diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-16 11:47:25 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-16 11:47:25 +0200 |
commit | 1b6b4dabd0333367abe2ccb0e72bd5986df65327 (patch) | |
tree | 3ac5b8b195b997abd698a02c92a526be784e218d /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java | |
parent | c124f3d23b91823e1db167c41b769aa5a2b3e7e5 (diff) | |
download | moa-id-spss-1b6b4dabd0333367abe2ccb0e72bd5986df65327.tar.gz moa-id-spss-1b6b4dabd0333367abe2ccb0e72bd5986df65327.tar.bz2 moa-id-spss-1b6b4dabd0333367abe2ccb0e72bd5986df65327.zip |
refactor PVP21 inbound message processing
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java | 126 |
1 files changed, 70 insertions, 56 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index f8eb84c02..9254ec279 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -35,6 +35,7 @@ import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; @@ -51,6 +52,10 @@ import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -63,7 +68,32 @@ public class RedirectBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { - // TODO: implement + + try { + X509Credential credentials = CredentialProvider + .getIDPAssertionSigningCredential(); + + Logger.debug("create SAML RedirectBinding response"); + + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(request); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, @@ -85,10 +115,10 @@ public class RedirectBinding implements IDecoder, IEncoder { service.setLocation(targetLocation); context.setOutboundSAMLMessageSigningCredential(credentials); context.setPeerEntityEndpoint(service); - // context.setOutboundMessage(authReq); context.setOutboundSAMLMessage(response); context.setOutboundMessageTransport(responseAdapter); - + context.setRelayState(relayState); + encoder.encode(context); } catch (CredentialsNotAvailableException e) { e.printStackTrace(); @@ -96,80 +126,64 @@ public class RedirectBinding implements IDecoder, IEncoder { } } - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( new BasicParserPool()); decode.setURIComparator(new MOAURICompare()); - BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + decode.decode(messageContext); + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - - BasicSecurityPolicy policy = new BasicSecurityPolicy(); policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); - + policy.getPolicyRules().add(signedRole); SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + policy); messageContext.setSecurityPolicyResolver(resolver); - decode.decode(messageContext); - - signatureRule.evaluate(messageContext); - - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext - .getInboundMessage(); - MOARequest request = new MOARequest(inboundMessage); - request.setVerified(true); - request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); - return request; - } - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException { - - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - - // signatureRule.evaluate(messageContext); - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - messageContext.setSecurityPolicyResolver(resolver); - MOAMetadataProvider provider = null; - - provider = MOAMetadataProvider.getInstance(); + InboundMessage msg = null; + + if (messageContext.getInboundMessage() instanceof RequestAbstractType) { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + msg = new MOARequest(inboundMessage); + + + } else if (messageContext.getInboundMessage() instanceof Response){ + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + msg = new MOAResponse(inboundMessage); + + } else + //create empty container if request type is unknown + msg = new InboundMessage(); - messageContext.setMetadataProvider(provider); + signatureRule.evaluate(messageContext); + msg.setVerified(true); decode.decode(messageContext); - - Response inboundMessage = (Response) messageContext.getInboundMessage(); - - MOAResponse moaResponse = new MOAResponse(inboundMessage); - moaResponse.setVerified(true); - moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); - return moaResponse; + if (messageContext.getPeerEntityMetadata() != null) + msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + + else + Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + + msg.setRelayState(messageContext.getRelayState()); + + return msg; } public boolean handleDecode(String action, HttpServletRequest req) { |