diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 92a6b6002..4e7b08b21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletResponse; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; @@ -25,20 +26,20 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.signature.Signature; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.logging.Logger; public class RedirectBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, RequestAbstractType request, String targetLocation) throws MessageEncodingException, SecurityException { - + //TODO: implement } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, @@ -48,17 +49,13 @@ public class RedirectBinding implements IDecoder, IEncoder { Credential credentials = CredentialProvider .getIDPSigningCredential(); - Signature signer = CredentialProvider.getIDPSignature(credentials); - response.setSignature(signer); - - HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); SingleSignOnService service = new SingleSignOnServiceBuilder() .buildObject(); - service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT"); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); service.setLocation(targetLocation); context.setOutboundSAMLMessageSigningCredential(credentials); context.setPeerEntityEndpoint(service); @@ -79,6 +76,7 @@ public class RedirectBinding implements IDecoder, IEncoder { HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( new BasicParserPool()); + decode.setURIComparator(new MOAURICompare()); BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); @@ -86,8 +84,8 @@ public class RedirectBinding implements IDecoder, IEncoder { try { messageContext.setMetadataProvider(new MOAMetadataProvider()); } catch (MetadataProviderException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.error("Failed to get Metadata Provider"); + throw new SecurityException("Failed to get Metadata Provider"); } SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( @@ -99,6 +97,7 @@ public class RedirectBinding implements IDecoder, IEncoder { policy); messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); messageContext.setSecurityPolicyResolver(resolver); + decode.decode(messageContext); signatureRule.evaluate(messageContext); @@ -121,7 +120,6 @@ public class RedirectBinding implements IDecoder, IEncoder { messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - // TODO: used to verify signature! SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( TrustEngineFactory.getSignatureKnownKeysTrustEngine()); @@ -132,6 +130,14 @@ public class RedirectBinding implements IDecoder, IEncoder { policy); messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); messageContext.setSecurityPolicyResolver(resolver); + MOAMetadataProvider provider = null; + try { + provider = new MOAMetadataProvider(); + } catch (MetadataProviderException e) { + Logger.error("Failed to get Metadata Provider"); + throw new SecurityException("Failed to get Metadata Provider"); + } + messageContext.setMetadataProvider(provider); decode.decode(messageContext); @@ -143,7 +149,7 @@ public class RedirectBinding implements IDecoder, IEncoder { return moaResponse; } - public boolean handleDecode(String action) { - return (action.equals(PVP2XProtocol.REDIRECT)); + public boolean handleDecode(String action, HttpServletRequest req) { + return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod().equals("GET")); } } |