aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java176
1 files changed, 148 insertions, 28 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index d2951baf0..2cae67e97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -1,73 +1,193 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.security.SecurityPolicyResolver;
+import org.opensaml.ws.security.provider.BasicSecurityPolicy;
+import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.BasicCredential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request) throws MessageDecodingException,
- SecurityException {
-
+ RequestAbstractType request, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- Response response) throws MessageDecodingException,
- SecurityException {
- // TODO Auto-generated method stub
-
+ StatusResponseType response, String targetLocation)
+ throws MessageEncodingException, SecurityException {
+ KeyStore keyStore;
+
+ try {
+ keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+ FileInputStream inputStream = new FileInputStream(
+ "/home/afitzek/server/moaid_conf/moaid/pvp.ks");
+ keyStore.load(inputStream, "123456".toCharArray());
+ inputStream.close();
+
+ BasicCredential credentials = new BasicCredential();
+ PrivateKey key = (PrivateKey) keyStore.getKey("pvpIDP",
+ "123456".toCharArray());
+ Certificate cert = keyStore.getCertificate("pvpIDP");
+ credentials.setPublicKey(cert.getPublicKey());
+ credentials.setPrivateKey(key);
+ credentials.setUsageType(UsageType.SIGNING);
+
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+
+ response.setSignature(signer);
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT");
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ // context.setOutboundMessage(authReq);
+ context.setOutboundSAMLMessage(response);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (FileNotFoundException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (UnrecoverableKeyException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
}
- public RequestAbstractType decodeRequest(HttpServletRequest req,
+ public MOARequest decodeRequest(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
-
+
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext =
- new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- req));
-
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ try {
+ messageContext.setMetadataProvider(new MOAMetadataProvider());
+ } catch (MetadataProviderException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ messageContext.setSecurityPolicyResolver(resolver);
decode.decode(messageContext);
- RequestAbstractType inboundMessage = (RequestAbstractType)messageContext.getInboundMessage();
-
- return inboundMessage;
+ signatureRule.evaluate(messageContext);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ MOARequest request = new MOARequest(inboundMessage);
+ request.setVerified(true);
+ request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return request;
}
- public Response decodeRespone(HttpServletRequest req,
+ public MOAResponse decodeRespone(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
-
+
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext =
- new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- req));
-
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
+ // TODO: used to verify signature!
+ SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
+ // signatureRule.evaluate(messageContext);
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ messageContext.setSecurityPolicyResolver(resolver);
+
decode.decode(messageContext);
- Response inboundMessage = (Response)messageContext.getInboundMessage();
-
- return inboundMessage;
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+
+ MOAResponse moaResponse = new MOAResponse(inboundMessage);
+ moaResponse.setVerified(true);
+ moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ return moaResponse;
}
-
+
public boolean handleDecode(String action) {
return (action.equals(PVP2XProtocol.REDIRECT));
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 12:37:32 +0000