From 352a061434c121bb438b01829131aaa85378fc26 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 28 May 2014 08:43:32 +0200 Subject: use AssertionConsumerServiceURL from request if it exists --- .../id/protocols/pvp2x/AuthenticationAction.java | 2 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 77 +++++++++++++--------- .../pvp2x/requestHandler/ArtifactResolution.java | 7 +- .../pvp2x/requestHandler/AuthnRequestHandler.java | 37 ++++------- .../pvp2x/requestHandler/IRequestHandler.java | 3 +- .../pvp2x/requestHandler/RequestManager.java | 7 +- 6 files changed, 68 insertions(+), 65 deletions(-) (limited to 'id/server/idserverlib/src/main') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 70db9cc23..04b7854b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -40,7 +40,7 @@ public class AuthenticationAction implements IAction { PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req; - SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, authData); + SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest, httpReq, httpResp, authData); //set protocol type sloInformation.setProtocolType(req.requestedModule()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 863bfe501..d9ce6250a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -82,6 +82,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; @@ -543,52 +544,51 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { AuthnRequest authnRequest = (AuthnRequest)samlReq; - Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); - int assertionidx = 0; + //parse AssertionConsumerService + AssertionConsumerService consumerService = null; + if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && + MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) { + //use AssertionConsumerServiceURL from request + consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + consumerService.setBinding(authnRequest.getProtocolBinding()); + consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL()); + + } else { + //use AssertionConsumerServiceIndex and select consumerService from metadata + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int assertionidx = 0; - if(aIdx != null) { - assertionidx = aIdx.intValue(); + if(aIdx != null) { + assertionidx = aIdx.intValue(); + + } else { + assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); + + } + consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); - } else { - assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(aIdx); + + } } - aIdx = authnRequest.getAttributeConsumingServiceIndex(); + //select AttributeConsumingService from request + AttributeConsumingService attributeConsumer = null; + Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); int attributeIdx = 0; - + if(aIdx != null) { attributeIdx = aIdx.intValue(); } - AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); - - AttributeConsumingService attributeConsumer = null; - if (spSSODescriptor.getAttributeConsumingServices() != null && spSSODescriptor.getAttributeConsumingServices().size() > 0) { attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); } - PVPTargetConfiguration config = new PVPTargetConfiguration(); - - String oaURL = moaRequest.getEntityMetadata().getEntityID(); - String binding = consumerService.getBinding(); - - Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding); - - oaURL = StringEscapeUtils.escapeHtml(oaURL); - - config.setOAURL(oaURL); - config.setBinding(binding); - config.setRequest(moaRequest); - config.setConsumerURL(consumerService.getLocation()); - - //parse AuthRequest - AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq; - config.setPassiv(authReq.isPassive()); - config.setForce(authReq.isForceAuthn()); - //validate AuthnRequest + AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq; AuthnRequestValidator.validate(authReq); String useMandate = request.getParameter(PARAM_USEMANDATE); @@ -599,7 +599,22 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { } } } + + String oaURL = moaRequest.getEntityMetadata().getEntityID(); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); + + PVPTargetConfiguration config = new PVPTargetConfiguration(); + config.setOAURL(oaURL); + config.setBinding(consumerService.getBinding()); + config.setRequest(moaRequest); + config.setConsumerURL(consumerService.getLocation()); + //parse AuthRequest + config.setPassiv(authReq.isPassive()); + config.setForce(authReq.isForceAuthn()); + return config; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java index 303fc2924..7f6054f2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; @@ -48,13 +49,13 @@ public class ArtifactResolution implements IRequestHandler { ((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve); } - public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + public SLOInformationInterface process(PVPTargetConfiguration obj, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) throws MOAIDException { - if (!handleObject(obj)) { + if (!handleObject(obj.getRequest())) { throw new MOAIDException("pvp2.13", null); } - ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj).getSamlRequest(); + ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj.getRequest()).getSamlRequest(); String artifactID = artifactResolve.getArtifact().getArtifact(); PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index ca5210d21..d33c38f25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -62,38 +63,22 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { ((MOARequest)obj).getSamlRequest() instanceof AuthnRequest); } - public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + public SLOInformationInterface process(PVPTargetConfiguration obj, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) throws MOAIDException { - if (!handleObject(obj)) { + if (!handleObject(obj.getRequest())) { throw new MOAIDException("pvp2.13", null); } //get basic information - MOARequest moaRequest = (MOARequest) obj; + MOARequest moaRequest = (MOARequest) obj.getRequest(); AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); - EntityDescriptor peerEntity = obj.getEntityMetadata(); - SPSSODescriptor spSSODescriptor = peerEntity - .getSPSSODescriptor(SAMLConstants.SAML20P_NS); - - //get AssertionConsumingService - Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); - int idx = 0; - - if (aIdx != null) { - idx = aIdx.intValue(); - - } else { - idx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); - } - - AssertionConsumerService consumerService = spSSODescriptor - .getAssertionConsumerServices().get(idx); - - if (consumerService == null) { - throw new InvalidAssertionConsumerServiceException(idx); - - } + EntityDescriptor peerEntity = moaRequest.getEntityMetadata(); + AssertionConsumerService consumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + consumerService.setBinding(obj.getBinding()); + consumerService.setLocation(obj.getConsumerURL()); + DateTime date = new DateTime(); SLOInformationImpl sloInformation = new SLOInformationImpl(); @@ -127,7 +112,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { try { binding.encodeRespone(req, resp, authResponse, - consumerService.getLocation(), obj.getRelayState()); + consumerService.getLocation(), moaRequest.getRelayState()); return sloInformation; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java index d1ae0b202..293dccf6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java @@ -28,12 +28,13 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; public interface IRequestHandler { public boolean handleObject(InboundMessage obj); - public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + public SLOInformationInterface process(PVPTargetConfiguration pvpRequest, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) throws MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index 5b9bf940d..b58b09f12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported; @@ -56,13 +57,13 @@ public class RequestManager { handler.add(new ArtifactResolution()); } - public SLOInformationInterface handle(InboundMessage obj, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) + public SLOInformationInterface handle(PVPTargetConfiguration pvpRequest, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) throws SAMLRequestNotSupported, MOAIDException { Iterator it = handler.iterator(); while(it.hasNext()) { IRequestHandler handler = it.next(); - if(handler.handleObject(obj)) { - return handler.process(obj, req, resp, authData); + if(handler.handleObject(pvpRequest.getRequest())) { + return handler.process(pvpRequest, req, resp, authData); } } -- cgit v1.2.3