public void notify(Packet packet) { try { Session session = packet.getSession(); session.setUser(new User(packet.getFrom())); session.setID(packet.getID()); Preferences p = new AppPrefs().getPrefs(); // If there's no auth attribute, default to authenticated, // if there is, use the value sent // Always defaults to authenticated. boolean auth = packet.getAttribute("authenticated").isEmpty() ? true : (packet.getAttribute("authenticated").equalsIgnoreCase("true")) ? true : false; // If no auth is requested, // check preferences to see if we allow that if (!auth && !p.getBoolean("allow_unauthenticated_conversations", false)) return; if (index.getSession(packet.getID()) == null) { if (session.getStatus() == Session.CONNECTED) { System.out.println(session.getSocket().getInetAddress().getHostAddress()); Session s = Server.createClient( session.getSocket().getInetAddress().getHostAddress(), packet.getAttribute("return-port"), session.getLocalPort(), session.getUser(), session.getID()); s.setAuthenticated(auth); s.setCipherType(CipherAlgorithm.AES); s.setCipherKey(new Key(KeySize.K256).getKey()); index.addSession(s); } } session.setStatus(Session.STREAMING); } catch (Exception ex) { ex.printStackTrace(); } }
@Override public void notify(Packet packet) { Session s = packet.getSession(); try { Session stored_session = index.getSession(s.getID()); stored_session.getWindow().update("Partner disconnected..."); stored_session.closeStream(); } catch (Exception e) { e.printStackTrace(); } }
/** * Returns logout request message ready to be sent to the IDP. * * @param context message context * @param credential information about assertions used to log current user in * @param bindingService service used to deliver the request * @return logoutRequest to be sent to IDP * @throws SAMLException error creating the message * @throws MetadataProviderException error retrieving metadata */ protected LogoutRequest getLogoutRequest( SAMLMessageContext context, SAMLCredential credential, Endpoint bindingService) throws SAMLException, MetadataProviderException { SAMLObjectBuilder<LogoutRequest> builder = (SAMLObjectBuilder<LogoutRequest>) builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME); LogoutRequest request = builder.buildObject(); buildCommonAttributes(context.getLocalEntityId(), request, bindingService); // Add session indexes SAMLObjectBuilder<SessionIndex> sessionIndexBuilder = (SAMLObjectBuilder<SessionIndex>) builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME); for (AuthnStatement statement : credential.getAuthenticationAssertion().getAuthnStatements()) { SessionIndex index = sessionIndexBuilder.buildObject(); index.setSessionIndex(statement.getSessionIndex()); request.getSessionIndexes().add(index); } if (request.getSessionIndexes().size() == 0) { throw new SAMLException("No session indexes to logout user for were found"); } SAMLObjectBuilder<NameID> nameIDBuilder = (SAMLObjectBuilder<NameID>) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME); NameID nameID = nameIDBuilder.buildObject(); nameID.setFormat(credential.getNameID().getFormat()); nameID.setNameQualifier(credential.getNameID().getNameQualifier()); nameID.setSPNameQualifier(credential.getNameID().getSPNameQualifier()); nameID.setSPProvidedID(credential.getNameID().getSPProvidedID()); nameID.setValue(credential.getNameID().getValue()); request.setNameID(nameID); return request; }
public boolean processLogoutRequest(SAMLMessageContext context, SAMLCredential credential) throws SAMLException, MetadataProviderException, MessageEncodingException { SAMLObject message = context.getInboundSAMLMessage(); // Verify type if (message == null || !(message instanceof LogoutRequest)) { log.warn("Received request is not of a LogoutRequest object type"); throw new SAMLException("Error validating SAML request"); } LogoutRequest logoutRequest = (LogoutRequest) message; // Make sure request was authenticated if required, authentication is done as part of the // binding processing if (!context.isInboundSAMLMessageAuthenticated() && context.getLocalExtendedMetadata().isRequireLogoutRequestSigned()) { log.warn( "Logout Request object is required to be signed by the entity policy: " + context.getInboundSAMLMessageId()); Status status = getStatus(StatusCode.REQUEST_DENIED_URI, "Message signature is required"); sendLogoutResponse(status, context); return false; } try { // Verify destination verifyEndpoint(context.getLocalEntityEndpoint(), logoutRequest.getDestination()); } catch (SAMLException e) { log.warn( "Destination of the request {} does not match any singleLogout endpoint", logoutRequest.getDestination()); Status status = getStatus(StatusCode.REQUEST_DENIED_URI, "Destination URL of the request is invalid"); sendLogoutResponse(status, context); return false; } // Verify issuer if (logoutRequest.getIssuer() != null) { try { Issuer issuer = logoutRequest.getIssuer(); verifyIssuer(issuer, context); } catch (SAMLException e) { log.warn( "Response issue time is either too old or with date in the future, id {}", context.getInboundSAMLMessageId()); Status status = getStatus(StatusCode.REQUEST_DENIED_URI, "Issuer of the message is unknown"); sendLogoutResponse(status, context); return false; } } // Verify issue time DateTime time = logoutRequest.getIssueInstant(); if (!isDateTimeSkewValid(getResponseSkew(), time)) { log.warn( "Response issue time is either too old or with date in the future, id {}.", context.getInboundSAMLMessageId()); Status status = getStatus(StatusCode.REQUESTER_URI, "Message has been issued too long time ago"); sendLogoutResponse(status, context); return false; } // Check whether any user is logged in if (credential == null) { Status status = getStatus(StatusCode.UNKNOWN_PRINCIPAL_URI, "No user is logged in"); sendLogoutResponse(status, context); return false; } // Find index for which the logout is requested boolean indexFound = false; if (logoutRequest.getSessionIndexes() != null && logoutRequest.getSessionIndexes().size() > 0) { for (AuthnStatement statement : credential.getAuthenticationAssertion().getAuthnStatements()) { String statementIndex = statement.getSessionIndex(); if (statementIndex != null) { for (SessionIndex index : logoutRequest.getSessionIndexes()) { if (statementIndex.equals(index.getSessionIndex())) { indexFound = true; } } } } } else { indexFound = true; } // Fail if sessionIndex is not found in any assertion if (!indexFound) { // Check logout request still valid and store request if (logoutRequest.getNotOnOrAfter() != null) { // TODO store request for assertions possibly arriving later } Status status = getStatus(StatusCode.REQUESTER_URI, "The requested SessionIndex was not found"); sendLogoutResponse(status, context); return false; } try { // Fail if NameId doesn't correspond to the currently logged user NameID nameID = getNameID(context, logoutRequest); if (nameID == null || !equalsNameID(credential.getNameID(), nameID)) { Status status = getStatus(StatusCode.UNKNOWN_PRINCIPAL_URI, "The requested NameID is invalid"); sendLogoutResponse(status, context); return false; } } catch (DecryptionException e) { Status status = getStatus(StatusCode.RESPONDER_URI, "The NameID can't be decrypted"); sendLogoutResponse(status, context); return false; } // Message is valid, let's logout Status status = getStatus(StatusCode.SUCCESS_URI, null); sendLogoutResponse(status, context); return true; }