From 0436de6184c1a95d463da52929e3bf60923d6e04 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 13 Dec 2021 09:23:09 +0100 Subject: update third-party libs and resolve API issues --- .../auth/pvp2/servlets/Authenticate.java | 313 +++++++++++---------- 1 file changed, 158 insertions(+), 155 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java index 84fbec0e8..c6946e509 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java @@ -36,7 +36,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.AuthnContextClassRef; @@ -67,163 +66,167 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; import at.gv.egovernment.moa.util.MiscUtil; - /** * Servlet implementation class Authenticate */ public class Authenticate extends HttpServlet { - private static final long serialVersionUID = 1L; - - private static final Logger log = LoggerFactory - .getLogger(Authenticate.class); - - private static DocumentBuilderFactory factory = null; - - static { - initialDocumentBuilderFactory(); - } - - synchronized private static void initialDocumentBuilderFactory() { - factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - - } - - public Document asDOMDocument(XMLObject object) throws IOException, - MarshallingException, TransformerException, ParserConfigurationException { - try { - DocumentBuilder builder = null; - synchronized (factory) { - builder = factory.newDocumentBuilder(); - - } - - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller( - object); - out.marshall(object, document); - return document; - - } catch (ParserConfigurationException e) { - log.warn("PVP2 AuthenticationServlet can not be initialized.", e); - throw e; - } - - } - - protected void process(HttpServletRequest request, - HttpServletResponse response, Map legacyParameter) throws ServletException, IOException { - try { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - config.initializePVP2Login(); - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - HttpSession session = request.getSession(); - if (session != null) { - session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); - } - - authReq.setAssertionConsumerServiceIndex(0); - authReq.setAttributeConsumingServiceIndex(0); - authReq.setIssueInstant(new DateTime()); - Subject subject = SAML2Utils.createSAMLObject(Subject.class); - NameID name = SAML2Utils.createSAMLObject(NameID.class); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - - String serviceURL = config.getPublicUrlPreFix(request); - if (!serviceURL.endsWith("/")) - serviceURL = serviceURL + "/"; - name.setValue(serviceURL); - issuer.setValue(serviceURL); - - subject.setNameID(name); - authReq.setSubject(subject); - issuer.setFormat(NameIDType.ENTITY); - authReq.setIssuer(issuer); - NameIDPolicy policy = SAML2Utils - .createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.PERSISTENT); - authReq.setNameIDPolicy(policy); - - String entityname = config.getPVP2IDPMetadataEntityName(); - if (MiscUtil.isEmpty(entityname)) { - log.info("No IDP EntityName configurated"); - throw new ConfigurationException("No IDP EntityName configurated"); - } - - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); - EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); - if (idpEntity == null) { - log.info("IDP EntityName is not found in IDP Metadata"); - throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); - } - - SingleSignOnService redirectEndpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - //Get the service address for the binding you wish to use - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - redirectEndpoint = sss; - } - } - - authReq.setDestination(redirectEndpoint.getLocation()); - - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - - authReq.setRequestedAuthnContext(reqAuthContext); - - //sign Message - X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, config); - - //encode message - PVP2Utils.postBindingEncoder(request, - response, - authReq, - authcredential, - redirectEndpoint.getLocation(), - null); - - } catch (Exception e) { - log.warn("Authentication Request can not be generated", e); - throw new ServletException("Authentication Request can not be generated.", e); - } - } - - /** - * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - - process(request, response, null); - } - - /** - * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse - * response) - */ - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws ServletException, IOException { - process(request, response, null); - } + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + + private static DocumentBuilderFactory factory = null; + + static { + initialDocumentBuilderFactory(); + } + + synchronized private static void initialDocumentBuilderFactory() { + factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + + } + + public Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException, ParserConfigurationException { + try { + DocumentBuilder builder = null; + synchronized (factory) { + builder = factory.newDocumentBuilder(); + + } + + final Document document = builder.newDocument(); + final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + + } catch (final ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + throw e; + } + + } + + protected void process(HttpServletRequest request, + HttpServletResponse response, Map legacyParameter) throws ServletException, + IOException { + try { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + + final AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + final HttpSession session = request.getSession(); + if (session != null) { + session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); + } + + authReq.setAssertionConsumerServiceIndex(0); + authReq.setAttributeConsumingServiceIndex(0); + authReq.setIssueInstant(new DateTime()); + final Subject subject = SAML2Utils.createSAMLObject(Subject.class); + final NameID name = SAML2Utils.createSAMLObject(NameID.class); + final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) { + serviceURL = serviceURL + "/"; + } + name.setValue(serviceURL); + issuer.setValue(serviceURL); + + subject.setNameID(name); + authReq.setSubject(subject); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + final NameIDPolicy policy = SAML2Utils + .createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameIDType.PERSISTENT); + authReq.setNameIDPolicy(policy); + + final String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + SingleSignOnService redirectEndpoint = null; + for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) + .getSingleSignOnServices()) { + + // Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + redirectEndpoint = sss; + } + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + final RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + + final AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + + authReq.setRequestedAuthnContext(reqAuthContext); + + // sign Message + final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, + config); + + // encode message + PVP2Utils.postBindingEncoder(request, + response, + authReq, + authcredential, + redirectEndpoint.getLocation(), + null); + + } catch (final Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + @Override + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } } -- cgit v1.2.3