From 49e202080467e3da1b43505ace711001b6c18c4b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 8 May 2014 10:17:42 +0200
Subject: add first parts for Single LogOut

---
 .../moa/id/entrypoints/DispatcherServlet.java      | 12 +++--
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 60 ++++++++++++++++++++--
 .../id/protocols/pvp2x/PVPTargetConfiguration.java |  3 +-
 .../id/protocols/pvp2x/messages/MOARequest.java    | 11 +++-
 4 files changed, 76 insertions(+), 10 deletions(-)

(limited to 'id')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 9f1b6b3e8..1cc2a5711 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -41,7 +41,6 @@ import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -271,10 +270,17 @@ public class DispatcherServlet extends AuthServlet{
 							
 						//request is a new authentication request	
 						} else if (protocolRequest != null &&
-								MiscUtil.isEmpty(protocolRequest.getRequestID())) {								
+								MiscUtil.isEmpty(protocolRequest.getRequestID())) {															
 							//Start new Authentication
-							protocolRequest.setAction(action);
 							protocolRequest.setModule(module);
+							
+							//if preProcessing has not set a specific action from decoded request 
+							//   then set the default action
+							if (MiscUtil.isEmpty(protocolRequest.requestedAction()))
+									protocolRequest.setAction(action);
+							else
+								moduleAction = info.getAction(protocolRequest.requestedAction());
+							
 							protocolRequestID = Random.nextRandom();
 							protocolRequest.setRequestID(protocolRequestID);							
 							RequestStorage.setPendingRequest(protocolRequest);							
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index a786420cf..e2e6e752b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -52,6 +52,7 @@ import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeConsumingService;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.signature.SignableXMLObject;
 
@@ -105,6 +106,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 	public static final String SOAP = "Soap";
 	public static final String METADATA = "Metadata";
 	public static final String ATTRIBUTEQUERY = "AttributeQuery";
+	public static final String SINGLELOGOUT = "SingleLogOut";
 
 	private static List<IDecoder> decoder = new ArrayList<IDecoder>();
 
@@ -125,6 +127,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 		actions.put(POST, new AuthenticationAction());
 		actions.put(METADATA, new MetadataAction());
 		actions.put(ATTRIBUTEQUERY, new AttributQueryAction());
+		actions.put(SINGLELOGOUT, new SingleLogOutAction());
 		
 		//TODO: insert getArtifact action
 		
@@ -179,6 +182,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 		
 		if(METADATA.equals(action)) {
 			return new PVPTargetConfiguration();
+			
 		}
 		
 		IDecoder decoder = findDecoder(action, request);
@@ -350,8 +354,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 			HttpServletResponse response) {
 		if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
 			return getAction(REDIRECT);
+			
 		} else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
 			return getAction(POST);
+			
 		} 
 		
 		if(METADATA.equals(request.getParameter("action"))) {
@@ -373,11 +379,57 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 	 * @param response
 	 * @param msg
 	 * @return
+	 * @throws MOAIDException 
 	 */
 	private IRequest preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, MOARequest msg) {
-		// TODO Auto-generated method stub
-		return null;
+			HttpServletResponse response, MOARequest msg) throws MOAIDException {
+
+		PVPTargetConfiguration config = new PVPTargetConfiguration();
+		
+		if (((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) {
+			//preProcess single logout request from service provider
+					
+			EntityDescriptor metadata = msg.getEntityMetadata();
+			if(metadata == null) {
+				throw new NoMetadataInformationException();
+			}
+
+
+			
+			String oaURL = metadata.getEntityID();
+			oaURL = StringEscapeUtils.escapeHtml(oaURL);
+			
+			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
+						
+			config.setOAURL(oaURL);			
+			config.setBinding(msg.getRequestBinding());									
+
+						
+		} else if (((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) {
+			//preProcess single logour response from service provider
+						
+			LogoutResponse resp = (LogoutResponse) (((MOARequest)msg).getSamlRequest());
+			
+			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
+			
+			if (!resp.getDestination().startsWith(
+					PVPConfiguration.getInstance().getIDPPublicPath())) {
+				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
+				throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
+				
+			}
+						
+			//TODO: check if relayState exists
+			msg.getRelayState();
+						
+						
+		} else 
+			throw new MOAIDException("Unsupported request", new Object[] {});
+		
+		
+		config.setRequest(msg);
+		config.setAction(SINGLELOGOUT);
+		return config;
 	}
 	
 	/**
@@ -485,7 +537,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 		String oaURL = moaRequest.getEntityMetadata().getEntityID();
 		String binding = consumerService.getBinding();
 		
-		Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding);
+		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding);
 		
 		oaURL = StringEscapeUtils.escapeHtml(oaURL);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 96e2bf7e9..65da23565 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.logging.Logger;
 
 public class PVPTargetConfiguration extends RequestImpl {
@@ -50,7 +51,7 @@ public class PVPTargetConfiguration extends RequestImpl {
 	InboundMessage request;
 	String binding;
 	String consumerURL;
-
+	
 	public InboundMessage getRequest() {
 		return request;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
index f2f8f0a23..7679e74a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
@@ -37,11 +37,18 @@ public class MOARequest extends InboundMessage{
 	
 	private static final long serialVersionUID = 8613921176727607896L;
 
-	public MOARequest(SignableXMLObject inboundMessage) {
-		setSAMLMessage(inboundMessage.getDOM());	
+	private String binding = null;
+	
+	public MOARequest(SignableXMLObject inboundMessage, String binding) {
+		setSAMLMessage(inboundMessage.getDOM());
+		this.binding = binding;
 		
 	}
 	
+	public String getRequestBinding() {
+		return binding;
+	}
+	
 	public SignableXMLObject getSamlRequest() {
 		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
 		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-- 
cgit v1.2.3