Commit dd9f1d8e authored by michael.simon's avatar michael.simon
Browse files

one step forward. Can send attribute query and decode

parent df1986d5
......@@ -44,7 +44,7 @@ import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlMetadataEntity;
import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.exc.MetadataException;
......@@ -64,7 +64,7 @@ public class AttributeQueryHelper implements Serializable {
@Inject
private CryptoHelper cryptoHelper;
public Response query(String persistentId, SamlIdpMetadataEntity idpEntity,
public Response query(String persistentId, SamlMetadataEntity idpEntity,
EntityDescriptor idpEntityDescriptor, SamlSpConfigurationEntity spEntity) throws MetadataException, SOAPException, SecurityException {
AttributeService attributeService = metadataHelper.getAttributeService(idpEntityDescriptor);
if (attributeService == null || attributeService.getLocation() == null)
......@@ -122,7 +122,7 @@ public class AttributeQueryHelper implements Serializable {
return getResponseFromEnvelope(returnEnvelope);
}
public Response query(UserEntity entity, SamlIdpMetadataEntity idpEntity,
public Response query(UserEntity entity, SamlMetadataEntity idpEntity,
EntityDescriptor idpEntityDescriptor, SamlSpConfigurationEntity spEntity) throws MetadataException, SOAPException, SecurityException {
return query(entity.getPersistentId(), idpEntity, idpEntityDescriptor, spEntity);
}
......
......@@ -22,7 +22,7 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.encryption.DecryptionException;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlMetadataEntity;
import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
import edu.kit.scc.webreg.exc.SamlAuthenticationException;
......@@ -37,7 +37,7 @@ public interface Saml2AssertionService {
throws IOException, DecryptionException, SamlAuthenticationException;
Assertion processSamlResponse(Response samlResponse,
SamlIdpMetadataEntity idpEntity,
SamlMetadataEntity idpEntity,
EntityDescriptor idpEntityDescriptor,
SamlSpConfigurationEntity spEntity) throws IOException, DecryptionException, SamlAuthenticationException;
......@@ -45,7 +45,7 @@ public interface Saml2AssertionService {
SamlSpConfigurationEntity spEntity) throws IOException, DecryptionException, SamlAuthenticationException;
Assertion processSamlResponse(Response samlResponse,
SamlIdpMetadataEntity idpEntity,
SamlMetadataEntity idpEntity,
EntityDescriptor idpEntityDescriptor,
SamlSpConfigurationEntity spEntity, boolean checkSignature)
throws IOException, DecryptionException, SamlAuthenticationException;
......
......@@ -12,6 +12,7 @@ package edu.kit.scc.webreg.service.saml;
import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Response;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
......@@ -23,7 +24,7 @@ public interface Saml2DecoderService {
public Response decodePostMessage(HttpServletRequest request)
throws MessageDecodingException, SecurityException, SamlAuthenticationException;
Response decodeAttributeQuery(HttpServletRequest request)
AttributeQuery decodeAttributeQuery(HttpServletRequest request)
throws MessageDecodingException, SecurityException,
SamlAuthenticationException;
......
......@@ -15,12 +15,12 @@ import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.EntityDescriptor;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlMetadataEntity;
import edu.kit.scc.webreg.exc.SamlAuthenticationException;
public interface Saml2ResponseValidationService {
public void verifyIssuer(SamlIdpMetadataEntity idpEntity, Response samlResponse)
public void verifyIssuer(SamlMetadataEntity idpEntity, Response samlResponse)
throws SamlAuthenticationException;
void verifyExpiration(Response samlResponse, Long expiryMillis)
......
