Java tutorial
/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ /* * Copyright 2003 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.Calendar; import org.apache.axis.AxisFault; import org.apache.commons.lang3.StringEscapeUtils; import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.XPathUtils; /** * Web service for picking up authentication data created in the MOA-ID Auth component. * * @author Paul Ivancsics * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $ * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData */ public class GetAuthenticationDataService implements Constants { /** * Constructor for GetAuthenticationDataService. */ public GetAuthenticationDataService() { super(); } /** * Takes a <code>lt;samlp:Request></code> containing a * <code>SAML artifact</code> and returns the corresponding * authentication data <code>lt;saml:Assertion></code> * (obtained from the <code>AuthenticationServer</code>), * enclosed in a <code>lt;samlp:Response></code>. * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode></code>s, * possibly containing enclosed sub-<code>lt;samlp:StatusCode></code>s. * The status codes are defined in the SAML specification. * * @param requests request elements of type <code>lt;samlp:Request></code>; * only 1 request element is allowed * @return response element of type <code>lt;samlp:Response></code>, * packed into an <code>Element[]</code> * @throws AxisFault thrown when an error occurs in assembling the * <code>lt;samlp:Response></code> */ public Element[] Request(Element[] requests) throws AxisFault { Element request = requests[0]; Element[] responses = new Element[1]; String requestID = ""; String statusCode = ""; String subStatusCode = null; String statusMessageCode = null; String statusMessage = null; String samlAssertion = ""; if (requests.length > 1) { // more than 1 request given as parameter statusCode = "samlp:Requester"; subStatusCode = "samlp:TooManyResponses"; statusMessageCode = "1201"; } else { try { DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); if (samlArtifactList.getLength() == 0) { // no SAML artifact given in request statusCode = "samlp:Requester"; statusMessageCode = "1202"; } else if (samlArtifactList.getLength() > 1) { // too many SAML artifacts given in request statusCode = "samlp:Requester"; subStatusCode = "samlp:TooManyResponses"; statusMessageCode = "1203"; } else { Element samlArtifactElem = (Element) samlArtifactList.item(0); requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); try { samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); // success statusCode = "samlp:Success"; statusMessageCode = "1200"; } catch (ClassCastException ex) { try { Throwable error = saml1server.getErrorResponse(samlArtifact); statusCode = "samlp:Responder"; ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); if (error instanceof MOAIDException) { statusMessageCode = ((MOAIDException) error).getMessageId(); statusMessage = StringEscapeUtils.escapeXml(((MOAIDException) error).getMessage()); } else { statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); } subStatusCode = errorUtils.getResponseErrorCode(error); } catch (Exception e) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; subStatusCode = "samlp:ResourceNotRecognized"; statusMessage = ex.toString(); } } catch (AuthenticationException ex) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; subStatusCode = "samlp:ResourceNotRecognized"; statusMessage = ex.toString(); } } } catch (Throwable t) { // invalid request format statusCode = "samlp:Requester"; statusMessageCode = "1204"; } } try { String responseID = Random.nextRandom(); String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); if (statusMessage == null) statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); responses[0] = new SAMLResponseBuilder().build(responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); } catch (MOAIDException e) { AxisFault fault = AxisFault.makeFault(e); fault.setFaultDetail(new Element[] { e.toErrorResponse() }); throw fault; } catch (Throwable t) { MOAIDException e = new MOAIDException("1299", null, t); AxisFault fault = AxisFault.makeFault(e); fault.setFaultDetail(new Element[] { e.toErrorResponse() }); throw fault; } return responses; } }