutException(MessageFormat.format("Attribute Query timed out by {0} seconds.", duration.getStandardSeconds())); 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/exceptions/AttributeQueryTimeoutException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.exceptions; 2 | 3 | public class AttributeQueryTimeoutException extends RuntimeException { 4 | public AttributeQueryTimeoutException() { 5 | } 6 | 7 | public AttributeQueryTimeoutException(String message) { 8 | super(message); 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/exceptions/InvalidSamlRequestInAttributeQueryException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.exceptions; 2 | 3 | public class InvalidSamlRequestInAttributeQueryException extends RuntimeException { 4 | public InvalidSamlRequestInAttributeQueryException(String message, Exception cause) { 5 | super(message, cause); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/exceptions/MissingMetadataException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.exceptions; 2 | 3 | public class MissingMetadataException extends RuntimeException { 4 | public MissingMetadataException() { 5 | super(); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/exceptions/SupportedMsaVersionsFileAccessException.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.exceptions; 2 | 3 | public class SupportedMsaVersionsFileAccessException extends RuntimeException { 4 | public SupportedMsaVersionsFileAccessException(String message) { 5 | super(message); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/healthcheck/AggregatedMatchingServicesHealthCheckResult.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.healthcheck; 2 | 3 | import java.util.ArrayList; 4 | import java.util.Collections; 5 | import java.util.List; 6 | 7 | public class AggregatedMatchingServicesHealthCheckResult { 8 | 9 | private final List results; 10 | 11 | public AggregatedMatchingServicesHealthCheckResult() { 12 | results = new ArrayList<>(); 13 | } 14 | 15 | public void addResult(MatchingServiceHealthCheckResult result) { 16 | results.add(result); 17 | } 18 | 19 | public boolean isHealthy() { 20 | return results.stream() 21 | .filter(result -> !result.getDetails().isOnboarding()) 22 | .anyMatch(MatchingServiceHealthCheckResult::isHealthy); 23 | } 24 | 25 | public List getResults() { 26 | return Collections.unmodifiableList(results); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/healthcheck/SupportedMsaVersions.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.healthcheck; 2 | 3 | import javax.validation.Valid; 4 | import javax.validation.constraints.NotNull; 5 | import java.util.List; 6 | 7 | public class SupportedMsaVersions { 8 | 9 | @SuppressWarnings("unused") // needed to prevent guice injection 10 | protected SupportedMsaVersions() { 11 | } 12 | 13 | @Valid 14 | @NotNull 15 | protected List versions; 16 | 17 | public List getVersions() { 18 | return versions; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/healthcheck/SupportedMsaVersionsRepository.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.healthcheck; 2 | 3 | import javax.inject.Inject; 4 | import java.util.ArrayList; 5 | import java.util.List; 6 | 7 | public class SupportedMsaVersionsRepository { 8 | 9 | @Inject 10 | public SupportedMsaVersionsRepository() { 11 | } 12 | 13 | private List supportedMsaVersions = new ArrayList<>(); 14 | 15 | public void add(final List supportedMsaVersions) { 16 | this.supportedMsaVersions.addAll(supportedMsaVersions); 17 | } 18 | 19 | public List getSupportedVersions() { 20 | return supportedMsaVersions; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/rest/HealthCheckResponse.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.rest; 2 | 3 | import org.w3c.dom.Element; 4 | 5 | public class HealthCheckResponse { 6 | private final Element responseElement; 7 | 8 | public HealthCheckResponse(Element responseElement) { 9 | this.responseElement = responseElement; 10 | } 11 | 12 | public Element getResponseElement() { 13 | return responseElement; 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/java/uk/gov/ida/hub/samlsoapproxy/soap/SoapResponse.