From bee5dd259a4438d45ecd1bcc26dfba12875236d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 26 Jun 2018 11:03:48 +0200
Subject: initial commit

---
 .../modules/pvp2/impl/binding/SoapBinding.java     | 148 +++++++++++++++++++++
 1 file changed, 148 insertions(+)
 create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java

(limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java')

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
new file mode 100644
index 00000000..2c2e0d77
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java
@@ -0,0 +1,148 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.binding;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.decoding.URIComparator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.signature.SignableXMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
+
+@Service("PVPSOAPBinding")
+public class SoapBinding implements IDecoder, IEncoder {
+
+	private static final Logger log = LoggerFactory.getLogger(SoapBinding.class);
+	public InboundMessageInterface decode(HttpServletRequest req,
+			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
+			SecurityException, PVP2Exception {
+		HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
+		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = 
+				new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+		messageContext
+				.setInboundMessageTransport(new HttpServletRequestAdapter(
+						req));		
+		messageContext.setMetadataProvider(metadataProvider);
+
+		//TODO: update in a futher version: 
+		//      requires a special SignedSOAPRequestPolicyRole because 
+		//		messageContext.getInboundMessage() is not directly signed
+		
+		//set security context
+//		BasicSecurityPolicy policy = new BasicSecurityPolicy();
+//		policy.getPolicyRules().add(
+//				new MOAPVPSignedRequestPolicyRule(
+//						TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+//						SPSSODescriptor.DEFAULT_ELEMENT_NAME));		
+//		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+//				policy);			
+//		messageContext.setSecurityPolicyResolver(resolver);
+		
+		//decode message
+		soapDecoder.decode(messageContext);
+		
+		Envelope inboundMessage = (Envelope) messageContext
+				.getInboundMessage();
+		
+		if (inboundMessage.getBody() != null) {		
+			List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
+		
+			if (!xmlElemList.isEmpty()) {
+				SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);			
+				PVPSProfileRequest request = new PVPSProfileRequest(attrReq, getSAML2BindingName());				
+				
+				if (messageContext.getPeerEntityMetadata() != null)
+					request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+				
+				else if (attrReq instanceof RequestAbstractType) {
+					RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
+					try {						
+						if (StringUtils.isNotEmpty(attributeRequest.getIssuer().getValue()) && 
+								metadataProvider.getRole(
+										attributeRequest.getIssuer().getValue(), 
+										SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
+							request.setEntityID(attributeRequest.getIssuer().getValue());
+						
+					} catch (Exception e) {
+						log.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
+					}					
+				} 
+				
+				request.setVerified(false);			
+				return request;
+						
+			} 
+		}  
+		
+		log.error("Receive empty PVP 2.1 attributequery request.");
+		throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
+	} 
+
+	public boolean handleDecode(String action, HttpServletRequest req) {
+		return (req.getMethod().equals("POST") && 
+				(action.equals(PVPConstants.SOAP) || action.equals(PVPConstants.ATTRIBUTEQUERY)));
+	}
+
+	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
+			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+			throws MessageEncodingException, SecurityException, PVP2Exception {
+		
+	}
+
+	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
+			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
+			throws MessageEncodingException, SecurityException, PVP2Exception {
+			
+			//load default PVP security configurations
+			EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration();
+			
+			HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
+			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+					resp, true);
+			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+			context.setOutboundSAMLMessageSigningCredential(credentials);
+			context.setOutboundSAMLMessage(response);
+			context.setOutboundMessageTransport(responseAdapter);
+			
+			encoder.encode(context);
+			
+	}
+	
+	public String getSAML2BindingName() {
+		return SAMLConstants.SAML2_SOAP11_BINDING_URI;
+	}
+
+}
-- 
cgit v1.2.3