aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java106
1 files changed, 97 insertions, 9 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 04b7854b1..8de44a2e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -25,27 +25,114 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import org.joda.time.DateTime;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
+@Service("PVPAuthenticationRequestAction")
public class AuthenticationAction implements IAction {
-
+ @Autowired IDPCredentialProvider pvpCredentials;
+ @Autowired AuthConfiguration authConfig;
+
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
- SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest, httpReq, httpResp, authData);
+ //get basic information
+ MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
+ AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
+ EntityDescriptor peerEntity = moaRequest.getEntityMetadata();
+
+ AssertionConsumerService consumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ consumerService.setBinding(pvpRequest.getBinding());
+ consumerService.setLocation(pvpRequest.getConsumerURL());
+
+ DateTime date = new DateTime();
+
+ SLOInformationImpl sloInformation = new SLOInformationImpl();
- //set protocol type
- sloInformation.setProtocolType(req.requestedModule());
+ //change to entity value from entity name to IDP EntityID (URL)
+// String issuerEntityID = pvpRequest.getAuthURL();
+// if (issuerEntityID.endsWith("/"))
+// issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
+
+ String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
+ pvpRequest.getAuthURL());
+
+ //build Assertion
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData,
+ peerEntity, date, consumerService, sloInformation);
+
+ Response authResponse = AuthResponseBuilder.buildResponse(
+ MOAMetadataProvider.getInstance(), issuerEntityID, authnRequest,
+ date, assertion, authConfig.isPVP2AssertionEncryptionActive());
+
+ IEncoder binding = null;
+
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
+ try {
+ binding.encodeRespone(httpReq, httpResp, authResponse,
+ consumerService.getLocation(), moaRequest.getRelayState(),
+ pvpCredentials.getIDPAssertionSigningCredential());
+
+ //set protocol type
+ sloInformation.setProtocolType(req.requestedModule());
+ sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix());
+ return sloInformation;
+
+ } catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ } catch (SecurityException e) {
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
+
+ }
- return sloInformation;
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
@@ -54,7 +141,8 @@ public class AuthenticationAction implements IAction {
}
public String getDefaultActionName() {
- return (PVP2XProtocol.REDIRECT);
+ return "PVPAuthenticationRequestAction";
+
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 12:21:29 +0000