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.soap; 2 | 3 | import org.w3c.dom.Element; 4 | 5 | import javax.ws.rs.core.MultivaluedMap; 6 | 7 | public class SoapResponse { 8 | private final Element body; 9 | private final MultivaluedMap headers; 10 | 11 | public SoapResponse(Element body, MultivaluedMap headers) { 12 | this.body = body; 13 | this.headers = headers; 14 | } 15 | 16 | public Element getBody() { 17 | return body; 18 | } 19 | 20 | public MultivaluedMap getHeaders() { 21 | return headers; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/main/resources/supported-msa-versions.yml: -------------------------------------------------------------------------------- 1 | versions: 2 | - 0 3 | - "null" 4 | - 4.2.1-901 5 | - 5.0.2-5.0.2 6 | - 5.1.0-5.1.0 7 | - 5.2.3-5.2.3 8 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/test/java/uk/gov/ida/hub/samlsoapproxy/builders/HealthCheckResponseBuilder.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.builders; 2 | 3 | import org.w3c.dom.Element; 4 | import uk.gov.ida.hub.samlsoapproxy.rest.HealthCheckResponse; 5 | 6 | public class HealthCheckResponseBuilder { 7 | 8 | private Element element; 9 | 10 | public static HealthCheckResponseBuilder aHealthCheckResponse(){ 11 | return new HealthCheckResponseBuilder(); 12 | } 13 | 14 | public HealthCheckResponse build(){ 15 | return new HealthCheckResponse(element); 16 | } 17 | 18 | public HealthCheckResponseBuilder withElement(Element element) { 19 | this.element = element; 20 | return this; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/saml-soap-proxy/src/test/java/uk/gov/ida/hub/samlsoapproxy/client/TestResponseTest.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.samlsoapproxy.client; 2 | 3 | 4 | import org.junit.jupiter.api.Assertions; 5 | import org.junit.jupiter.api.BeforeEach; 6 | import org.junit.jupiter.api.Test; 7 | 8 | import static org.assertj.core.api.Assertions.assertThat; 9 | 10 | public class TestResponseTest { 11 | 12 | private TestResponse response; 13 | private String errorMessage = "something bad happened"; 14 | 15 | @BeforeEach 16 | public void setup() { 17 | response = new TestResponse(500, errorMessage); 18 | } 19 | 20 | @Test 21 | public void assertStatus() { 22 | assertThat(response.getStatus()).isEqualTo(500); 23 | } 24 | 25 | @Test 26 | public void assertHasEntityThrowsExceptionAfterStreamHasBeenClosed() { 27 | Assertions.assertThrows(IllegalStateException.class, () -> { 28 | response.close(); 29 | response.hasEntity(); 30 | }); 31 | } 32 | 33 | @Test 34 | public void assertCanReadEntity() { 35 | assertThat(response.hasEntity()).isTrue(); 36 | assertThat(response.readEntity(String.class)).isEqualTo(errorMessage); 37 | } 38 | } -------------------------------------------------------------------------------- /hub/shared/build.gradle: -------------------------------------------------------------------------------- 1 | dependencies { 2 | implementation configurations.verify_event_emitter, 3 | configurations.common, 4 | configurations.dropwizard, 5 | configurations.ida_utils 6 | } 7 | -------------------------------------------------------------------------------- /hub/shared/src/main/java/uk/gov/ida/hub/shared/eventsink/EventDetails.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.shared.eventsink; 2 | 3 | import uk.gov.ida.eventemitter.EventDetailsKey; 4 | 5 | public class EventDetails { 6 | 7 | private final EventDetailsKey key; 8 | private final String value; 9 | 10 | public EventDetails(EventDetailsKey key, String value) { 11 | this.key = key; 12 | this.value = value; 13 | } 14 | 15 | public EventDetailsKey getKey() { 16 | return key; 17 | } 18 | 19 | public String getValue() { 20 | return value; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /hub/shared/src/main/java/uk/gov/ida/hub/shared/eventsink/EventSink.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.shared.eventsink; 2 | 3 | import javax.inject.Qualifier; 4 | import java.lang.annotation.Retention; 5 | import java.lang.annotation.Target; 6 | 7 | import static java.lang.annotation.ElementType.*; 8 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 9 | 10 | @Qualifier 11 | @Target({FIELD, PARAMETER, METHOD}) @Retention(RUNTIME) 12 | public @interface EventSink {} 13 | -------------------------------------------------------------------------------- /hub/shared/src/main/java/uk/gov/ida/hub/shared/eventsink/EventSinkProxy.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.hub.shared.eventsink; 2 | 3 | import uk.gov.ida.eventemitter.Event; 4 | 5 | public interface EventSinkProxy { 6 | 7 | void logHubEvent(Event eventSinkHubEvent); 8 | } 9 | -------------------------------------------------------------------------------- /hub/stub-event-sink/README.md: -------------------------------------------------------------------------------- 1 | # stub-event-sink 2 | 3 | A basic stub service used when running the Verify Hub locally 4 | 5 | ## Microservices that stub-event-sink uses 6 | 7 | _none_ 8 | 9 | ## Microservices that use stub-event-sink 10 | 11 | most of them 12 | 13 | ## Resources 14 | 15 | * `/event-sink/hub-support-hub-events`: the same interface used by _event-sink_ to consume messages from hub 16 | * `/test/events`: read/delete events recorded by stub-event-sink 17 | 18 | ### Standard paths for all our apps 19 | * `/internal/version-info`: json formatted version info about the current build of the service 20 | * `/service-name`: name of this service 21 | * `/service-status`: used to determine health of the app by haproxy when services are load balanced. Also used to take the app out of service in haproxy to enable zero downtime releases 22 | 23 | ## History 24 | 25 | _none_ 26 | -------------------------------------------------------------------------------- /hub/stub-event-sink/build.gradle: -------------------------------------------------------------------------------- 1 | dependencies { 2 | testImplementation configurations.test_deps_compile 3 | 4 | implementation configurations.ida_utils, 5 | configurations.common, 6 | configurations.dropwizard, 7 | configurations.verify_event_emitter, 8 | project(':hub:shared') 9 | } 10 | 11 | task intTest { 12 | println 'No integration tests for stub-event-sink.' 13 | } 14 | 15 | apply plugin: 'application' 16 | ext.mainclass = 'uk.gov.ida.stub.event.sink.StubEventSinkApplication' 17 | mainClassName = ext.mainclass 18 | -------------------------------------------------------------------------------- /hub/stub-event-sink/src/main/java/uk/gov/ida/stub/event/sink/StubEventSinkConfiguration.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.stub.event.sink; 2 | 3 | import com.fasterxml.jackson.annotation.JsonIgnoreProperties; 4 | import com.fasterxml.jackson.annotation.JsonProperty; 5 | import io.dropwizard.Configuration; 6 | import uk.gov.ida.common.ServiceInfoConfiguration; 7 | import uk.gov.ida.configuration.ServiceNameConfiguration; 8 | 9 | import javax.validation.Valid; 10 | import javax.validation.constraints.NotNull; 11 | 12 | @JsonIgnoreProperties(ignoreUnknown = true) 13 | public class StubEventSinkConfiguration extends Configuration implements ServiceNameConfiguration { 14 | 15 | protected StubEventSinkConfiguration() {} 16 | 17 | @JsonProperty 18 | @NotNull 19 | @Valid 20 | protected ServiceInfoConfiguration serviceInfo; 21 | 22 | public ServiceInfoConfiguration getServiceInfo() { 23 | return serviceInfo; 24 | } 25 | 26 | @Override 27 | public String getServiceName() { 28 | return serviceInfo.getName(); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /hub/stub-event-sink/src/main/java/uk/gov/ida/stub/event/sink/StubEventSinkModule.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.stub.event.sink; 2 | 3 | import com.google.inject.AbstractModule; 4 | import uk.gov.ida.stub.event.sink.repositories.InMemoryEventSinkHubEventStore; 5 | 6 | public class StubEventSinkModule extends AbstractModule { 7 | 8 | public StubEventSinkModule() { 9 | } 10 | 11 | @Override 12 | protected void configure() { 13 | bind(InMemoryEventSinkHubEventStore.class).asEagerSingleton(); 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /hub/stub-event-sink/src/main/java/uk/gov/ida/stub/event/sink/StubEventSinkUrls.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.stub.event.sink; 2 | 3 | public interface StubEventSinkUrls { 4 | String HUB_SUPPORT_EVENT_SINK_TEST_ROOT = "/test/events"; 5 | String HUB_SUPPORT_EVENT_SINK_TEST_ID_PARAM = "id"; 6 | String HUB_SUPPORT_EVENT_SINK_TEST_ID_PATH = "/{id}"; 7 | } 8 | -------------------------------------------------------------------------------- /hub/stub-event-sink/src/main/java/uk/gov/ida/stub/event/sink/Urls.