first stable version that uses OpenSAML 3.x

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-04 17:37:34 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-04 17:37:34 +0100
commit: e7610325ee2f1d1f4e97e1e7a9b212e692836b5a (patch)
tree: ed7c0dba5fed47e80e68b4ab5a63846c5724a8e7 /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml
parent: 41ea2fdf782cd64d7d29f73c2e83f9c255810818 (diff)
download: EAAF-Components-e7610325ee2f1d1f4e97e1e7a9b212e692836b5a.tar.gz
EAAF-Components-e7610325ee2f1d1f4e97e1e7a9b212e692836b5a.tar.bz2
EAAF-Components-e7610325ee2f1d1f4e97e1e7a9b212e692836b5a.zip
7 files changed, 77 insertions, 70 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
index d23affba..fdd44b9a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
@@ -2,18 +2,18 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
 
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 import javax.servlet.http.HttpServletRequest;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
+
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.messaging.decoder.MessageDecodingException;
 import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
 
 import com.google.common.base.Strings;
-
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
 import lombok.extern.slf4j.Slf4j;
 import net.shibboleth.utilities.java.support.codec.Base64Support;
 
@@ -27,14 +27,22 @@ import net.shibboleth.utilities.java.support.codec.Base64Support;
 @Slf4j
 public class EaafHttpPostDecoder extends HTTPPostDecoder {
 
+  private static final String SAML_REQ_PARAM_NAME = "SAMLRequest";
+  private static final String SAML_RESP_PARAM_NAME = "SAMLResponse";
+
+  public EaafHttpPostDecoder(HttpServletRequest req) {
+    setHttpServletRequest(req);
+  }
+
   @Override
   protected InputStream getBase64DecodedMessage(final HttpServletRequest request)
       throws MessageDecodingException {
 
     log.debug("Getting Base64 encoded message from request");
-    String encodedMessage = getLastParameterFromRequest(request, "SAMLRequest");
+    String encodedMessage = SamlHttpUtils.getLastParameterFromRequest(request, SAML_REQ_PARAM_NAME);
     if (Strings.isNullOrEmpty(encodedMessage)) {
-      encodedMessage = getLastParameterFromRequest(request, "SAMLResponse");
+      encodedMessage = SamlHttpUtils.getLastParameterFromRequest(request, SAML_RESP_PARAM_NAME);
+
     }
 
     if (Strings.isNullOrEmpty(encodedMessage)) {
@@ -43,14 +51,17 @@ public class EaafHttpPostDecoder extends HTTPPostDecoder {
       throw new MessageDecodingException("No SAML message present in request");
     }
 
-    log.trace("Base64 decoding SAML message:\n{}", encodedMessage);
+    log.trace("Base64 decoding SAML message: {}", encodedMessage);
     final byte[] decodedBytes = Base64Support.decode(encodedMessage);
-    if (decodedBytes == null) {
-      log.info("Unable to Base64 decode SAML message");
-      throw new MessageDecodingException("Unable to Base64 decode SAML message");
+
+    try {
+      log.trace("Decoded SAML message: {}", new String(decodedBytes, "UTF-8"));
+
+    } catch (final UnsupportedEncodingException e) {
+      log.warn("Logging of incomming message failed", e);
+
     }
 
-    log.trace("Decoded SAML message:\n{}", new String(decodedBytes));
     return new ByteArrayInputStream(decodedBytes);
   }
 
@@ -61,31 +72,8 @@ public class EaafHttpPostDecoder extends HTTPPostDecoder {
    */
   @Override
   protected XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException {
-      return Saml2Utils.unmarshallMessage(messageStream);
-      
-  }
-
-  /**
-   * Always read the last parameter with this name from request to get a strict
-   * deterministic behavior. <br>
-   * <br>
-   * <b><i>If more than one parameters with the same name exists, this method
-   * always select the last parameter value.</i></b>
-   *
-   * @param request   Incoming http request
-   * @param paramName Name of the http parameter
-   * @return the last parameter value with this name, or <code>null</code> if the
-   *         parameter not exists
-   */
-  @Nullable
-  private String getLastParameterFromRequest(@Nonnull HttpServletRequest request, @Nonnull String paramName) {
-    final String[] values = request.getParameterValues(paramName);
-    if (values != null && values.length > 0) {
-      return values[values.length - 1];
-
-    }
-
-    return null;
+    return Saml2Utils.unmarshallMessage(messageStream);
 
