From bee5dd259a4438d45ecd1bcc26dfba12875236d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 26 Jun 2018 11:03:48 +0200
Subject: initial commit

---
 .../pvp2/idp/impl/AuthenticationAction.java        | 154 +++++++++++++++++++++
 1 file changed, 154 insertions(+)
 create mode 100644 eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java

(limited to 'eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java')

diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
new file mode 100644
index 00000000..adcff465
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java
@@ -0,0 +1,154 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.idp.impl;
+
+import javax.annotation.PostConstruct;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+
+@Service("PVPAuthenticationRequestAction")
+public class AuthenticationAction implements IAction {
+	private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class);
+	
+	private static final String CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION = "protocols.pvp2.assertion.encryption.active";
+	
+	@Autowired(required=true) private IPVPMetadataProvider metadataProvider;
+	@Autowired(required=true) ApplicationContext springContext;
+	@Autowired(required=true) IConfiguration authConfig;
+	@Autowired(required=true) PVP2AssertionBuilder assertionBuilder;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
+	
+	private AbstractCredentialProvider pvpIDPCredentials;
+	
+	/**
+	 * Sets a specific credential provider for PVP S-Profile IDP component.
+	 * @param pvpIDPCredentials credential provider
+	 */
+	public void setPvpIDPCredentials(AbstractCredentialProvider pvpIDPCredentials) {
+		this.pvpIDPCredentials = pvpIDPCredentials;
+		
+	}
+		
+	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
+			HttpServletResponse httpResp, IAuthData authData) throws ResponderErrorException {		
+		PVPSProfilePendingRequest pvpRequest = (PVPSProfilePendingRequest) req;
+		try {
+			//get basic information 
+			PVPSProfileRequest moaRequest = (PVPSProfileRequest) pvpRequest.getRequest();
+			AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
+			EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
+		
+			AssertionConsumerService consumerService = 
+					SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+			consumerService.setBinding(pvpRequest.getBinding());
+			consumerService.setLocation(pvpRequest.getConsumerURL());
+				
+			DateTime date = new DateTime();		 
+			SLOInformationImpl sloInformation = new SLOInformationImpl();
+			String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pvpRequest.getAuthURL());
+		
+			//build Assertion
+			Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
+					peerEntity, date, consumerService, sloInformation);
+		
+			Response authResponse = AuthResponseBuilder.buildResponse(
+					metadataProvider, issuerEntityID, authnRequest, 
+					date, assertion, authConfig.getBasicMOAIDConfigurationBoolean(
+							CONFIG_PROPERTY_PVP2_ENABLE_ENCRYPTION, true));
+							
+			IEncoder binding = null;
+
+			if (consumerService.getBinding().equals(
+					SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+				binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
+						
+			} else if (consumerService.getBinding().equals(
+					SAMLConstants.SAML2_POST_BINDING_URI)) {
+				binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
+			
+			}
+
+			if (binding == null) {
+				throw new BindingNotSupportedException(consumerService.getBinding());
+			}
+				
+			binding.encodeRespone(httpReq, httpResp, authResponse, 
+					consumerService.getLocation(), moaRequest.getRelayState(),
+					pvpIDPCredentials.getIDPAssertionSigningCredential(), req);
+
+			//set protocol type
+			sloInformation.setProtocolType(req.requestedModule());
+			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
+			return sloInformation;
+			
+		} catch (MessageEncodingException e) {
+			 log.error("Message Encoding exception", e);
+			throw new ResponderErrorException("pvp2.01", null, e);
+			
+		} catch (SecurityException e) {
+			 log.error("Security exception", e);
+			throw new ResponderErrorException("pvp2.01", null, e);
+			
+		} catch (EAAFException e) {
+			 log.error("Response generation error", e);
+			throw new ResponderErrorException("pvp2.01", null, e);
+			
+		}
+		
+	}
+
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+			HttpServletResponse httpResp) {
+		return true;
+	}
+
+	public String getDefaultActionName() {
+		return "PVPAuthenticationRequestAction";
+		
+	}
+	
+	@PostConstruct
+	private void verifyInitialization() {
+		if (pvpIDPCredentials == null) {
+			log.error("No SAML2 credentialProvider injected!");
+			throw new RuntimeException("No SAML2 credentialProvider injected!");
+			
+		}		
+	}
+
+}
-- 
cgit v1.2.3