aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java30
1 files changed, 18 insertions, 12 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 92a6b6002..4e7b08b21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
@@ -25,20 +26,20 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.Signature;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.logging.Logger;
public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
RequestAbstractType request, String targetLocation)
throws MessageEncodingException, SecurityException {
-
+ //TODO: implement
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -48,17 +49,13 @@ public class RedirectBinding implements IDecoder, IEncoder {
Credential credentials = CredentialProvider
.getIDPSigningCredential();
- Signature signer = CredentialProvider.getIDPSignature(credentials);
- response.setSignature(signer);
-
-
HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
SingleSignOnService service = new SingleSignOnServiceBuilder()
.buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT");
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
service.setLocation(targetLocation);
context.setOutboundSAMLMessageSigningCredential(credentials);
context.setPeerEntityEndpoint(service);
@@ -79,6 +76,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
+ decode.setURIComparator(new MOAURICompare());
BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
@@ -86,8 +84,8 @@ public class RedirectBinding implements IDecoder, IEncoder {
try {
messageContext.setMetadataProvider(new MOAMetadataProvider());
} catch (MetadataProviderException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
+ Logger.error("Failed to get Metadata Provider");
+ throw new SecurityException("Failed to get Metadata Provider");
}
SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
@@ -99,6 +97,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
policy);
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
messageContext.setSecurityPolicyResolver(resolver);
+
decode.decode(messageContext);
signatureRule.evaluate(messageContext);
@@ -121,7 +120,6 @@ public class RedirectBinding implements IDecoder, IEncoder {
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
- // TODO: used to verify signature!
SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
TrustEngineFactory.getSignatureKnownKeysTrustEngine());
@@ -132,6 +130,14 @@ public class RedirectBinding implements IDecoder, IEncoder {
policy);
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
messageContext.setSecurityPolicyResolver(resolver);
+ MOAMetadataProvider provider = null;
+ try {
+ provider = new MOAMetadataProvider();
+ } catch (MetadataProviderException e) {
+ Logger.error("Failed to get Metadata Provider");
+ throw new SecurityException("Failed to get Metadata Provider");
+ }
+ messageContext.setMetadataProvider(provider);
decode.decode(messageContext);
@@ -143,7 +149,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
return moaResponse;
}
- public boolean handleDecode(String action) {
- return (action.equals(PVP2XProtocol.REDIRECT));
+ public boolean handleDecode(String action, HttpServletRequest req) {
+ return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod().equals("GET"));
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 18:48:17 +0000