aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java60
1 files changed, 34 insertions, 26 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 65400444d..ebb4b2991 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -28,53 +28,51 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.security.SecurityPolicyResolver;
+import org.opensaml.ws.security.provider.BasicSecurityPolicy;
+import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
-import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class PostBinding implements IDecoder, IEncoder {
-
+
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState)
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
throws MessageEncodingException, SecurityException {
try {
- X509Credential credentials = CredentialProvider
- .getIDPAssertionSigningCredential();
+// X509Credential credentials = credentialProvider
+// .getIDPAssertionSigningCredential();
//load default PVP security configurations
MOADefaultBootstrap.initializeDefaultPVPConfiguration();
@@ -97,9 +95,9 @@ public class PostBinding implements IDecoder, IEncoder {
encoder.encode(context);
- } catch (CredentialsNotAvailableException e) {
- e.printStackTrace();
- throw new SecurityException(e);
+// } catch (CredentialsNotAvailableException e) {
+// e.printStackTrace();
+// throw new SecurityException(e);
} catch (Exception e) {
e.printStackTrace();
throw new SecurityException(e);
@@ -107,12 +105,12 @@ public class PostBinding implements IDecoder, IEncoder {
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState)
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials)
throws MessageEncodingException, SecurityException {
try {
- X509Credential credentials = CredentialProvider
- .getIDPAssertionSigningCredential();
+// X509Credential credentials = credentialProvider
+// .getIDPAssertionSigningCredential();
//load default PVP security configurations
MOADefaultBootstrap.initializeDefaultPVPConfiguration();
@@ -138,9 +136,9 @@ public class PostBinding implements IDecoder, IEncoder {
context.setRelayState(relayState);
encoder.encode(context);
- } catch (CredentialsNotAvailableException e) {
- e.printStackTrace();
- throw new SecurityException(e);
+// } catch (CredentialsNotAvailableException e) {
+// e.printStackTrace();
+// throw new SecurityException(e);
} catch (Exception e) {
e.printStackTrace();
throw new SecurityException(e);
@@ -159,11 +157,11 @@ public class PostBinding implements IDecoder, IEncoder {
//set metadata descriptor type
if (isSPEndPoint) {
messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService()));
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req))));
} else {
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req))));
}
} catch (ConfigurationException e) {
@@ -171,7 +169,16 @@ public class PostBinding implements IDecoder, IEncoder {
}
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
+
+ //set security policy context
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(
+ new MOAPVPSignedRequestPolicyRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+ messageContext.getPeerEntityRole()));
+ SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
+ messageContext.setSecurityPolicyResolver(secResolver);
+
decode.decode(messageContext);
InboundMessage msg = null;
@@ -197,8 +204,9 @@ public class PostBinding implements IDecoder, IEncoder {
if (MiscUtil.isEmpty(msg.getEntityID()))
Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
}
-
- msg.setVerified(false);
+
+
+ msg.setVerified(true);
msg.setRelayState(messageContext.getRelayState());
return msg;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 19:23:00 +0000