diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding')
9 files changed, 613 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java new file mode 100644 index 000000000..1d51d91f1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -0,0 +1,98 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.Signature; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; + +public class ArtifactBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO Auto-generated method stub + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + Signature signer = CredentialProvider.getIDPSignature(credentials); + response.setSignature(signer); + + VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.init(); + + HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine, + "resources/templates/pvp_postbinding_template.html", + PVPAssertionStorage.getInstance()); + + encoder.setPostEncoding(false); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + // TODO Auto-generated method stub + return null; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + // TODO Auto-generated method stub + return null; + } + + public boolean handleDecode(String action, HttpServletRequest req) { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java new file mode 100644 index 000000000..0f82d9a3f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IDecoder { + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) + throws MessageDecodingException, SecurityException, PVP2Exception; + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) + throws MessageDecodingException, SecurityException, PVP2Exception; + + public boolean handleDecode(String action, HttpServletRequest req); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java new file mode 100644 index 000000000..66526534d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -0,0 +1,30 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IEncoder { + public void encodeRequest(HttpServletRequest req, + HttpServletResponse resp, RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception; + + /** + * Encoder SAML Response + * @param req The http request + * @param resp The http response + * @param response The repsonse object + * @param targetLocation + * @throws MessageEncodingException + * @throws SecurityException + */ + public void encodeRespone(HttpServletRequest req, + HttpServletResponse resp, StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java new file mode 100644 index 000000000..946f62066 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java @@ -0,0 +1,40 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.metadata.EntityDescriptor; + +public class MOARequest { + private RequestAbstractType samlRequest; + private EntityDescriptor entityMetadata; + private boolean verified = false; + + public MOARequest(RequestAbstractType request) { + samlRequest = request; + } + + public RequestAbstractType getSamlRequest() { + return samlRequest; + } + + public void setSamlRequest(RequestAbstractType request) { + this.samlRequest = request; + } + + public boolean isVerified() { + return verified; + } + + public void setVerified(boolean verified) { + this.verified = verified; + } + + public EntityDescriptor getEntityMetadata() { + return entityMetadata; + } + + public void setEntityMetadata(EntityDescriptor entityMetadata) { + this.entityMetadata = entityMetadata; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java new file mode 100644 index 000000000..47f935b0c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java @@ -0,0 +1,38 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.EntityDescriptor; + +public class MOAResponse { + private Response samlResponse; + private EntityDescriptor entityMetadata; + private boolean verified = false; + + public MOAResponse(Response response) { + samlResponse = response; + } + + public Response getSamlResponse() { + return samlResponse; + } + + public void setSamlResponse(Response samlResponse) { + this.samlResponse = samlResponse; + } + + public boolean isVerified() { + return verified; + } + + public void setVerified(boolean verified) { + this.verified = verified; + } + + public EntityDescriptor getEntityMetadata() { + return entityMetadata; + } + + public void setEntityMetadata(EntityDescriptor entityMetadata) { + this.entityMetadata = entityMetadata; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java new file mode 100644 index 000000000..513939e5d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.common.binding.decoding.URIComparator; + +public class MOAURICompare implements URIComparator { + + public boolean compare(String uri1, String uri2) { + // TODO: implement proper equalizer for rewritten URLS + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java new file mode 100644 index 000000000..85861297c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -0,0 +1,139 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; + +public class PostBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO Auto-generated method stub + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + // VelocityEngine engine = + // VelocityProvider.getClassPathVelocityEngine(); + VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + engine.init(); + + HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "resources/templates/pvp_postbinding_template.html"); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + // context.setOutboundMessage(authReq); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } catch (Exception e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + decode.setURIComparator(new MOAURICompare()); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + + decode.decode(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + + MOARequest request = new MOARequest(inboundMessage); + request.setVerified(false); + request.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return request; + + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + decode.decode(messageContext); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + + MOAResponse moaResponse = new MOAResponse(inboundMessage); + moaResponse.setVerified(false); + moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return moaResponse; + + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (req.getMethod().equals("POST")); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java new file mode 100644 index 000000000..86801dde5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -0,0 +1,148 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; +import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; +import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.security.SecurityPolicyResolver; +import org.opensaml.ws.security.provider.BasicSecurityPolicy; +import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.logging.Logger; + +public class RedirectBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO: implement + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + // context.setOutboundMessage(authReq); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + decode.setURIComparator(new MOAURICompare()); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + messageContext.setSecurityPolicyResolver(resolver); + + decode.decode(messageContext); + + signatureRule.evaluate(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + MOARequest request = new MOARequest(inboundMessage); + request.setVerified(true); + request.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return request; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + // signatureRule.evaluate(messageContext); + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + messageContext.setSecurityPolicyResolver(resolver); + MOAMetadataProvider provider = null; + + provider = MOAMetadataProvider.getInstance(); + + messageContext.setMetadataProvider(provider); + + decode.decode(messageContext); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + + MOAResponse moaResponse = new MOAResponse(inboundMessage); + moaResponse.setVerified(true); + moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return moaResponse; + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod() + .equals("GET")); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java new file mode 100644 index 000000000..04ec3eaee --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -0,0 +1,87 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; + +public class SoapBinding implements IDecoder, IEncoder { + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException, PVP2Exception { + HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = + new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + req)); + soapDecoder.decode(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + + MOARequest request = new MOARequest(inboundMessage); + + return request; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException, PVP2Exception { + throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response"); + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (action.equals(PVP2XProtocol.SOAP)); + } + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception { + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + +} |