......@@ -36,7 +36,7 @@ import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlMetadataEntity;
import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
import edu.kit.scc.webreg.exc.NoAssertionException;
import edu.kit.scc.webreg.exc.SamlAuthenticationException;
......@@ -61,14 +61,14 @@ public class Saml2AssertionServiceImpl implements Saml2AssertionService {
private Saml2ResponseValidationService saml2ValidationService;
@Override
public Assertion processSamlResponse(Response samlResponse, SamlIdpMetadataEntity idpEntity,
public Assertion processSamlResponse(Response samlResponse, SamlMetadataEntity idpEntity,
EntityDescriptor idpEntityDescriptor, SamlSpConfigurationEntity spEntity)
throws IOException, DecryptionException, SamlAuthenticationException {
return processSamlResponse(samlResponse, idpEntity, idpEntityDescriptor, spEntity, true);
}
@Override
public Assertion processSamlResponse(Response samlResponse, SamlIdpMetadataEntity idpEntity,
public Assertion processSamlResponse(Response samlResponse, SamlMetadataEntity idpEntity,
EntityDescriptor idpEntityDescriptor, SamlSpConfigurationEntity spEntity, boolean checkSignature)
throws IOException, DecryptionException, SamlAuthenticationException {
saml2ValidationService.verifyStatus(samlResponse);
......
......@@ -18,6 +18,7 @@ import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.decoding.HTTPSOAP11Decoder;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Response;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
......@@ -48,7 +49,7 @@ public class Saml2DecoderServiceImpl implements Saml2DecoderService {
}
@Override
public Response decodeAttributeQuery(HttpServletRequest request)
public AttributeQuery decodeAttributeQuery(HttpServletRequest request)
throws MessageDecodingException, SecurityException, SamlAuthenticationException {
HTTPSOAP11Decoder decoder = new HTTPSOAP11Decoder();
......@@ -58,8 +59,8 @@ public class Saml2DecoderServiceImpl implements Saml2DecoderService {
messageContext.setInboundMessageTransport(adapter);
decoder.decode(messageContext);
SAMLObject obj = messageContext.getInboundSAMLMessage();
if (obj instanceof Response)
return (Response) obj;
if (obj instanceof AttributeQuery)
return (AttributeQuery) obj;
else
throw new SamlAuthenticationException("Not a valid SAML2 Attribute Query");
}
......
......@@ -38,7 +38,7 @@ import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlMetadataEntity;
import edu.kit.scc.webreg.exc.SamlAuthenticationException;
import edu.kit.scc.webreg.service.saml.Saml2ResponseValidationService;
......@@ -49,7 +49,7 @@ public class Saml2ResponseValidationServiceImpl implements
private Logger logger;
@Override
public void verifyIssuer(SamlIdpMetadataEntity idpEntity,
public void verifyIssuer(SamlMetadataEntity idpEntity,
Response samlResponse) throws SamlAuthenticationException {
Issuer issuer = samlResponse.getIssuer();
......
......@@ -23,8 +23,9 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlMetadataEntity;
import edu.kit.scc.webreg.entity.SamlSpConfigurationEntity;
import edu.kit.scc.webreg.service.SamlAAMetadataService;
import edu.kit.scc.webreg.service.SamlIdpMetadataService;
import edu.kit.scc.webreg.service.SamlSpConfigurationService;
import edu.kit.scc.webreg.service.saml.AttributeQueryHelper;
......@@ -52,6 +53,9 @@ public class AttributeQueryBean implements Serializable {
@Inject
private SamlIdpMetadataService idpService;
@Inject
private SamlAAMetadataService aaService;
@Inject
private SamlSpConfigurationService spService;
......@@ -68,7 +72,10 @@ public class AttributeQueryBean implements Serializable {
logger.debug("Making an attribute query for user {} {}", persistentId, idpEntityId);
try {
SamlSpConfigurationEntity spEntity = spService.findByEntityId(spEntityId);
SamlIdpMetadataEntity idpEntity = idpService.findByEntityId(idpEntityId);
SamlMetadataEntity idpEntity = idpService.findByEntityId(idpEntityId);
if (idpEntity == null)
idpEntity = aaService.findByEntityId(idpEntityId);
EntityDescriptor idpEntityDescriptor = samlHelper.unmarshal(
idpEntity.getEntityDescriptor(), EntityDescriptor.class);
......
......@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.ws.message.decoder.MessageDecodingException;
......@@ -91,7 +92,7 @@ public class Saml2AttributeQueryServlet implements Servlet {
logger.debug("Consuming SAML AttributeQuery");
try {
Response samlResponse = saml2DecoderService.decodeAttributeQuery(request);
AttributeQuery query = saml2DecoderService.decodeAttributeQuery(request);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment