Commit 2f08bee4 authored by michael.simon's avatar michael.simon
Browse files

next step to attribute authority

parent 5992fd07
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.dao;
import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
public interface SamlAAConfigurationDao extends BaseDao<SamlAAConfigurationEntity, Long> {
SamlAAConfigurationEntity findByHostname(String hostname);
SamlAAConfigurationEntity findByEntityId(String entityId);
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.dao.jpa;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Named;
import javax.persistence.NoResultException;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.ListJoin;
import javax.persistence.criteria.Root;
import edu.kit.scc.webreg.dao.SamlAAConfigurationDao;
import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
@Named
@ApplicationScoped
public class JpaSamlAAConfigurationDao extends JpaBaseDao<SamlAAConfigurationEntity, Long> implements SamlAAConfigurationDao {
@Override
public SamlAAConfigurationEntity findByEntityId(String entityId) {
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<SamlAAConfigurationEntity> criteria = builder.createQuery(SamlAAConfigurationEntity.class);
Root<SamlAAConfigurationEntity> root = criteria.from(SamlAAConfigurationEntity.class);
criteria.where(
builder.equal(root.get("entityId"), entityId));
criteria.select(root);
try {
return em.createQuery(criteria).getSingleResult();
}
catch (NoResultException e) {
return null;
}
}
@Override
public SamlAAConfigurationEntity findByHostname(String hostname) {
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<SamlAAConfigurationEntity> criteria = builder.createQuery(SamlAAConfigurationEntity.class);
Root<SamlAAConfigurationEntity> root = criteria.from(SamlAAConfigurationEntity.class);
ListJoin<SamlAAConfigurationEntity, String> elementJoin = root.joinList("hostNameList");
criteria.select(root);
criteria.where(
builder.equal(elementJoin.as(String.class), hostname));
try {
return em.createQuery(criteria).getSingleResult();
}
catch (NoResultException e) {
return null;
}
}
@Override
public Class<SamlAAConfigurationEntity> getEntityClass() {
return SamlAAConfigurationEntity.class;
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.entity;
import java.util.ArrayList;
import java.util.List;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.Table;
@Entity
@Table(name = "aaconfig")
public class SamlAAConfigurationEntity extends SamlConfigurationEntity {
private static final long serialVersionUID = 1L;
@Column(name = "aq", length = 2048)
private String aq;
@ElementCollection
private List<String> hostNameList = new ArrayList<String>();
public List<String> getHostNameList() {
return hostNameList;
}
public void setHostNameList(List<String> hostNameList) {
this.hostNameList = hostNameList;
}
public String getAq() {
return aq;
}
public void setAq(String aq) {
this.aq = aq;
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.entity;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import javax.persistence.Lob;
import org.hibernate.annotations.Type;
@Entity
@Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)
public abstract class SamlConfigurationEntity extends AbstractBaseEntity {
private static final long serialVersionUID = 1L;
@Column(name = "entity_id", length = 2048)
private String entityId;
@Enumerated(EnumType.STRING)
private SamlMetadataEntityStatus status;
@Column(name = "private_key")
@Lob
@Type(type = "org.hibernate.type.TextType")
private String privateKey;
@Column(name = "certificate")
@Lob
@Type(type = "org.hibernate.type.TextType")
private String certificate;
public String getPrivateKey() {
return privateKey;
}
public void setPrivateKey(String privateKey) {
this.privateKey = privateKey;
}
public String getCertificate() {
return certificate;
}
public void setCertificate(String certificate) {
this.certificate = certificate;
}
public String getEntityId() {
return entityId;
}
public void setEntityId(String entityId) {
this.entityId = entityId;
}
}
......@@ -16,35 +16,13 @@ import java.util.List;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.FetchType;
import javax.persistence.Lob;
import javax.persistence.Table;
import org.hibernate.annotations.Type;
@Entity
@Table(name = "spconfig")
public class SamlSpConfigurationEntity extends AbstractBaseEntity {
public class SamlSpConfigurationEntity extends SamlConfigurationEntity {
private static final long serialVersionUID = 1L;
@Column(name = "entity_id", length = 2048)
