summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java148
1 files changed, 148 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
new file mode 100644
index 00000000..2c2e0d77
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
@@ -0,0 +1,148 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.decoding.URIComparator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.SignableXMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
+
+@Service("PVPSOAPBinding")
+public class SoapBinding implements IDecoder, IEncoder {
+
+ private static final Logger log = LoggerFactory.getLogger(SoapBinding.class);
+ public InboundMessageInterface decode(HttpServletRequest req,
+ HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
+ SecurityException, PVP2Exception {
+ HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ req));
+ messageContext.setMetadataProvider(metadataProvider);
+
+ //TODO: update in a futher version:
+ // requires a special SignedSOAPRequestPolicyRole because
+ // messageContext.getInboundMessage() is not directly signed
+
+ //set security context
+// BasicSecurityPolicy policy = new BasicSecurityPolicy();
+// policy.getPolicyRules().add(
+// new MOAPVPSignedRequestPolicyRule(
+// TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+// SPSSODescriptor.DEFAULT_ELEMENT_NAME));
+// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+// policy);
+// messageContext.setSecurityPolicyResolver(resolver);
+
+ //decode message
+ soapDecoder.decode(messageContext);
+
+ Envelope inboundMessage = (Envelope) messageContext
+ .getInboundMessage();
+
+ if (inboundMessage.getBody() != null) {
+ List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
+
+ if (!xmlElemList.isEmpty()) {
+ SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
+ PVPSProfileRequest request = new PVPSProfileRequest(attrReq, getSAML2BindingName());
+
+ if (messageContext.getPeerEntityMetadata() != null)
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else if (attrReq instanceof RequestAbstractType) {
+ RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
+ try {
+ if (StringUtils.isNotEmpty(attributeRequest.getIssuer().getValue()) &&
+ metadataProvider.getRole(
+ attributeRequest.getIssuer().getValue(),
+ SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
+ request.setEntityID(attributeRequest.getIssuer().getValue());
+
+ } catch (Exception e) {
+ log.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
+ }
+ }
+
+ request.setVerified(false);
+ return request;
+
+ }
+ }
+
+ log.error("Receive empty PVP 2.1 attributequery request.");
+ throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
+ }
+
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (req.getMethod().equals("POST") &&
+ (action.equals(PVPConstants.SOAP) || action.equals(PVPConstants.ATTRIBUTEQUERY)));
+ }
+
+ public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException, PVP2Exception {
+
+ }
+
+ public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+ throws MessageEncodingException, SecurityException, PVP2Exception {
+
+ //load default PVP security configurations
+ EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
+
+ HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+
+ }
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_SOAP11_BINDING_URI;
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 23:18:58 +0000