   }
+
 }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
index 16d73296..c5174f02 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
@@ -4,6 +4,9 @@ import java.io.InputStream;
 
 import javax.servlet.http.HttpServletRequest;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
+
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.messaging.context.MessageContext;
 import org.opensaml.messaging.decoder.MessageDecodingException;
@@ -13,10 +16,7 @@ import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder;
 
 import com.google.common.base.Strings;
-
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
 import lombok.extern.slf4j.Slf4j;
-import net.shibboleth.utilities.java.support.net.URISupport;
 import net.shibboleth.utilities.java.support.primitive.StringSupport;
 
 /**
@@ -29,6 +29,14 @@ import net.shibboleth.utilities.java.support.primitive.StringSupport;
 @Slf4j
 public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder {
 
+  private static final String SAML_REQ_PARAM_NAME = "SAMLRequest";
+  private static final String SAML_RESP_PARAM_NAME = "SAMLResponse";
+
+  public EaafHttpRedirectDeflateDecoder(HttpServletRequest req) {
+    setHttpServletRequest(req);
+
+  }
+
   @Override
   protected void doDecode() throws MessageDecodingException {
     final MessageContext<SAMLObject> messageContext = new MessageContext<>();
@@ -52,16 +60,19 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder {
 
     // implement parameter extraction as same as in
     // SAML2HTTPRedirectDeflateSignatureSecurityHandler.java
-    final String queryString = getHttpServletRequest().getQueryString();
-    if (!Strings.isNullOrEmpty(URISupport.getRawQueryStringParameter(queryString, "SAMLRequest"))) {
-      samlMessageIns = decodeMessage(URISupport.getRawQueryStringParameter(queryString, "SAMLRequest"));
-    } else if (!Strings.isNullOrEmpty(URISupport.getRawQueryStringParameter(queryString, "SAMLResponse"))) {
-      samlMessageIns = decodeMessage(URISupport.getRawQueryStringParameter(queryString, "SAMLResponse"));
+    final String samlReq = SamlHttpUtils.getLastParameterFromRequest(request, SAML_REQ_PARAM_NAME);
+    final String samlResp = SamlHttpUtils.getLastParameterFromRequest(request, SAML_RESP_PARAM_NAME);
+    if (!Strings.isNullOrEmpty(samlReq)) {
+      samlMessageIns = decodeMessage(samlReq);
+
+    } else if (!Strings.isNullOrEmpty(samlResp)) {
+      samlMessageIns = decodeMessage(samlResp);
+
     } else {
       throw new MessageDecodingException(
           "No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message");
     }
-    
+
     final SAMLObject samlMessage = (SAMLObject) unmarshallMessage(samlMessageIns);
     messageContext.setMessage(samlMessage);
     log.debug("Decoded SAML message");
@@ -69,9 +80,9 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder {
     populateBindingContext(messageContext);
 
     setMessageContext(messageContext);
-    
+
   }
-  
+
   /**
    * EAAF specific unmarshaller perform XML schema validation before unmarshalling
    * the SAML message.
@@ -79,8 +90,8 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder {
    */
   @Override
   protected XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException {
-      return Saml2Utils.unmarshallMessage(messageStream);
-      
+    return Saml2Utils.unmarshallMessage(messageStream);
+
   }
 
 }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
index 7c433c1c..6d81700a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
@@ -50,21 +50,24 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda
   /**
    * Get an OpenSAML2 keystore.
    *
-   * @param store    Java KeyStore
-   * @param alias    Key alias
-   * @param password key Password
-   * @param keyStoreFriendlyName Friendlyname of this keystore for logging purposes
-   * @throws CredentialsNotAvailableException In case of an initialization exception
+   * @param store                Java KeyStore
+   * @param alias                Key alias
+   * @param password             key Password
+   * @param keyStoreFriendlyName Friendlyname of this keystore for logging
+   *                             purposes
+   * @throws CredentialsNotAvailableException In case of an initialization
+   *                                          exception
    */
   public EaafKeyStoreX509CredentialAdapter(@Nonnull final KeyStore store, @Nonnull final String alias,
-      @Nullable final char[] password, @Nonnull String keyStoreFriendlyName) throws CredentialsNotAvailableException {
+      @Nullable final char[] password, @Nonnull String keyStoreFriendlyName)
+      throws CredentialsNotAvailableException {
     super(store, alias, password);
 
     if (getPrivateKey() == null && getSecretKey() == null) {
       log.error("KeyStore: {} Key with alias: {} not found or contains no PrivateKey.",
           keyStoreFriendlyName, alias);
       throw new CredentialsNotAvailableException("internal.pvp.00",
-          new Object[] { keyStoreFriendlyName, alias});
+          new Object[] { keyStoreFriendlyName, alias });
 