private String entityId;
@Enumerated(EnumType.STRING)
private SamlMetadataEntityStatus status;
@Column(name = "private_key")
@Lob
@Type(type = "org.hibernate.type.TextType")
private String privateKey;
@Column(name = "certificate")
@Lob
@Type(type = "org.hibernate.type.TextType")
private String certificate;
@Column(name = "acs", length = 2048)
private String acs;
......@@ -52,25 +30,9 @@ public class SamlSpConfigurationEntity extends AbstractBaseEntity {
@Column(name = "ecp", length = 2048)
private String ecp;
@ElementCollection(fetch = FetchType.EAGER)
@ElementCollection
private List<String> hostNameList = new ArrayList<String>();
public String getPrivateKey() {
return privateKey;
}
public void setPrivateKey(String privateKey) {
this.privateKey = privateKey;
}
public String getCertificate() {
return certificate;
}
public void setCertificate(String certificate) {
this.certificate = certificate;
}
public List<String> getHostNameList() {
return hostNameList;
}
......@@ -94,12 +56,4 @@ public class SamlSpConfigurationEntity extends AbstractBaseEntity {
public void setEcp(String ecp) {
this.ecp = ecp;
}
public String getEntityId() {
return entityId;
}
public void setEntityId(String entityId) {
this.entityId = entityId;
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.service;
import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
public interface SamlAAConfigurationService extends BaseService<SamlAAConfigurationEntity, Long> {
SamlAAConfigurationEntity findByHostname(String hostname);
SamlAAConfigurationEntity findByEntityId(String entityId);
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.service.impl;
import javax.ejb.Stateless;
import javax.inject.Inject;
import edu.kit.scc.webreg.dao.BaseDao;
import edu.kit.scc.webreg.dao.SamlAAConfigurationDao;
import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
import edu.kit.scc.webreg.service.SamlAAConfigurationService;
@Stateless
public class SamlAAConfigurationServiceImpl extends BaseServiceImpl<SamlAAConfigurationEntity, Long> implements SamlAAConfigurationService {
private static final long serialVersionUID = 1L;
@Inject
private SamlAAConfigurationDao dao;
@Override
public SamlAAConfigurationEntity findByEntityId(String entityId) {
return dao.findByEntityId(entityId);
}
@Override
public SamlAAConfigurationEntity findByHostname(String hostname) {
return dao.findByHostname(hostname);
}
@Override
protected BaseDao<SamlAAConfigurationEntity, Long> getDao() {
return dao;
}
}
......@@ -12,14 +12,11 @@ package edu.kit.scc.webreg.sec;
import java.io.IOException;
import javax.faces.bean.ApplicationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
......@@ -29,27 +26,28 @@ import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.soap.soap11.Body;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.security.SecurityException;
import org.slf4j.Logger;
import edu.kit.scc.webreg.bootstrap.ApplicationConfig;
import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
import edu.kit.scc.webreg.entity.SamlSpMetadataEntity;
import edu.kit.scc.webreg.exc.SamlAuthenticationException;
import edu.kit.scc.webreg.service.SamlIdpMetadataService;
import edu.kit.scc.webreg.service.SamlSpConfigurationService;
import edu.kit.scc.webreg.service.SamlSpMetadataService;
import edu.kit.scc.webreg.service.saml.Saml2DecoderService;
import edu.kit.scc.webreg.service.saml.Saml2ResponseValidationService;
import edu.kit.scc.webreg.service.saml.SamlHelper;
@Named
@WebServlet(urlPatterns = {"/Shibboleth.sso/SAML2/AttributeQuery"})
public class Saml2AttributeQueryServlet implements Servlet {
@ApplicationScoped
public class Saml2AttributeQueryServlet {
@Inject
private Logger logger;
......@@ -72,13 +70,7 @@ public class Saml2AttributeQueryServlet implements Servlet {
@Inject
private ApplicationConfig appConfig;
@Override
public void init(ServletConfig config) throws ServletException {
}
@Override
public void service(ServletRequest servletRequest, ServletResponse servletResponse)
public void service(ServletRequest servletRequest, ServletResponse servletResponse, SamlAAConfigurationEntity aaConfig)
throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
......@@ -91,8 +83,9 @@ public class Saml2AttributeQueryServlet implements Servlet {
logger.debug("SAML AttributeQuery decoded");
Issuer issuer = query.getIssuer();
if (issuer == null || issuer.getValue() == null)
if (issuer == null || issuer.getValue() == null) {
throw new SamlAuthenticationException("Issuer not set");
}
String issuerString = issuer.getValue();
