diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml')
7 files changed, 77 insertions, 70 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java index d23affba..fdd44b9a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpPostDecoder.java @@ -2,18 +2,18 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; import java.io.ByteArrayInputStream; import java.io.InputStream; +import java.io.UnsupportedEncodingException; -import javax.annotation.Nonnull; -import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils; + import org.opensaml.core.xml.XMLObject; import org.opensaml.messaging.decoder.MessageDecodingException; import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder; import com.google.common.base.Strings; - -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.codec.Base64Support; @@ -27,14 +27,22 @@ import net.shibboleth.utilities.java.support.codec.Base64Support; @Slf4j public class EaafHttpPostDecoder extends HTTPPostDecoder { + private static final String SAML_REQ_PARAM_NAME = "SAMLRequest"; + private static final String SAML_RESP_PARAM_NAME = "SAMLResponse"; + + public EaafHttpPostDecoder(HttpServletRequest req) { + setHttpServletRequest(req); + } + @Override protected InputStream getBase64DecodedMessage(final HttpServletRequest request) throws MessageDecodingException { log.debug("Getting Base64 encoded message from request"); - String encodedMessage = getLastParameterFromRequest(request, "SAMLRequest"); + String encodedMessage = SamlHttpUtils.getLastParameterFromRequest(request, SAML_REQ_PARAM_NAME); if (Strings.isNullOrEmpty(encodedMessage)) { - encodedMessage = getLastParameterFromRequest(request, "SAMLResponse"); + encodedMessage = SamlHttpUtils.getLastParameterFromRequest(request, SAML_RESP_PARAM_NAME); + } if (Strings.isNullOrEmpty(encodedMessage)) { @@ -43,14 +51,17 @@ public class EaafHttpPostDecoder extends HTTPPostDecoder { throw new MessageDecodingException("No SAML message present in request"); } - log.trace("Base64 decoding SAML message:\n{}", encodedMessage); + log.trace("Base64 decoding SAML message: {}", encodedMessage); final byte[] decodedBytes = Base64Support.decode(encodedMessage); - if (decodedBytes == null) { - log.info("Unable to Base64 decode SAML message"); - throw new MessageDecodingException("Unable to Base64 decode SAML message"); + + try { + log.trace("Decoded SAML message: {}", new String(decodedBytes, "UTF-8")); + + } catch (final UnsupportedEncodingException e) { + log.warn("Logging of incomming message failed", e); + } - log.trace("Decoded SAML message:\n{}", new String(decodedBytes)); return new ByteArrayInputStream(decodedBytes); } @@ -61,31 +72,8 @@ public class EaafHttpPostDecoder extends HTTPPostDecoder { */ @Override protected XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException { - return Saml2Utils.unmarshallMessage(messageStream); - - } - - /** - * Always read the last parameter with this name from request to get a strict - * deterministic behavior. <br> - * <br> - * <b><i>If more than one parameters with the same name exists, this method - * always select the last parameter value.</i></b> - * - * @param request Incoming http request - * @param paramName Name of the http parameter - * @return the last parameter value with this name, or <code>null</code> if the - * parameter not exists - */ - @Nullable - private String getLastParameterFromRequest(@Nonnull HttpServletRequest request, @Nonnull String paramName) { - final String[] values = request.getParameterValues(paramName); - if (values != null && values.length > 0) { - return values[values.length - 1]; - - } - - return null; + return Saml2Utils.unmarshallMessage(messageStream); } + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java index 16d73296..c5174f02 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafHttpRedirectDeflateDecoder.java @@ -4,6 +4,9 @@ import java.io.InputStream; import javax.servlet.http.HttpServletRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SamlHttpUtils; + import org.opensaml.core.xml.XMLObject; import org.opensaml.messaging.context.MessageContext; import org.opensaml.messaging.decoder.MessageDecodingException; @@ -13,10 +16,7 @@ import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder; import com.google.common.base.Strings; - -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import lombok.extern.slf4j.Slf4j; -import net.shibboleth.utilities.java.support.net.URISupport; import net.shibboleth.utilities.java.support.primitive.StringSupport; /** @@ -29,6 +29,14 @@ import net.shibboleth.utilities.java.support.primitive.StringSupport; @Slf4j public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder { + private static final String SAML_REQ_PARAM_NAME = "SAMLRequest"; + private static final String SAML_RESP_PARAM_NAME = "SAMLResponse"; + + public EaafHttpRedirectDeflateDecoder(HttpServletRequest req) { + setHttpServletRequest(req); + + } + @Override protected void doDecode() throws MessageDecodingException { final MessageContext<SAMLObject> messageContext = new MessageContext<>(); @@ -52,16 +60,19 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder { // implement parameter extraction as same as in // SAML2HTTPRedirectDeflateSignatureSecurityHandler.java - final String queryString = getHttpServletRequest().getQueryString(); - if (!Strings.isNullOrEmpty(URISupport.getRawQueryStringParameter(queryString, "SAMLRequest"))) { - samlMessageIns = decodeMessage(URISupport.getRawQueryStringParameter(queryString, "SAMLRequest")); - } else if (!Strings.isNullOrEmpty(URISupport.getRawQueryStringParameter(queryString, "SAMLResponse"))) { - samlMessageIns = decodeMessage(URISupport.getRawQueryStringParameter(queryString, "SAMLResponse")); + final String samlReq = SamlHttpUtils.getLastParameterFromRequest(request, SAML_REQ_PARAM_NAME); + final String samlResp = SamlHttpUtils.getLastParameterFromRequest(request, SAML_RESP_PARAM_NAME); + if (!Strings.isNullOrEmpty(samlReq)) { + samlMessageIns = decodeMessage(samlReq); + + } else if (!Strings.isNullOrEmpty(samlResp)) { + samlMessageIns = decodeMessage(samlResp); + } else { throw new MessageDecodingException( "No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message"); } - + final SAMLObject samlMessage = (SAMLObject) unmarshallMessage(samlMessageIns); messageContext.setMessage(samlMessage); log.debug("Decoded SAML message"); @@ -69,9 +80,9 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder { populateBindingContext(messageContext); setMessageContext(messageContext); - + } - + /** * EAAF specific unmarshaller perform XML schema validation before unmarshalling * the SAML message. @@ -79,8 +90,8 @@ public class EaafHttpRedirectDeflateDecoder extends HTTPRedirectDeflateDecoder { */ @Override protected XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException { - return Saml2Utils.unmarshallMessage(messageStream); - + return Saml2Utils.unmarshallMessage(messageStream); + } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java index 7c433c1c..6d81700a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java @@ -50,21 +50,24 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda /** * Get an OpenSAML2 keystore. * - * @param store Java KeyStore - * @param alias Key alias - * @param password key Password - * @param keyStoreFriendlyName Friendlyname of this keystore for logging purposes - * @throws CredentialsNotAvailableException In case of an initialization exception + * @param store Java KeyStore + * @param alias Key alias + * @param password key Password + * @param keyStoreFriendlyName Friendlyname of this keystore for logging + * purposes + * @throws CredentialsNotAvailableException In case of an initialization + * exception */ public EaafKeyStoreX509CredentialAdapter(@Nonnull final KeyStore store, @Nonnull final String alias, - @Nullable final char[] password, @Nonnull String keyStoreFriendlyName) throws CredentialsNotAvailableException { + @Nullable final char[] password, @Nonnull String keyStoreFriendlyName) + throws CredentialsNotAvailableException { super(store, alias, password); if (getPrivateKey() == null && getSecretKey() == null) { log.error("KeyStore: {} Key with alias: {} not found or contains no PrivateKey.", keyStoreFriendlyName, alias); throw new CredentialsNotAvailableException("internal.pvp.00", - new Object[] { keyStoreFriendlyName, alias}); + new Object[] { keyStoreFriendlyName, alias }); } @@ -74,7 +77,8 @@ public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAda PvpConstants.DEFAULT_SIGNING_METHODE_EC)); } catch (final SamlSigningException e) { - throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] {keyStoreFriendlyName, alias}, e); + throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] { keyStoreFriendlyName, + alias }, e); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java index 3650e617..fa77b73c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/HttpPostEncoderWithOwnTemplate.java @@ -19,7 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; - import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java index 2e45aea2..f474267f 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/OpenSaml3ResourceAdapter.java @@ -9,22 +9,23 @@ import java.net.URL; import net.shibboleth.utilities.java.support.resource.Resource; /** - * Adapter that connects a Spring {@link org.springframework.core.io.Resource} to a {@link Resource}. - * + * Adapter that connects a Spring {@link org.springframework.core.io.Resource} + * to a {@link Resource}. + * * @author tlenz * */ public class OpenSaml3ResourceAdapter implements Resource { - private org.springframework.core.io.Resource internalResource; + private final org.springframework.core.io.Resource internalResource; public OpenSaml3ResourceAdapter(org.springframework.core.io.Resource resource) { this.internalResource = resource; } - + @Override public boolean exists() { - return internalResource.exists(); + return internalResource.exists(); } @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java index bd450518..38735fb8 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/StringRedirectDeflateEncoder.java @@ -23,8 +23,8 @@ import org.opensaml.messaging.context.MessageContext; import org.opensaml.messaging.encoder.MessageEncodingException; import org.opensaml.saml.common.SAMLObject; import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; + +import lombok.extern.slf4j.Slf4j; /** * Create deflate encoded SAML2 redirect-binding informations. @@ -32,9 +32,9 @@ import org.slf4j.LoggerFactory; * @author tlenz * */ -public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder { - private static final Logger log = LoggerFactory.getLogger(StringRedirectDeflateEncoder.class); +@Slf4j +public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder { private String redirectUrl = null; @Override @@ -50,6 +50,8 @@ public class StringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder { redirectUrl = buildRedirectURL(messageContext, endpointUrl, encodedMessage); + log.trace("SAML2 redirect-binding URL was generated as: {}", redirectUrl); + } /** diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafOpenSaml3xInitializer.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafOpenSaml3xInitializer.java index 42d4d736..5c6d861d 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafOpenSaml3xInitializer.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/initialize/EaafOpenSaml3xInitializer.java @@ -60,10 +60,12 @@ public class EaafOpenSaml3xInitializer extends InitializationService { /** * EAAF specific OpenSAML3.x initialization. * - * @throws InitializationException In case of an error - * @throws ComponentInitializationException + * @throws InitializationException In case of an error + * @throws ComponentInitializationException In case of an OpenSAML3 + * initialization error */ - public static synchronized void eaafInitialize() throws InitializationException, ComponentInitializationException { + public static synchronized void eaafInitialize() throws InitializationException, + ComponentInitializationException { log.debug("Initializing OpenSAML 3.x ... "); initialize(); |