diff options
author | Thomas <thomas.lenz@egiz.gv.at> | 2020-02-02 19:32:21 +0100 |
---|---|---|
committer | Thomas <thomas.lenz@egiz.gv.at> | 2020-02-02 19:32:21 +0100 |
commit | 41ea2fdf782cd64d7d29f73c2e83f9c255810818 (patch) | |
tree | 9710ca3937ae82391c6a2a0e5176923e0a49a5af /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils | |
parent | d41afe91ee59daf6b5f5037cecac52900fe2ccb2 (diff) | |
download | EAAF-Components-41ea2fdf782cd64d7d29f73c2e83f9c255810818.tar.gz EAAF-Components-41ea2fdf782cd64d7d29f73c2e83f9c255810818.tar.bz2 EAAF-Components-41ea2fdf782cd64d7d29f73c2e83f9c255810818.zip |
some more OpenSAML3 refactoring stuff
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java | 71 |
1 files changed, 65 insertions, 6 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java index 8b1b041b..763c07f6 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java @@ -20,6 +20,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; import java.io.IOException; +import java.io.InputStream; import java.security.PrivateKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; @@ -36,12 +37,6 @@ import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; - import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.opensaml.core.xml.XMLObject; @@ -49,8 +44,12 @@ import org.opensaml.core.xml.XMLObjectBuilderFactory; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.Marshaller; import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.Unmarshaller; +import org.opensaml.core.xml.io.UnmarshallingException; import org.opensaml.core.xml.schema.XSString; import org.opensaml.core.xml.schema.impl.XSStringBuilder; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.messaging.decoder.MessageDecodingException; import org.opensaml.saml.common.SAMLObjectContentReference; import org.opensaml.saml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml.common.xml.SAMLSchemaBuilder.SAML1Version; @@ -80,6 +79,18 @@ import org.opensaml.xmlsec.signature.support.Signer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import net.shibboleth.utilities.java.support.xml.QNameSupport; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; public class Saml2Utils { private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class); @@ -153,6 +164,54 @@ public class Saml2Utils { } /** + * SAML2 message unmarshaller that performs schema validation before unmarshall the message. + * + * @param messageStream SAML2 message that shoulld be unmarshalled + * @return OpenSAML XML object + * @throws MessageDecodingException In case of a schema-validation or unmarshalling error + */ + public static XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException { + try { + final Element samlElement = DomUtils.parseXmlValidating(messageStream); + + if (log.isTraceEnabled()) { + log.trace("Resultant DOM message was:"); + log.trace(SerializeSupport.nodeToString(samlElement)); + } + + log.debug("Unmarshalling DOM parsed from InputStream"); + final Unmarshaller unmarshaller = XMLObjectSupport.getUnmarshaller(samlElement); + if (unmarshaller == null) { + log.error("Unable to unmarshall InputStream, no unmarshaller registered for element " + + QNameSupport.getNodeQName(samlElement)); + throw new UnmarshallingException( + "Unable to unmarshall InputStream, no unmarshaller registered for element " + + QNameSupport.getNodeQName(samlElement)); + } + + final XMLObject message = unmarshaller.unmarshall(samlElement); + + log.debug("InputStream succesfully unmarshalled"); + + return message; + + } catch (final UnmarshallingException e) { + log.error("Error unmarshalling message from input stream", e); + throw new MessageDecodingException("Error unmarshalling message from input stream", e); + + } catch (ParserConfigurationException | SAXException e) { + log.warn("Message schema-validation failed."); + throw new MessageDecodingException("Message schema-validation failed.", + new SchemaValidationException("internal.pvp.03", new Object[] { e.getMessage() }, e)); + + } catch (final IOException e) { + log.error("Error read message from input stream", e); + throw new MessageDecodingException("Error read message from input stream", e); + + } + } + + /** * Select signature algorithm for a given credential. * * @param credentials {@link X509Credential} that will be used for signing |