package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry; import org.opensaml.saml2.core.ArtifactResolve; import org.opensaml.saml2.core.ArtifactResponse; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; public class ArtifactResolution implements IRequestHandler { public boolean handleObject(MOARequest obj) { return (obj.getSamlRequest() instanceof ArtifactResolve); } public String process(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException { if (!handleObject(obj)) { throw new MOAIDException("pvp2.13", null); } ArtifactResolve artifactResolve = (ArtifactResolve) obj .getSamlRequest(); String artifactID = artifactResolve.getArtifact().getArtifact(); PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); if (!pvpAssertion.contains(artifactID)) { throw new RequestDeniedException(); } else { try { SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); ArtifactResponse response = SAML2Utils .createSAMLObject(ArtifactResponse.class); response.setMessage(assertion.getSamlMessage()); response.setIssueInstant(new DateTime()); SoapBinding encoder = new SoapBinding(); encoder.encodeRespone(req, resp, response, null); } catch (Exception e) { Logger.error("Failed to resolve artifact", e); } } return null; } }