aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java302
1 files changed, 302 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
new file mode 100644
index 000000000..6055484f7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -0,0 +1,302 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import iaik.pkcs.pkcs11.objects.Object;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.xml.ConfigurationException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
+
+public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = PVP2XProtocol.class.getName();
+ public static final String PATH = "id_pvp2x";
+
+ public static final String REDIRECT = "Redirect";
+ public static final String POST = "Post";
+ public static final String SOAP = "Soap";
+ public static final String METADATA = "Metadata";
+
+ private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
+
+ private static List<IDecoder> decoder = new ArrayList<IDecoder>();
+
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+
+ static {
+ servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
+ ServletType.AUTH));
+ servletList.add(new ServletInfo(PVPProcessor.class, POST,
+ ServletType.AUTH));
+
+ decoder.add(new PostBinding());
+ decoder.add(new RedirectBinding());
+
+ actions.put(REDIRECT, new AuthenticationAction());
+ actions.put(POST, new AuthenticationAction());
+ actions.put(METADATA, new MetadataAction());
+
+ instance = new PVP2XProtocol();
+
+ new VelocityLogAdapter();
+ }
+
+ private static PVP2XProtocol instance = null;
+
+ public static PVP2XProtocol getInstance() {
+ if (instance == null) {
+ instance = new PVP2XProtocol();
+ }
+ return instance;
+ }
+
+ public List<ServletInfo> getServlets() {
+ return servletList;
+ }
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ private IDecoder findDecoder(String action, HttpServletRequest req) {
+ Iterator<IDecoder> decoderIT = decoder.iterator();
+ while (decoderIT.hasNext()) {
+ IDecoder decoder = decoderIT.next();
+ if (decoder.handleDecode(action, req)) {
+ return decoder;
+ }
+ }
+
+ return null;
+ }
+
+ public PVP2XProtocol() {
+ super();
+ }
+
+ public IRequest preProcess(HttpServletRequest request,
+ HttpServletResponse response, String action) throws MOAIDException {
+
+ if(METADATA.equals(action)) {
+ return new PVPTargetConfiguration();
+ }
+
+ IDecoder decoder = findDecoder(action, request);
+ if (decoder == null) {
+ return null;
+ }
+ try {
+ PVPTargetConfiguration config = new PVPTargetConfiguration();
+
+
+ MOARequest moaRequest = decoder.decodeRequest(request, response);
+
+ RequestAbstractType samlReq = moaRequest.getSamlRequest();
+
+ //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
+
+ //Logger.info("SAML : " + xml);
+
+ if(!moaRequest.isVerified()) {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ moaRequest.setVerified(true);
+ }
+
+ if(!(samlReq instanceof AuthnRequest)) {
+ throw new MOAIDException("Unsupported request", new Object[] {});
+ }
+
+ AuthnRequest authnRequest = (AuthnRequest)samlReq;
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int assertionidx = 0;
+
+ if(aIdx != null) {
+ assertionidx = aIdx.intValue();
+ }
+
+ aIdx = authnRequest.getAttributeConsumingServiceIndex();
+ int attributeIdx = 0;
+
+ if(aIdx != null) {
+ attributeIdx = aIdx.intValue();
+ }
+
+ EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+ SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+ AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+ AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+
+ //TODO: maybe change to getEntityID()
+ //String oaURL = consumerService.getLocation();
+ String oaURL = moaRequest.getEntityMetadata().getEntityID();
+ String binding = consumerService.getBinding();
+ String entityID = moaRequest.getEntityMetadata().getEntityID();
+
+ //String oaURL = (String) request.getParameter(PARAM_OA);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// if (!ParamValidatorUtils.isValidOA(oaURL))
+// throw new WrongParametersException("StartAuthentication",
+// PARAM_OA, "auth.12");
+
+ config.setOAURL(oaURL);
+ config.setBinding(binding);
+ config.setRequest(moaRequest);
+ config.setConsumerURL(consumerService.getLocation());
+
+ //TODO: set correct target;
+ config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
+
+ String useMandate = request.getParameter(PARAM_USEMANDATE);
+ if(useMandate != null) {
+ if(useMandate.equals("true")) {
+ if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+ throw new MandateAttributesNotHandleAbleException();
+ }
+ }
+ }
+
+ request.getSession().setAttribute(PARAM_OA, oaURL);
+
+ return config;
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new MOAIDException(e.getMessage(), new Object[] {});
+ }
+ }
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable {
+
+ if(protocolRequest == null) {
+ throw e;
+ }
+
+ if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
+ throw e;
+ }
+ PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
+
+ Response samlResponse =
+ SAML2Utils.createSAMLObject(Response.class);
+ Status status = SAML2Utils.createSAMLObject(Status.class);
+ StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
+ if(e instanceof NoPassivAuthenticationException) {
+ statusCode.setValue(StatusCode.NO_PASSIVE_URI);
+ statusMessage.setMessage(e.getLocalizedMessage());
+ } else if(e instanceof PVP2Exception) {
+ PVP2Exception ex = (PVP2Exception) e;
+ statusCode.setValue(ex.getStatusCodeValue());
+ String statusMessageValue = ex.getStatusMessageValue();
+ if(statusMessageValue != null) {
+ statusMessage.setMessage(statusMessageValue);
+ }
+ } else {
+ statusCode.setValue(StatusCode.RESPONDER_URI);
+ statusMessage.setMessage(e.getLocalizedMessage());
+ }
+
+ status.setStatusCode(statusCode);
+ if(statusMessage.getMessage() != null) {
+ status.setStatusMessage(statusMessage);
+ }
+ samlResponse.setStatus(status);
+
+ IEncoder encoder = null;
+
+ if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ encoder = new RedirectBinding();
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ // TODO: not supported YET!!
+ //binding = new ArtifactBinding();
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ encoder = new PostBinding();
+ }
+
+ if(encoder == null) {
+ // default to redirect binding
+ encoder = new RedirectBinding();
+ }
+
+ encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL());
+ return true;
+ }
+
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+
+ public IAction canHandleRequest(HttpServletRequest request,
+ HttpServletResponse response) {
+ if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
+ return getAction(REDIRECT);
+ } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
+ return getAction(POST);
+ }
+
+ if(METADATA.equals(request.getParameter("action"))) {
+ return getAction(METADATA);
+ }
+ return null;
+ }
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+ // TODO implement validation!
+ return true;
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 20:05:36 +0000