aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-01-19 16:07:21 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-01-19 16:07:21 +0100
commita6bdd89c393ca777b484ab2385975db740096c56 (patch)
tree0c2d85e6723a263473c1d1239f1c89396e100c8a /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls
parentd2c8d36103e1a31775aa386a88badc295ae955de (diff)
downloadmoa-id-spss-a6bdd89c393ca777b484ab2385975db740096c56.tar.gz
moa-id-spss-a6bdd89c393ca777b484ab2385975db740096c56.tar.bz2
moa-id-spss-a6bdd89c393ca777b484ab2385975db740096c56.zip
update PVP Single LogOut request/response signature validation
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java33
1 files changed, 29 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 0fec742b1..8122d2b1c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -71,6 +71,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -95,6 +96,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -164,7 +167,20 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
+
+ }
+
+ public void performSingleLogOut(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException {
+ performSingleLogOut(httpReq, httpResp, session, null, authURL);
+
+ }
+
+
+ private void performSingleLogOut(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
String pvpSLOIssuer = null;
String inboundRelayState = null;
@@ -173,6 +189,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
pvpSLOIssuer = logOutReq.getIssuer().getValue();
inboundRelayState = samlReq.getRelayState();
+
}
SSOManager ssomanager = SSOManager.getInstance();
@@ -216,8 +233,13 @@ public class AuthenticationManager extends MOAIDAuthConstants {
+ " FAILED. NO LogOut response received.");
sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+ } else {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifySLOResponse(sloResp,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
}
-
+
SingleLogOutBuilder.checkStatusCode(sloContainer, sloResp);
} catch (SOAPException e) {
@@ -225,7 +247,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
+ " FAILED.", e);
sloContainer.putFailedOA(sloReq.getIssuer().getValue());
- } catch (SecurityException e) {
+ } catch (SecurityException | InvalidProtocolRequestException e) {
Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ " FAILED.", e);
sloContainer.putFailedOA(sloReq.getIssuer().getValue());
@@ -255,7 +277,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
AssertionStorage.getInstance().put(relayState, sloContainer);
- String timeOutURL = pvpReq.getAuthURL()
+ if (MiscUtil.isEmpty(authURL))
+ authURL = pvpReq.getAuthURL();
+
+ String timeOutURL = authURL
+ "/idpSingleLogout"
+ "?restart=" + relayState;