summaryrefslogblamecommitdiffstats
path: root/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
blob: b6a4c01c2520c7d3a9ac2514f84c13ff4c562cff (plain) (tree) 
5b39bdf





aec1b59 ^

5b39bdf

















5b39bdf


30f95c6 ^

5b39bdf

5b39bdf


30f95c6 ^

bd999de ^


5b39bdf

51050cd ^


5b39bdf

d7bb750 ^

5b39bdf





51050cd ^

bd999de ^

5b39bdf

bd999de ^

5b39bdf





aec1b59 ^


bd999de ^


f9d6bbd ^

5b39bdf













bd999de ^

5b39bdf

aec1b59 ^



30f95c6 ^


aec1b59 ^

5b39bdf



aec1b59 ^





30f95c6 ^

aec1b59 ^

30f95c6 ^






bd999de ^


5b39bdf



aec1b59 ^

5b39bdf

aec1b59 ^



























5b39bdf



3048411 ^

5b39bdf


3048411 ^


3048411 ^



5b39bdf

aec1b59 ^


5b39bdf





d7bb750 ^






5b39bdf






















bd999de ^

5b39bdf



aec1b59 ^




5b39bdf

1
2
3
4
5

6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

24
25

26

27

28
29

30

31
32

33

34
35

36

37

38
39
40
41
42

43

44

45

46

47
48
49
50
51

52
53

54
55

56

57
58
59
60
61
62
63
64
65
66
67
68
69

70

71

72
73
74

75
76

77

78
79
80

81
82
83
84
85

86

87

88
89
90
91
92
93

94
95

96
97
98

99

100

101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

128
129
130

131

132
133

134
135

136
137
138

139

140
141

142
143
144
145
146

147
148
149
150
151
152

153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

175

176
177
178

179
180
181
182

183





                                 
                                             
















                                                              

                                     
                                                     
                                                         

                                                
                                              

                                                        
                                         

                                            
                             
                                   




                                                                
                                                                                           
         
                                                  
                                              




                                                                 

                                          

                                                                                    
 












                                                                                                       
                            
          


                                                                                 

                                                                                                 
                                                                                           


                                                                                            




                                                                                   
                                                               
                      





                                                                                                   

                                          


                                                                              
          
 


























                                                                                                               


                                                                                       
                                                             

                                                                          

                      


                                                                                                           
                                                                 

                  




                                                                                         





                                                                                                                              





















                                                                                         
                                                     


                               



                                                   
 
package edu.kit.scc.dei.ecplean;

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.util.Observable;

import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathException;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathFactory;

import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.w3c.dom.Document;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

public abstract class ECPAuthenticatorBase extends Observable {

	protected static Logger logger = LogManager.getLogger(ECPAuthenticatorBase.class);
	
	protected ECPAuthenticationInfo authInfo;
	protected CloseableHttpClient client;
	protected DocumentBuilderFactory documentBuilderFactory;
	protected XPathFactory xpathFactory;
	protected NamespaceResolver namespaceResolver;
	protected TransformerFactory transformerFactory;

	protected boolean retryWithoutAt;

	public ECPAuthenticatorBase(CloseableHttpClient client) {
		this.client = client == null ? HttpClients.createSystem() : client;

		documentBuilderFactory = DocumentBuilderFactory.newInstance();
		documentBuilderFactory.setNamespaceAware(true);
		
		xpathFactory = XPathFactory.newInstance();
		namespaceResolver = new NamespaceResolver();
		namespaceResolver.addNamespace("ecp", "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp");
		namespaceResolver.addNamespace("S", "http://schemas.xmlsoap.org/soap/envelope/");
		namespaceResolver.addNamespace("paos", "urn:liberty:paos:2003-08");
		
		transformerFactory = TransformerFactory.newInstance();
	}

	public ECPAuthenticatorBase() {
		this(null);
	}

	private HttpResponse exec(Document idpRequest, String user, String pass)
			throws ECPAuthenticationException {
		UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user, pass);
		//HttpClientContext passwordContext = HttpClientContext.create();
		HttpPost httpPost = new HttpPost(authInfo.getIdpEcpEndpoint().toString());

		try {
			httpPost.setEntity(new StringEntity(documentToString(idpRequest)));
		} catch (UnsupportedEncodingException | TransformerException e1) {
			logger.debug("Error setting XML payload of IdP POST");
			throw new ECPAuthenticationException(e1);
		}
		httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
		//passwordContext.setCredentialsProvider(bcp);
		try {
			httpPost.addHeader(new BasicScheme().authenticate(creds, httpPost, null));
		} catch (AuthenticationException e1) {
			throw new ECPAuthenticationException(e1);
		}
		try {
			return client.execute(httpPost);
		} catch (Exception e) {
			httpPost.reset();
			logger.debug("Could not submit PAOS request to IdP");
			throw new ECPAuthenticationException(e);
		}
	}

	protected Document authenticateIdP(Document idpRequest) throws ECPAuthenticationException {
		logger.info("Sending initial IdP Request");

		HttpResponse httpResponse = null;
		String user = authInfo.getUsername();
		String pass = authInfo.getPassword();
		int at = user.lastIndexOf('@');
		boolean failed = false;
		try {
			httpResponse = exec(idpRequest, user, pass);
			failed = (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED);
		} catch (ECPAuthenticationException e) {
			logger.debug("Could not submit PAOS request to IdP");
			if (at == -1)
				throw new ECPAuthenticationException(e);
			failed = true;
		}
		if (at != -1 && failed && retryWithoutAt) {
			// Retrying without the @ in the username is desired
			user = user.substring(0, at);
			try {
				httpResponse = exec(idpRequest, user, pass);
			} catch (ECPAuthenticationException e) {
				logger.debug("Could not submit PAOS request to IdP");
				throw new ECPAuthenticationException(e);
			}
		}
		String responseBody;
		try {
			responseBody = EntityUtils.toString(httpResponse.getEntity());
		} catch (RuntimeException | IOException e) {
			logger.debug("Could not read response from IdP");
			throw new ECPAuthenticationException(e);
		}
		try {
			return buildDocumentFromString(responseBody);
		} catch (IOException | SAXException | ParserConfigurationException | RuntimeException e) {
			logger.debug("Could not parse XML response from IdP:\n" + responseBody);
			throw new ECPAuthenticationException(e);
		}

	}
	
	protected Document buildDocumentFromString(String input)
			throws IOException, ParserConfigurationException, SAXException {
		DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
		builder.setEntityResolver(new EntityResolver() {
			@Override
			public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException {
				return new InputSource(new StringReader(""));
			}
		});
		return builder.parse(new InputSource(new StringReader(input)));
	}

	protected Object queryDocument(Document xmlDocument, String expression,
			QName returnType) throws XPathException {
		XPath xpath = xpathFactory.newXPath();
		xpath.setNamespaceContext(namespaceResolver);
		XPathExpression xPathExpression = xpath.compile(expression);
		return xPathExpression.evaluate(xmlDocument, returnType);
	}

	protected String documentToString(Document xmlDocument)
			throws TransformerConfigurationException, TransformerException {
		Transformer transformer = transformerFactory.newTransformer();

		StreamResult result = new StreamResult(new StringWriter());
		DOMSource source = new DOMSource(xmlDocument);
		transformer.transform(source, result);

		return result.getWriter().toString();
	}

	public CloseableHttpClient getHttpClient() {
		return client;
	}

	public void setRetryWithoutAt(boolean b) {
		this.retryWithoutAt = b;
	}

}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-14 01:45:53 +0200