summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java77
1 files changed, 35 insertions, 42 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
index f86fd883..1ef7da29 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
@@ -46,6 +46,7 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidPvpRequestException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NameIdFormatNotSupportedException;
import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionConsumerServiceException;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
@@ -72,7 +73,6 @@ import org.opensaml.saml.saml2.core.StatusMessage;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -81,6 +81,9 @@ import org.springframework.beans.factory.annotation.Autowired;
public abstract class AbstractPvp2XProtocol extends AbstractController implements IModulInfo {
private static final Logger log = LoggerFactory.getLogger(AbstractPvp2XProtocol.class);
+ private static final String HTTP_PARAM_SAMLREQ = "SAMLRequest";
+ private static final String ERROR_INVALID_REQUEST = "Receive INVALID protocol request: {}";
+
@Autowired(required = true)
protected IPvp2BasicConfiguration pvpBasicConfiguration;
@Autowired(required = true)
@@ -92,8 +95,6 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
private AbstractCredentialProvider pvpIdpCredentials;
-
-
/**
* Sets a specific credential provider for PVP S-Profile IDP component.
*
@@ -151,7 +152,6 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
moaError = statusMessager.getResponseErrorCode(e);
}
-
if (StringUtils.isNotEmpty(moaError)) {
final StatusCode moaStatusCode = Saml2Utils.createSamlObject(StatusCode.class);
moaStatusCode.setValue(moaError);
@@ -245,16 +245,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
// get POST-Binding decoder implementation
final InboundMessage msg = (InboundMessage) new PostBinding().decode(req, resp,
- metadataProvider, false,
+ metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME,
new EaafUriCompare(pvpBasicConfiguration.getIdpSsoPostService(pendingReq.getAuthUrl())));
pendingReq.setRequest(msg);
// preProcess Message
preProcess(req, resp, pendingReq);
- } catch (final SecurityPolicyException e) {
- final String samlRequest = req.getParameter("SAMLRequest");
- log.warn("Receive INVALID protocol request: " + samlRequest, e);
+ } catch (final SamlSigningException e) {
+ final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
+ log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);
// write revision log entries
if (pendingReq != null) {
@@ -264,9 +264,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
- } catch (final SecurityException e) {
- final String samlRequest = req.getParameter("SAMLRequest");
- log.warn("Receive INVALID protocol request: " + samlRequest, e);
+ } catch (final Pvp2Exception e) {
+ final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
+ log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);
// write revision log entries
if (pendingReq != null) {
@@ -274,7 +274,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
pendingReq.getUniqueTransactionIdentifier());
}
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() });
} catch (final EaafException e) {
@@ -287,8 +287,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
throw e;
} catch (final Throwable e) {
- final String samlRequest = req.getParameter("SAMLRequest");
- log.warn("Receive INVALID protocol request: " + samlRequest, e);
+ final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
+ log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);
// write revision log entries
if (pendingReq != null) {
@@ -296,7 +296,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
pendingReq.getUniqueTransactionIdentifier());
}
- throw new EaafException("pvp2.24", new Object[] {e.getMessage()}, e);
+ throw new EaafException("pvp2.24", new Object[] { e.getMessage() }, e);
}
}
@@ -319,16 +319,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
// get POST-Binding decoder implementation
final InboundMessage msg = (InboundMessage) new RedirectBinding().decode(req, resp,
- metadataProvider, false, new EaafUriCompare(
+ metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, new EaafUriCompare(
pvpBasicConfiguration.getIdpSsoRedirectService(pendingReq.getAuthUrl())));
pendingReq.setRequest(msg);
// preProcess Message
preProcess(req, resp, pendingReq);
- } catch (final SecurityPolicyException e) {
- final String samlRequest = req.getParameter("SAMLRequest");
- log.warn("Receive INVALID protocol request: " + samlRequest, e);
+ } catch (final SamlSigningException e) {
+ final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
+ log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);
// write revision log entries
if (pendingReq != null) {
@@ -338,9 +338,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
- } catch (final SecurityException e) {
- final String samlRequest = req.getParameter("SAMLRequest");
- log.warn("Receive INVALID protocol request: " + samlRequest, e);
+ } catch (final Pvp2Exception e) {
+ final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
+ log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);
// write revision log entries
if (pendingReq != null) {
@@ -348,11 +348,11 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
pendingReq.getUniqueTransactionIdentifier());
}
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] { e.getMessage() });
} catch (final EaafException e) {
- final String samlRequest = req.getParameter("SAMLRequest");
- log.info("Receive INVALID protocol request: " + samlRequest);
+ final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
+ log.info(ERROR_INVALID_REQUEST, samlRequest, null, e);
// write revision log entries
if (pendingReq != null) {
@@ -363,8 +363,8 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
throw e;
} catch (final Throwable e) {
- final String samlRequest = req.getParameter("SAMLRequest");
- log.warn("Receive INVALID protocol request: " + samlRequest, e);
+ final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ);
+ log.warn(ERROR_INVALID_REQUEST, samlRequest, null, e);
// write revision log entries
if (pendingReq != null) {
@@ -372,17 +372,15 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
pendingReq.getUniqueTransactionIdentifier());
}
- throw new EaafException("pvp2.24", new Object[] {e.getMessage()}, e);
+ throw new EaafException("pvp2.24", new Object[] { e.getMessage() }, e);
}
}
-
-
/**
* Authentication request pre-processor.
*
- * @param request http request
- * @param response http response
+ * @param request http request
+ * @param response http response
* @param pendingReq current pending request
* @return true if preprocess can handle this request type, otherwise false
* @throws Throwable In case of an error
@@ -419,20 +417,17 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
log.error("Receive unsupported PVP21 message of type: "
+ ((PvpSProfileRequest) msg).getSamlRequest().getClass().getName());
throw new InvalidPvpRequestException("pvp2.09",
- new Object[] {((PvpSProfileRequest) msg).getSamlRequest().getClass().getName()});
+ new Object[] { ((PvpSProfileRequest) msg).getSamlRequest().getClass().getName() });
}
-
-
// switch to session authentication
protAuthService.performAuthentication(request, response, pendingReq);
}
-
/**
* PreProcess Authn request.
*
- * @param request http request
+ * @param request http request
* @param pendingReq current pending request
* @throws Throwable in case of an error
*/
@@ -458,7 +453,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
if (authnRequest.getIssueInstant() == null) {
log.warn("Unsupported request: No IssueInstant Attribute found.");
throw new AuthnRequestValidatorException("pvp2.22",
- new Object[] {"Unsupported request: No IssueInstant Attribute found"}, pendingReq);
+ new Object[] { "Unsupported request: No IssueInstant Attribute found" }, pendingReq);
}
@@ -466,7 +461,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
.isAfterNow()) {
log.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
throw new AuthnRequestValidatorException("pvp2.22",
- new Object[] {"Unsupported request: No IssueInstant DateTime is not valid anymore."},
+ new Object[] { "Unsupported request: No IssueInstant DateTime is not valid anymore." },
pendingReq);
}
@@ -496,14 +491,13 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
}
-
} else {
// use AssertionConsumerServiceIndex and select consumerService from metadata
final Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
int assertionidx = 0;
if (aIdx != null) {
- assertionidx = aIdx.intValue();
+ assertionidx = aIdx;
} else {
assertionidx = Saml2Utils.getDefaultAssertionConsumerServiceIndex(spSsoDescriptor);
@@ -517,7 +511,6 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement
}
}
-
// validate AuthnRequest
final AuthnRequest authReq = (AuthnRequest) samlReq;
final String oaUrl = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 13:36:46 +0000