aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java67
1 files changed, 63 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index fa5ff9ecf..847f1ae54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -11,6 +11,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
@@ -27,9 +29,15 @@ import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.ServletInfo;
import at.gv.egovernment.moa.id.moduls.ServletType;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.validation.ChainSAMLValidator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.validation.SAMLSignatureValidator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.ChainSAMLVerifier;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerifierMOASP;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
@@ -46,6 +54,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+ private ChainSAMLVerifier samlVerifier = new ChainSAMLVerifier();
+
+ private ChainSAMLValidator samlValidator = new ChainSAMLValidator();
+
static {
servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
ServletType.AUTH));
@@ -94,6 +106,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
+ public PVP2XProtocol() {
+ super();
+
+ samlVerifier.addVerifier(new SAMLVerifierMOASP());
+
+ samlValidator.addValidator(new SAMLSignatureValidator());
+ }
+
public IRequest preProcess(HttpServletRequest request,
HttpServletResponse response, String action) throws MOAIDException {
@@ -104,15 +124,46 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
try {
PVPTargetConfiguration config = new PVPTargetConfiguration();
- RequestAbstractType samlReq = decoder.decodeRequest(request, response);
-
- String oaURL = (String) request.getParameter(PARAM_OA);
+ MOARequest moaRequest = decoder.decodeRequest(request, response);
+
+ RequestAbstractType samlReq = moaRequest.getSamlRequest();
+
+ //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
+
+ //Logger.info("SAML : " + xml);
+
+ // TODO: verify samlReq
+ //samlValidator.validateRequest(samlReq);
+
+ // TODO: validate samlReq for
+ //samlVerifier.verifyRequest(samlReq);
+
+ // TODO: OAURL is AssertionConsumerService URL from entitydescriptor ...
+
+ if(!(samlReq instanceof AuthnRequest)) {
+ throw new MOAIDException("Unsupported request", new Object[] {});
+ }
+
+ AuthnRequest authnRequest = (AuthnRequest)samlReq;
+
+ Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+ int idx = 0;
+
+ if(aIdx != null) {
+ idx = aIdx.intValue();
+ }
+
+ String oaURL = moaRequest.getEntityMetadata().
+ getSPSSODescriptor(SAMLConstants.SAML20P_NS).
+ getAssertionConsumerServices().get(idx).getLocation();
+
+ //String oaURL = (String) request.getParameter(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.12");
config.setOAURL(oaURL);
- config.setRequest(samlReq);
+ config.setRequest(moaRequest);
request.getSession().setAttribute(PARAM_OA, oaURL);
return config;
@@ -146,4 +197,12 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return actions.get(action);
}
+ public IAction canHandleRequest(HttpServletRequest request,
+ HttpServletResponse response) {
+ if(request.getParameter("SAMLRequest") != null) {
+ return getAction(REDIRECT);
+ }
+ return null;
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 08:27:36 +0000