예제 #1
0
func (handler *queryHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
	decoder := xml.NewDecoder(request.Body)
	var attributeEnv attributes.AttributeQueryEnv
	err := decoder.Decode(&attributeEnv)
	// TODO determine if this is the appropriate error response
	if err != nil {
		http.Error(writer, err.Error(), 500)
		return
	}
	// TODO validate attributeEnv before proceeding
	query := attributeEnv.Body.Query
	name := query.Subject.NameID.Value
	format := query.Subject.NameID.Format
	user := &protocol.AuthenticatedUser{Name: name, Format: format}
	atts, err := handler.retriever.Retrieve(user)
	// TODO determine if this is the appropriate error response
	if err != nil {
		http.Error(writer, err.Error(), 500)
		return
	}
	var attrResp attributes.AttributeRespEnv
	resp := &attrResp.Body.Response
	resp.ID = protocol.NewID()
	resp.InResponseTo = query.ID
	resp.Version = "2.0"
	now := time.Now()
	resp.IssueInstant = now
	resp.Issuer = saml.NewIssuer(handler.entityId)
	a := &saml.Assertion{}
	a.Issuer = resp.Issuer
	a.IssueInstant = now
	a.ID = protocol.NewID()
	a.Version = "2.0"
	a.Subject = &saml.Subject{}
	a.Subject.NameID = query.Subject.NameID
	a.AttributeStatement = saml.NewAttributeStatement(atts)
	a.Conditions = &saml.Conditions{}
	a.Conditions.NotBefore = now
	fiveMinutes, _ := time.ParseDuration("5m")
	fiveFromNow := now.Add(fiveMinutes)
	a.Conditions.NotOnOrAfter = fiveFromNow
	a.Conditions.AudienceRestriction = &saml.AudienceRestriction{Audience: query.Issuer}
	resp.Status = protocol.NewStatus(true)
	resp.Assertion = a

	signature, err := handler.signer.Sign(a)
	// TODO determine if this is the appropriate error response
	if err != nil {
		http.Error(writer, err.Error(), 500)
		return
	}
	a.Signature = signature
	// TODO handle these errors. Probably can't do anything besides log, as we've already started to write the
	// response.
	_, err = writer.Write([]byte(xml.Header))
	encoder := xml.NewEncoder(writer)
	err = encoder.Encode(attrResp)
	err = encoder.Flush()
}
예제 #2
0
파일: artifact.go 프로젝트: ack/lite-idp
func (handler *artifactHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
	decoder := xml.NewDecoder(request.Body)
	var resolveEnv protocol.ArtifactResolveEnvelope
	err := decoder.Decode(&resolveEnv)
	// TODO confirm appropriate error response for this service
	if err != nil {
		http.Error(writer, err.Error(), 500)
		return
	}
	// TODO validate resolveEnv before proceeding
	artifact := resolveEnv.Body.ArtifactResolve.Artifact
	var response protocol.Response
	err = handler.store.Retrieve(artifact, &response)
	// TODO confirm appropriate error response for this service
	if err != nil {
		http.Error(writer, err.Error(), 500)
		return
	}
	artResponseEnv := protocol.ArtifactResponseEnvelope{}
	artResponse := &artResponseEnv.Body.ArtifactResponse
	artResponse.ID = uuid.NewV4().String()
	now := time.Now()
	artResponse.IssueInstant = now
	artResponse.InResponseTo = resolveEnv.Body.ArtifactResolve.ID
	artResponse.Version = "2.0"
	artResponse.Issuer = saml.NewIssuer(handler.entityId)
	artResponse.Status = protocol.NewStatus(true)
	artResponse.Response = response

	signature, err := handler.signer.Sign(response.Assertion)
	// TODO confirm appropriate error response for this service
	if err != nil {
		http.Error(writer, err.Error(), 500)
		return
	}
	response.Assertion.Signature = signature
	// TODO handle these errors. Probably can't do anything besides log, as we've already started to write the
	// response.
	_, err = writer.Write([]byte(xml.Header))
	encoder := xml.NewEncoder(writer)
	err = encoder.Encode(artResponseEnv)
	err = encoder.Flush()
}