Fixed Postbinding verification and metadata issue

5 files changed, 65 insertions, 10 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index 8f83812a6..a8c3dab48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -97,7 +97,7 @@ public class ArtifactBinding implements IDecoder, IEncoder {
 		return null;
 	}
 
-	public boolean handleDecode(String action) {
+	public boolean handleDecode(String action, HttpServletRequest req) {
 		// TODO Auto-generated method stub
 		return false;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
index 2778016ba..531ec0756 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -15,5 +15,5 @@ public interface IDecoder {
 			HttpServletResponse resp)
 					throws MessageDecodingException, SecurityException;
 	
-	public boolean handleDecode(String action);
+	public boolean handleDecode(String action, HttpServletRequest req);
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index c7d779fa2..1b55d4b2e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -9,13 +9,19 @@ import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.BasicSAMLMessageContext;
 import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
 import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.security.SecurityPolicyResolver;
+import org.opensaml.ws.security.provider.BasicSecurityPolicy;
+import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
 import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
 import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
 import org.opensaml.xml.parse.BasicParserPool;
@@ -24,8 +30,10 @@ import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.signature.Signature;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 
 public class PostBinding implements IDecoder, IEncoder {
 
@@ -86,13 +94,36 @@ public class PostBinding implements IDecoder, IEncoder {
 		BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
 		messageContext
 				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+		// TODO: used to verify signature!
+		SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+				TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+		// signatureRule.evaluate(messageContext);
+		BasicSecurityPolicy policy = new BasicSecurityPolicy();
+		policy.getPolicyRules().add(signatureRule);
+		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+				policy);
+		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+		messageContext.setSecurityPolicyResolver(resolver);
+		
+		MOAMetadataProvider provider = null;
+		try {
+			provider = new MOAMetadataProvider();
+		} catch (MetadataProviderException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		messageContext.setMetadataProvider(provider);
+		
 		decode.decode(messageContext);
 
 		RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
 				.getInboundMessage();
-
+		
 		MOARequest request = new MOARequest(inboundMessage);
-
+		request.setVerified(false);
+		request.setEntityMetadata(messageContext.getPeerEntityMetadata());
 		return request;
 
 	}
@@ -105,16 +136,31 @@ public class PostBinding implements IDecoder, IEncoder {
 		BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
 		messageContext
 				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+		
+		// TODO: used to verify signature!
+		SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+				TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+		// signatureRule.evaluate(messageContext);
+		BasicSecurityPolicy policy = new BasicSecurityPolicy();
+		policy.getPolicyRules().add(signatureRule);
+		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+				policy);
+		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+		messageContext.setSecurityPolicyResolver(resolver);
+		
 		decode.decode(messageContext);
 
 		Response inboundMessage = (Response) messageContext.getInboundMessage();
-
+		
 		MOAResponse moaResponse = new MOAResponse(inboundMessage);
+		moaResponse.setVerified(false);
+		moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
 		return moaResponse;
 
 	}
 
-	public boolean handleDecode(String action) {
-		return (action.equals(PVP2XProtocol.POST));
+	public boolean handleDecode(String action, HttpServletRequest req) {
+		return (req.getMethod().equals("POST"));
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 92a6b6002..a4670d3fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -99,6 +99,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
 				policy);
 		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 		messageContext.setSecurityPolicyResolver(resolver);
+		
 		decode.decode(messageContext);
 
 		signatureRule.evaluate(messageContext);
@@ -132,6 +133,14 @@ public class RedirectBinding implements IDecoder, IEncoder {
 				policy);
 		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 		messageContext.setSecurityPolicyResolver(resolver);
+		MOAMetadataProvider provider = null;
+		try {
+			provider = new MOAMetadataProvider();
+		} catch (MetadataProviderException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		messageContext.setMetadataProvider(provider);
 
 		decode.decode(messageContext);
 
@@ -143,7 +152,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
 		return moaResponse;
 	}
 
-	public boolean handleDecode(String action) {
-		return (action.equals(PVP2XProtocol.REDIRECT));
+	public boolean handleDecode(String action, HttpServletRequest req) {
+		return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod().equals("GET"));
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 027dab15a..558f19b4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -56,7 +56,7 @@ public class SoapBinding implements IDecoder, IEncoder {
 		return moaResponse;
 	}
 
-	public boolean handleDecode(String action) {
+	public boolean handleDecode(String action, HttpServletRequest req) {
 		return (action.equals(PVP2XProtocol.SOAP));
 	}