LiRuochen_WorkFlow/MaxKey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format

Browse Source
This commit is contained in:
shimingxy
2020-04-12 09:43:00 +08:00
parent 48f0325f87
commit 213d1c81f1
42 changed files with 1692 additions and 1685 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostDecoder.java
View File

@@ -13,121 +13,105 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class OpenHTTPPostDecoder extends HTTPPostDecoder {
private final Logger log = LoggerFactory.getLogger(OpenHTTPPostDecoder.class);
private final Logger log = LoggerFactory.getLogger(OpenHTTPPostDecoder.class);
private String receiverEndpoint;
private String receiverEndpoint;
public OpenHTTPPostDecoder() {
super();
}
public OpenHTTPPostDecoder() {
super();
}
public OpenHTTPPostDecoder(ParserPool pool) {
super(pool);
}
public OpenHTTPPostDecoder(ParserPool pool) {
super(pool);
}
/**
* Check the validity of the SAML protocol message receiver endpoint against
* requirements indicated in the message.
*
* @param messageContext
* current message context
*
* @throws SecurityException
* thrown if the message Destination attribute is invalid with
* respect to the receiver's endpoint
* @throws MessageDecodingException
* thrown if there is a problem decoding and processing the
* message Destination or receiver endpoint information
*/
@SuppressWarnings("rawtypes")
@Override
protected void checkEndpointURI(SAMLMessageContext messageContext)
throws SecurityException, MessageDecodingException {
/**
* Check the validity of the SAML protocol message receiver endpoint against
* requirements indicated in the message.
*
* @param messageContext current message context
*
* @throws SecurityException thrown if the message Destination attribute
* is invalid with respect to the receiver's
* endpoint
* @throws MessageDecodingException thrown if there is a problem decoding and
* processing the message Destination or
* receiver endpoint information
*/
@SuppressWarnings("rawtypes")
@Override
protected void checkEndpointURI(SAMLMessageContext messageContext)
throws SecurityException, MessageDecodingException {
log.debug("Checking SAML message intended destination endpoint against receiver endpoint");
log.debug("Checking SAML message intended destination endpoint against receiver endpoint");
String messageDestination = DatatypeHelper
.safeTrimOrNullString(getIntendedDestinationEndpointURI(messageContext));
String messageDestination = DatatypeHelper
.safeTrimOrNullString(getIntendedDestinationEndpointURI(messageContext));
boolean bindingRequires = isIntendedDestinationEndpointURIRequired(messageContext);
boolean bindingRequires = isIntendedDestinationEndpointURIRequired(messageContext);
if (messageDestination == null) {
if (bindingRequires) {
log.error("SAML message intended destination endpoint URI required by binding was empty");
throw new SecurityException(
"SAML message intended destination (required by binding) was not present");
} else {
log.debug("SAML message intended destination endpoint in message was empty, not required by binding, skipping");
return;
}
}
if (messageDestination == null) {
if (bindingRequires) {
log.error("SAML message intended destination endpoint URI required by binding was empty");
throw new SecurityException("SAML message intended destination (required by binding) was not present");
} else {
log.debug(
"SAML message intended destination endpoint in message was empty, not required by binding, skipping");
return;
}
}
String receiverEndpoint = DatatypeHelper
.safeTrimOrNullString(getActualReceiverEndpointURI(messageContext));
String receiverEndpoint = DatatypeHelper.safeTrimOrNullString(getActualReceiverEndpointURI(messageContext));
log.debug("Intended message destination endpoint: {}",
messageDestination);
log.debug("Actual message receiver endpoint: {}", receiverEndpoint);
log.debug("Intended message destination endpoint: {}", messageDestination);
log.debug("Actual message receiver endpoint: {}", receiverEndpoint);
// 协议头统一http或https需要和destination统一
if (messageDestination.indexOf("/") != -1
&& receiverEndpoint.indexOf("/") != -1) {
if (!messageDestination.substring(0,
messageDestination.indexOf("/"))
.equalsIgnoreCase(
receiverEndpoint.substring(0,
receiverEndpoint.indexOf("/")))) {
receiverEndpoint = messageDestination.substring(0,
messageDestination.indexOf("/"))
+ receiverEndpoint.substring(receiverEndpoint
.indexOf("/"));
}
}
boolean matched = compareEndpointURIs(messageDestination,
receiverEndpoint);
if (!matched) {
log.error(
"SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'",
messageDestination, receiverEndpoint);
throw new SecurityException(
"SAML message intended destination endpoint did not match recipient endpoint");
} else {
log.debug("SAML message intended destination endpoint matched recipient endpoint");
}
}
// 协议头统一http或https需要和destination统一
if (messageDestination.indexOf("/") != -1 && receiverEndpoint.indexOf("/") != -1) {
if (!messageDestination.substring(0, messageDestination.indexOf("/"))
.equalsIgnoreCase(receiverEndpoint.substring(0, receiverEndpoint.indexOf("/")))) {
receiverEndpoint = messageDestination.substring(0, messageDestination.indexOf("/"))
+ receiverEndpoint.substring(receiverEndpoint.indexOf("/"));
}
}
boolean matched = compareEndpointURIs(messageDestination, receiverEndpoint);
if (!matched) {
log.error("SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'",
messageDestination, receiverEndpoint);
throw new SecurityException("SAML message intended destination endpoint did not match recipient endpoint");
} else {
log.debug("SAML message intended destination endpoint matched recipient endpoint");
}
}
@Override
@SuppressWarnings("rawtypes")
protected String getActualReceiverEndpointURI(
SAMLMessageContext messageContext) throws MessageDecodingException {
InTransport inTransport = messageContext.getInboundMessageTransport();
if (!(inTransport instanceof HttpServletRequestAdapter)) {
throw new MessageDecodingException(
"Message context InTransport instance was an unsupported type");
}
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport)
.getWrappedRequest();
@Override
@SuppressWarnings("rawtypes")
protected String getActualReceiverEndpointURI(SAMLMessageContext messageContext) throws MessageDecodingException {
InTransport inTransport = messageContext.getInboundMessageTransport();
if (!(inTransport instanceof HttpServletRequestAdapter)) {
throw new MessageDecodingException("Message context InTransport instance was an unsupported type");
}
HttpServletRequest httpRequest = ((HttpServletRequestAdapter) inTransport).getWrappedRequest();
StringBuffer urlBuilder = httpRequest.getRequestURL();
StringBuffer urlBuilder = httpRequest.getRequestURL();
String tempUrl = urlBuilder.toString();
// 从http协议头开始跳过前面两个斜杠
tempUrl = tempUrl.substring(tempUrl.indexOf("/", 8) + 1);
return receiverEndpoint + tempUrl;
}
String tempUrl = urlBuilder.toString();
// 从http协议头开始跳过前面两个斜杠
tempUrl = tempUrl.substring(tempUrl.indexOf("/", 8) + 1);
return receiverEndpoint + tempUrl;
}
/**
* @param receiverEndpoint
* the receiverEndpoint to set
*/
public void setReceiverEndpoint(String receiverEndpoint) {
this.receiverEndpoint = receiverEndpoint;
}
/**
* @param receiverEndpoint the receiverEndpoint to set
*/
public void setReceiverEndpoint(String receiverEndpoint) {
this.receiverEndpoint = receiverEndpoint;
}
/**
* @return the receiverEndpoint
*/
public String getReceiverEndpoint() {
return receiverEndpoint;
}
/**
* @return the receiverEndpoint
*/
public String getReceiverEndpoint() {
return receiverEndpoint;
}
}