aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java144
1 files changed, 86 insertions, 58 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index dc6a1f637..f5dba014b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -35,6 +35,7 @@ import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -50,7 +51,13 @@ import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.X509Credential;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -61,9 +68,34 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation)
+ RequestAbstractType request, String targetLocation, String relayState)
throws MessageEncodingException, SecurityException {
- // TODO: implement
+
+ try {
+ X509Credential credentials = CredentialProvider
+ .getIDPAssertionSigningCredential();
+
+ Logger.debug("create SAML RedirectBinding response");
+
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ resp, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(targetLocation);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(request);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+
+ encoder.encode(context);
+ } catch (CredentialsNotAvailableException e) {
+ e.printStackTrace();
+ throw new SecurityException(e);
+ }
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -85,10 +117,10 @@ public class RedirectBinding implements IDecoder, IEncoder {
service.setLocation(targetLocation);
context.setOutboundSAMLMessageSigningCredential(credentials);
context.setPeerEntityEndpoint(service);
- // context.setOutboundMessage(authReq);
context.setOutboundSAMLMessage(response);
context.setOutboundMessageTransport(responseAdapter);
-
+ context.setRelayState(relayState);
+
encoder.encode(context);
} catch (CredentialsNotAvailableException e) {
e.printStackTrace();
@@ -96,84 +128,80 @@ public class RedirectBinding implements IDecoder, IEncoder {
}
}
- public MOARequest decodeRequest(HttpServletRequest req,
+ public InboundMessageInterface decode(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
- decode.setURIComparator(new MOAURICompare());
- BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
- messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
- SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
+ try {
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signatureRule);
- policy.getPolicyRules().add(signedRole);
-
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- messageContext.setSecurityPolicyResolver(resolver);
+ } catch (ConfigurationException e) {
+ throw new SecurityException(e);
+
+ }
- decode.decode(messageContext);
-
- signatureRule.evaluate(messageContext);
-
- RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
- .getInboundMessage();
- MOARequest request = new MOARequest(inboundMessage);
- request.setVerified(true);
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
- return request;
- }
-
- public MOAResponse decodeRespone(HttpServletRequest req,
- HttpServletResponse resp) throws MessageDecodingException,
- SecurityException {
-
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
+ decode.decode(messageContext);
+
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
- // signatureRule.evaluate(messageContext);
+ SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
BasicSecurityPolicy policy = new BasicSecurityPolicy();
policy.getPolicyRules().add(signatureRule);
+ policy.getPolicyRules().add(signedRole);
SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ policy);
messageContext.setSecurityPolicyResolver(resolver);
- MOAMetadataProvider provider = null;
-
- provider = MOAMetadataProvider.getInstance();
+
+ InboundMessage msg = null;
+
+ if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+ .getInboundMessage();
+ msg = new MOARequest(inboundMessage, getSAML2BindingName());
+
+
+ } else if (messageContext.getInboundMessage() instanceof Response){
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ Response inboundMessage = (Response) messageContext.getInboundMessage();
+ msg = new MOAResponse(inboundMessage);
+
+ } else
+ //create empty container if request type is unknown
+ msg = new InboundMessage();
- messageContext.setMetadataProvider(provider);
+ signatureRule.evaluate(messageContext);
+ msg.setVerified(true);
decode.decode(messageContext);
-
- Response inboundMessage = (Response) messageContext.getInboundMessage();
-
- MOAResponse moaResponse = new MOAResponse(inboundMessage);
- moaResponse.setVerified(true);
- moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
- return moaResponse;
+ if (messageContext.getPeerEntityMetadata() != null)
+ msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else
+ Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+
+ msg.setRelayState(messageContext.getRelayState());
+
+ return msg;
}
public boolean handleDecode(String action, HttpServletRequest req) {
return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod()
.equals("GET"));
}
+
+ public String getSAML2BindingName() {
+ return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 12:48:44 +0000