diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java | 163 |
1 files changed, 58 insertions, 105 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 86e941db7..db41bf389 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -1,44 +1,37 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; -import java.util.Iterator; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.ArtifactResponse; import org.opensaml.saml2.core.Assertion; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeStatement; -import org.opensaml.saml2.core.AuthnContext; -import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Issuer; import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.Subject; -import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; -public class AuthnRequestHandler implements IRequestHandler { +public class AuthnRequestHandler implements IRequestHandler, PVPConstants { public boolean handleObject(MOARequest obj) { return (obj.getSamlRequest() instanceof AuthnRequest); @@ -46,117 +39,77 @@ public class AuthnRequestHandler implements IRequestHandler { public void process(MOARequest obj, HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { - if(!handleObject(obj)) { - throw new MOAIDException("INVALID HANDLER SELECETED", null); + if (!handleObject(obj)) { + throw new MOAIDException("pvp2.13", null); } - - AuthnRequest authnRequest = (AuthnRequest)obj.getSamlRequest(); - - Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); - AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - authnContextClassRef.setAuthnContextClassRef(AuthnContext.SMARTCARD_PKI_AUTHN_CTX); - - AuthnContext authnContext = SAML2Utils.createSAMLObject(AuthnContext.class); - authnContext.setAuthnContextClassRef(authnContextClassRef); - - AuthnStatement authnStatement = SAML2Utils.createSAMLObject(AuthnStatement.class); - - authnStatement.setAuthnInstant(new DateTime()); - authnStatement.setAuthnContext(authnContext); - - assertion.getAuthnStatements().add(authnStatement); - - SPSSODescriptor spSSODescriptor = obj.getEntityMetadata(). - getSPSSODescriptor(SAMLConstants.SAML20P_NS); - - AttributeConsumingService attributeConsumingService = - spSSODescriptor.getAttributeConsumingServices().iterator().next(); - + AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest(); + EntityDescriptor peerEntity = obj.getEntityMetadata(); + AuthenticationManager authmanager = AuthenticationManager.getInstance(); AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession()); - AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class); - - Iterator<RequestedAttribute> it = attributeConsumingService.getRequestAttributes().iterator(); - while(it.hasNext()) { - RequestedAttribute reqAttribut = it.next(); - Attribute attr = PVPAttributeBuilder.buildAttribute(reqAttribut.getName(), authSession); - if(attr == null) { - if(reqAttribut.isRequired()) { - throw new MOAIDException("Cannot provide requested attribute " + reqAttribut.getName(), null); - } - } else { - attributeStatement.getAttributes().add(attr); - } - } - - if(attributeStatement.getAttributes().size() > 0) { - assertion.getAttributeStatements().add(attributeStatement); - } + // authSession.getM - Subject subject = SAML2Utils.createSAMLObject(Subject.class); - NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - subjectNameID.setFormat(NameID.PERSISTENT); + Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity); + + Response authResponse = SAML2Utils.createSAMLObject(Response.class); - - //TL: AuthData generation is moved to Assertion generation. - - //TODO: LOAD oaParam from request and not from MOASession in case of SSO - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); - - AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, - oaParam, - authSession.getTarget()); - - //TL: getIdentificationValue holds the baseID --> change to pBK - //subjectNameID.setValue(authData.getIdentificationValue()); - if (authSession.getBusinessService()) - subjectNameID.setValue(authData.getWBPK()); - else - subjectNameID.setValue(authData.getBPK()); - - subject.setNameID(subjectNameID); - - //assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession)); - - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); - issuer.setFormat(NameID.ENTITY); - assertion.setIssuer(issuer); - assertion.setSubject(subject); - - ArtifactResponse authResponse = SAML2Utils.createSAMLObject(ArtifactResponse.class); - Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); authResponse.setInResponseTo(authnRequest.getID()); - authResponse.setMessage(assertion); + authResponse.getAssertions().add(assertion); authResponse.setStatus(SAML2Utils.getSuccessStatus()); - + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); int idx = 0; - - if(aIdx != null) { + + if (aIdx != null) { idx = aIdx.intValue(); } - - String oaURL = spSSODescriptor. - getAssertionConsumerServices().get(idx).getLocation(); - - IEncoder binding = new PostBinding(); + SPSSODescriptor spSSODescriptor = peerEntity + .getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + AssertionConsumerService consumerService = spSSODescriptor + .getAssertionConsumerServices().get(idx); + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(idx); + } + String oaURL = consumerService.getLocation(); + + IEncoder binding = null; + + if (consumerService.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { + // TODO: not supported YET!! + binding = new ArtifactBinding(); + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + } + + if (binding == null) { + throw new BindingNotSupportedException(consumerService.getBinding()); + } + try { binding.encodeRespone(req, resp, authResponse, oaURL); + // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); } catch (SecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); } } } |