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.stub.event.sink; 2 | 3 | public interface Urls { 4 | 5 | /** NOTE: the general form for this class should be 6 | * *_ROOT - used to annotate the Resource Class (root path for the resource) 7 | * *_PATH - used to annotate the Methods within the Resource Class 8 | * *_PARAM - used to annotate the parameters for the methods 9 | * *_RESOURCE - used by the Proxy classes in order to reference the resource. Internal to the hub (may be external to the micro service) 10 | * *_ENDPOINT - used for external (to the hub) endpoints 11 | * 12 | * If the parameter you are referencing/adding doesn't fit this style, perhaps it needs a different place to live. 13 | */ 14 | interface HubSupportUrls { 15 | String EVENT_SINK_ROOT = "/event-sink"; 16 | String HUB_SUPPORT_EVENT_SINK_RESOURCE = EVENT_SINK_ROOT + "/hub-support-hub-events"; 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /hub/stub-event-sink/src/main/java/uk/gov/ida/stub/event/sink/healthcheck/StubEventSinkHealthCheck.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.stub.event.sink.healthcheck; 2 | 3 | import com.codahale.metrics.health.HealthCheck; 4 | 5 | public class StubEventSinkHealthCheck extends HealthCheck { 6 | 7 | public String getName() { 8 | return "EventSink Health Check"; 9 | } 10 | 11 | @Override 12 | protected Result check() { 13 | return Result.healthy(); 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /hub/stub-event-sink/src/main/java/uk/gov/ida/stub/event/sink/resources/EventSinkHubEventResource.java: -------------------------------------------------------------------------------- 1 | package uk.gov.ida.stub.event.sink.resources; 2 | 3 | import uk.gov.ida.hub.shared.eventsink.EventSinkHubEvent; 4 | import uk.gov.ida.stub.event.sink.Urls; 5 | import uk.gov.ida.stub.event.sink.repositories.InMemoryEventSinkHubEventStore; 6 | 7 | import javax.inject.Inject; 8 | import javax.ws.rs.Consumes; 9 | import javax.ws.rs.POST; 10 | import javax.ws.rs.Path; 11 | import javax.ws.rs.core.MediaType; 12 | import javax.ws.rs.core.Response; 13 | 14 | @Path(Urls.HubSupportUrls.HUB_SUPPORT_EVENT_SINK_RESOURCE) 15 | public class EventSinkHubEventResource { 16 | 17 | private final InMemoryEventSinkHubEventStore inMemoryEventSinkHubEventStore; 18 | 19 | @Inject 20 | public EventSinkHubEventResource(InMemoryEventSinkHubEventStore inMemoryEventSinkHubEventStore) { 21 | this.inMemoryEventSinkHubEventStore = inMemoryEventSinkHubEventStore; 22 | } 23 | 24 | @POST 25 | @Consumes(MediaType.APPLICATION_JSON) 26 | public Response postHubEvent(EventSinkHubEvent event) { 27 | inMemoryEventSinkHubEventStore.add(event); 28 | return Response.status(Response.Status.NO_CONTENT).build(); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /run.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM openjdk:11.0.9.1-jre 2 | 3 | ARG config_location 4 | ARG app_name 5 | 6 | WORKDIR /app 7 | 8 | COPY $config_location config.yml 9 | COPY hub/$app_name/build/distributions/$app_name-0.1.local.zip $app_name.zip 10 | 11 | RUN unzip $app_name.zip 12 | 13 | CMD ${APP_NAME}-0.1.local/bin/${APP_NAME} server config.yml 14 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | include "hub:stub-event-sink", 2 | "hub:config", 3 | "hub:policy", 4 | "hub:saml-engine", 5 | "hub:saml-proxy", 6 | "hub:saml-soap-proxy", 7 | "hub:shared", 8 | "hub-saml", 9 | "hub-saml-test-utils" 10 | -------------------------------------------------------------------------------- /shutdown.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | services=${@:-"config stub-event-sink policy saml-engine saml-proxy saml-soap-proxy"} 4 | 5 | for service in $services; do 6 | pkill -9 -f "${service}.*.jar" 7 | done 8 | 9 | if docker ps | grep hub-redis >/dev/null ; then 10 | docker stop hub-redis 11 | docker rm hub-redis 12 | fi 13 | 14 | pushd ../verify-metadata > /dev/null 15 | ./kill-service.sh 16 | popd > /dev/null 17 | 18 | exit 0 19 | 20 | --------------------------------------------------------------------------------