From f220f54579f5975586b4dcd7634668815c208eda Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 8 Apr 2020 16:23:51 +0200 Subject: refactor to OpenSAML 4.x --- .../modules/pvp2/impl/binding/AbstractBinding.java | 47 +++++++++++----------- .../modules/pvp2/impl/binding/PostBinding.java | 30 +++++++------- .../modules/pvp2/impl/binding/RedirectBinding.java | 32 +++++++-------- .../modules/pvp2/impl/binding/SoapBinding.java | 34 ++++++++-------- 4 files changed, 68 insertions(+), 75 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java index 3543d85a..80697ee9 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/AbstractBinding.java @@ -2,29 +2,12 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.binding; import javax.xml.namespace.QName; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlBindingException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain; - import org.opensaml.core.config.ConfigurationService; import org.opensaml.messaging.context.BaseContext; import org.opensaml.messaging.context.MessageContext; import org.opensaml.messaging.decoder.MessageDecodingException; import org.opensaml.messaging.decoder.servlet.HttpServletRequestMessageDecoder; import org.opensaml.messaging.handler.MessageHandlerException; -import org.opensaml.saml.common.SAMLObject; import org.opensaml.saml.common.SignableSAMLObject; import org.opensaml.saml.common.binding.SAMLBindingSupport; import org.opensaml.saml.common.binding.encoding.SAMLMessageEncoder; @@ -48,6 +31,22 @@ import com.google.common.base.Optional; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlBindingException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; @@ -65,8 +64,8 @@ public abstract class AbstractBinding { public abstract String getSaml2BindingName(); - protected MessageContext internalMessageDecode( - HttpServletRequestMessageDecoder decoder, + protected MessageContext internalMessageDecode( + HttpServletRequestMessageDecoder decoder, String binding) throws Pvp2Exception { try { decoder.initialize(); @@ -97,9 +96,9 @@ public abstract class AbstractBinding { } - protected MessageContext buildBasicMessageContext( + protected MessageContext buildBasicMessageContext( SAMLMessageEncoder encoder, SignableSAMLObject response) { - final MessageContext messageContext = new MessageContext<>(); + final MessageContext messageContext = new MessageContext(); messageContext.setMessage(response); encoder.setMessageContext(messageContext); return messageContext; @@ -139,7 +138,7 @@ public abstract class AbstractBinding { } - protected void injectInboundMessageContexts(MessageContext messageContext, + protected void injectInboundMessageContexts(MessageContext messageContext, IPvp2MetadataProvider metadataProvider, QName peerEntityRole) throws Pvp2InternalErrorException { final SAMLPeerEntityContext peerEntityContext = new SAMLPeerEntityContext(); peerEntityContext.setRole(peerEntityRole); @@ -164,7 +163,7 @@ public abstract class AbstractBinding { } protected void performMessageValidation(PvpSamlMessageHandlerChain messageValidatorChain, - MessageContext messageContext) throws Pvp2Exception { + MessageContext messageContext) throws Pvp2Exception { try { messageValidatorChain.initialize(); messageValidatorChain.invoke(messageContext); @@ -191,7 +190,7 @@ public abstract class AbstractBinding { } protected InboundMessageInterface performMessageDecodePostProcessing( - MessageContext messageContext, boolean isVerified) { + MessageContext messageContext, boolean isVerified) { InboundMessage msg = null; if (messageContext.getMessage() instanceof RequestAbstractType) { final RequestAbstractType inboundMessage = diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java index c679de20..829f771a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/PostBinding.java @@ -23,6 +23,17 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.namespace.QName; +import org.opensaml.messaging.context.MessageContext; +import org.opensaml.saml.common.binding.SAMLBindingSupport; +import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler; +import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler; +import org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler; +import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.core.StatusResponseType; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; @@ -41,19 +52,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafHttpPostDecoder; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.HttpPostEncoderWithOwnTemplate; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.EaafSamlProtocolMessageXmlSignatureSecurityHandler; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain; - -import org.opensaml.messaging.context.MessageContext; -import org.opensaml.saml.common.SAMLObject; -import org.opensaml.saml.common.binding.SAMLBindingSupport; -import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler; -import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler; -import org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler; -import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport; -import org.opensaml.saml.common.xml.SAMLConstants; -import org.opensaml.saml.saml2.core.RequestAbstractType; -import org.opensaml.saml.saml2.core.StatusResponseType; -import org.springframework.beans.factory.annotation.Autowired; - import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.net.URIComparator; @@ -85,7 +83,7 @@ public class PostBinding extends AbstractBinding implements IDecoder, IEncoder { encoder.setHttpServletResponse(httpResp); // inject message context - final MessageContext messageContext = buildBasicMessageContext(encoder, request); + final MessageContext messageContext = buildBasicMessageContext(encoder, request); // inject signing context messageContext.addSubcontext(injectSigningInfos(credentials)); @@ -131,7 +129,7 @@ public class PostBinding extends AbstractBinding implements IDecoder, IEncoder { encoder.setHttpServletResponse(httpResp); // inject message context - final MessageContext messageContext = buildBasicMessageContext(encoder, response); + final MessageContext messageContext = buildBasicMessageContext(encoder, response); // inject signing context messageContext.addSubcontext(injectSigningInfos(credentials)); @@ -165,7 +163,7 @@ public class PostBinding extends AbstractBinding implements IDecoder, IEncoder { throws Pvp2Exception { final EaafHttpPostDecoder decode = new EaafHttpPostDecoder(req); - final MessageContext messageContext = internalMessageDecode(decode, PvpConstants.POST); + final