From 432441f6debd593f86075d1995fdb1d48cbd8b36 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 17 Apr 2014 07:58:01 +0200
Subject: compare SAML2 destination URL with expected URL

---
 .../moa/id/protocols/pvp2x/binding/MOAURICompare.java  | 18 ++++++++++++++++--
 .../moa/id/protocols/pvp2x/binding/PostBinding.java    |  9 ++++++++-
 .../id/protocols/pvp2x/binding/RedirectBinding.java    | 12 +++++++++++-
 3 files changed, 35 insertions(+), 4 deletions(-)

(limited to 'id')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
index 1d6b227d6..3094abba8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -26,9 +26,23 @@ import org.opensaml.common.binding.decoding.URIComparator;
 
 public class MOAURICompare implements URIComparator {
 
+	/**
+	 * @param idpssoPostService
+	 */
+	
+	private String serviceURL = "";
+	
+	public MOAURICompare(String serviceURL) {
+		this.serviceURL = serviceURL;
+	}
+
 	public boolean compare(String uri1, String uri2) {
-		// TODO: implement proper equalizer for rewritten URLS
-		return true;
+		
+		if (this.serviceURL.equals(uri1))		
+			return true;
+		
+		else
+			return false;
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index a7633952a..645d15086 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -48,6 +48,8 @@ import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
@@ -142,7 +144,12 @@ public class PostBinding implements IDecoder, IEncoder {
 		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 		messageContext
 				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		decode.setURIComparator(new MOAURICompare());
+		try {
+			decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
+			
+		} catch (ConfigurationException e) {
+			throw new SecurityException(e);
+		}
 		
 		decode.decode(messageContext);		
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 9254ec279..68069f3a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -51,7 +51,9 @@ import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.x509.X509Credential;
 
+import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
@@ -132,7 +134,15 @@ public class RedirectBinding implements IDecoder, IEncoder {
 
 		HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
 				new BasicParserPool());
-		decode.setURIComparator(new MOAURICompare());
+		
+		try {
+			decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
+		
+		} catch (ConfigurationException e) {
+			throw new SecurityException(e);
+			
+		}
+		
 		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 		messageContext
 				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-- 
cgit v1.2.3