summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2015-06-22 14:37:38 +0200
committerSimon Rettberg2015-06-22 14:37:38 +0200
commitd99df2edfe4c51d68e77ec32620cfdf5285b0264 (patch)
treeac735442d2012bf3d462b056f2724f252dea8002
parentRelax httpclient version requirement, set required java version to 1.7 (diff)
downloadecp-client-lean-d99df2edfe4c51d68e77ec32620cfdf5285b0264.tar.gz
ecp-client-lean-d99df2edfe4c51d68e77ec32620cfdf5285b0264.tar.xz
ecp-client-lean-d99df2edfe4c51d68e77ec32620cfdf5285b0264.zip
Check StatusCode returned by IdP; set proper content type in requests to IdP; clean up imports and compact catch blocks
-rw-r--r--src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java79
-rw-r--r--src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java3
2 files changed, 40 insertions, 42 deletions
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
index f6d1bb7..4dfdb39 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticator.java
@@ -1,18 +1,15 @@
package edu.kit.scc.dei.ecplean;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
import java.net.URI;
import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathException;
import org.apache.http.HttpResponse;
import org.apache.http.ParseException;
-import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
@@ -20,6 +17,7 @@ import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
public class ECPAuthenticator extends ECPAuthenticatorBase {
@@ -27,7 +25,6 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
public ECPAuthenticator(DefaultHttpClient client, String username, String password,
URI idpEcpEndpoint, URI spUrl) {
super(client);
-
authInfo = new ECPAuthenticationInfo(username, password, idpEcpEndpoint, spUrl);
authInfo.setAuthState(ECPAuthState.NOT_STARTED);
}
@@ -56,13 +53,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
try {
httpResponse = client.execute(httpGet);
responseBody = EntityUtils.toString(httpResponse.getEntity());
- } catch (ClientProtocolException e) {
- logger.debug("Initial SP Request failed");
- throw new ECPAuthenticationException(e);
- } catch (ParseException e) {
- logger.debug("Initial SP Request failed");
- throw new ECPAuthenticationException(e);
- } catch (IOException e) {
+ } catch (IOException | ParseException e) {
logger.debug("Initial SP Request failed");
throw new ECPAuthenticationException(e);
}
@@ -70,13 +61,7 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
Document initResponse;
try {
initResponse = buildDocumentFromString(responseBody);
- } catch (IOException e) {
- logger.debug("Parsing SP Request failed");
- throw new ECPAuthenticationException(e);
- } catch (ParserConfigurationException e) {
- logger.debug("Parsing SP Request failed");
- throw new ECPAuthenticationException(e);
- } catch (SAXException e) {
+ } catch (IOException | SAXException | ParserConfigurationException e) {
logger.debug("Parsing SP Request failed");
throw new ECPAuthenticationException(e);
}
@@ -102,11 +87,18 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
initResponse.getDocumentElement().removeChild(firstChild);
Document idpResponse = authenticateIdP(initResponse);
+
+ String statusCode = getStatusCode(idpResponse);
+
+ if (statusCode == null)
+ throw new ECPAuthenticationException("IdP returned no status code!!!x");
+ if (!statusCode.endsWith(":Success") && !statusCode.endsWith(":success"))
+ throw new ECPAuthenticationException("IdP Returned StatusCode " + statusCode);
String assertionConsumerUrl;
try {
assertionConsumerUrl = (String) queryDocument(idpResponse, "/S:Envelope/S:Header/ecp:Response/@AssertionConsumerServiceURL", XPathConstants.STRING);
- } catch (XPathException e) {
+ } catch (Exception e) {
logger.debug("Could not find assertion consumer url in answer from IdP");
throw new ECPAuthenticationException(e);
}
@@ -121,26 +113,12 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
logger.info("Sending Assertion to SP");
HttpPost httpPost = new HttpPost(assertionConsumerUrl);
httpPost.setHeader("Content-Type", "application/vnd.paos+xml");
+ httpPost.setHeader("PAOS", "ver='urn:liberty:paos:2003-08';'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'");
try {
httpPost.setEntity(new StringEntity(documentToString(idpResponse)));
httpResponse = client.execute(httpPost);
responseBody = EntityUtils.toString(httpResponse.getEntity());
- } catch (UnsupportedEncodingException e) {
- logger.debug("Could not post assertion back to SP");
- throw new ECPAuthenticationException(e);
- } catch (TransformerConfigurationException e) {
- logger.debug("Could not post assertion back to SP");
- throw new ECPAuthenticationException(e);
- } catch (ClientProtocolException e) {
- logger.debug("Could not post assertion back to SP");
- throw new ECPAuthenticationException(e);
- } catch (ParseException e) {
- logger.debug("Could not post assertion back to SP");
- throw new ECPAuthenticationException(e);
- } catch (TransformerException e) {
- logger.debug("Could not post assertion back to SP");
- throw new ECPAuthenticationException(e);
- } catch (IOException e) {
+ } catch (TransformerException | IOException e) {
logger.debug("Could not post assertion back to SP");
throw new ECPAuthenticationException(e);
}
@@ -152,16 +130,33 @@ public class ECPAuthenticator extends ECPAuthenticatorBase {
responseBody = EntityUtils.toString(httpResponse.getEntity());
logger.info(responseBody);
- } catch (ClientProtocolException e) {
- logger.debug("Could not request original URL");
- throw new ECPAuthenticationException(e);
- } catch (ParseException e) {
- logger.debug("Could not request original URL");
- throw new ECPAuthenticationException(e);
- } catch (IOException e) {
+ } catch (IOException | ParseException e) {
logger.debug("Could not request original URL");
throw new ECPAuthenticationException(e);
}
}
+
+ private String getStatusCode(Document idpResponse) {
+ NodeList nl;
+ try {
+ nl = (NodeList) queryDocument(idpResponse, "//*", XPathConstants.NODESET);
+ } catch (XPathException e) {
+ return null;
+ }
+ if (nl == null)
+ return null;
+ for (int i = 0; i < nl.getLength(); ++i) {
+ Node ns = nl.item(i);
+ if (!ns.getLocalName().endsWith("StatusCode"))
+ continue;
+ if (!ns.hasAttributes())
+ continue;
+ Node val = ns.getAttributes().getNamedItem("Value");
+ if (val == null)
+ continue;
+ return val.getNodeValue();
+ }
+ return null;
+ }
}
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
index 7e080f6..ff48afb 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
@@ -77,6 +77,9 @@ public abstract class ECPAuthenticatorBase extends Observable {
try {
httpPost.setEntity(new StringEntity(documentToString(idpRequest)));
+ httpPost.setHeader("Accept", "text/html; application/vnd.paos+xml");
+ httpPost.setHeader("PAOS", "ver='urn:liberty:paos:2003-08';'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'");
+ httpPost.setHeader("Content-Type", "application/vnd.paos+xml");
httpResponse = client.execute(httpPost);
if (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED) {