summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-04 19:43:32 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-04 19:43:32 +0100
commit759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f (patch)
tree2132024fc058b1ef5338bf50df575a3244cc3f9f /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
parent4f15bdc45b08724d20c66c9fd74ea6a43a03c32f (diff)
downloadEAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.tar.gz
EAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.tar.bz2
EAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.zip
common EGIZ code-style refactoring
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java401
1 files changed, 201 insertions, 200 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
index ca9b3d98..4e548d57 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java
@@ -1,34 +1,38 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpAuthRequestSignedRole;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -58,182 +62,179 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PVPAuthRequestSignedRole;
-
@Service("PVPRedirectBinding")
public class RedirectBinding implements IDecoder, IEncoder {
-
- private static final Logger log = LoggerFactory.getLogger(RedirectBinding.class);
-
- public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
- throws MessageEncodingException, SecurityException {
-
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
-
- log.debug("create SAML RedirectBinding response");
-
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(request);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
- }
-
- public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState,
- Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
-
- //load default PVP security configurations
- EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
-
- log.debug("create SAML RedirectBinding response");
-
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(response);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
-
- encoder.encode(context);
-
- }
-
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
- SecurityException {
-
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
-
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- //set metadata descriptor type
- if (isSPEndPoint) {
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
-
- } else {
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(comparator);
- }
-
- messageContext.setMetadataProvider(metadataProvider);
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
- PVPAuthRequestSignedRole signedRole = new PVPAuthRequestSignedRole();
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signedRole);
- policy.getPolicyRules().add(signatureRule);
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setSecurityPolicyResolver(resolver);
-
- //set metadata descriptor type
- if (isSPEndPoint)
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- else
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- try {
- decode.decode(messageContext);
-
- //check signature
- signatureRule.evaluate(messageContext);
-
- } catch (SecurityException e) {
- if (StringUtils.isEmpty(messageContext.getInboundMessageIssuer())) {
- throw e;
-
- }
-
- if (metadataProvider instanceof IRefreshableMetadataProvider) {
- log.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
- if (!((IRefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
- throw e;
-
- else {
- log.trace("PVP2X metadata reload finished. Check validate message again.");
- decode.decode(messageContext);
-
- //check signature
- signatureRule.evaluate(messageContext);
-
- }
- log.trace("Second PVP2X message validation finished");
-
- } else {
- throw e;
-
- }
- }
-
- InboundMessage msg = null;
- if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- msg = new PVPSProfileRequest(inboundMessage, getSAML2BindingName());
-
-
- } else if (messageContext.getInboundMessage() instanceof StatusResponseType){
- StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
- msg = new PVPSProfileResponse(inboundMessage);
-
- } else
- //create empty container if request type is unknown
- msg = new InboundMessage();
-
- if (messageContext.getPeerEntityMetadata() != null)
- msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-
- else
- log.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-
- msg.setVerified(true);
- msg.setRelayState(messageContext.getRelayState());
-
- return msg;
- }
-
- public boolean handleDecode(String action, HttpServletRequest req) {
- return ((action.equals(PVPConstants.REDIRECT) || action.equals(PVPConstants.SINGLELOGOUT))
- && req.getMethod().equals("GET"));
- }
-
- public String getSAML2BindingName() {
- return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
- }
+
+ private static final Logger log = LoggerFactory.getLogger(RedirectBinding.class);
+
+ @Override
+ public void encodeRequest(final HttpServletRequest req, final HttpServletResponse resp,
+ final RequestAbstractType request, final String targetLocation, final String relayState,
+ final Credential credentials, final IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+
+ log.debug("create SAML RedirectBinding response");
+
+ final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(resp, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+ }
+
+ @Override
+ public void encodeRespone(final HttpServletRequest req, final HttpServletResponse resp,
+ final StatusResponseType response, final String targetLocation, final String relayState,
+ final Credential credentials, final IRequest pendingReq)
+ throws MessageEncodingException, SecurityException {
+
+ // load default PVP security configurations
+ EaafDefaultSaml2Bootstrap.initializeDefaultPvpConfiguration();
+
+ log.debug("create SAML RedirectBinding response");
+
+ final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(resp, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+
+ }
+
+ @Override
+ public InboundMessageInterface decode(final HttpServletRequest req,
+ final HttpServletResponse resp, final MetadataProvider metadataProvider,
+ final boolean isSpEndPoint, final URIComparator comparator)
+ throws MessageDecodingException, SecurityException {
+
+ final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool());
+
+ final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ // set metadata descriptor type
+ if (isSpEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+ }
+
+ messageContext.setMetadataProvider(metadataProvider);
+
+ final SAML2HTTPRedirectDeflateSignatureRule signatureRule =
+ new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+ final PvpAuthRequestSignedRole signedRole = new PvpAuthRequestSignedRole();
+ final BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signedRole);
+ policy.getPolicyRules().add(signatureRule);
+ final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(policy);
+ messageContext.setSecurityPolicyResolver(resolver);
+
+ // set metadata descriptor type
+ if (isSpEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ }
+
+ try {
+ decode.decode(messageContext);
+
+ // check signature
+ signatureRule.evaluate(messageContext);
+
+ } catch (final SecurityException e) {
+ if (StringUtils.isEmpty(messageContext.getInboundMessageIssuer())) {
+ throw e;
+
+ }
+
+ if (metadataProvider instanceof IRefreshableMetadataProvider) {
+ log.debug("PVP2X message validation FAILED. Reload metadata for entityID: "
+ + messageContext.getInboundMessageIssuer());
+ if (!((IRefreshableMetadataProvider) metadataProvider)
+ .refreshMetadataProvider(messageContext.getInboundMessageIssuer())) {
+ throw e;
+ } else {
+ log.trace("PVP2X metadata reload finished. Check validate message again.");
+ decode.decode(messageContext);
+
+ // check signature
+ signatureRule.evaluate(messageContext);
+
+ }
+ log.trace("Second PVP2X message validation finished");
+
+ } else {
+ throw e;
+
+ }
+ }
+
+ InboundMessage msg = null;
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ final RequestAbstractType inboundMessage =
+ (RequestAbstractType) messageContext.getInboundMessage();
+ msg = new PvpSProfileRequest(inboundMessage, getSaml2BindingName());
+
+
+ } else if (messageContext.getInboundMessage() instanceof StatusResponseType) {
+ final StatusResponseType inboundMessage =
+ (StatusResponseType) messageContext.getInboundMessage();
+ msg = new PvpSProfileResponse(inboundMessage);
+
+ } else {
+ // create empty container if request type is unknown
+ msg = new InboundMessage();
+ }
+
+ if (messageContext.getPeerEntityMetadata() != null) {
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ } else {
+ log.info(
+ "No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+ }
+
+ msg.setVerified(true);
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
+ }
+
+ @Override
+ public boolean handleDecode(final String action, final HttpServletRequest req) {
+ return ((action.equals(PvpConstants.REDIRECT) || action.equals(PvpConstants.SINGLELOGOUT))
+ && req.getMethod().equals("GET"));
+ }
+
+ @Override
+ public String getSaml2BindingName() {
+ return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 21:16:06 +0000