diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java | 82 |
1 files changed, 44 insertions, 38 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index a1d7f5d3a..53606b341 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -75,37 +75,39 @@ import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -120,14 +122,15 @@ public class SingleLogOutBuilder { @Autowired(required=true) ApplicationContext springContext; @Autowired private IDPCredentialProvider credentialProvider; @Autowired private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired private IGUIFormBuilder guiBuilder; + @Autowired private IGUIFormBuilder guiBuilder; @Autowired(required=true) protected IRevisionLogger revisionsLogger; @Autowired private ITransactionStorage transactionStorage; + @Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration; public static final int SLOTIMEOUT = 30 * 1000; //30 sec public void toTechnicalLogout(ISLOInformationContainer sloContainer, - HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException { + HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws EAAFException { Logger.trace("Starting Service-Provider logout process ... "); revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED); @@ -174,7 +177,7 @@ public class SingleLogOutBuilder { } IRequest pendingReq = null; - PVPTargetConfiguration pvpReq = null; + PVPSProfilePendingRequest pvpReq = null; //start service provider front channel logout process try { if (sloContainer.hasFrontChannelOA()) { @@ -221,9 +224,9 @@ public class SingleLogOutBuilder { } else { pendingReq = sloContainer.getSloRequest(); - if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) { + if (pendingReq != null && pendingReq instanceof PVPSProfilePendingRequest) { //send SLO response to SLO request issuer - pvpReq = (PVPTargetConfiguration)pendingReq; + pvpReq = (PVPSProfilePendingRequest)pendingReq; SingleLogoutService sloService = getResponseSLODescriptor(pvpReq); LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq); @@ -321,10 +324,11 @@ public class SingleLogOutBuilder { * @param httpResp * @param relayState * @return + * @throws CredentialsNotAvailableException */ public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType, RequestAbstractType sloReq, HttpServletRequest httpReq, - HttpServletResponse httpResp, String relayState) throws MOAIDException { + HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException { try { X509Credential credentials = credentialProvider @@ -332,7 +336,7 @@ public class SingleLogOutBuilder { Logger.debug("create SAML RedirectBinding response"); - MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder(); + StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder(); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); SingleLogoutService service = new SingleLogoutServiceBuilder() .buildObject(); @@ -356,7 +360,7 @@ public class SingleLogOutBuilder { public String getFrontChannelSLOMessageURL(SingleLogoutService service, StatusResponseType sloResp, HttpServletRequest httpReq, - HttpServletResponse httpResp, String relayState) throws MOAIDException { + HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException { try { X509Credential credentials = credentialProvider @@ -364,7 +368,7 @@ public class SingleLogOutBuilder { Logger.debug("create SAML RedirectBinding response"); - MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder(); + StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder(); BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); context.setOutboundSAMLMessageSigningCredential(credentials); context.setPeerEntityEndpoint(service); @@ -384,7 +388,7 @@ public class SingleLogOutBuilder { public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, - String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException { + String relayState, PVPSProfilePendingRequest pvpReq) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException { IEncoder binding = null; if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { @@ -417,7 +421,7 @@ public class SingleLogOutBuilder { } - public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException { + public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws EAAFException { LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); SecureRandomIdentifierGenerator gen; @@ -433,7 +437,7 @@ public class SingleLogOutBuilder { DateTime now = new DateTime(); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL())); + issuer.setValue(pvpBasicConfiguration.getIDPEntityId(sloDescr.getAuthURL())); issuer.setFormat(NameID.ENTITY); sloReq.setIssuer(issuer); sloReq.setIssueInstant(now); @@ -477,7 +481,7 @@ public class SingleLogOutBuilder { return sloReq; } - public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException { + public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, String firstLevelStatusCode) throws EAAFException { LogoutResponse sloResp = buildBasicResponse(sloService, spRequest); Status status = SAML2Utils.createSAMLObject(Status.class); @@ -494,7 +498,7 @@ public class SingleLogOutBuilder { return sloResp; } - public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws MOAIDException { + public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, List<String> failedOAs) throws EAAFException { LogoutResponse sloResp = buildBasicResponse(sloService, spRequest); Status status; @@ -519,11 +523,10 @@ public class SingleLogOutBuilder { } - private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException { + private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest) throws EAAFException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService( - spRequest.getAuthURLWithOutSlash())); + issuer.setValue(pvpBasicConfiguration.getIDPEntityId(spRequest.getAuthURLWithOutSlash())); issuer.setFormat(NameID.ENTITY); sloResp.setIssuer(issuer); sloResp.setIssueInstant(new DateTime()); @@ -540,9 +543,9 @@ public class SingleLogOutBuilder { } - if (spRequest.getRequest() instanceof MOARequest && - ((MOARequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) { - LogoutRequest sloReq = (LogoutRequest) ((MOARequest)spRequest.getRequest()).getSamlRequest(); + if (spRequest.getRequest() instanceof PVPSProfileRequest && + ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) { + LogoutRequest sloReq = (LogoutRequest) ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest(); sloResp.setInResponseTo(sloReq.getID()); } @@ -592,8 +595,8 @@ public class SingleLogOutBuilder { } - public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException { - MOARequest moaReq = (MOARequest) spRequest.getRequest(); + public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException { + PVPSProfileRequest moaReq = (PVPSProfileRequest) spRequest.getRequest(); EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider); SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -655,7 +658,8 @@ public class SingleLogOutBuilder { oa.getUserNameID(), oa.getUserNameIDFormat(), oa.getProtocolType(), - sloDesc)); + sloDesc.getBinding(), + sloDesc.getLocation())); else container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(), @@ -666,7 +670,8 @@ public class SingleLogOutBuilder { oa.getUserNameID(), oa.getUserNameIDFormat(), oa.getProtocolType(), - sloDesc)); + sloDesc.getBinding(), + sloDesc.getLocation())); } catch (NOSLOServiceDescriptorException e) { container.putFailedOA(oa.getOaurlprefix()); @@ -707,7 +712,8 @@ public class SingleLogOutBuilder { el.getUserNameID(), NameID.TRANSIENT, PVP2XProtocol.NAME, - sloDesc)); + sloDesc.getBinding(), + sloDesc.getLocation())); } catch (NOSLOServiceDescriptorException e) { container.putFailedOA(el.getIdpurlprefix()); |