aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java82
1 files changed, 44 insertions, 38 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index a1d7f5d3a..53606b341 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -75,37 +75,39 @@ import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -120,14 +122,15 @@ public class SingleLogOutBuilder {
@Autowired(required=true) ApplicationContext springContext;
@Autowired private IDPCredentialProvider credentialProvider;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
- @Autowired private IGUIFormBuilder guiBuilder;
+ @Autowired private IGUIFormBuilder guiBuilder;
@Autowired(required=true) protected IRevisionLogger revisionsLogger;
@Autowired private ITransactionStorage transactionStorage;
+ @Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
public static final int SLOTIMEOUT = 30 * 1000; //30 sec
public void toTechnicalLogout(ISLOInformationContainer sloContainer,
- HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {
+ HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws EAAFException {
Logger.trace("Starting Service-Provider logout process ... ");
revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);
@@ -174,7 +177,7 @@ public class SingleLogOutBuilder {
}
IRequest pendingReq = null;
- PVPTargetConfiguration pvpReq = null;
+ PVPSProfilePendingRequest pvpReq = null;
//start service provider front channel logout process
try {
if (sloContainer.hasFrontChannelOA()) {
@@ -221,9 +224,9 @@ public class SingleLogOutBuilder {
} else {
pendingReq = sloContainer.getSloRequest();
- if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+ if (pendingReq != null && pendingReq instanceof PVPSProfilePendingRequest) {
//send SLO response to SLO request issuer
- pvpReq = (PVPTargetConfiguration)pendingReq;
+ pvpReq = (PVPSProfilePendingRequest)pendingReq;
SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
@@ -321,10 +324,11 @@ public class SingleLogOutBuilder {
* @param httpResp
* @param relayState
* @return
+ * @throws CredentialsNotAvailableException
*/
public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType,
RequestAbstractType sloReq, HttpServletRequest httpReq,
- HttpServletResponse httpResp, String relayState) throws MOAIDException {
+ HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
try {
X509Credential credentials = credentialProvider
@@ -332,7 +336,7 @@ public class SingleLogOutBuilder {
Logger.debug("create SAML RedirectBinding response");
- MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();
+ StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
SingleLogoutService service = new SingleLogoutServiceBuilder()
.buildObject();
@@ -356,7 +360,7 @@ public class SingleLogOutBuilder {
public String getFrontChannelSLOMessageURL(SingleLogoutService service,
StatusResponseType sloResp, HttpServletRequest httpReq,
- HttpServletResponse httpResp, String relayState) throws MOAIDException {
+ HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
try {
X509Credential credentials = credentialProvider
@@ -364,7 +368,7 @@ public class SingleLogOutBuilder {
Logger.debug("create SAML RedirectBinding response");
- MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();
+ StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
context.setOutboundSAMLMessageSigningCredential(credentials);
context.setPeerEntityEndpoint(service);
@@ -384,7 +388,7 @@ public class SingleLogOutBuilder {
public void sendFrontChannelSLOMessage(SingleLogoutService consumerService,
LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp,
- String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ String relayState, PVPSProfilePendingRequest pvpReq) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException {
IEncoder binding = null;
if (consumerService.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
@@ -417,7 +421,7 @@ public class SingleLogOutBuilder {
}
- public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
+ public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws EAAFException {
LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
SecureRandomIdentifierGenerator gen;
@@ -433,7 +437,7 @@ public class SingleLogOutBuilder {
DateTime now = new DateTime();
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
+ issuer.setValue(pvpBasicConfiguration.getIDPEntityId(sloDescr.getAuthURL()));
issuer.setFormat(NameID.ENTITY);
sloReq.setIssuer(issuer);
sloReq.setIssueInstant(now);
@@ -477,7 +481,7 @@ public class SingleLogOutBuilder {
return sloReq;
}
- public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
+ public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, String firstLevelStatusCode) throws EAAFException {
LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
Status status = SAML2Utils.createSAMLObject(Status.class);
@@ -494,7 +498,7 @@ public class SingleLogOutBuilder {
return sloResp;
}
- public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws MOAIDException {
+ public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, List<String> failedOAs) throws EAAFException {
LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
Status status;
@@ -519,11 +523,10 @@ public class SingleLogOutBuilder {
}
- private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+ private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest) throws EAAFException {
LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
- spRequest.getAuthURLWithOutSlash()));
+ issuer.setValue(pvpBasicConfiguration.getIDPEntityId(spRequest.getAuthURLWithOutSlash()));
issuer.setFormat(NameID.ENTITY);
sloResp.setIssuer(issuer);
sloResp.setIssueInstant(new DateTime());
@@ -540,9 +543,9 @@ public class SingleLogOutBuilder {
}
- if (spRequest.getRequest() instanceof MOARequest &&
- ((MOARequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
- LogoutRequest sloReq = (LogoutRequest) ((MOARequest)spRequest.getRequest()).getSamlRequest();
+ if (spRequest.getRequest() instanceof PVPSProfileRequest &&
+ ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+ LogoutRequest sloReq = (LogoutRequest) ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest();
sloResp.setInResponseTo(sloReq.getID());
}
@@ -592,8 +595,8 @@ public class SingleLogOutBuilder {
}
- public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
- MOARequest moaReq = (MOARequest) spRequest.getRequest();
+ public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+ PVPSProfileRequest moaReq = (PVPSProfileRequest) spRequest.getRequest();
EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
@@ -655,7 +658,8 @@ public class SingleLogOutBuilder {
oa.getUserNameID(),
oa.getUserNameIDFormat(),
oa.getProtocolType(),
- sloDesc));
+ sloDesc.getBinding(),
+ sloDesc.getLocation()));
else
container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(),
@@ -666,7 +670,8 @@ public class SingleLogOutBuilder {
oa.getUserNameID(),
oa.getUserNameIDFormat(),
oa.getProtocolType(),
- sloDesc));
+ sloDesc.getBinding(),
+ sloDesc.getLocation()));
} catch (NOSLOServiceDescriptorException e) {
container.putFailedOA(oa.getOaurlprefix());
@@ -707,7 +712,8 @@ public class SingleLogOutBuilder {
el.getUserNameID(),
NameID.TRANSIENT,
PVP2XProtocol.NAME,
- sloDesc));
+ sloDesc.getBinding(),
+ sloDesc.getLocation()));
} catch (NOSLOServiceDescriptorException e) {
container.putFailedOA(el.getIdpurlprefix());