SamlSpMetadataEntity spEntity = spMetadataService.findByEntityId(issuerString);
......@@ -105,47 +98,62 @@ public class Saml2AttributeQueryServlet implements Servlet {
saml2ValidationService.verifyIssuer(spEntity, query);
saml2ValidationService.validateSpSignature(query, issuer, spEntityDescriptor);
StatusCode statusCode = samlHelper.create(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME);
statusCode.setValue(StatusCode.REQUEST_DENIED_URI);
Status samlStatus = samlHelper.create(Status.class, Status.DEFAULT_ELEMENT_NAME);
samlStatus.setStatusCode(statusCode);
Response samlResponse = samlHelper.create(Response.class, Response.DEFAULT_ELEMENT_NAME);
samlResponse.setStatus(samlStatus);
Response samlResponse = buildSamlRespone(StatusCode.SUCCESS_URI, null);
XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
Envelope envelope = (Envelope) bf.getBuilder(
Envelope.DEFAULT_ELEMENT_NAME).buildObject(
Envelope.DEFAULT_ELEMENT_NAME);
Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME)
.buildObject(Body.DEFAULT_ELEMENT_NAME);
body.getUnknownXMLObjects().add(samlResponse);
envelope.setBody(body);
Envelope envelope = buildSoapEnvelope(samlResponse);
response.getWriter().print(samlHelper.marshal(envelope));
} catch (MessageDecodingException e) {
throw new ServletException("Authentication problem", e);
logger.info("Could not execute AttributeQuery: {}", e.getMessage());
sendErrorResponse(response, StatusCode.REQUEST_DENIED_URI, e.getMessage());
} catch (SecurityException e) {
throw new ServletException("Authentication problem", e);
logger.info("Could not execute AttributeQuery: {}", e.getMessage());
sendErrorResponse(response, StatusCode.REQUEST_DENIED_URI, e.getMessage());
} catch (SamlAuthenticationException e) {
throw new ServletException("Authentication problem", e);
logger.info("Could not execute AttributeQuery: {}", e.getMessage());
sendErrorResponse(response, StatusCode.REQUEST_DENIED_URI, e.getMessage());
}
}
private void sendErrorResponse(HttpServletResponse response, String statusCodeString, String messageString)
throws IOException {
Response samlResponse = buildSamlRespone(statusCodeString, messageString);
Envelope envelope = buildSoapEnvelope(samlResponse);
response.getWriter().print(samlHelper.marshal(envelope));
}
@Override
public ServletConfig getServletConfig() {
return null;
private Envelope buildSoapEnvelope(XMLObject xmlObject) {
XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
Envelope envelope = (Envelope) bf.getBuilder(
Envelope.DEFAULT_ELEMENT_NAME).buildObject(
Envelope.DEFAULT_ELEMENT_NAME);
Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME)
.buildObject(Body.DEFAULT_ELEMENT_NAME);
body.getUnknownXMLObjects().add(xmlObject);
envelope.setBody(body);
return envelope;
}
@Override
public String getServletInfo() {
return null;
private Response buildSamlRespone(String statusCodeString, String messageString) {
Response samlResponse = samlHelper.create(Response.class, Response.DEFAULT_ELEMENT_NAME);
samlResponse.setStatus(buildSamlStatus(statusCodeString, messageString));
return samlResponse;
}
private Status buildSamlStatus(String statusCodeString, String messageString) {
StatusCode statusCode = samlHelper.create(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME);
statusCode.setValue(statusCodeString);
Status samlStatus = samlHelper.create(Status.class, Status.DEFAULT_ELEMENT_NAME);
samlStatus.setStatusCode(statusCode);
@Override
public void destroy() {
}
if (messageString != null) {
StatusMessage statusMessage = samlHelper.create(StatusMessage.class, StatusMessage.DEFAULT_ELEMENT_NAME);
statusMessage.setMessage(messageString);
samlStatus.setStatusMessage(statusMessage);
}
return samlStatus;
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.sec;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.SamlAAConfigurationEntity;
import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
import edu.kit.scc.webreg.service.SamlAAConfigurationService;
import edu.kit.scc.webreg.service.SamlSpConfigurationService;
import edu.kit.scc.webreg.util.SessionManager;
@Named
@WebServlet(urlPatterns = {"/Shibboleth.sso/*", "/saml/*"})
public class Saml2DispatcherServlet implements Servlet {
@Inject
private Logger logger;
@Inject
private SessionManager session;
@Inject
private SamlSpConfigurationService spConfigService;
@Inject
private SamlAAConfigurationService aaConfigService;
@Inject
private Saml2AttributeQueryServlet attributeQueryServlet;
@Inject
private Saml2PostHandlerServlet postHandlerServlet;
@Override