     }
 
@@ -74,7 +77,8 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda
           PvpConstants.DEFAULT_SIGNING_METHODE_EC));
 
     } catch (final SamlSigningException e) {
-      throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] {keyStoreFriendlyName, alias}, e);
+      throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] { keyStoreFriendlyName,
+          alias }, e);
 
     }
 
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
index 3650e617..fa77b73c 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java
@@ -19,7 +19,6 @@
 
 package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
 
-
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java
index 2e45aea2..f474267f 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java
@@ -9,22 +9,23 @@ import java.net.URL;
 import net.shibboleth.utilities.java.support.resource.Resource;
 
 /**
- * Adapter that connects a Spring {@link org.springframework.core.io.Resource} to a {@link Resource}.
- * 
+ * Adapter that connects a Spring {@link org.springframework.core.io.Resource}
+ * to a {@link Resource}.
+ *
  * @author tlenz
  *
  */
 public class OpenSaml3ResourceAdapter implements Resource {
 
-  private org.springframework.core.io.Resource internalResource;
+  private final org.springframework.core.io.Resource internalResource;
 
   public OpenSaml3ResourceAdapter(org.springframework.core.io.Resource resource) {
     this.internalResource = resource;
   }
-  
+
   @Override
   public boolean exists() {
-    return  internalResource.exists();
+    return internalResource.exists();
   }
 
   @Override
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
index bd450518..38735fb8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java
@@ -23,8 +23,8 @@ import org.opensaml.messaging.context.MessageContext;
 import org.opensaml.messaging.encoder.MessageEncodingException;
 import org.opensaml.saml.common.SAMLObject;
 import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+
+import lombok.extern.slf4j.Slf4j;
 
 /**
  * Create deflate encoded SAML2 redirect-binding informations.
@@ -32,9 +32,9 @@ import org.slf4j.LoggerFactory;
  * @author tlenz
  *
  */
-public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
-  private static final Logger log = LoggerFactory.getLogger(StringRedirectDeflateEncoder.class);
 
+@Slf4j
+public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
   private String redirectUrl = null;
 
   @Override
@@ -50,6 +50,8 @@ public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
 
     redirectUrl = buildRedirectURL(messageContext, endpointUrl, encodedMessage);
 
+    log.trace("SAML2 redirect-binding URL was generated as: {}", redirectUrl);
+
   }
 
   /**
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafOpenSaml3xInitializer.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafOpenSaml3xInitializer.java
index 42d4d736..5c6d861d 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafOpenSaml3xInitializer.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafOpenSaml3xInitializer.java
@@ -60,10 +60,12 @@ public class EaafOpenSaml3xInitializer extends InitializationService {
   /**
    * EAAF specific OpenSAML3.x initialization.
    *
-   * @throws InitializationException In case of an error
-   * @throws ComponentInitializationException
+   * @throws InitializationException          In case of an error
+   * @throws ComponentInitializationException In case of an OpenSAML3
+   *                                          initialization error
    */
-  public static synchronized void eaafInitialize() throws InitializationException, ComponentInitializationException {
+  public static synchronized void eaafInitialize() throws InitializationException,
+      ComponentInitializationException {
     log.debug("Initializing OpenSAML 3.x ... ");
     initialize();
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-04 17:37:34 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-04 17:37:34 +0100
commit	e7610325ee2f1d1f4e97e1e7a9b212e692836b5a (patch)
tree	ed7c0dba5fed47e80e68b4ab5a63846c5724a8e7 /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml
parent	41ea2fdf782cd64d7d29f73c2e83f9c255810818 (diff)
download	EAAF-Components-e7610325ee2f1d1f4e97e1e7a9b212e692836b5a.tar.gz EAAF-Components-e7610325ee2f1d1f4e97e1e7a9b212e692836b5a.tar.bz2 EAAF-Components-e7610325ee2f1d1f4e97e1e7a9b212e692836b5a.zip