summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java79
1 files changed, 79 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
new file mode 100644
index 00000000..fdd44b9a
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java
@@ -0,0 +1,79 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils;
+
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
+
+import com.google.common.base.Strings;
+import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.codec.Base64Support;
+
+/**
+ * SAML2 Post-Binding decoder with same EAAF specific hardening regarding http
+ * request-parameter processing.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class EaafHttpPostDecoder extends HTTPPostDecoder {
+
+ private static final String SAML_REQ_PARAM_NAME = "SAMLRequest";
+ private static final String SAML_RESP_PARAM_NAME = "SAMLResponse";
+
+ public EaafHttpPostDecoder(HttpServletRequest req) {
+ setHttpServletRequest(req);
+ }
+
+ @Override
+ protected InputStream getBase64DecodedMessage(final HttpServletRequest request)
+ throws MessageDecodingException {
+
+ log.debug("Getting Base64 encoded message from request");
+ String encodedMessage = SamlHttpUtils.getLastParameterFromRequest(request, SAML_REQ_PARAM_NAME);
+ if (Strings.isNullOrEmpty(encodedMessage)) {
+ encodedMessage = SamlHttpUtils.getLastParameterFromRequest(request, SAML_RESP_PARAM_NAME);
+
+ }
+
+ if (Strings.isNullOrEmpty(encodedMessage)) {
+ log.info("Request did not contain either a SAMLRequest or "
+ + "SAMLResponse paramter. Invalid request for SAML 2 HTTP POST binding.");
+ throw new MessageDecodingException("No SAML message present in request");
+ }
+
+ log.trace("Base64 decoding SAML message: {}", encodedMessage);
+ final byte[] decodedBytes = Base64Support.decode(encodedMessage);
+
+ try {
+ log.trace("Decoded SAML message: {}", new String(decodedBytes, "UTF-8"));
+
+ } catch (final UnsupportedEncodingException e) {
+ log.warn("Logging of incomming message failed", e);
+
+ }
+
+ return new ByteArrayInputStream(decodedBytes);
+ }
+
+ /**
+ * EAAF specific unmarshaller perform XML schema validation before unmarshalling
+ * the SAML message.
+ *
+ */
+ @Override
+ protected XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException {
+ return Saml2Utils.unmarshallMessage(messageStream);
+
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-14 01:46:11 +0000