teichmann@5861: /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde teichmann@5861: * Software engineering by Intevation GmbH teichmann@5861: * teichmann@5861: * This file is Free Software under the GNU AGPL (>=v3) teichmann@5861: * and comes with ABSOLUTELY NO WARRANTY! Check out the teichmann@5861: * documentation coming with Dive4Elements River for details. teichmann@5861: */ teichmann@5861: teichmann@5835: package org.dive4elements.river.client.server.auth.was; bjoern@2956: bjoern@2956: import java.io.IOException; bjoern@2956: import java.io.InputStream; bjoern@3486: import java.util.List; bjoern@2956: bjoern@2956: import org.apache.commons.codec.binary.Base64InputStream; bjoern@2956: bjoern@2956: import org.apache.http.HttpEntity; bjoern@2956: bjoern@2956: import org.apache.log4j.Logger; bjoern@2956: bh@5944: import org.w3c.dom.Document; bh@5944: import org.w3c.dom.Element; bjoern@2956: bh@5944: import org.dive4elements.artifacts.httpclient.utils.XMLUtils; teichmann@5835: import org.dive4elements.river.client.server.auth.Authentication; teichmann@5835: import org.dive4elements.river.client.server.auth.AuthenticationException; bh@5944: import org.dive4elements.river.client.server.auth.saml.Assertion; bh@5944: import org.dive4elements.river.client.server.auth.saml.XPathUtils; bh@5944: import org.dive4elements.river.client.server.auth.saml.TicketValidator; bjoern@2956: teichmann@5835: import org.dive4elements.river.client.server.features.Features; bjoern@3486: bh@5944: bjoern@2956: public class Response implements Authentication { bjoern@2956: bjoern@2956: private static Logger logger = Logger.getLogger(Response.class); bjoern@2956: bjoern@2956: private Element root; bjoern@2956: private Assertion assertion; bjoern@2956: private String username; bjoern@2956: private String password; bjoern@3486: private Features features; bh@5944: private String trustedKeyFile; bjoern@2956: bjoern@2956: bh@5943: public Response(HttpEntity entity, String username, String password, bh@5943: Features features, String trustedKeyFile) bh@5943: throws AuthenticationException, IOException { bjoern@2956: bjoern@2956: if (entity == null) { bjoern@2956: throw new ServiceException("Invalid response"); bjoern@2956: } bjoern@2956: bjoern@2956: String contenttype = entity.getContentType().getValue(); bjoern@2956: bh@5944: InputStream in = entity.getContent(); bjoern@2956: bh@5944: if (!contenttype.equals("application/vnd.ogc.se_xml")) { bh@5944: // XXX: Assume base64 encoded content. bh@5944: in = new Base64InputStream(in); bh@5944: } bjoern@2956: bh@5944: Document doc = XMLUtils.readDocument(in); bh@5944: Element root = doc.getDocumentElement(); bh@5944: String rname = root.getTagName(); bjoern@2956: bh@5944: if (rname != null && rname.equals("ServiceExceptionReport")) { bh@5944: throw new ServiceException(XPathUtils.xpathString(root, bh@5944: "ServiceException")); bjoern@2956: } bh@5944: bh@5944: this.root = root; bh@5944: this.username = username; bh@5944: this.password = password; bh@5944: this.features = features; bh@5944: this.trustedKeyFile = trustedKeyFile; bjoern@2956: } bjoern@2956: bjoern@2956: @Override bjoern@2956: public boolean isSuccess() { bjoern@2956: String status = getStatus(); bjoern@2956: return status != null && status.equals("samlp:Success"); bjoern@2956: } bjoern@2956: bjoern@2956: public String getStatus() { bh@5944: return XPathUtils.xpathString(this.root, bh@5944: "./samlp:Status/samlp:StatusCode/@Value"); bjoern@2956: } bjoern@2956: bh@5944: bjoern@2956: public Assertion getAssertion() { bjoern@2956: if (this.assertion == null && this.root != null) { bh@5944: try { bh@5944: TicketValidator validator = bh@5944: new TicketValidator(this.trustedKeyFile); bh@5944: this.assertion = validator.checkTicket(this.root); bh@5944: } bh@5944: catch (Exception e) { bh@5944: logger.error(e.getLocalizedMessage(), e); bjoern@2956: } bjoern@2956: } bjoern@2956: return this.assertion; bjoern@2956: } bjoern@2956: sascha@2959: @Override bjoern@2968: public User getUser() throws AuthenticationException { bjoern@2968: Assertion assertion = this.getAssertion(); bjoern@2968: if (assertion == null) { bjoern@2968: throw new AuthenticationException("Response doesn't contain an assertion"); bjoern@2968: } bjoern@3486: List features = this.features.getFeatures( bjoern@3486: this.assertion.getRoles()); bjoern@3489: logger.debug("User " + this.username + " with features " + features + bjoern@3489: " successfully authenticated."); bjoern@3504: return new User(this.username, this.password, assertion.getNameID(), bh@5944: this.assertion.getRoles(), assertion, features); bjoern@2956: } bjoern@2956: } bjoern@2956: // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: