aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java74
1 files changed, 58 insertions, 16 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index cf20db7d9..0c7502003 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -57,12 +57,15 @@ import org.opensaml.xml.signature.SignableXMLObject;
import java.util.Arrays;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
@@ -82,6 +85,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
@@ -99,7 +103,7 @@ import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
+public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
public static final String NAME = PVP2XProtocol.class.getName();
public static final String PATH = "id_pvp2x";
@@ -194,10 +198,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
}
public IRequest preProcess(HttpServletRequest request,
- HttpServletResponse response, String action) throws MOAIDException {
+ HttpServletResponse response, String action,
+ String sessionId, String transactionId) throws MOAIDException {
- if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isPVP21Active()) {
+ if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
Logger.info("PVP2.1 is deaktivated!");
throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
@@ -231,19 +236,19 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
- return preProcessAuthRequest(request, response, (MOARequest) msg);
+ return preProcessAuthRequest(request, response, (MOARequest) msg, sessionId, transactionId);
else if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
- return preProcessAttributQueryRequest(request, response, (MOARequest) msg);
+ return preProcessAttributQueryRequest(request, response, (MOARequest) msg, sessionId, transactionId);
else if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
- return preProcessLogOut(request, response, msg);
+ return preProcessLogOut(request, response, msg, sessionId, transactionId);
else if (msg instanceof MOAResponse &&
((MOAResponse)msg).getResponse() instanceof LogoutResponse)
- return preProcessLogOut(request, response, msg);
+ return preProcessLogOut(request, response, msg, sessionId, transactionId);
else if (msg instanceof MOAResponse &&
((MOAResponse)msg).getResponse() instanceof Response) {
@@ -253,10 +258,19 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
if (obj instanceof RequestImpl) {
RequestImpl iReqSP = (RequestImpl) obj;
+ MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
+
MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
if ( processedMsg != null ) {
- iReqSP.setInterfederationResponse(processedMsg);
+ iReqSP.setInterfederationResponse(processedMsg);
+
+ MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
+
+ Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()
+ + ". Switch to original transaction with ID " + iReqSP.getRequestID());
+ TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
+ TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
} else {
Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."
@@ -443,7 +457,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
* @throws MOAIDException
*/
private IRequest preProcessLogOut(HttpServletRequest request,
- HttpServletResponse response, InboundMessage inMsg) throws MOAIDException {
+ HttpServletResponse response, InboundMessage inMsg,
+ String sessionId, String transactionId) throws MOAIDException {
PVPTargetConfiguration config = new PVPTargetConfiguration();
@@ -461,11 +476,16 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
String oaURL = metadata.getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
- config.setOAURL(oaURL);
- config.setBinding(msg.getRequestBinding());
+ config.setOAURL(oaURL);
+ config.setOnlineApplicationConfiguration(oa);
+ config.setBinding(msg.getRequestBinding());
+
+ MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
+
} else if (inMsg instanceof MOAResponse &&
@@ -505,7 +525,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
* @throws Throwable
*/
private IRequest preProcessAttributQueryRequest(HttpServletRequest request,
- HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+ HttpServletResponse response, MOARequest moaRequest,
+ String sessionId, String transactionId) throws Throwable {
AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
moaRequest.setEntityID(attrQuery.getIssuer().getValue());
@@ -524,7 +545,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.12");
- OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID());
+ OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID());
if (!oa.isInderfederationIDP()) {
Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
@@ -540,8 +561,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
PVPTargetConfiguration config = new PVPTargetConfiguration();
config.setRequest(moaRequest);
config.setOAURL(moaRequest.getEntityID());
+ config.setOnlineApplicationConfiguration(oa);
config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
+
return config;
}
@@ -554,7 +578,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
* @throws Throwable
*/
private IRequest preProcessAuthRequest(HttpServletRequest request,
- HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+ HttpServletResponse response, MOARequest moaRequest,
+ String sessionId, String transactionId) throws Throwable {
SignableXMLObject samlReq = moaRequest.getSamlRequest();
@@ -570,6 +595,18 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
AuthnRequest authnRequest = (AuthnRequest)samlReq;
+ if (authnRequest.getIssueInstant() == null) {
+ Logger.warn("Unsupported request: No IssueInstant Attribute found.");
+ throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {});
+
+ }
+
+ if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
+ Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
+ throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {});
+
+ }
+
//parse AssertionConsumerService
AssertionConsumerService consumerService = null;
if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&
@@ -628,11 +665,13 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
String oaURL = moaRequest.getEntityMetadata().getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
PVPTargetConfiguration config = new PVPTargetConfiguration();
config.setOAURL(oaURL);
+ config.setOnlineApplicationConfiguration(oa);
config.setBinding(consumerService.getBinding());
config.setRequest(moaRequest);
config.setConsumerURL(consumerService.getLocation());
@@ -640,7 +679,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
//parse AuthRequest
config.setPassiv(authReq.isPassive());
config.setForce(authReq.isForceAuthn());
-
+
+
+ MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
+
return config;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-08 12:43:15 +0000