fix possible problems with http proxy

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2020-08-28 07:34:08 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2020-08-28 07:34:08 +0200
commit: f27db66b14e417cbc4b8124842d5525bf3bb8884 (patch)
tree: 1165c3a07d2f2323905c1fba03b21c3b758774bf
parent: 5f1a21af02ef87188e5f5e8bf1193b5cb5914e00 (diff)
download: moa-id-spss-f27db66b14e417cbc4b8124842d5525bf3bb8884.tar.gz
moa-id-spss-f27db66b14e417cbc4b8124842d5525bf3bb8884.tar.bz2
moa-id-spss-f27db66b14e417cbc4b8124842d5525bf3bb8884.zip
2 files changed, 38 insertions, 43 deletions
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
index a0c1fa30b..5409e3a4c 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller;
 
 import java.io.IOException;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -76,29 +77,26 @@ public class EidasCentralAuthMetadataController extends AbstractController {
 	public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
 		//check PublicURL prefix
 		try {
-			String authURL = HTTPUtils.extractAuthURLFromRequest(req);		
-			if (!authConfig.getPublicURLPrefix().contains(authURL)) {		
-				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL");
-				return;
-				
-			} else {
-				//initialize metadata builder configuration
-				EidasCentralAuthMetadataConfiguration metadataConfig = 
-						new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
-				metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes());
-				
-				
-				//build metadata
-				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
-				
-				//write response
-				byte[] content = xmlMetadata.getBytes("UTF-8");
-				resp.setStatus(HttpServletResponse.SC_OK);
-				resp.setContentLength(content.length);
-				resp.setContentType(MediaType.XML_UTF_8.toString());
+			String authUrlString = HTTPUtils.extractAuthURLFromRequest(req);					
+			String authURL = authConfig.validateIDPURL(new URL(authUrlString));
+			Logger.trace("Build eIDAS Metadata for requestUrl: " + authURL);
+			
+			//initialize metadata builder configuration
+			EidasCentralAuthMetadataConfiguration metadataConfig = 
+					new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
+			metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes());
+			
+			
+			//build metadata
+			String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
+			
+			//write response
+			byte[] content = xmlMetadata.getBytes("UTF-8");
+			resp.setStatus(HttpServletResponse.SC_OK);
+			resp.setContentLength(content.length);
+			resp.setContentType(MediaType.XML_UTF_8.toString());
 				resp.getOutputStream().write(content);
 
-			}
 			
 		} catch (Exception e) {
 			Logger.warn("Build federated-authentication PVP metadata FAILED.", e);
diff --git a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java
index 90ecb0942..9fbe04b98 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java
+++ b/id/server/modules/moa-id-module-E-ID_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidproxyauth/controller/EIDAuthMetadataController.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eidproxyauth.controller;
 
 import java.io.IOException;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -76,28 +77,24 @@ public class EIDAuthMetadataController extends AbstractController {
 	public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
 		//check PublicURL prefix
 		try {
-			String authURL = HTTPUtils.extractAuthURLFromRequest(req);		
-			if (!authConfig.getPublicURLPrefix().contains(authURL)) {		
-				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL");
-				return;
-				
-			} else {
-				//initialize metadata builder configuration
-				EIDAuthMetadataConfiguration metadataConfig = 
-						new EIDAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
-				metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes());	
-				
-				//build metadata
-				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
-				
-				//write response
-				byte[] content = xmlMetadata.getBytes("UTF-8");
-				resp.setStatus(HttpServletResponse.SC_OK);
-				resp.setContentLength(content.length);
-				resp.setContentType(MediaType.XML_UTF_8.toString());
-				resp.getOutputStream().write(content);
-
-			}
+      String authUrlString = HTTPUtils.extractAuthURLFromRequest(req);          
+      String authURL = authConfig.validateIDPURL(new URL(authUrlString));
+      Logger.trace("Build E-ID Metadata for requestUrl: " + authURL);
+      
+			//initialize metadata builder configuration
+			EIDAuthMetadataConfiguration metadataConfig = 
+					new EIDAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
+			metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes());	
+			
+			//build metadata
+			String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
+			
+			//write response
+			byte[] content = xmlMetadata.getBytes("UTF-8");
+			resp.setStatus(HttpServletResponse.SC_OK);
+			resp.setContentLength(content.length);
+			resp.setContentType(MediaType.XML_UTF_8.toString());
+			resp.getOutputStream().write(content);
 			
 		} catch (Exception e) {
 			Logger.warn("Build E-ID Proxy PVP metadata FAILED.", e);
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2020-08-28 07:34:08 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2020-08-28 07:34:08 +0200
commit	f27db66b14e417cbc4b8124842d5525bf3bb8884 (patch)
tree	1165c3a07d2f2323905c1fba03b21c3b758774bf
parent	5f1a21af02ef87188e5f5e8bf1193b5cb5914e00 (diff)
download	moa-id-spss-f27db66b14e417cbc4b8124842d5525bf3bb8884.tar.gz moa-id-spss-f27db66b14e417cbc4b8124842d5525bf3bb8884.tar.bz2 moa-id-spss-f27db66b14e417cbc4b8124842d5525bf3bb8884.zip