aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java74
1 files changed, 36 insertions, 38 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 8a6b09376..9977e607b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.binding.decoding.URIComparator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
@@ -37,6 +38,7 @@ import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.security.SecurityPolicyResolver;
@@ -46,35 +48,33 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.security.credential.Credential;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class PostBinding implements IDecoder, IEncoder {
-
+
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState)
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
throws MessageEncodingException, SecurityException {
try {
- X509Credential credentials = CredentialProvider
- .getIDPAssertionSigningCredential();
+// X509Credential credentials = credentialProvider
+// .getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
"resources/templates/pvp_postbinding_template.html");
@@ -93,9 +93,9 @@ public class PostBinding implements IDecoder, IEncoder {
encoder.encode(context);
- } catch (CredentialsNotAvailableException e) {
- e.printStackTrace();
- throw new SecurityException(e);
+// } catch (CredentialsNotAvailableException e) {
+// e.printStackTrace();
+// throw new SecurityException(e);
} catch (Exception e) {
e.printStackTrace();
throw new SecurityException(e);
@@ -103,13 +103,16 @@ public class PostBinding implements IDecoder, IEncoder {
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState)
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials)
throws MessageEncodingException, SecurityException {
try {
- X509Credential credentials = CredentialProvider
- .getIDPAssertionSigningCredential();
+// X509Credential credentials = credentialProvider
+// .getIDPAssertionSigningCredential();
+ //load default PVP security configurations
+ MOADefaultBootstrap.initializeDefaultPVPConfiguration();
+
Logger.debug("create SAML POSTBinding response");
VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
@@ -131,9 +134,9 @@ public class PostBinding implements IDecoder, IEncoder {
context.setRelayState(relayState);
encoder.encode(context);
- } catch (CredentialsNotAvailableException e) {
- e.printStackTrace();
- throw new SecurityException(e);
+// } catch (CredentialsNotAvailableException e) {
+// e.printStackTrace();
+// throw new SecurityException(e);
} catch (Exception e) {
e.printStackTrace();
throw new SecurityException(e);
@@ -141,35 +144,30 @@ public class PostBinding implements IDecoder, IEncoder {
}
public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException,
+ HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
SecurityException {
HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
- try {
- //set metadata descriptor type
- if (isSPEndPoint) {
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req))));
-
- } else {
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req))));
- }
-
- } catch (ConfigurationException e) {
- throw new SecurityException(e);
+ //set metadata descriptor type
+ if (isSPEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
+
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(comparator);
}
- messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+ messageContext.setMetadataProvider(metadataProvider);
//set security policy context
BasicSecurityPolicy policy = new BasicSecurityPolicy();
policy.getPolicyRules().add(
- new MOAPVPSignedRequestPolicyRule(
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+ new MOAPVPSignedRequestPolicyRule(metadataProvider,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
messageContext.getPeerEntityRole()));
SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
messageContext.setSecurityPolicyResolver(secResolver);
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 12:28:01 +0000