aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java93
2 files changed, 99 insertions, 49 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index a1a51f6c1..792b6cdd7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -32,19 +32,13 @@ import java.util.List;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
-import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Response;
-import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
-import org.opensaml.ws.soap.client.http.HttpClientBuilder;
-import org.opensaml.ws.soap.client.http.HttpSOAPClient;
import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.ws.soap.soap11.Body;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -62,12 +56,9 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
@@ -82,7 +73,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
@@ -268,50 +259,16 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
//build SOAP request
- BasicParserPool parserPool = new BasicParserPool();
- parserPool.setNamespaceAware(true);
-
- Envelope soapRequest = SAML2Utils.buildSOAP11Envelope(query);
-
- BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
- soapContext.setOutboundMessage(soapRequest);
-
- HttpClientBuilder clientBuilder = new HttpClientBuilder();
- if (endpoint.startsWith("https")) {
- try {
- SecureProtocolSocketFactory sslprotocolsocketfactory =
- new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
- AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
- AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
- null,
- ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
- AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
- clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
-
- } catch (MOAHttpProtocolSocketFactoryException e) {
- Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-
- }
- }
-
- HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool);
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
- //send request to IDP
- soapClient.send(endpoint, soapContext);
-
- //parse response
- Envelope soapResponse = (Envelope) soapContext.getInboundMessage();
- Body soapBody = soapResponse.getBody();
-
- if (soapBody.getUnknownXMLObjects().size() == 0) {
+ if (xmlObjects.size() == 0) {
Logger.error("Receive emptry AttributeQuery response-body.");
throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
}
- if (soapBody.getUnknownXMLObjects().get(0) instanceof Response) {
- Response intfResp = (Response) soapBody.getUnknownXMLObjects().get(0);
+ if (xmlObjects.get(0) instanceof Response) {
+ Response intfResp = (Response) xmlObjects.get(0);
//validate PVP 2.1 response
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
new file mode 100644
index 000000000..12de97a3f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+
+import java.util.List;
+
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
+import org.opensaml.ws.soap.client.http.HttpClientBuilder;
+import org.opensaml.ws.soap.client.http.HttpSOAPClient;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.SecurityException;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOASAMLSOAPClient {
+
+ public static List<XMLObject> send(String destination, XMLObject payLoad) throws ConfigurationException, SOAPException, SecurityException {
+ //build SOAP request
+ BasicParserPool parserPool = new BasicParserPool();
+ parserPool.setNamespaceAware(true);
+
+ Envelope soapRequest = SAML2Utils.buildSOAP11Envelope(payLoad);
+
+ BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
+ soapContext.setOutboundMessage(soapRequest);
+
+ HttpClientBuilder clientBuilder = new HttpClientBuilder();
+ if (destination.startsWith("https")) {
+ try {
+ SecureProtocolSocketFactory sslprotocolsocketfactory =
+ new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+ clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
+ HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool);
+
+ //send request to IDP
+ soapClient.send(destination, soapContext);
+
+ //parse response
+ Envelope soapResponse = (Envelope) soapContext.getInboundMessage();
+ Body soapBody = soapResponse.getBody();
+
+ return soapBody.getUnknownXMLObjects();
+
+ }
+}