aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java163
1 files changed, 58 insertions, 105 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 86e941db7..db41bf389 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -1,44 +1,37 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
-import java.util.Iterator;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.ArtifactResponse;
import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
-public class AuthnRequestHandler implements IRequestHandler {
+public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
public boolean handleObject(MOARequest obj) {
return (obj.getSamlRequest() instanceof AuthnRequest);
@@ -46,117 +39,77 @@ public class AuthnRequestHandler implements IRequestHandler {
public void process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp) throws MOAIDException {
- if(!handleObject(obj)) {
- throw new MOAIDException("INVALID HANDLER SELECETED", null);
+ if (!handleObject(obj)) {
+ throw new MOAIDException("pvp2.13", null);
}
-
- AuthnRequest authnRequest = (AuthnRequest)obj.getSamlRequest();
-
- Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
- AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
- authnContextClassRef.setAuthnContextClassRef(AuthnContext.SMARTCARD_PKI_AUTHN_CTX);
-
- AuthnContext authnContext = SAML2Utils.createSAMLObject(AuthnContext.class);
- authnContext.setAuthnContextClassRef(authnContextClassRef);
-
- AuthnStatement authnStatement = SAML2Utils.createSAMLObject(AuthnStatement.class);
-
- authnStatement.setAuthnInstant(new DateTime());
- authnStatement.setAuthnContext(authnContext);
-
- assertion.getAuthnStatements().add(authnStatement);
-
- SPSSODescriptor spSSODescriptor = obj.getEntityMetadata().
- getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-
- AttributeConsumingService attributeConsumingService =
- spSSODescriptor.getAttributeConsumingServices().iterator().next();
-
+ AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
+ EntityDescriptor peerEntity = obj.getEntityMetadata();
+
AuthenticationManager authmanager = AuthenticationManager.getInstance();
AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
- AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class);
-
- Iterator<RequestedAttribute> it = attributeConsumingService.getRequestAttributes().iterator();
- while(it.hasNext()) {
- RequestedAttribute reqAttribut = it.next();
- Attribute attr = PVPAttributeBuilder.buildAttribute(reqAttribut.getName(), authSession);
- if(attr == null) {
- if(reqAttribut.isRequired()) {
- throw new MOAIDException("Cannot provide requested attribute " + reqAttribut.getName(), null);
- }
- } else {
- attributeStatement.getAttributes().add(attr);
- }
- }
-
- if(attributeStatement.getAttributes().size() > 0) {
- assertion.getAttributeStatements().add(attributeStatement);
- }
+ // authSession.getM
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
- NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
- subjectNameID.setFormat(NameID.PERSISTENT);
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity);
+
+ Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
- //TL: AuthData generation is moved to Assertion generation.
-
- //TODO: LOAD oaParam from request and not from MOASession in case of SSO
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
-
- AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
- oaParam,
- authSession.getTarget());
-
- //TL: getIdentificationValue holds the baseID --> change to pBK
- //subjectNameID.setValue(authData.getIdentificationValue());
- if (authSession.getBusinessService())
- subjectNameID.setValue(authData.getWBPK());
- else
- subjectNameID.setValue(authData.getBPK());
-
- subject.setNameID(subjectNameID);
-
- //assertion.getAttributeStatements().add(CitizenTokenBuilder.buildCitizenToken(obj, authSession));
-
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
- issuer.setFormat(NameID.ENTITY);
- assertion.setIssuer(issuer);
- assertion.setSubject(subject);
-
- ArtifactResponse authResponse = SAML2Utils.createSAMLObject(ArtifactResponse.class);
-
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
nissuer.setFormat(NameID.ENTITY);
authResponse.setIssuer(nissuer);
authResponse.setInResponseTo(authnRequest.getID());
- authResponse.setMessage(assertion);
+ authResponse.getAssertions().add(assertion);
authResponse.setStatus(SAML2Utils.getSuccessStatus());
-
+
Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
int idx = 0;
-
- if(aIdx != null) {
+
+ if (aIdx != null) {
idx = aIdx.intValue();
}
-
- String oaURL = spSSODescriptor.
- getAssertionConsumerServices().get(idx).getLocation();
-
- IEncoder binding = new PostBinding();
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+
+ AssertionConsumerService consumerService = spSSODescriptor
+ .getAssertionConsumerServices().get(idx);
+
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException(idx);
+ }
+ String oaURL = consumerService.getLocation();
+
+ IEncoder binding = null;
+
+ if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ binding = new RedirectBinding();
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ // TODO: not supported YET!!
+ binding = new ArtifactBinding();
+ } else if (consumerService.getBinding().equals(
+ SAMLConstants.SAML2_POST_BINDING_URI)) {
+ binding = new PostBinding();
+ }
+
+ if (binding == null) {
+ throw new BindingNotSupportedException(consumerService.getBinding());
+ }
+
try {
binding.encodeRespone(req, resp, authResponse, oaURL);
+ // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
} catch (MessageEncodingException e) {
+ Logger.error("Message Encoding exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
} catch (SecurityException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
+ Logger.error("Security exception", e);
+ throw new MOAIDException("pvp2.01", null, e);
}
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 22:23:42 +0000