public void notify(Packet packet) {
try {
Session session = packet.getSession();
session.setUser(new User(packet.getFrom()));
session.setID(packet.getID());
Preferences p = new AppPrefs().getPrefs();
// If there's no auth attribute, default to authenticated,
// if there is, use the value sent
// Always defaults to authenticated.
boolean auth =
packet.getAttribute("authenticated").isEmpty()
? true
: (packet.getAttribute("authenticated").equalsIgnoreCase("true")) ? true : false;
// If no auth is requested,
// check preferences to see if we allow that
if (!auth && !p.getBoolean("allow_unauthenticated_conversations", false)) return;
if (index.getSession(packet.getID()) == null) {
if (session.getStatus() == Session.CONNECTED) {
System.out.println(session.getSocket().getInetAddress().getHostAddress());
Session s =
Server.createClient(
session.getSocket().getInetAddress().getHostAddress(),
packet.getAttribute("return-port"),
session.getLocalPort(),
session.getUser(),
session.getID());
s.setAuthenticated(auth);
s.setCipherType(CipherAlgorithm.AES);
s.setCipherKey(new Key(KeySize.K256).getKey());
index.addSession(s);
}
}
session.setStatus(Session.STREAMING);
} catch (Exception ex) {
ex.printStackTrace();
}
}
@Override
public void notify(Packet packet) {
Session s = packet.getSession();
try {
Session stored_session = index.getSession(s.getID());
stored_session.getWindow().update("Partner disconnected...");
stored_session.closeStream();
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* Returns logout request message ready to be sent to the IDP.
*
* @param context message context
* @param credential information about assertions used to log current user in
* @param bindingService service used to deliver the request
* @return logoutRequest to be sent to IDP
* @throws SAMLException error creating the message
* @throws MetadataProviderException error retrieving metadata
*/
protected LogoutRequest getLogoutRequest(
SAMLMessageContext context, SAMLCredential credential, Endpoint bindingService)
throws SAMLException, MetadataProviderException {
SAMLObjectBuilder<LogoutRequest> builder =
(SAMLObjectBuilder<LogoutRequest>)
builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
LogoutRequest request = builder.buildObject();
buildCommonAttributes(context.getLocalEntityId(), request, bindingService);
// Add session indexes
SAMLObjectBuilder<SessionIndex> sessionIndexBuilder =
(SAMLObjectBuilder<SessionIndex>)
builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME);
for (AuthnStatement statement : credential.getAuthenticationAssertion().getAuthnStatements()) {
SessionIndex index = sessionIndexBuilder.buildObject();
index.setSessionIndex(statement.getSessionIndex());
request.getSessionIndexes().add(index);
}
if (request.getSessionIndexes().size() == 0) {
throw new SAMLException("No session indexes to logout user for were found");
}
SAMLObjectBuilder<NameID> nameIDBuilder =
(SAMLObjectBuilder<NameID>) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
NameID nameID = nameIDBuilder.buildObject();
nameID.setFormat(credential.getNameID().getFormat());
nameID.setNameQualifier(credential.getNameID().getNameQualifier());
nameID.setSPNameQualifier(credential.getNameID().getSPNameQualifier());
nameID.setSPProvidedID(credential.getNameID().getSPProvidedID());
nameID.setValue(credential.getNameID().getValue());
request.setNameID(nameID);
return request;
}
public boolean processLogoutRequest(SAMLMessageContext context, SAMLCredential credential)
throws SAMLException, MetadataProviderException, MessageEncodingException {
SAMLObject message = context.getInboundSAMLMessage();
// Verify type
if (message == null || !(message instanceof LogoutRequest)) {
log.warn("Received request is not of a LogoutRequest object type");
throw new SAMLException("Error validating SAML request");
}
LogoutRequest logoutRequest = (LogoutRequest) message;
// Make sure request was authenticated if required, authentication is done as part of the
// binding processing
if (!context.isInboundSAMLMessageAuthenticated()
&& context.getLocalExtendedMetadata().isRequireLogoutRequestSigned()) {
log.warn(
"Logout Request object is required to be signed by the entity policy: "
+ context.getInboundSAMLMessageId());
Status status = getStatus(StatusCode.REQUEST_DENIED_URI, "Message signature is required");
sendLogoutResponse(status, context);
return false;
}
try {
// Verify destination
verifyEndpoint(context.getLocalEntityEndpoint(), logoutRequest.getDestination());
} catch (SAMLException e) {
log.warn(
"Destination of the request {} does not match any singleLogout endpoint",
logoutRequest.getDestination());
Status status =
getStatus(StatusCode.REQUEST_DENIED_URI, "Destination URL of the request is invalid");
sendLogoutResponse(status, context);
return false;
}
// Verify issuer
if (logoutRequest.getIssuer() != null) {
try {
Issuer issuer = logoutRequest.getIssuer();
verifyIssuer(issuer, context);
} catch (SAMLException e) {
log.warn(
"Response issue time is either too old or with date in the future, id {}",
context.getInboundSAMLMessageId());
Status status =
getStatus(StatusCode.REQUEST_DENIED_URI, "Issuer of the message is unknown");
sendLogoutResponse(status, context);
return false;
}
}
// Verify issue time
DateTime time = logoutRequest.getIssueInstant();
if (!isDateTimeSkewValid(getResponseSkew(), time)) {
log.warn(
"Response issue time is either too old or with date in the future, id {}.",
context.getInboundSAMLMessageId());
Status status =
getStatus(StatusCode.REQUESTER_URI, "Message has been issued too long time ago");
sendLogoutResponse(status, context);
return false;
}
// Check whether any user is logged in
if (credential == null) {
Status status = getStatus(StatusCode.UNKNOWN_PRINCIPAL_URI, "No user is logged in");
sendLogoutResponse(status, context);
return false;
}
// Find index for which the logout is requested
boolean indexFound = false;
if (logoutRequest.getSessionIndexes() != null && logoutRequest.getSessionIndexes().size() > 0) {
for (AuthnStatement statement :
credential.getAuthenticationAssertion().getAuthnStatements()) {
String statementIndex = statement.getSessionIndex();
if (statementIndex != null) {
for (SessionIndex index : logoutRequest.getSessionIndexes()) {
if (statementIndex.equals(index.getSessionIndex())) {
indexFound = true;
}
}
}
}
} else {
indexFound = true;
}
// Fail if sessionIndex is not found in any assertion
if (!indexFound) {
// Check logout request still valid and store request
if (logoutRequest.getNotOnOrAfter() != null) {
// TODO store request for assertions possibly arriving later
}
Status status =
getStatus(StatusCode.REQUESTER_URI, "The requested SessionIndex was not found");
sendLogoutResponse(status, context);
return false;
}
try {
// Fail if NameId doesn't correspond to the currently logged user
NameID nameID = getNameID(context, logoutRequest);
if (nameID == null || !equalsNameID(credential.getNameID(), nameID)) {
Status status =
getStatus(StatusCode.UNKNOWN_PRINCIPAL_URI, "The requested NameID is invalid");
sendLogoutResponse(status, context);
return false;
}
} catch (DecryptionException e) {
Status status = getStatus(StatusCode.RESPONDER_URI, "The NameID can't be decrypted");
sendLogoutResponse(status, context);
return false;
}
// Message is valid, let's logout
Status status = getStatus(StatusCode.SUCCESS_URI, null);
sendLogoutResponse(status, context);
return true;
}
