use of net.shibboleth.utilities.java.support.logic.ConstraintViolationException in project ddf by codice.
the class IdpEndpoint method showLoginPage.
private Response showLoginPage(String samlRequest, String relayState, String signatureAlgorithm, String signature, HttpServletRequest request, Binding binding, String template, String originalBinding) throws WSSecurityException {
String responseStr;
AuthnRequest authnRequest = null;
try {
Map<String, Object> responseMap = new HashMap<>();
binding.validator().validateRelayState(relayState);
authnRequest = binding.decoder().decodeRequest(samlRequest);
authnRequest.getIssueInstant();
binding.validator().validateAuthnRequest(authnRequest, samlRequest, relayState, signatureAlgorithm, signature, strictSignature);
if (!request.isSecure()) {
throw new IllegalArgumentException("Authn Request must use TLS.");
}
X509Certificate[] certs = (X509Certificate[]) request.getAttribute(CERTIFICATES_ATTR);
boolean hasCerts = (certs != null && certs.length > 0);
boolean hasCookie = hasValidCookie(request, authnRequest.isForceAuthn());
if ((authnRequest.isPassive() && hasCerts) || hasCookie) {
LOGGER.debug("Received Passive & PKI AuthnRequest.");
org.opensaml.saml.saml2.core.Response samlpResponse;
try {
samlpResponse = handleLogin(authnRequest, PKI, request, null, authnRequest.isPassive(), hasCookie);
LOGGER.debug("Passive & PKI AuthnRequest logged in successfully.");
} catch (SecurityServiceException e) {
LOGGER.debug(e.getMessage(), e);
return getErrorResponse(relayState, authnRequest, StatusCode.AUTHN_FAILED, binding);
} catch (WSSecurityException e) {
LOGGER.debug(e.getMessage(), e);
return getErrorResponse(relayState, authnRequest, StatusCode.REQUEST_DENIED, binding);
} catch (SimpleSign.SignatureException | ConstraintViolationException e) {
LOGGER.debug(e.getMessage(), e);
return getErrorResponse(relayState, authnRequest, StatusCode.REQUEST_UNSUPPORTED, binding);
}
LOGGER.debug("Returning Passive & PKI SAML Response.");
NewCookie cookie = null;
if (hasCookie) {
cookieCache.addActiveSp(getCookie(request).getValue(), authnRequest.getIssuer().getValue());
} else {
cookie = createCookie(request, samlpResponse);
if (cookie != null) {
cookieCache.addActiveSp(cookie.getValue(), authnRequest.getIssuer().getValue());
}
}
logAddedSp(authnRequest);
return binding.creator().getSamlpResponse(relayState, authnRequest, samlpResponse, cookie, template);
} else {
LOGGER.debug("Building the JSON map to embed in the index.html page for login.");
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
String authn = DOM2Writer.nodeToString(OpenSAMLUtil.toDom(authnRequest, doc, false));
String encodedAuthn = RestSecurity.deflateAndBase64Encode(authn);
responseMap.put(PKI, hasCerts);
responseMap.put(GUEST, guestAccess);
responseMap.put(SAML_REQ, encodedAuthn);
responseMap.put(RELAY_STATE, relayState);
String assertionConsumerServiceURL = ((ResponseCreatorImpl) binding.creator()).getAssertionConsumerServiceURL(authnRequest);
responseMap.put(ACS_URL, assertionConsumerServiceURL);
responseMap.put(SSOConstants.SIG_ALG, signatureAlgorithm);
responseMap.put(SSOConstants.SIGNATURE, signature);
responseMap.put(ORIGINAL_BINDING, originalBinding);
}
String json = Boon.toJson(responseMap);
LOGGER.debug("Returning index.html page.");
responseStr = indexHtml.replace(IDP_STATE_OBJ, json);
return Response.ok(responseStr).build();
} catch (IllegalArgumentException e) {
LOGGER.debug(e.getMessage(), e);
if (authnRequest != null) {
try {
return getErrorResponse(relayState, authnRequest, StatusCode.REQUEST_UNSUPPORTED, binding);
} catch (IOException | SimpleSign.SignatureException e1) {
LOGGER.debug(e1.getMessage(), e1);
}
}
} catch (UnsupportedOperationException e) {
LOGGER.debug(e.getMessage(), e);
if (authnRequest != null) {
try {
return getErrorResponse(relayState, authnRequest, StatusCode.UNSUPPORTED_BINDING, binding);
} catch (IOException | SimpleSign.SignatureException e1) {
LOGGER.debug(e1.getMessage(), e1);
}
}
} catch (SimpleSign.SignatureException e) {
LOGGER.debug("Unable to validate AuthRequest Signature", e);
} catch (IOException e) {
LOGGER.debug("Unable to decode AuthRequest", e);
} catch (ValidationException e) {
LOGGER.debug("AuthnRequest schema validation failed.", e);
}
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
}
Aggregations