summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java71
1 files changed, 71 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
new file mode 100644
index 00000000..e9140f26
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java
@@ -0,0 +1,71 @@
+package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
+
+import java.io.InputStream;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.messaging.context.MessageContext;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.saml.common.SAMLObject;
+import org.opensaml.saml.common.binding.SAMLBindingSupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder;
+
+import com.google.common.base.Strings;
+import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.net.URISupport;
+import net.shibboleth.utilities.java.support.primitive.StringSupport;
+
+/**
+ * SAML2 Redirect-Binding deflate decoder with same EAAF specific hardening
+ * regarding http request-parameter processing.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder {
+
+ @Override
+ protected void doDecode() throws MessageDecodingException {
+ final MessageContext<SAMLObject> messageContext = new MessageContext<>();
+ final HttpServletRequest request = getHttpServletRequest();
+
+ if (!"GET".equalsIgnoreCase(request.getMethod())) {
+ throw new MessageDecodingException("This message decoder only supports the HTTP GET method");
+ }
+
+ final String samlEncoding = StringSupport.trimOrNull(request.getParameter("SAMLEncoding"));
+ if (samlEncoding != null && !SAMLConstants.SAML2_BINDING_URL_ENCODING_DEFLATE_URI.equals(samlEncoding)) {
+ throw new MessageDecodingException("Request indicated an unsupported SAMLEncoding: " + samlEncoding);
+
+ }
+
+ final String relayState = request.getParameter("RelayState");
+ log.debug("Decoded RelayState: {}", relayState);
+ SAMLBindingSupport.setRelayState(messageContext, relayState);
+
+ final InputStream samlMessageIns;
+
+ // implement parameter extraction as same as in
+ // SAML2HTTPRedirectDeflateSignatureSecurityHandler.java
+ final String queryString = getHttpServletRequest().getQueryString();
+ if (!Strings.isNullOrEmpty(URISupport.getRawQueryStringParameter(queryString, "SAMLRequest"))) {
+ samlMessageIns = decodeMessage(URISupport.getRawQueryStringParameter(queryString, "SAMLRequest"));
+ } else if (!Strings.isNullOrEmpty(URISupport.getRawQueryStringParameter(queryString, "SAMLResponse"))) {
+ samlMessageIns = decodeMessage(URISupport.getRawQueryStringParameter(queryString, "SAMLResponse"));
+ } else {
+ throw new MessageDecodingException(
+ "No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message");
+ }
+
+ final SAMLObject samlMessage = (SAMLObject) unmarshallMessage(samlMessageIns);
+ messageContext.setMessage(samlMessage);
+ log.debug("Decoded SAML message");
+
+ populateBindingContext(messageContext);
+
+ setMessageContext(messageContext);
+ }
+
+}