MessageContext messageContext = internalMessageDecode(decode, PvpConstants.POST); // check if PVP2 AuthnRequest is signed if (!SAMLBindingSupport.isMessageSigned(messageContext)) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java index f62f8a11..c66c773e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/RedirectBinding.java @@ -23,6 +23,18 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.namespace.QName; +import org.opensaml.messaging.context.MessageContext; +import org.opensaml.saml.common.binding.SAMLBindingSupport; +import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler; +import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler; +import org.opensaml.saml.common.messaging.context.SAMLBindingContext; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.core.StatusResponseType; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; @@ -36,20 +48,6 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.SamlBindingException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafHttpRedirectDeflateDecoder; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.EaafSaml2HttpRedirectDeflateSignatureSecurityHandler; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain; - -import org.opensaml.messaging.context.MessageContext; -import org.opensaml.saml.common.SAMLObject; -import org.opensaml.saml.common.binding.SAMLBindingSupport; -import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler; -import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler; -import org.opensaml.saml.common.messaging.context.SAMLBindingContext; -import org.opensaml.saml.common.xml.SAMLConstants; -import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder; -import org.opensaml.saml.saml2.core.RequestAbstractType; -import org.opensaml.saml.saml2.core.StatusResponseType; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import net.shibboleth.utilities.java.support.net.URIComparator; public class RedirectBinding extends AbstractBinding implements IDecoder, IEncoder { @@ -67,7 +65,7 @@ public class RedirectBinding extends AbstractBinding implements IDecoder, IEncod final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); encoder.setHttpServletResponse(resp); - final MessageContext messageContext = buildBasicMessageContext(encoder, request); + final MessageContext messageContext = buildBasicMessageContext(encoder, request); // set endpoint url messageContext.addSubcontext(injectEndpointInfos(request, targetLocation)); @@ -104,7 +102,7 @@ public class RedirectBinding extends AbstractBinding implements IDecoder, IEncod final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); encoder.setHttpServletResponse(resp); - final MessageContext messageContext = buildBasicMessageContext(encoder, response); + final MessageContext messageContext = buildBasicMessageContext(encoder, response); // set endpoint url messageContext.addSubcontext(injectEndpointInfos(response, targetLocation)); @@ -136,7 +134,7 @@ public class RedirectBinding extends AbstractBinding implements IDecoder, IEncod throws Pvp2Exception { final EaafHttpRedirectDeflateDecoder decode = new EaafHttpRedirectDeflateDecoder(req); - final MessageContext messageContext = internalMessageDecode(decode, PvpConstants.REDIRECT); + final MessageContext messageContext = internalMessageDecode(decode, PvpConstants.REDIRECT); final SAMLBindingContext bindingContext = messageContext.getSubcontext(SAMLBindingContext.class, true); if (!bindingContext.hasBindingSignature()) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java index 49e93f0a..cd651a1e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/binding/SoapBinding.java @@ -23,6 +23,20 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.namespace.QName; +import org.opensaml.messaging.context.MessageContext; +import org.opensaml.saml.common.binding.SAMLBindingSupport; +import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler; +import org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler; +import org.opensaml.saml.common.binding.impl.SAMLSOAPDecoderBodyHandler; +import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler; +import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder; +import org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder; +import org.opensaml.saml.saml2.core.RequestAbstractType; +import org.opensaml.saml.saml2.core.StatusResponseType; +import org.opensaml.soap.messaging.context.SOAP11Context; + import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; @@ -38,22 +52,6 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.EaafMessageContextInitializationHandler; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.EaafSamlProtocolMessageXmlSignatureSecurityHandler; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.PvpSamlMessageHandlerChain; - -import org.opensaml.messaging.context.MessageContext; -import org.opensaml.saml.common.SAMLObject; -import org.opensaml.saml.common.binding.SAMLBindingSupport; -import org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler; -import org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler; -import org.opensaml.saml.common.binding.impl.SAMLSOAPDecoderBodyHandler; -import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler; -import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport; -import org.opensaml.saml.common.xml.SAMLConstants; -import org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder; -import org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder; -import org.opensaml.saml.saml2.core.RequestAbstractType; -import org.opensaml.saml.saml2.core.StatusResponseType; -import org.opensaml.soap.messaging.context.SOAP11Context; - import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.net.URIComparator; @@ -72,7 +70,7 @@ public class SoapBinding extends AbstractBinding implements IDecoder, IEncoder { injectMessageHandlerChain(soapDecoder, metadataProvider, peerEntityRole); - final MessageContext messageContext = + final MessageContext messageContext = internalMessageDecode(soapDecoder, PvpConstants.SOAP); // check if PVP2 AuthnRequest is signed @@ -141,7 +139,7 @@ public class SoapBinding extends AbstractBinding implements IDecoder, IEncoder { encoder.setHttpServletResponse(resp); // inject message context - final MessageContext messageContext = buildBasicMessageContext(encoder, response); + final MessageContext messageContext = buildBasicMessageContext(encoder, response); //inject SOAP enveloped final SOAP11Context soap11Context = new SOAP11Context(); -- cgit v1.2.3