# HG changeset patch # User Bernhard Herzog # Date 1368028574 -7200 # Node ID d6f13dba21fe6e902175db9cb6470fd05b35dec4 # Parent a96350a1c1608e628d39ce95844195adc9a83d18 Adapt WAS Response to new SAML validation code. Fixes the XML Signature validation part of issue830. diff -r a96350a1c160 -r d6f13dba21fe gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java --- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Wed May 08 17:56:14 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/Response.java Wed May 08 17:56:14 2013 +0200 @@ -18,16 +18,19 @@ import org.apache.log4j.Logger; -import org.jdom.Document; -import org.jdom.Element; -import org.jdom.JDOMException; -import org.jdom.input.SAXBuilder; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.dive4elements.artifacts.httpclient.utils.XMLUtils; import org.dive4elements.river.client.server.auth.Authentication; import org.dive4elements.river.client.server.auth.AuthenticationException; +import org.dive4elements.river.client.server.auth.saml.Assertion; +import org.dive4elements.river.client.server.auth.saml.XPathUtils; +import org.dive4elements.river.client.server.auth.saml.TicketValidator; import org.dive4elements.river.client.server.features.Features; + public class Response implements Authentication { private static Logger logger = Logger.getLogger(Response.class); @@ -37,6 +40,7 @@ private String username; private String password; private Features features; + private String trustedKeyFile; public Response(HttpEntity entity, String username, String password, @@ -49,32 +53,27 @@ String contenttype = entity.getContentType().getValue(); - try { - InputStream in = entity.getContent(); - - if (!contenttype.equals("application/vnd.ogc.se_xml")) { - // XXX: Assume base64 encoded content. - in = new Base64InputStream(in); - } - - SAXBuilder builder = new SAXBuilder(); - Document doc = builder.build(in); - Element root = doc.getRootElement(); - String rname = root.getName(); + InputStream in = entity.getContent(); - if (rname != null && rname.equals("ServiceExceptionReport")) { - throw new ServiceException(root.getChildText("ServiceException")); - } + if (!contenttype.equals("application/vnd.ogc.se_xml")) { + // XXX: Assume base64 encoded content. + in = new Base64InputStream(in); + } - this.root = root; - this.username = username; - this.password = password; - this.features = features; + Document doc = XMLUtils.readDocument(in); + Element root = doc.getDocumentElement(); + String rname = root.getTagName(); + if (rname != null && rname.equals("ServiceExceptionReport")) { + throw new ServiceException(XPathUtils.xpathString(root, + "ServiceException")); } - catch(JDOMException e) { - throw new AuthenticationException(e); - } + + this.root = root; + this.username = username; + this.password = password; + this.features = features; + this.trustedKeyFile = trustedKeyFile; } @Override @@ -84,24 +83,20 @@ } public String getStatus() { - Element status = this.root.getChild("Status", Namespaces.SAML_NS_PROTO); - if (status == null) { - return null; - } - Element statuscode = status.getChild("StatusCode", - Namespaces.SAML_NS_PROTO); - if (statuscode == null) { - return null; - } - return statuscode.getAttributeValue("Value"); + return XPathUtils.xpathString(this.root, + "./samlp:Status/samlp:StatusCode/@Value"); } + public Assertion getAssertion() { if (this.assertion == null && this.root != null) { - Element assertion = this.root.getChild("Assertion", - Namespaces.SAML_NS_ASSERT); - if (assertion != null) { - this.assertion = new Assertion(assertion); + try { + TicketValidator validator = + new TicketValidator(this.trustedKeyFile); + this.assertion = validator.checkTicket(this.root); + } + catch (Exception e) { + logger.error(e.getLocalizedMessage(), e); } } return this.assertion; @@ -118,7 +113,7 @@ logger.debug("User " + this.username + " with features " + features + " successfully authenticated."); return new User(this.username, this.password, assertion.getNameID(), - this.assertion.getRoles(), assertion, features); + this.assertion.getRoles(), assertion, features); } } // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: diff -r a96350a1c160 -r d6f13dba21fe gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java --- a/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java Wed May 08 17:56:14 2013 +0200 +++ b/gwt-client/src/main/java/org/dive4elements/river/client/server/auth/was/User.java Wed May 08 17:56:14 2013 +0200 @@ -12,6 +12,7 @@ import java.util.List; import org.dive4elements.river.client.server.auth.DefaultUser; +import org.dive4elements.river.client.server.auth.saml.Assertion; public class User extends DefaultUser