summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java108
1 files changed, 108 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java
new file mode 100644
index 00000000..ae108c35
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java
@@ -0,0 +1,108 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+
+import org.opensaml.core.config.ConfigurationService;
+import org.opensaml.messaging.context.BaseContext;
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.saml.common.SAMLObject;
+import org.opensaml.saml.common.SignableSAMLObject;
+import org.opensaml.saml.common.binding.SAMLBindingSupport;
+import org.opensaml.saml.common.binding.encoding.SAMLMessageEncoder;
+import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
+import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext;
+import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.common.messaging.context.SAMLProtocolContext;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.xmlsec.SignatureSigningParameters;
+import org.opensaml.xmlsec.SignatureValidationConfiguration;
+import org.opensaml.xmlsec.SignatureValidationParameters;
+import org.opensaml.xmlsec.context.SecurityParametersContext;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * Abstract Binding implements common code for SAML2 binding implementations.
+ *
+ * @author tlenz
+ *
+ */
+public abstract class AbstractBinding {
+
+ @Autowired protected IConfiguration basicConfig;
+
+ public abstract String getSaml2BindingName();
+
+ protected MessageContext<SAMLObject> buildBasicMessageContext(
+ SAMLMessageEncoder encoder, SignableSAMLObject response) {
+ final MessageContext<SAMLObject> messageContext = new MessageContext<SAMLObject>();
+ messageContext.setMessage(response);
+ encoder.setMessageContext(messageContext);
+ return messageContext;
+
+ }
+
+ protected BaseContext injectSigningInfos(EaafX509Credential credentials) throws SamlSigningException {
+ final SecurityParametersContext securityParamContext = new SecurityParametersContext();
+ final SignatureSigningParameters signingParams = new SignatureSigningParameters();
+ securityParamContext.setSignatureSigningParameters(signingParams);
+
+ signingParams.setSigningCredential(credentials);
+ signingParams.setSignatureCanonicalizationAlgorithm(
+ SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signingParams.setSignatureReferenceCanonicalizationAlgorithm(
+ SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signingParams.setSignatureAlgorithm(credentials.getSignatureAlgorithmForSigning());
+ signingParams.setSignatureReferenceDigestMethod(
+ Saml2Utils.getDigestAlgorithm(signingParams.getSignatureAlgorithm()));
+
+ signingParams.setKeyInfoGenerator(Saml2Utils.getKeyInfoGenerator(credentials, false));
+
+ return securityParamContext;
+
+ }
+
+ protected BaseContext injectEndpointInfos(final SignableSAMLObject response, String targetLocation) {
+ SAMLBindingSupport.setSAML2Destination(response, targetLocation);
+ final SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
+ service.setBinding(getSaml2BindingName());
+ service.setLocation(targetLocation);
+ final SAMLPeerEntityContext peerEntityContext = new SAMLPeerEntityContext();
+ final SAMLEndpointContext endpointContext = new SAMLEndpointContext();
+ endpointContext.setEndpoint(service);
+ peerEntityContext.addSubcontext(endpointContext);
+ return peerEntityContext;
+
+ }
+
+ protected void injectInboundMessageContexts(MessageContext<SAMLObject> messageContext,
+ IPvp2MetadataProvider metadataProvider) {
+ messageContext.addSubcontext(new SAMLPeerEntityContext());
+ messageContext.addSubcontext(new SAMLMessageInfoContext());
+
+
+ final SAMLProtocolContext protocolContext = new SAMLProtocolContext();
+ protocolContext.setProtocol(SAMLConstants.SAML20P_NS);
+ messageContext.addSubcontext(protocolContext);
+
+
+ final SecurityParametersContext securityParameterContext = new SecurityParametersContext();
+ final SignatureValidationParameters sigValParameters = new SignatureValidationParameters();
+ securityParameterContext.setSignatureValidationParameters(sigValParameters);
+ messageContext.addSubcontext(securityParameterContext);
+
+ sigValParameters.setBlacklistedAlgorithms(
+ ConfigurationService.get(SignatureValidationConfiguration.class)
+ .getBlacklistedAlgorithms());
+ sigValParameters.setSignatureTrustEngine(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 09:33:00 +0000