summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java154
1 files changed, 154 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
new file mode 100644
index 00000000..adcff465
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -0,0 +1,154 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.idp.impl;
+
+import javax.annotation.PostConstruct;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+
+@Service("PVPAuthenticationRequestAction")
+public class AuthenticationAction implements IAction {
+ private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class);
+
+ private static final String CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION = "protocols.pvp2.assertion.encryption.active";
+
+ @Autowired(required=true) private IPVPMetadataProvider metadataProvider;
+ @Autowired(required=true) ApplicationContext springContext;
+ @Autowired(required=true) IConfiguration authConfig;
+ @Autowired(required=true) PVP2AssertionBuilder assertionBuilder;
+ @Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
+
+ private AbstractCredentialProvider pvpIDPCredentials;
+
+ /**
+ * Sets a specific credential provider for PVP S-Profile IDP component.
+ * @param pvpIDPCredentials credential provider
+ */
+ public void setPvpIDPCredentials(AbstractCredentialProvider pvpIDPCredentials) {
+ this.pvpIDPCredentials = pvpIDPCredentials;
+
+ }
+
+ public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp, IAuthData authData) throws ResponderErrorException {
+ PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;
+ try {
+ //get basic information
+ PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest();
+ AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
+ EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);
+
+ AssertionConsumerService consumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ consumerService.setBinding(pvpRequest.getBinding());
+ consumerService.setLocation(pvpRequest.getConsumerURL());
+
+ DateTime date = new DateTime();
+ SLOInformationImpl sloInformation = new SLOInformationImpl();
+ String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());
+
+ //build Assertion
+ Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData,
+ peerEntity, date, consumerService, sloInformation);
+
+ Response authResponse = AuthResponseBuilder.buildResponse(
+ metadataProvider, issuerEntityID, authnRequest,
+ date, assertion, authConfig.getBasicMOAIDConfigurationBoolean(
+ CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true));
+
+ IEncoder binding = null;
+
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
+
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
+ binding.encodeRespone(httpReq, httpResp, authResponse,
+ consumerService.getLocation(), moaRequest.getRelayState(),
+ pvpIDPCredentials.getIDPAssertionSigningCredential(), req);
+
+ //set protocol type
+ sloInformation.setProtocolType(req.requestedModule());
+ sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
+ return sloInformation;
+
+ } catch (MessageEncodingException e) {
+ log.error("Message Encoding exception", e);
+ throw new ResponderErrorException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ log.error("Security exception", e);
+ throw new ResponderErrorException("pvp2.01", null, e);
+
+ } catch (EAAFException e) {
+ log.error("Response generation error", e);
+ throw new ResponderErrorException("pvp2.01", null, e);
+
+ }
+
+ }
+
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return true;
+ }
+
+ public String getDefaultActionName() {
+ return "PVPAuthenticationRequestAction";
+
+ }
+
+ @PostConstruct
+ private void verifyInitialization() {
+ if (pvpIDPCredentials == null) {
+ log.error("No SAML2 credentialProvider injected!");
+ throw new RuntimeException("No SAML2 credentialProvider injected!");
+
+ }
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 05:17:39 +0000