/******************************************************************************* *******************************************************************************/ package at.gv.egiz.eaaf.modules.pvp2.impl.binding; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.SignableXMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.modules.pvp2.PVPConstants; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException; import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; @Service("PVPSOAPBinding") public class SoapBinding implements IDecoder, IEncoder { private static final Logger log = LoggerFactory.getLogger(SoapBinding.class); public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, SecurityException, PVP2Exception { HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter( req)); messageContext.setMetadataProvider(metadataProvider); //TODO: update in a futher version: // requires a special SignedSOAPRequestPolicyRole because // messageContext.getInboundMessage() is not directly signed //set security context // BasicSecurityPolicy policy = new BasicSecurityPolicy(); // policy.getPolicyRules().add( // new MOAPVPSignedRequestPolicyRule( // TrustEngineFactory.getSignatureKnownKeysTrustEngine(), // SPSSODescriptor.DEFAULT_ELEMENT_NAME)); // SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( // policy); // messageContext.setSecurityPolicyResolver(resolver); //decode message soapDecoder.decode(messageContext); Envelope inboundMessage = (Envelope) messageContext .getInboundMessage(); if (inboundMessage.getBody() != null) { List xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); if (!xmlElemList.isEmpty()) { SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0); PVPSProfileRequest request = new PVPSProfileRequest(attrReq, getSAML2BindingName()); if (messageContext.getPeerEntityMetadata() != null) request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); else if (attrReq instanceof RequestAbstractType) { RequestAbstractType attributeRequest = (RequestAbstractType) attrReq; try { if (StringUtils.isNotEmpty(attributeRequest.getIssuer().getValue()) && metadataProvider.getRole( attributeRequest.getIssuer().getValue(), SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null) request.setEntityID(attributeRequest.getIssuer().getValue()); } catch (Exception e) { log.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue()); } } request.setVerified(false); return request; } } log.error("Receive empty PVP 2.1 attributequery request."); throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null); } public boolean handleDecode(String action, HttpServletRequest req) { return (req.getMethod().equals("POST") && (action.equals(PVPConstants.SOAP) || action.equals(PVPConstants.ATTRIBUTEQUERY))); } public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception { //load default PVP security configurations EAAFDefaultSAML2Bootstrap.initializeDefaultPVPConfiguration(); HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext context = new BasicSAMLMessageContext(); context.setOutboundSAMLMessageSigningCredential(credentials); context.setOutboundSAMLMessage(response); context.setOutboundMessageTransport(responseAdapter); encoder.encode(context); } public String getSAML2BindingName() { return SAMLConstants.SAML2_SOAP11_BINDING_URI; } }