diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java | 67 |
1 files changed, 63 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index fa5ff9ecf..847f1ae54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -11,6 +11,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.Status; @@ -27,9 +29,15 @@ import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.moduls.ServletInfo; import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.validation.ChainSAMLValidator; +import at.gv.egovernment.moa.id.protocols.pvp2x.validation.SAMLSignatureValidator; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.ChainSAMLVerifier; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerifierMOASP; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { @@ -46,6 +54,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + private ChainSAMLVerifier samlVerifier = new ChainSAMLVerifier(); + + private ChainSAMLValidator samlValidator = new ChainSAMLValidator(); + static { servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT, ServletType.AUTH)); @@ -94,6 +106,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return null; } + public PVP2XProtocol() { + super(); + + samlVerifier.addVerifier(new SAMLVerifierMOASP()); + + samlValidator.addValidator(new SAMLSignatureValidator()); + } + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { @@ -104,15 +124,46 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { try { PVPTargetConfiguration config = new PVPTargetConfiguration(); - RequestAbstractType samlReq = decoder.decodeRequest(request, response); - - String oaURL = (String) request.getParameter(PARAM_OA); + MOARequest moaRequest = decoder.decodeRequest(request, response); + + RequestAbstractType samlReq = moaRequest.getSamlRequest(); + + //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq)); + + //Logger.info("SAML : " + xml); + + // TODO: verify samlReq + //samlValidator.validateRequest(samlReq); + + // TODO: validate samlReq for + //samlVerifier.verifyRequest(samlReq); + + // TODO: OAURL is AssertionConsumerService URL from entitydescriptor ... + + if(!(samlReq instanceof AuthnRequest)) { + throw new MOAIDException("Unsupported request", new Object[] {}); + } + + AuthnRequest authnRequest = (AuthnRequest)samlReq; + + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int idx = 0; + + if(aIdx != null) { + idx = aIdx.intValue(); + } + + String oaURL = moaRequest.getEntityMetadata(). + getSPSSODescriptor(SAMLConstants.SAML20P_NS). + getAssertionConsumerServices().get(idx).getLocation(); + + //String oaURL = (String) request.getParameter(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); config.setOAURL(oaURL); - config.setRequest(samlReq); + config.setRequest(moaRequest); request.getSession().setAttribute(PARAM_OA, oaURL); return config; @@ -146,4 +197,12 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return actions.get(action); } + public IAction canHandleRequest(HttpServletRequest request, + HttpServletResponse response) { + if(request.getParameter("SAMLRequest") != null) { + return getAction(REDIRECT); + } + return null; + } + } |